>>>>>> OS Version SystemDirectory : C:\Windows\system32 Organization : Vagrant BuildNumber : 16299 RegisteredUser : SerialNumber : 00395-60000-00001-AA842 Version : 10.0.16299 >>>>>> Computer Info PSComputerName : VAGRANT-1709 AdminPasswordStatus : 1 BootupState : Normal boot ChassisBootupState : 3 KeyboardPasswordStatus : 3 PowerOnPasswordStatus : 0 PowerSupplyState : 3 PowerState : 0 FrontPanelResetStatus : 3 ThermalState : 3 Status : OK Name : VAGRANT-1709 PowerManagementCapabilities : PowerManagementSupported : __GENUS : 2 __CLASS : Win32_ComputerSystem __SUPERCLASS : CIM_UnitaryComputerSystem __DYNASTY : CIM_ManagedSystemElement __RELPATH : Win32_ComputerSystem.Name="VAGRANT-1709" __PROPERTY_COUNT : 64 __DERIVATION : {CIM_UnitaryComputerSystem, CIM_ComputerSystem, CIM_System, CIM_LogicalElement...} __SERVER : VAGRANT-1709 __NAMESPACE : root\cimv2 __PATH : \\VAGRANT-1709\root\cimv2:Win32_ComputerSystem.Na me="VAGRANT-1709" AutomaticManagedPagefile : True AutomaticResetBootOption : True AutomaticResetCapability : True BootOptionOnLimit : 3 BootOptionOnWatchDog : 3 BootROMSupported : True BootStatus : {0, 0, 0, 0...} Caption : VAGRANT-1709 ChassisSKUNumber : CreationClassName : Win32_ComputerSystem CurrentTimeZone : -480 DaylightInEffect : False Description : AT/AT COMPATIBLE DNSHostName : vagrant-1709 Domain : WORKGROUP DomainRole : 2 EnableDaylightSavingsTime : True HypervisorPresent : True InfraredSupported : False InitialLoadInfo : InstallDate : LastLoadInfo : Manufacturer : VMware, Inc. Model : VMware Virtual Platform NameFormat : NetworkServerModeEnabled : True NumberOfLogicalProcessors : 2 NumberOfProcessors : 2 OEMLogoBitmap : OEMStringArray : {[MS_VM_CERT/SHA1/27d66596a61c48dd3dc7216fd715126 e33f59ae7], Welcome to the Virtual Machine} PartOfDomain : False PauseAfterReset : 3932100000 PCSystemType : 1 PCSystemTypeEx : 1 PrimaryOwnerContact : PrimaryOwnerName : ResetCapability : 1 ResetCount : -1 ResetLimit : -1 Roles : {LM_Workstation, LM_Server, NT, Server_NT} SupportContactDescription : SystemFamily : SystemSKUNumber : SystemStartupDelay : SystemStartupOptions : SystemStartupSetting : SystemType : x64-based PC TotalPhysicalMemory : 3220754432 UserName : VAGRANT-1709\vagrant WakeUpType : 6 Workgroup : WORKGROUP Scope : System.Management.ManagementScope Path : \\VAGRANT-1709\root\cimv2:Win32_ComputerSystem.Na me="VAGRANT-1709" Options : System.Management.ObjectGetOptions ClassPath : \\VAGRANT-1709\root\cimv2:Win32_ComputerSystem Properties : {AdminPasswordStatus, AutomaticManagedPagefile, AutomaticResetBootOption, AutomaticResetCapability...} SystemProperties : {__GENUS, __CLASS, __SUPERCLASS, __DYNASTY...} Qualifiers : {dynamic, Locale, provider, UUID} Site : Container : >>>>>> CPU Info PSComputerName : VAGRANT-1709 Availability : 3 CpuStatus : 1 CurrentVoltage : 33 DeviceID : CPU0 ErrorCleared : ErrorDescription : LastErrorCode : LoadPercentage : 1 Status : OK StatusInfo : 3 AddressWidth : 64 DataWidth : 64 ExtClock : L2CacheSize : 256 L2CacheSpeed : MaxClockSpeed : 3112 PowerManagementSupported : False ProcessorType : 3 Revision : 6661 SocketDesignation : CPU #000 Version : VoltageCaps : 2 __GENUS : 2 __CLASS : Win32_Processor __SUPERCLASS : CIM_Processor __DYNASTY : CIM_ManagedSystemElement __RELPATH : Win32_Processor.DeviceID="CPU0" __PROPERTY_COUNT : 57 __DERIVATION : {CIM_Processor, CIM_LogicalDevice, CIM_LogicalElement, CIM_ManagedSystemElement} __SERVER : VAGRANT-1709 __NAMESPACE : root\cimv2 __PATH : \\VAGRANT-1709\root\cimv2:Win32_Proce ssor.DeviceID="CPU0" Architecture : 9 AssetTag : Caption : Intel64 Family 6 Model 26 Stepping 5 Characteristics : 100 ConfigManagerErrorCode : ConfigManagerUserConfig : CreationClassName : Win32_Processor CurrentClockSpeed : 3112 Description : Intel64 Family 6 Model 26 Stepping 5 Family : 2 InstallDate : L3CacheSize : 0 L3CacheSpeed : 0 Level : 6 Manufacturer : GenuineIntel Name : Intel(R) Core(TM) i7 CPU 950 @ 3.07GHz NumberOfCores : 1 NumberOfEnabledCore : 1 NumberOfLogicalProcessors : 1 OtherFamilyDescription : PartNumber : PNPDeviceID : PowerManagementCapabilities : ProcessorId : 0FABFBFF000106A5 Role : CPU SecondLevelAddressTranslationExtensions : False SerialNumber : Stepping : SystemCreationClassName : Win32_ComputerSystem SystemName : VAGRANT-1709 ThreadCount : 0 UniqueId : UpgradeMethod : 4 VirtualizationFirmwareEnabled : False VMMonitorModeExtensions : False Scope : System.Management.ManagementScope Path : \\VAGRANT-1709\root\cimv2:Win32_Proce ssor.DeviceID="CPU0" Options : System.Management.ObjectGetOptions ClassPath : \\VAGRANT-1709\root\cimv2:Win32_Proce ssor Properties : {AddressWidth, Architecture, AssetTag, Availability...} SystemProperties : {__GENUS, __CLASS, __SUPERCLASS, __DYNASTY...} Qualifiers : {dynamic, Locale, provider, UUID} Site : Container : PSComputerName : VAGRANT-1709 Availability : 3 CpuStatus : 1 CurrentVoltage : 33 DeviceID : CPU1 ErrorCleared : ErrorDescription : LastErrorCode : LoadPercentage : 1 Status : OK StatusInfo : 3 AddressWidth : 64 DataWidth : 64 ExtClock : L2CacheSize : 256 L2CacheSpeed : MaxClockSpeed : 3112 PowerManagementSupported : False ProcessorType : 3 Revision : 6661 SocketDesignation : CPU #001 Version : VoltageCaps : 2 __GENUS : 2 __CLASS : Win32_Processor __SUPERCLASS : CIM_Processor __DYNASTY : CIM_ManagedSystemElement __RELPATH : Win32_Processor.DeviceID="CPU1" __PROPERTY_COUNT : 57 __DERIVATION : {CIM_Processor, CIM_LogicalDevice, CIM_LogicalElement, CIM_ManagedSystemElement} __SERVER : VAGRANT-1709 __NAMESPACE : root\cimv2 __PATH : \\VAGRANT-1709\root\cimv2:Win32_Proce ssor.DeviceID="CPU1" Architecture : 9 AssetTag : Caption : Intel64 Family 6 Model 26 Stepping 5 Characteristics : 100 ConfigManagerErrorCode : ConfigManagerUserConfig : CreationClassName : Win32_Processor CurrentClockSpeed : 3112 Description : Intel64 Family 6 Model 26 Stepping 5 Family : 2 InstallDate : L3CacheSize : 0 L3CacheSpeed : 0 Level : 6 Manufacturer : GenuineIntel Name : Intel(R) Core(TM) i7 CPU 950 @ 3.07GHz NumberOfCores : 1 NumberOfEnabledCore : 1 NumberOfLogicalProcessors : 1 OtherFamilyDescription : PartNumber : PNPDeviceID : PowerManagementCapabilities : ProcessorId : 0FABFBFF000006A5 Role : CPU SecondLevelAddressTranslationExtensions : False SerialNumber : Stepping : SystemCreationClassName : Win32_ComputerSystem SystemName : VAGRANT-1709 ThreadCount : 0 UniqueId : UpgradeMethod : 4 VirtualizationFirmwareEnabled : False VMMonitorModeExtensions : False Scope : System.Management.ManagementScope Path : \\VAGRANT-1709\root\cimv2:Win32_Proce ssor.DeviceID="CPU1" Options : System.Management.ObjectGetOptions ClassPath : \\VAGRANT-1709\root\cimv2:Win32_Proce ssor Properties : {AddressWidth, Architecture, AssetTag, Availability...} SystemProperties : {__GENUS, __CLASS, __SUPERCLASS, __DYNASTY...} Qualifiers : {dynamic, Locale, provider, UUID} Site : Container : >>>>>> Board Info PSComputerName : VAGRANT-1709 Status : OK Name : Base Board PoweredOn : True __GENUS : 2 __CLASS : Win32_BaseBoard __SUPERCLASS : CIM_Card __DYNASTY : CIM_ManagedSystemElement __RELPATH : Win32_BaseBoard.Tag="Base Board" __PROPERTY_COUNT : 29 __DERIVATION : {CIM_Card, CIM_PhysicalPackage, CIM_PhysicalElement, CIM_ManagedSystemElement} __SERVER : VAGRANT-1709 __NAMESPACE : root\cimv2 __PATH : \\VAGRANT-1709\root\cimv2:Win32_BaseBoard.Tag="Base Board" Caption : Base Board ConfigOptions : CreationClassName : Win32_BaseBoard Depth : Description : Base Board Height : HostingBoard : False HotSwappable : False InstallDate : Manufacturer : Intel Corporation Model : OtherIdentifyingInfo : PartNumber : Product : 440BX Desktop Reference Platform Removable : False Replaceable : False RequirementsDescription : RequiresDaughterBoard : False SerialNumber : None SKU : SlotLayout : SpecialRequirements : Tag : Base Board Version : None Weight : Width : Scope : System.Management.ManagementScope Path : \\VAGRANT-1709\root\cimv2:Win32_BaseBoard.Tag="Base Board" Options : System.Management.ObjectGetOptions ClassPath : \\VAGRANT-1709\root\cimv2:Win32_BaseBoard Properties : {Caption, ConfigOptions, CreationClassName, Depth...} SystemProperties : {__GENUS, __CLASS, __SUPERCLASS, __DYNASTY...} Qualifiers : {dynamic, Locale, provider, UUID} Site : Container : >>>>>> Installed Files Directory: C:\Users Mode LastWriteTime Length Name ---- ------------- ------ ---- d-r--- 2/10/2018 5:22 AM Public d----- 2/19/2018 7:26 AM vagrant >>>>>> Installed Resources Directory: C:\Users\vagrant Mode LastWriteTime Length Name ---- ------------- ------ ---- d-r--- 2/10/2018 5:22 AM 3D Objects d-r--- 2/10/2018 5:22 AM Contacts d-r--- 2/10/2018 5:22 AM Desktop d-r--- 2/10/2018 5:33 AM Documents d-r--- 2/10/2018 5:22 AM Downloads d-r--- 2/10/2018 5:22 AM Favorites d-r--- 2/10/2018 5:22 AM Links d-r--- 2/10/2018 5:22 AM Music d-r--- 2/10/2018 5:22 AM Pictures d-r--- 2/10/2018 5:22 AM Saved Games d-r--- 2/10/2018 5:22 AM Searches d-r--- 2/10/2018 5:22 AM Videos -a---- 2/19/2018 7:23 AM 5179 DockerDebugInfo.ps1 >>>>>> Get-VMHost LogicalProcessorCount : 2 ResourceMeteringSaveInterval : 01:00:00 HostNumaStatus : {VAGRANT-1709} NumaStatus : {} IovSupport : False IovSupportReasons : {Ensure that the system has chipset support for SR-IOV and that I/O virtualization is enabled in the BIOS., To use SR-IOV on this system, the system BIOS must be updated to allow Windows to control PCI Express. Contact your system manufacturer for an update., SR-IOV cannot be used on this system as the PCI Express hardware does not support Access Control Services (ACS) at any root port. Contact your system vendor for further information.} InternalNetworkAdapters : {235067c1-60ba-4475-9267-a00e6f4e57 e8, 97ddf897-3993-4f41-ab38-098d71f ab0b4, Container NIC 289b15ce, Container NIC 561b6311...} ExternalNetworkAdapters : {ExternalPort} SupportedVmVersions : {5.0, 6.2, 7.0, 7.1...} SecureBootTemplates : {MicrosoftWindows, MicrosoftUEFICertificateAuthority, OpenSourceShieldedVM} EnableEnhancedSessionMode : False FibreChannelWwnn : C003FF0000FFFF00 FibreChannelWwpnMaximum : C003FFA1F2B2FFFF FibreChannelWwpnMinimum : C003FFA1F2B20000 MacAddressMaximum : 00155D8001FF MacAddressMinimum : 00155D800100 NumaSpanningEnabled : True VirtualHardDiskPath : C:\Users\Public\Documents\Hyper-V\V irtual Hard Disks VirtualMachinePath : C:\ProgramData\Microsoft\Windows\Hy per-V FullyQualifiedDomainName : WORKGROUP MemoryCapacity : 3220754432 Name : VAGRANT-1709 MaximumStorageMigrations : 2 MaximumVirtualMachineMigrations : 2 UseAnyNetworkForMigration : False VirtualMachineMigrationAuthenticationType : CredSSP VirtualMachineMigrationEnabled : False VirtualMachineMigrationPerformanceOption : Compression CimSession : CimSession: . ComputerName : VAGRANT-1709 IsDeleted : False >>>>>> Get-WindowsOptionalFeature FeatureName State ----------- ----- NetFx4ServerFeatures Enabled NetFx4 Enabled NetFx4Extended-ASPNET45 Disabled MicrosoftWindowsPowerShellRoot Enabled MicrosoftWindowsPowerShell Enabled RemoteAccessMgmtTools Disabled RemoteAccessPowerShell Disabled WSS-Product-Package Disabled ActiveDirectory-PowerShell Disabled DirectoryServices-DomainController Disabled HostGuardianService-Package Disabled DirectoryServices-AdministrativeCenter Disabled RemoteAccess Disabled RemoteAccessServer Disabled RasRoutingProtocols Disabled Web-Application-Proxy Disabled iSCSITargetServer-PowerShell Disabled MicrosoftWindowsPowerShellV2 Enabled WindowsPowerShellWebAccess Disabled RightsManagementServices-Role Disabled RightsManagementServices Disabled RMS-Federation Disabled RightsManagementServices-AdminTools Disabled DataCenterBridging-LLDP-Tools Disabled Server-Psh-Cmdlets Enabled PKIClient-PSH-Cmdlets Disabled KeyDistributionService-PSH-Cmdlets Enabled TlsSessionTicketKey-PSH-Cmdlets Enabled Tpm-PSH-Cmdlets Enabled NetworkController Disabled NetworkControllerTools Disabled IIS-WebServerRole Disabled IIS-WebServer Disabled IIS-CommonHttpFeatures Disabled IIS-Security Disabled IIS-RequestFiltering Disabled IIS-StaticContent Disabled IIS-DefaultDocument Disabled IIS-DirectoryBrowsing Disabled IIS-HttpErrors Disabled IIS-HttpRedirect Disabled IIS-WebDAV Disabled IIS-ApplicationDevelopment Disabled IIS-WebSockets Disabled IIS-ApplicationInit Disabled IIS-NetFxExtensibility Disabled IIS-NetFxExtensibility45 Disabled IIS-ISAPIExtensions Disabled IIS-ISAPIFilter Disabled IIS-ASPNET Disabled IIS-ASPNET45 Disabled IIS-ASP Disabled IIS-CGI Disabled IIS-ServerSideIncludes Disabled IIS-HealthAndDiagnostics Disabled IIS-HttpLogging Disabled IIS-LoggingLibraries Disabled IIS-RequestMonitor Disabled IIS-HttpTracing Disabled IIS-CustomLogging Disabled IIS-ODBCLogging Disabled IIS-CertProvider Disabled IIS-BasicAuthentication Disabled IIS-WindowsAuthentication Disabled IIS-DigestAuthentication Disabled IIS-ClientCertificateMappingAuthentication Disabled IIS-IISCertificateMappingAuthentication Disabled IIS-URLAuthorization Disabled IIS-IPSecurity Disabled IIS-Performance Disabled IIS-HttpCompressionStatic Disabled IIS-HttpCompressionDynamic Disabled IIS-WebServerManagementTools Disabled IIS-ManagementConsole Disabled IIS-LegacySnapIn Disabled IIS-ManagementScriptingTools Disabled IIS-ManagementService Disabled IIS-IIS6ManagementCompatibility Disabled IIS-Metabase Disabled IIS-WMICompatibility Disabled IIS-LegacyScripts Disabled IIS-FTPServer Disabled IIS-FTPSvc Disabled IIS-FTPExtensibility Disabled WAS-WindowsActivationService Disabled WAS-ProcessModel Disabled WAS-NetFxEnvironment Disabled WAS-ConfigurationAPI Disabled IIS-HostableWebCore Disabled MSMQ Disabled MSMQ-Services Disabled MSMQ-Server Disabled MSMQ-Triggers Disabled MSMQ-ADIntegration Disabled MSMQ-HTTP Disabled MSMQ-Multicast Disabled MSMQ-DCOMProxy Disabled MSMQ-RoutingServer Disabled WCF-Services45 Enabled WCF-HTTP-Activation45 Disabled WCF-TCP-Activation45 Disabled WCF-Pipe-Activation45 Disabled WCF-MSMQ-Activation45 Disabled WCF-TCP-PortSharing45 Enabled ManagementOdata Disabled DSC-Service Disabled ADCertificateServicesRole Disabled CertificateServices Disabled OnlineRevocationServices Disabled WebEnrollmentServices Disabled NetworkDeviceEnrollmentServices Disabled CertificateEnrollmentPolicyServer Disabled CertificateEnrollmentServer Disabled IdentityServer-SecurityTokenService Disabled IPAMServerFeature Disabled DeviceHealthAttestationService Disabled BITSExtensions-Upload Disabled WCF-HTTP-Activation Disabled WCF-NonHTTP-Activation Disabled RPC-HTTP_Proxy Disabled Smtpsvc-Admin-Update-Name Disabled Smtpsvc-Service-Update-Name Disabled WebAccess Disabled UpdateServices Disabled UpdateServices-Services Disabled UpdateServices-Database Disabled UpdateServices-WidDatabase Disabled Microsoft-Windows-Web-Services-for-Management-IIS-Extension Disabled WorkFolders-Server Disabled UpdateServices-RSAT Disabled UpdateServices-API Disabled DirectoryServices-ADAM Disabled FSRM-Infrastructure Disabled Microsoft-Windows-FCI-Client-Package Disabled FSRM-Infrastructure-Services Disabled IPAMClientFeature Disabled AuthManager Disabled ServerCore-WOW64 Enabled Printing-Server-Foundation-Features Disabled Printing-Server-Role Disabled Printing-LPDPrintService Disabled Printing-Client Enabled Printing-Client-Gui Disabled ServerManager-Core-RSAT Enabled ServerManager-Core-RSAT-Role-Tools Enabled ServerManager-Core-RSAT-Feature-Tools Disabled DHCPServer-Tools Disabled RSAT-AD-Tools-Feature Disabled RSAT-ADDS-Tools-Feature Disabled DirectoryServices-DomainController-Tools Disabled DirectoryServices-ADAM-Tools Disabled DNS-Server-Tools Disabled Microsoft-Hyper-V Enabled Microsoft-Hyper-V-Offline Enabled Microsoft-Hyper-V-Online Enabled RSAT-Hyper-V-Tools-Feature Enabled Microsoft-Hyper-V-Management-Clients Disabled Microsoft-Hyper-V-Management-PowerShell Enabled NetworkVirtualization Disabled VmHostAgent Disabled HostGuardian Disabled ShieldedVMToolsAdminPack Disabled Storage-Replica-AdminPack Disabled NetFx3ServerFeatures Disabled NetFx3 DisabledWithPayload Removed EnhancedStorage Disabled BitLocker Disabled Bitlocker-Utilities Disabled Microsoft-Windows-GroupPolicy-ServerAdminTools-Update Disabled FailoverCluster-FullServer Disabled WindowsServerBackup Disabled CCFFilter Disabled FailoverCluster-AdminPak Disabled FailoverCluster-PowerShell Disabled HardenedFabricEncryptionTask Disabled ServicesForNFS-ServerAndClient Disabled ServerForNFS-Infrastructure Disabled ClientForNFS-Infrastructure Disabled SimpleTCP Disabled SMB1Protocol Disabled SMB1Protocol-Client Disabled SMB1Protocol-Server Disabled SmbDirect Enabled Windows-Defender-Features Enabled Windows-Defender Enabled Dedup-Core Disabled DFSN-Server Disabled DFSR-Infrastructure-ServerEdition Disabled DHCPServer Disabled DNS-Server-Full-Role Disabled FailoverCluster-AutomationServer Disabled FailoverCluster-CmdInterface Disabled FRS-Infrastructure Disabled FileServerVSSAgent Disabled Windows-Internal-Database Disabled WINSRuntime Disabled iSCSITargetStorageProviders Disabled iSCSITargetServer Disabled iSNS_Service Disabled BITS Disabled LightweightServer Disabled MultipathIo Disabled NetworkLoadBalancingFullServer Disabled Containers Enabled PeerDist Disabled P2P-PnrpOnly Disabled Printing-PrintToPDFServices-Features Enabled Printing-XPSServices-Features Enabled QWAVE Disabled MSRDC-Infrastructure Disabled ResumeKeyFilter Disabled DataCenterBridging Disabled DiskIo-QoS Disabled ServerMediaFoundation Disabled ServerMigration Disabled SMBHashGeneration Disabled SmbWitness Disabled SNMP Disabled WMISnmpProvider Disabled WindowsStorageManagementService Disabled TelnetClient Disabled Remote-Desktop-Services Disabled SessionDirectory Disabled SBMgr-UI Disabled Licensing Disabled VolumeActivation-Full-Role Disabled SMBBW Disabled SetupAndBootEventCollection Disabled FabricShieldedTools Disabled Microsoft-Windows-Subsystem-Linux Disabled Storage-Replica Disabled SoftwareLoadBalancer Disabled FileAndStorage-Services Enabled Storage-Services Enabled File-Services Disabled CoreFileServer Disabled ServerCore-Drivers-General Enabled ServerCore-Drivers-General-WOW64 Enabled >>>>>> bcdedit Windows Boot Manager -------------------- identifier {bootmgr} device partition=\Device\HarddiskVolume1 description Windows Boot Manager locale en-US inherit {globalsettings} bootshutdowndisabled Yes default {current} resumeobject {78e34a64-0ea6-11e8-96c0-ed7847fbc794} displayorder {current} toolsdisplayorder {memdiag} timeout 30 Windows Boot Loader ------------------- identifier {current} device partition=C: path \Windows\system32\winload.exe description Windows Server 2016 locale en-US inherit {bootloadersettings} recoverysequence {78e34a66-0ea6-11e8-96c0-ed7847fbc794} displaymessageoverride Recovery recoveryenabled Yes allowedinmemorysettings 0x15000075 osdevice partition=C: systemroot \Windows resumeobject {78e34a64-0ea6-11e8-96c0-ed7847fbc794} nx OptOut hypervisorlaunchtype Auto >>>>>> Get-Process Handles NPM(K) PM(K) WS(K) CPU(s) Id SI ProcessName ------- ------ ----- ----- ------ -- -- ----------- 93 5 1004 4688 0.00 1660 2 CExecSvc 93 5 1000 4664 0.02 3692 4 CExecSvc 44 4 2004 2548 0.02 1268 1 cmd 55 3 1912 2828 0.00 2604 0 cmd 145 9 5016 10988 0.20 500 0 conhost 156 10 5816 12496 1.23 972 1 conhost 140 9 1500 7396 0.20 3716 0 conhost 407 13 2156 5548 2.55 404 0 csrss 208 9 2076 2696 1.72 488 1 csrss 209 10 1736 5072 0.27 3672 4 csrss 213 10 1780 5104 0.25 4744 2 csrss 242 13 3880 13080 0.33 2420 0 dllhost 530 28 38140 58796 481.72 496 0 dockerd 65 6 1572 1280 0.03 756 1 fontdrvhost 45 6 1252 1240 0.11 764 0 fontdrvhost 45 6 1172 3708 0.05 2132 4 fontdrvhost 45 6 1172 3708 0.03 5808 2 fontdrvhost 0 0 52 8 0 0 Idle 871 20 5864 9188 7.91 624 0 lsass 727 20 4348 12512 0.28 3928 2 lsass 717 20 4116 12496 0.36 4052 4 lsass 184 15 5300 12124 2.27 3376 0 ManagementAgentHost 203 13 2664 9804 0.09 2112 2 msdtc 204 13 3216 6676 0.28 3172 0 msdtc 203 13 2644 9772 0.11 4584 4 msdtc 517 65 144808 57052 421.52 1800 0 MsMpEng 79 6 804 3844 0.16 2172 4 PING 79 6 800 3856 0.03 5016 2 PING 784 38 126284 147580 4.52 2880 0 powershell 0 0 136 2800 0.00 48 0 Secure System 317 10 3384 5848 2.83 612 0 services 187 9 2224 6452 0.39 1004 2 services 187 9 2092 6308 0.38 4276 4 services 52 3 456 1208 0.30 292 0 smss 49 3 428 1220 0.09 2928 0 smss 49 3 428 1220 0.09 3564 0 smss 112 12 1772 7320 0.09 932 0 sshd 123 10 2268 7820 0.73 4016 0 sshd 136 9 2140 7984 0.08 4684 0 sshd 70 5 952 4132 0.06 4956 0 ssh-shellhost 479 18 4148 9036 0.30 72 0 svchost 421 15 3880 6856 0.77 736 0 svchost 461 16 3920 6288 0.97 852 0 svchost 329 22 9368 8024 0.19 996 0 svchost 479 16 8940 12920 2.64 1016 0 svchost 594 20 5888 12536 1.00 1028 0 svchost 1328 47 24444 42760 11.80 1036 0 svchost 355 15 7324 13484 0.25 1188 2 svchost 473 23 16564 24112 64.44 1260 0 svchost 836 41 13908 26136 13.59 1316 0 svchost 427 34 10088 14988 1.64 1384 0 svchost 147 12 1588 6884 0.13 1564 0 svchost 431 21 8556 20340 1.91 1640 0 svchost 195 10 2264 8196 0.41 1664 0 svchost 440 20 7224 19408 0.72 1724 2 svchost 197 12 1748 7304 0.22 1756 0 svchost 107 7 1180 5844 0.05 1852 2 svchost 303 12 2480 9512 0.14 2060 4 svchost 107 7 1184 5856 0.02 2296 4 svchost 220 10 2164 8384 0.16 2444 2 svchost 119 8 2444 7580 0.08 2832 0 svchost 217 10 1984 8248 0.11 4356 4 svchost 538 34 5820 19112 2.08 4708 2 svchost 167 14 2936 9004 0.03 4776 2 svchost 816 28 11184 26624 5.48 4816 4 svchost 259 14 2064 7252 0.16 4880 4 svchost 309 12 2596 9616 0.13 4920 2 svchost 832 29 11720 27488 5.67 5132 2 svchost 158 14 2920 8960 0.14 5432 4 svchost 359 15 6972 13284 0.22 5552 4 svchost 265 14 2136 7324 0.08 5848 2 svchost 395 18 5316 17180 0.50 5936 4 svchost 537 34 5852 19068 1.95 6128 4 svchost 2568 0 156 148 186.59 4 0 System 195 12 1884 9344 0.05 2344 1 taskhostw 181 10 6860 11088 0.81 5520 0 TiWorker 118 8 1880 6808 0.06 4856 0 TrustedInstaller 175 12 4588 12772 0.19 1744 0 VGAuthService 119 7 1524 6520 0.02 368 0 vmacthlp 179 10 2268 9796 3.34 2952 0 vmcompute 671 24 43184 23004 0.66 1864 0 vmms 366 24 9868 21700 3.92 1732 0 vmtoolsd 280 20 4816 11020 2.97 3128 1 vmtoolsd 151 10 1348 3808 0.08 480 0 wininit 147 10 1264 6672 0.06 3768 4 wininit 147 10 1244 6680 0.13 3864 2 wininit 224 11 2120 4512 0.13 564 1 winlogon 312 16 8636 17944 8.53 2428 0 WmiPrvSE 161 10 6920 12960 1.33 4840 4 WmiPrvSE 160 10 5952 12524 1.25 5764 2 WmiPrvSE >>>>>> Services Image Name PID Services ========================= ======== ============================================ svchost.exe 736 DcomLaunch, LSM, PlugPlay, Power, SystemEventsBroker svchost.exe 852 RpcEptMapper, RpcSs svchost.exe 996 HvHost, UALSVC, UmRdpService svchost.exe 1016 Dhcp, EventLog, lmhosts, TimeBrokerSvc, WinHttpAutoProxySvc svchost.exe 72 TermService svchost.exe 1028 EventSystem, netprofm, nsi svchost.exe 1036 gpsvc, hns, IKEEXT, iphlpsvc, NetSetupSvc, ProfSvc, Schedule, SENS, SessionEnv, UserManager, Winmgmt svchost.exe 1260 CertPropSvc svchost.exe 1316 CryptSvc, Dnscache, LanmanWorkstation, NlaSvc, WinRM svchost.exe 1384 BFE, CoreMessagingRegistrar, DPS, MpsSvc svchost.exe 1564 PolicyAgent svchost.exe 1640 DiagTrack svchost.exe 1664 LanmanServer svchost.exe 1756 W32Time svchost.exe 2832 StateRepository svchost.exe 2060 N/A svchost.exe 4880 N/A svchost.exe 4356 N/A svchost.exe 5552 N/A svchost.exe 4816 N/A svchost.exe 5432 N/A svchost.exe 6128 N/A svchost.exe 2296 N/A svchost.exe 5936 N/A svchost.exe 4920 N/A svchost.exe 5848 N/A svchost.exe 2444 N/A svchost.exe 1188 N/A svchost.exe 5132 N/A svchost.exe 4776 N/A svchost.exe 4708 N/A svchost.exe 1852 N/A svchost.exe 1724 N/A >>>>>> Environment Name Value ---- ----- ALLUSERSPROFILE C:\ProgramData APPDATA C:\Users\vagrant\AppData\Roaming ChocolateyInstall C:\ProgramData\chocolatey ChocolateyLastPathUpdate Mon Feb 19 06:22:32 2018 CommonProgramFiles C:\Program Files\Common Files CommonProgramFiles(x86) C:\Program Files (x86)\Common Files CommonProgramW6432 C:\Program Files\Common Files COMPUTERNAME VAGRANT-1709 ComSpec C:\Windows\system32\cmd.exe HOMEDRIVE C: HOMEPATH \Users\vagrant LOCALAPPDATA C:\Users\vagrant\AppData\Local NUMBER_OF_PROCESSORS 2 OS Windows_NT Path C:\Windows\system32;C:\Windows;C:\Windows\System 32\Wbem;C:\Windows\System32\WindowsPowerShell\v1 .0\;C:\Program Files\Docker;C:\ProgramData\choco latey\bin;C:\Program Files\OpenSSH-Win64;C:\Wind ows\system32\config\systemprofile\AppData\Local\ Microsoft\WindowsApps;C:\Users\vagrant\AppData\L ocal\Microsoft\WindowsApps; PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH ;.MSC;.CPL PROCESSOR_ARCHITECTURE AMD64 PROCESSOR_IDENTIFIER Intel64 Family 6 Model 26 Stepping 5, GenuineIntel PROCESSOR_LEVEL 6 PROCESSOR_REVISION 1a05 ProgramData C:\ProgramData ProgramFiles C:\Program Files ProgramFiles(x86) C:\Program Files (x86) ProgramW6432 C:\Program Files PROMPT vagrant@vagrant-1709@VAGRANT-1709 $P$G PSModulePath C:\Users\vagrant\Documents\WindowsPowerShell\Mod ules;C:\Program Files\WindowsPowerShell\Modules; C:\Windows\system32\WindowsPowerShell\v1.0\Modul es PUBLIC C:\Users\Public SSH_CLIENT 192.168.84.1 34710 22 SSH_CONNECTION 192.168.84.1 34710 192.168.84.128 22 SystemDrive C: SystemRoot C:\Windows TEMP C:\Users\vagrant\AppData\Local\Temp TERM xterm-256color TMP C:\Users\vagrant\AppData\Local\Temp USERDOMAIN WORKGROUP USERNAME vagrant@vagrant-1709 USERPROFILE C:\Users\vagrant windir C:\Windows >>>>>> Get-VM Details >>>>>> Get-VM Version >>>>>> Get-VMComPort >>>>>> Get-VMDvdDrive >>>>>> Get-VMIntegrationService >>>>>> Get-VMMemory >>>>>> Get-VMProcessor >>>>>> Get-VMScsiController >>>>>> Get-VMSecurity >>>>>> SystemStartOptions Windows Boot Manager -------------------- identifier {bootmgr} device partition=\Device\HarddiskVolume1 description Windows Boot Manager locale en-US inherit {globalsettings} bootshutdowndisabled Yes default {current} resumeobject {78e34a64-0ea6-11e8-96c0-ed7847fbc794} displayorder {current} toolsdisplayorder {memdiag} timeout 30 Windows Boot Loader ------------------- identifier {current} device partition=C: path \Windows\system32\winload.exe description Windows Server 2016 locale en-US inherit {bootloadersettings} recoverysequence {78e34a66-0ea6-11e8-96c0-ed7847fbc794} displaymessageoverride Recovery recoveryenabled Yes allowedinmemorysettings 0x15000075 osdevice partition=C: systemroot \Windows resumeobject {78e34a64-0ea6-11e8-96c0-ed7847fbc794} nx OptOut hypervisorlaunchtype Auto SystemStartOptions : NOEXECUTE=OPTOUT HYPERVISORLAUNCHTYPE=AUTO PSPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SYS TEM\CurrentControlSet\Control PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SYS TEM\CurrentControlSet PSChildName : Control PSDrive : HKLM PSProvider : Microsoft.PowerShell.Core\Registry >>>>>> Get-WinEvent SMB ProviderName: Microsoft-Windows-SMBClient TimeCreated Id LevelDisplayName Message ----------- -- ---------------- ------- 2/19/2018 7:18:01 AM 30810 Information Added a TCP/IP transport interface. Name: vEthernet (d9a8d15c56 4ccab38ac7550af7faba50c1d30 9e0d5373ec102981652a7732c79 ) InterfaceIndex: 0x21 Guidance: A TCP/IP binding was added to the specified network adapter for the SMB client. The SMB client can now send and receive SMB traffic on this network adapter using TCP/IP. You should expect this event when a computer restarts or when a previously disabled network adaptor is re-enabled. No user action is required. 2/19/2018 7:18:00 AM 30810 Information Added a TCP/IP transport interface. Name: vEthernet (d9a8d15c56 4ccab38ac7550af7faba50c1d30 9e0d5373ec102981652a7732c79 ) InterfaceIndex: 0x21 Guidance: A TCP/IP binding was added to the specified network adapter for the SMB client. The SMB client can now send and receive SMB traffic on this network adapter using TCP/IP. You should expect this event when a computer restarts or when a previously disabled network adaptor is re-enabled. No user action is required. 2/19/2018 7:18:00 AM 30810 Information Added a TCP/IP transport interface. Name: vEthernet (d9a8d15c56 4ccab38ac7550af7faba50c1d30 9e0d5373ec102981652a7732c79 ) InterfaceIndex: 0x21 Guidance: A TCP/IP binding was added to the specified network adapter for the SMB client. The SMB client can now send and receive SMB traffic on this network adapter using TCP/IP. You should expect this event when a computer restarts or when a previously disabled network adaptor is re-enabled. No user action is required. 2/19/2018 7:16:45 AM 30810 Information Added a TCP/IP transport interface. Name: vEthernet (a3bffa4913 38b805ec756c7d20015ef403a8b 0da6198975298a8bf7ed5735ea4 ) InterfaceIndex: 0x1C Guidance: A TCP/IP binding was added to the specified network adapter for the SMB client. The SMB client can now send and receive SMB traffic on this network adapter using TCP/IP. You should expect this event when a computer restarts or when a previously disabled network adaptor is re-enabled. No user action is required. 2/19/2018 7:16:44 AM 30810 Information Added a TCP/IP transport interface. Name: vEthernet (a3bffa4913 38b805ec756c7d20015ef403a8b 0da6198975298a8bf7ed5735ea4 ) InterfaceIndex: 0x1C Guidance: A TCP/IP binding was added to the specified network adapter for the SMB client. The SMB client can now send and receive SMB traffic on this network adapter using TCP/IP. You should expect this event when a computer restarts or when a previously disabled network adaptor is re-enabled. No user action is required. 2/19/2018 7:16:44 AM 30810 Information Added a TCP/IP transport interface. Name: vEthernet (a3bffa4913 38b805ec756c7d20015ef403a8b 0da6198975298a8bf7ed5735ea4 ) InterfaceIndex: 0x1C Guidance: A TCP/IP binding was added to the specified network adapter for the SMB client. The SMB client can now send and receive SMB traffic on this network adapter using TCP/IP. You should expect this event when a computer restarts or when a previously disabled network adaptor is re-enabled. No user action is required. 2/19/2018 7:12:24 AM 30810 Information Added a TCP/IP transport interface. Name: vEthernet (Ethernet) InterfaceIndex: 0x26 Guidance: A TCP/IP binding was added to the specified network adapter for the SMB client. The SMB client can now send and receive SMB traffic on this network adapter using TCP/IP. You should expect this event when a computer restarts or when a previously disabled network adaptor is re-enabled. No user action is required. 2/19/2018 7:12:23 AM 30810 Information Added a TCP/IP transport interface. Name: vEthernet (Ethernet) InterfaceIndex: 0x26 Guidance: A TCP/IP binding was added to the specified network adapter for the SMB client. The SMB client can now send and receive SMB traffic on this network adapter using TCP/IP. You should expect this event when a computer restarts or when a previously disabled network adaptor is re-enabled. No user action is required. 2/19/2018 7:12:23 AM 30810 Information Added a TCP/IP transport interface. Name: vEthernet (Ethernet) InterfaceIndex: 0x26 Guidance: A TCP/IP binding was added to the specified network adapter for the SMB client. The SMB client can now send and receive SMB traffic on this network adapter using TCP/IP. You should expect this event when a computer restarts or when a previously disabled network adaptor is re-enabled. No user action is required. 2/19/2018 7:10:17 AM 30810 Information Added a TCP/IP transport interface. Name: vEthernet (1f8038dada f755e30810445858d7120d27f07 a87036e563e1758f13e8154ace7 ) InterfaceIndex: 0x21 Guidance: A TCP/IP binding was added to the specified network adapter for the SMB client. The SMB client can now send and receive SMB traffic on this network adapter using TCP/IP. You should expect this event when a computer restarts or when a previously disabled network adaptor is re-enabled. No user action is required. 2/19/2018 7:10:16 AM 30810 Information Added a TCP/IP transport interface. Name: vEthernet (5856fbd4c3 1cd0ce657c86d9bacbf75d04a12 2a40262cb3d3c75c6fda29741ee ) InterfaceIndex: 0x1D Guidance: A TCP/IP binding was added to the specified network adapter for the SMB client. The SMB client can now send and receive SMB traffic on this network adapter using TCP/IP. You should expect this event when a computer restarts or when a previously disabled network adaptor is re-enabled. No user action is required. 2/19/2018 7:10:16 AM 30810 Information Added a TCP/IP transport interface. Name: vEthernet (1f8038dada f755e30810445858d7120d27f07 a87036e563e1758f13e8154ace7 ) InterfaceIndex: 0x21 Guidance: A TCP/IP binding was added to the specified network adapter for the SMB client. The SMB client can now send and receive SMB traffic on this network adapter using TCP/IP. You should expect this event when a computer restarts or when a previously disabled network adaptor is re-enabled. No user action is required. 2/19/2018 7:10:16 AM 30810 Information Added a TCP/IP transport interface. Name: vEthernet (1f8038dada f755e30810445858d7120d27f07 a87036e563e1758f13e8154ace7 ) InterfaceIndex: 0x21 Guidance: A TCP/IP binding was added to the specified network adapter for the SMB client. The SMB client can now send and receive SMB traffic on this network adapter using TCP/IP. You should expect this event when a computer restarts or when a previously disabled network adaptor is re-enabled. No user action is required. 2/19/2018 7:10:15 AM 30810 Information Added a TCP/IP transport interface. Name: vEthernet (5856fbd4c3 1cd0ce657c86d9bacbf75d04a12 2a40262cb3d3c75c6fda29741ee ) InterfaceIndex: 0x1D Guidance: A TCP/IP binding was added to the specified network adapter for the SMB client. The SMB client can now send and receive SMB traffic on this network adapter using TCP/IP. You should expect this event when a computer restarts or when a previously disabled network adaptor is re-enabled. No user action is required. 2/19/2018 7:10:15 AM 30810 Information Added a TCP/IP transport interface. Name: vEthernet (5856fbd4c3 1cd0ce657c86d9bacbf75d04a12 2a40262cb3d3c75c6fda29741ee ) InterfaceIndex: 0x1D Guidance: A TCP/IP binding was added to the specified network adapter for the SMB client. The SMB client can now send and receive SMB traffic on this network adapter using TCP/IP. You should expect this event when a computer restarts or when a previously disabled network adaptor is re-enabled. No user action is required. 2/19/2018 6:37:39 AM 30810 Information Added a TCP/IP transport interface. Name: vEthernet (c7ba7e5812 a6966d4fc188f8bbce6d8fccdc9 41a91a31c4f48294b5a60930d1b ) InterfaceIndex: 0x2B Guidance: A TCP/IP binding was added to the specified network adapter for the SMB client. The SMB client can now send and receive SMB traffic on this network adapter using TCP/IP. You should expect this event when a computer restarts or when a previously disabled network adaptor is re-enabled. No user action is required. 2/19/2018 6:37:39 AM 30810 Information Added a TCP/IP transport interface. Name: vEthernet (65acd29439 d95b930a1cd5df4ceb642985a03 491147e91522d9d5bc7f0d8f7f3 ) InterfaceIndex: 0x27 Guidance: A TCP/IP binding was added to the specified network adapter for the SMB client. The SMB client can now send and receive SMB traffic on this network adapter using TCP/IP. You should expect this event when a computer restarts or when a previously disabled network adaptor is re-enabled. No user action is required. 2/19/2018 6:37:38 AM 30810 Information Added a TCP/IP transport interface. Name: vEthernet (c7ba7e5812 a6966d4fc188f8bbce6d8fccdc9 41a91a31c4f48294b5a60930d1b ) InterfaceIndex: 0x2B Guidance: A TCP/IP binding was added to the specified network adapter for the SMB client. The SMB client can now send and receive SMB traffic on this network adapter using TCP/IP. You should expect this event when a computer restarts or when a previously disabled network adaptor is re-enabled. No user action is required. 2/19/2018 6:37:38 AM 30810 Information Added a TCP/IP transport interface. Name: vEthernet (65acd29439 d95b930a1cd5df4ceb642985a03 491147e91522d9d5bc7f0d8f7f3 ) InterfaceIndex: 0x27 Guidance: A TCP/IP binding was added to the specified network adapter for the SMB client. The SMB client can now send and receive SMB traffic on this network adapter using TCP/IP. You should expect this event when a computer restarts or when a previously disabled network adaptor is re-enabled. No user action is required. 2/19/2018 6:37:38 AM 30810 Information Added a TCP/IP transport interface. Name: vEthernet (c7ba7e5812 a6966d4fc188f8bbce6d8fccdc9 41a91a31c4f48294b5a60930d1b ) InterfaceIndex: 0x2B Guidance: A TCP/IP binding was added to the specified network adapter for the SMB client. The SMB client can now send and receive SMB traffic on this network adapter using TCP/IP. You should expect this event when a computer restarts or when a previously disabled network adaptor is re-enabled. No user action is required. ProviderName: Microsoft-Windows-SMBServer TimeCreated Id LevelDisplayName Message ----------- -- ---------------- ------- 2/19/2018 6:23:15 AM 1010 Information Endpoint added. Name: VAGRANT-1709 Domain Name: WORKGROUP Transport Name: \Device\Net BT_Tcpip_{61A03B00-7306-4C5 A-9C2E-2B921DA6B003} Transport Flags: 0x1 Guidance: You should expect this event when the server starts listening on an interface, such as during system restart or when enabling a network adaptor. No user action is required. 2/19/2018 6:23:08 AM 1011 Information Endpoint removed. Name: Domain Name: Transport Name: \Device\Net BT_Tcpip_{61A03B00-7306-4C5 A-9C2E-2B921DA6B003} Guidance: You should expect this event when the server stops listening on an interface, such as during shutdown or when disabling a network adaptor. No user action is required. 2/19/2018 6:23:03 AM 1010 Information Endpoint added. Name: VAGRANT-1709 Domain Name: WORKGROUP Transport Name: \Device\Net BT_Tcpip_{61A03B00-7306-4C5 A-9C2E-2B921DA6B003} Transport Flags: 0x1 Guidance: You should expect this event when the server starts listening on an interface, such as during system restart or when enabling a network adaptor. No user action is required. 2/19/2018 6:22:50 AM 1011 Information Endpoint removed. Name: Domain Name: Transport Name: \Device\Net BT_Tcpip_{871A0701-82D1-46A 3-B2FE-692B56194614} Guidance: You should expect this event when the server stops listening on an interface, such as during shutdown or when disabling a network adaptor. No user action is required. 2/19/2018 6:21:29 AM 1010 Information Endpoint added. Name: VAGRANT-1709 Domain Name: WORKGROUP Transport Name: \Device\Net BT_Tcpip_{871A0701-82D1-46A 3-B2FE-692B56194614} Transport Flags: 0x1 Guidance: You should expect this event when the server starts listening on an interface, such as during system restart or when enabling a network adaptor. No user action is required. 2/19/2018 6:21:22 AM 1010 Information Endpoint added. Name: VAGRANT-1709 Domain Name: WORKGROUP Transport Name: \Device\Net BT_Tcpip_{901C0E25-6A49-4D6 7-B8C6-C4FBB2A04757} Transport Flags: 0x1 Guidance: You should expect this event when the server starts listening on an interface, such as during system restart or when enabling a network adaptor. No user action is required. 2/19/2018 6:21:19 AM 1010 Information Endpoint added. Name: VAGRANT-1709 Domain Name: WORKGROUP Transport Name: \Device\NetbiosSmb Transport Flags: 0x1 Guidance: You should expect this event when the server starts listening on an interface, such as during system restart or when enabling a network adaptor. No user action is required. 2/19/2018 6:21:19 AM 1025 Warning One or more named pipes or shares have been marked for access by anonymous users. This increases the security risk of the computer by allowing unauthenticated users to connect to this server. Registry Key: HKLM\System\C urrentControlSet\Services\L anmanServer\Parameters Registry Values: NullSessionPipes, NullSessionShares Default Value: Empty (or not present) Current Value: Non-empty Guidance: You should expect this event when modifying the default values of NullSessionShares and NullSessionPipes. On a typical file server, these settings do not exist or do not contain values, which is the most secure configuration. By default, domain controllers populate the NullSessionShares entry with netlogon, samr, and lsarpc to allow legacy access methods. 2/19/2018 6:21:00 AM 1010 Information Endpoint added. Name: VAGRANT-1709 Domain Name: WORKGROUP Transport Name: \Device\Net BT_Tcpip_{901C0E25-6A49-4D6 7-B8C6-C4FBB2A04757} Transport Flags: 0x1 Guidance: You should expect this event when the server starts listening on an interface, such as during system restart or when enabling a network adaptor. No user action is required. 2/19/2018 6:20:57 AM 1010 Information Endpoint added. Name: VAGRANT-1709 Domain Name: WORKGROUP Transport Name: \Device\Net BT_Tcpip_{871A0701-82D1-46A 3-B2FE-692B56194614} Transport Flags: 0x1 Guidance: You should expect this event when the server starts listening on an interface, such as during system restart or when enabling a network adaptor. No user action is required. 2/19/2018 6:20:49 AM 1010 Information Endpoint added. Name: VAGRANT-1709 Domain Name: WORKGROUP Transport Name: \Device\NetbiosSmb Transport Flags: 0x1 Guidance: You should expect this event when the server starts listening on an interface, such as during system restart or when enabling a network adaptor. No user action is required. 2/19/2018 6:20:48 AM 1025 Warning One or more named pipes or shares have been marked for access by anonymous users. This increases the security risk of the computer by allowing unauthenticated users to connect to this server. Registry Key: HKLM\System\C urrentControlSet\Services\L anmanServer\Parameters Registry Values: NullSessionPipes, NullSessionShares Default Value: Empty (or not present) Current Value: Non-empty Guidance: You should expect this event when modifying the default values of NullSessionShares and NullSessionPipes. On a typical file server, these settings do not exist or do not contain values, which is the most secure configuration. By default, domain controllers populate the NullSessionShares entry with netlogon, samr, and lsarpc to allow legacy access methods. 2/19/2018 6:19:28 AM 1010 Information Endpoint added. Name: VAGRANT-1709 Domain Name: WORKGROUP Transport Name: \Device\Net BT_Tcpip_{871A0701-82D1-46A 3-B2FE-692B56194614} Transport Flags: 0x1 Guidance: You should expect this event when the server starts listening on an interface, such as during system restart or when enabling a network adaptor. No user action is required. 2/19/2018 6:19:17 AM 1011 Information Endpoint removed. Name: Domain Name: Transport Name: \Device\Net BT_Tcpip_{871A0701-82D1-46A 3-B2FE-692B56194614} Guidance: You should expect this event when the server stops listening on an interface, such as during shutdown or when disabling a network adaptor. No user action is required. 2/19/2018 6:19:17 AM 1010 Information Endpoint added. Name: VAGRANT-1709 Domain Name: WORKGROUP Transport Name: \Device\Net BT_Tcpip_{871A0701-82D1-46A 3-B2FE-692B56194614} Transport Flags: 0x1 Guidance: You should expect this event when the server starts listening on an interface, such as during system restart or when enabling a network adaptor. No user action is required. 2/19/2018 6:19:05 AM 1027 Information The file and printer sharing firewall ports are currently closed. This is the default configuration for a system that is not sharing content or is on a Public network. Guidance: You should expect this event when Windows Firewall is not configured to enable the File and Printer Sharing rule, which allows inbound SMB traffic. This event occurs on a computer that does not have custom shares configured. Clients cannot access SMB shares on this computer until SMB traffic is allowed through the firewall. 2/19/2018 6:19:05 AM 1011 Information Endpoint removed. Name: Domain Name: Transport Name: \Device\Net BT_Tcpip_{ED21FF4D-F0E4-451 9-9C14-34BD88D989CD} Guidance: You should expect this event when the server stops listening on an interface, such as during shutdown or when disabling a network adaptor. No user action is required. 2/19/2018 6:19:05 AM 1010 Information Endpoint added. Name: VAGRANT-1709 Domain Name: WORKGROUP Transport Name: \Device\Net BT_Tcpip_{ED21FF4D-F0E4-451 9-9C14-34BD88D989CD} Transport Flags: 0x1 Guidance: You should expect this event when the server starts listening on an interface, such as during system restart or when enabling a network adaptor. No user action is required. 2/19/2018 6:19:02 AM 1010 Information Endpoint added. Name: VAGRANT-1709 Domain Name: WORKGROUP Transport Name: \Device\NetbiosSmb Transport Flags: 0x1 Guidance: You should expect this event when the server starts listening on an interface, such as during system restart or when enabling a network adaptor. No user action is required. 2/19/2018 6:19:02 AM 1025 Warning One or more named pipes or shares have been marked for access by anonymous users. This increases the security risk of the computer by allowing unauthenticated users to connect to this server. Registry Key: HKLM\System\C urrentControlSet\Services\L anmanServer\Parameters Registry Values: NullSessionPipes, NullSessionShares Default Value: Empty (or not present) Current Value: Non-empty Guidance: You should expect this event when modifying the default values of NullSessionShares and NullSessionPipes. On a typical file server, these settings do not exist or do not contain values, which is the most secure configuration. By default, domain controllers populate the NullSessionShares entry with netlogon, samr, and lsarpc to allow legacy access methods. ProviderName: Microsoft-Windows-SMBWitnessClient TimeCreated Id LevelDisplayName Message ----------- -- ---------------- ------- 2/10/2018 1:09:12 PM 1 Error Witness Client initialization failed with error (The system cannot find the file specified.) >>>>>> Get-WinEvent Hyper-V ProviderName: Microsoft-Windows-Hyper-V-Compute TimeCreated Id LevelDisplayName Message ----------- -- ---------------- ------- 2/19/2018 6:21:23 AM 1001 Information The Host Compute Service started successfully. 2/19/2018 6:20:54 AM 1001 Information The Host Compute Service started successfully. ProviderName: Microsoft-Windows-Hyper-V-Compute TimeCreated Id LevelDisplayName Message ----------- -- ---------------- ------- 2/19/2018 7:18:20 AM 2008 Information [90dcf902eb9b5078b43f69999b 9771141aaac821a7be3f2968da4 d12308fcb14] Query compute system notification, result 0x00000000, notification 1 / 0x00000000 2/19/2018 7:18:20 AM 2009 Information [90dcf902eb9b5078b43f69999b 9771141aaac821a7be3f2968da4 d12308fcb14] Queue system notification: 1 / 0x00000000 2/19/2018 7:18:19 AM 2002 Information [90dcf902eb9b5078b43f69999b 9771141aaac821a7be3f2968da4 d12308fcb14] Shut down compute system, result 0xC0370103 2/19/2018 7:18:19 AM 2502 Information [90dcf902eb9b5078b43f69999b 9771141aaac821a7be3f2968da4 d12308fcb14] Query process notification, process ID 5912, result 0x00000000, notification 65536 / 0x00000000 2/19/2018 7:18:19 AM 2503 Information [90dcf902eb9b5078b43f69999b 9771141aaac821a7be3f2968da4 d12308fcb14] Queue process notification 65536 / 0x00000000, process ID 5912 2/19/2018 7:18:19 AM 2003 Information [90dcf902eb9b5078b43f69999b 9771141aaac821a7be3f2968da4 d12308fcb14] Terminate compute system, result 0xC0370103 2/19/2018 7:18:01 AM 2500 Information [90dcf902eb9b5078b43f69999b 9771141aaac821a7be3f2968da4 d12308fcb14] Create process, parameters '{"CommandLine":"ping -t ww w.google.com","WorkingDirec tory":"C:\\","CreateStdInPi pe":true,"CreateStdOutPipe" :true,"CreateStdErrPipe":tr ue,"ConsoleSize":[0,0]}', result 0x00000000, process ID 5912 2/19/2018 7:18:01 AM 2008 Information [90dcf902eb9b5078b43f69999b 9771141aaac821a7be3f2968da4 d12308fcb14] Query compute system notification, result 0x00000000, notification 3 / 0x00000000 2/19/2018 7:18:01 AM 2001 Information [90dcf902eb9b5078b43f69999b 9771141aaac821a7be3f2968da4 d12308fcb14] Start compute system, result 0xC0370103 2/19/2018 7:18:01 AM 2009 Information [90dcf902eb9b5078b43f69999b 9771141aaac821a7be3f2968da4 d12308fcb14] Queue system notification: 3 / 0x00000000 2/19/2018 7:18:00 AM 2008 Information [90dcf902eb9b5078b43f69999b 9771141aaac821a7be3f2968da4 d12308fcb14] Query compute system notification, result 0x00000000, notification 2 / 0x00000000 2/19/2018 7:18:00 AM 2000 Information [90dcf902eb9b5078b43f69999b 9771141aaac821a7be3f2968da4 d12308fcb14] Create compute system, result 0xC0370103 2/19/2018 7:18:00 AM 2009 Information [90dcf902eb9b5078b43f69999b 9771141aaac821a7be3f2968da4 d12308fcb14] Queue system notification: 2 / 0x00000000 2/19/2018 7:18:00 AM 2010 Information [90dcf902eb9b5078b43f69999b 9771141aaac821a7be3f2968da4 d12308fcb14] Create Container, type 'Windows Container', settings '{"Sys temType":"Container","Name" :"90dcf902eb9b5078b43f69999 b9771141aaac821a7be3f2968da 4d12308fcb14","Owner":"dock er","VolumePath":"\\\\?\\Vo lume{e2bb45f7-1584-11e8-982 d-b7678ac05a3e}","IgnoreFlu shesDuringBoot":true,"Layer FolderPath":"C:\\ProgramDat a\\docker\\windowsfilter\\9 0dcf902eb9b5078b43f69999b97 71141aaac821a7be3f2968da4d1 2308fcb14","Layers":[{"ID": "9f4f5f0f-0d0e-544d-8f38-a3 0a61a8313a","Path":"C:\\Pro gramData\\docker\\windowsfi lter\\5c63dd85460537b92a30a 9f62087e00cba8d91f28b43b12e 95497983f092a33b"},{"ID":"2 0b75ec9-88a0-5a9e-9e5b-3968 193d9f2f","Path":"C:\\Progr amData\\docker\\windowsfilt er\\600f8bed00a5f6c42efef93 05160fe9a363ecd6fe71bcc3948 72c48c427b9d3e"}],"HostName ":"90dcf902eb9b","HvPartiti on":false,"EndpointList":[" dc0b4417-3414-4636-adf2-418 54aa190fa"],"AllowUnqualifi edDNSQuery":true}' 2/19/2018 7:16:45 AM 2500 Information [86bd96a670c8e4ca471e8d858a 8f6a0f0eacccc1a06ffa40c7be1 70f40091a65] Create process, parameters '{"CommandLine":"ping -t ww w.google.com","WorkingDirec tory":"C:\\","CreateStdInPi pe":true,"CreateStdOutPipe" :true,"CreateStdErrPipe":tr ue,"ConsoleSize":[0,0]}', result 0x00000000, process ID 5016 2/19/2018 7:16:45 AM 2008 Information [86bd96a670c8e4ca471e8d858a 8f6a0f0eacccc1a06ffa40c7be1 70f40091a65] Query compute system notification, result 0x00000000, notification 3 / 0x00000000 2/19/2018 7:16:45 AM 2001 Information [86bd96a670c8e4ca471e8d858a 8f6a0f0eacccc1a06ffa40c7be1 70f40091a65] Start compute system, result 0xC0370103 2/19/2018 7:16:45 AM 2009 Information [86bd96a670c8e4ca471e8d858a 8f6a0f0eacccc1a06ffa40c7be1 70f40091a65] Queue system notification: 3 / 0x00000000 2/19/2018 7:16:44 AM 2008 Information [86bd96a670c8e4ca471e8d858a 8f6a0f0eacccc1a06ffa40c7be1 70f40091a65] Query compute system notification, result 0x00000000, notification 2 / 0x00000000 2/19/2018 7:16:44 AM 2000 Information [86bd96a670c8e4ca471e8d858a 8f6a0f0eacccc1a06ffa40c7be1 70f40091a65] Create compute system, result 0xC0370103 ProviderName: Microsoft-Windows-Hyper-V-VMMS TimeCreated Id LevelDisplayName Message ----------- -- ---------------- ------- 2/19/2018 6:21:53 AM 33201 Information Hyper-V Setup: Remote management has been successfully enabled for members of the 'Hyper-V Administrators' group. 2/19/2018 6:21:24 AM 19020 Information The WMI provider 'VmmsWmiEventProvider' has started. 2/19/2018 6:21:24 AM 19020 Information The WMI provider 'VmmsWmiIn stanceAndMethodProvider' has started. 2/19/2018 6:21:24 AM 14094 Information Virtual Machine Management service is started successfully. 2/19/2018 6:21:24 AM 33483 Information Incremental Replication will timeout after 360 hours. Minimum value for timeout is 6 hours. 2/19/2018 6:21:24 AM 33834 Information Hyper-V would age out CDP reference points after 720 hours. 2/19/2018 6:21:24 AM 33481 Information Change tracking has defined following limits for pending log file size. Error limit : 50% (Minimum value 10%. Maximum value 100%). Warning limit : 40%. Information limit : 30%. 2/19/2018 6:21:24 AM 33480 Information Change tracking has defined following limits for free disk space. Free Disk space error limit 3072 MBs (Minimum value can be 1024 MBs). Free Disk space warning limit 4915 MBs. 2/19/2018 6:21:23 AM 22052 Error Live migrations can be enabled only on a domain joined computer. 2/19/2018 6:21:23 AM 20410 Information Successfully started the Virtual Machine migration connection manager. 2/19/2018 6:21:23 AM 12514 Information Found a certificate for server authentication. Remote access to virtual machines is now possible. 2/19/2018 6:20:56 AM 19040 Information The WMI provider 'VmmsWmiIn stanceAndMethodProvider' has shut down. 2/19/2018 6:20:56 AM 19040 Information The WMI provider 'VmmsWmiEventProvider' has shut down. 2/19/2018 6:20:56 AM 14100 Warning Shut down physical computer. Stopping/saving all virtual machines... 2/19/2018 6:20:55 AM 12514 Information Found a certificate for server authentication. Remote access to virtual machines is now possible. 2/19/2018 6:20:55 AM 12514 Information Found a certificate for server authentication. Remote access to virtual machines is now possible. 2/19/2018 6:20:55 AM 15340 Error The virtual machine bus is not running. 2/19/2018 6:20:55 AM 19020 Information The WMI provider 'VmmsWmiEventProvider' has started. 2/19/2018 6:20:55 AM 19020 Information The WMI provider 'VmmsWmiIn stanceAndMethodProvider' has started. 2/19/2018 6:20:55 AM 15310 Information Created configuration store for 'Snapshot Groups Cache'. ProviderName: Microsoft-Windows-Hyper-V-VmSwitch TimeCreated Id LevelDisplayName Message ----------- -- ---------------- ------- 2/19/2018 7:08:00 AM 218 Information NIC A39FB277-B779-4DBB-9629 -273BA5DBD8A8 (Friendly Name: Container NIC 33850e91) queried isolation information on port F9867096-39C3-4855-88D 3-304492D179DE (Friendly Name: Container NIC 33850e91) on switch 51F6AF4 D-453D-450A-B930-E639610C3E BA (Friendly Name: jt0sood4 9kbh00scfccw313en). RoutingDomainCount: 2, MultiTenantStackEnabled: true, Status: STATUS_SUCCESS, Ext1: 0, Ext2: 0 2/19/2018 7:08:00 AM 218 Information NIC A39FB277-B779-4DBB-9629 -273BA5DBD8A8 (Friendly Name: Container NIC 33850e91) queried isolation information on port F9867096-39C3-4855-88D 3-304492D179DE (Friendly Name: Container NIC 33850e91) on switch 51F6AF4 D-453D-450A-B930-E639610C3E BA (Friendly Name: jt0sood4 9kbh00scfccw313en). RoutingDomainCount: 2, MultiTenantStackEnabled: true, Status: STATUS_SUCCESS, Ext1: 0, Ext2: 0 2/19/2018 7:06:43 AM 218 Information NIC A39FB277-B779-4DBB-9629 -273BA5DBD8A8 (Friendly Name: Container NIC 33850e91) queried isolation information on port F9867096-39C3-4855-88D 3-304492D179DE (Friendly Name: Container NIC 33850e91) on switch 51F6AF4 D-453D-450A-B930-E639610C3E BA (Friendly Name: jt0sood4 9kbh00scfccw313en). RoutingDomainCount: 3, MultiTenantStackEnabled: true, Status: STATUS_SUCCESS, Ext1: 0, Ext2: 0 2/19/2018 7:06:43 AM 218 Information NIC A39FB277-B779-4DBB-9629 -273BA5DBD8A8 (Friendly Name: Container NIC 33850e91) queried isolation information on port F9867096-39C3-4855-88D 3-304492D179DE (Friendly Name: Container NIC 33850e91) on switch 51F6AF4 D-453D-450A-B930-E639610C3E BA (Friendly Name: jt0sood4 9kbh00scfccw313en). RoutingDomainCount: 3, MultiTenantStackEnabled: true, Status: STATUS_SUCCESS, Ext1: 0, Ext2: 0 2/19/2018 6:29:58 AM 218 Information NIC A39FB277-B779-4DBB-9629 -273BA5DBD8A8 (Friendly Name: Container NIC 33850e91) queried isolation information on port F9867096-39C3-4855-88D 3-304492D179DE (Friendly Name: Container NIC 33850e91) on switch 51F6AF4 D-453D-450A-B930-E639610C3E BA (Friendly Name: jt0sood4 9kbh00scfccw313en). RoutingDomainCount: 2, MultiTenantStackEnabled: true, Status: STATUS_SUCCESS, Ext1: 0, Ext2: 0 2/19/2018 6:29:58 AM 218 Information NIC A39FB277-B779-4DBB-9629 -273BA5DBD8A8 (Friendly Name: Container NIC 33850e91) queried isolation information on port F9867096-39C3-4855-88D 3-304492D179DE (Friendly Name: Container NIC 33850e91) on switch 51F6AF4 D-453D-450A-B930-E639610C3E BA (Friendly Name: jt0sood4 9kbh00scfccw313en). RoutingDomainCount: 2, MultiTenantStackEnabled: true, Status: STATUS_SUCCESS, Ext1: 0, Ext2: 0 2/19/2018 6:22:50 AM 218 Information NIC A39FB277-B779-4DBB-9629 -273BA5DBD8A8 (Friendly Name: Container NIC 33850e91) queried isolation information on port F9867096-39C3-4855-88D 3-304492D179DE (Friendly Name: Container NIC 33850e91) on switch 51F6AF4 D-453D-450A-B930-E639610C3E BA (Friendly Name: jt0sood4 9kbh00scfccw313en). RoutingDomainCount: 1, MultiTenantStackEnabled: true, Status: STATUS_SUCCESS, Ext1: 0, Ext2: 0 2/19/2018 6:22:50 AM 218 Information NIC A39FB277-B779-4DBB-9629 -273BA5DBD8A8 (Friendly Name: Container NIC 33850e91) queried isolation information on port F9867096-39C3-4855-88D 3-304492D179DE (Friendly Name: Container NIC 33850e91) on switch 51F6AF4 D-453D-450A-B930-E639610C3E BA (Friendly Name: jt0sood4 9kbh00scfccw313en). RoutingDomainCount: 1, MultiTenantStackEnabled: true, Status: STATUS_SUCCESS, Ext1: 0, Ext2: 0 2/19/2018 6:22:50 AM 218 Information NIC A39FB277-B779-4DBB-9629 -273BA5DBD8A8 (Friendly Name: Container NIC 33850e91) queried isolation information on port F9867096-39C3-4855-88D 3-304492D179DE (Friendly Name: Container NIC 33850e91) on switch 51F6AF4 D-453D-450A-B930-E639610C3E BA (Friendly Name: jt0sood4 9kbh00scfccw313en). RoutingDomainCount: 0, MultiTenantStackEnabled: true, Status: STATUS_SUCCESS, Ext1: 0, Ext2: 0 2/19/2018 6:22:50 AM 218 Information NIC A39FB277-B779-4DBB-9629 -273BA5DBD8A8 (Friendly Name: Container NIC 33850e91) queried isolation information on port F9867096-39C3-4855-88D 3-304492D179DE (Friendly Name: Container NIC 33850e91) on switch 51F6AF4 D-453D-450A-B930-E639610C3E BA (Friendly Name: jt0sood4 9kbh00scfccw313en). RoutingDomainCount: 0, MultiTenantStackEnabled: true, Status: STATUS_SUCCESS, Ext1: 0, Ext2: 0 >>>>>> Get-VMSwitch Name : nat Id : 8d892c47-3839-49c1-925d-ff4e 8f7aa5c6 Notes : Extensions : {Microsoft Windows Filtering Platform, Microsoft Azure VFP Switch Extension, Microsoft NDIS Capture} BandwidthReservationMode : Absolute PacketDirectEnabled : False EmbeddedTeamingEnabled : False IovEnabled : False SwitchType : Internal AllowManagementOS : True NetAdapterInterfaceDescription : NetAdapterInterfaceDescriptions : NetAdapterInterfaceGuid : IovSupport : False IovSupportReasons : AvailableIPSecSA : 0 NumberIPSecSAAllocated : 0 AvailableVMQueues : 0 NumberVmqAllocated : 0 IovQueuePairCount : 0 IovQueuePairsInUse : 0 IovVirtualFunctionCount : 0 IovVirtualFunctionsInUse : 0 PacketDirectInUse : False DefaultQueueVrssEnabledRequested : True DefaultQueueVrssEnabled : False DefaultQueueVmmqEnabledRequested : False DefaultQueueVmmqEnabled : False DefaultQueueVrssMaxQueuePairsRequested : 16 DefaultQueueVrssMaxQueuePairs : 0 DefaultQueueVrssMinQueuePairsRequested : 1 DefaultQueueVrssMinQueuePairs : 0 DefaultQueueVrssQueueSchedulingModeRequested : StaticVrss DefaultQueueVrssQueueSchedulingMode : StaticVrss DefaultQueueVrssExcludePrimaryProcessorRequested : False DefaultQueueVrssExcludePrimaryProcessor : False BandwidthPercentage : 0 DefaultFlowMinimumBandwidthAbsolute : 0 DefaultFlowMinimumBandwidthWeight : 0 CimSession : CimSession: . ComputerName : VAGRANT-1709 IsDeleted : False DefaultQueueVmmqQueuePairs : 0 DefaultQueueVmmqQueuePairsRequested : 16 Name : jt0sood49kbh00scfccw313en Id : 51f6af4d-453d-450a-b930-e639 610c3eba Notes : Extensions : {Microsoft Windows Filtering Platform, Microsoft Azure VFP Switch Extension, Microsoft NDIS Capture} BandwidthReservationMode : Absolute PacketDirectEnabled : False EmbeddedTeamingEnabled : False IovEnabled : False SwitchType : External AllowManagementOS : True NetAdapterInterfaceDescription : vmxnet3 Ethernet Adapter NetAdapterInterfaceDescriptions : {vmxnet3 Ethernet Adapter} NetAdapterInterfaceGuid : {871a0701-82d1-46a3-b2fe-692 b56194614} IovSupport : False IovSupportReasons : {Ensure that the system has chipset support for SR-IOV and that I/O virtualization is enabled in the BIOS., To use SR-IOV on this system, the system BIOS must be updated to allow Windows to control PCI Express. Contact your system manufacturer for an update., SR-IOV cannot be used on this system as the PCI Express hardware does not support Access Control Services (ACS) at any root port. Contact your system vendor for further information., This network adapter does not support SR-IOV.} AvailableIPSecSA : 0 NumberIPSecSAAllocated : 0 AvailableVMQueues : 0 NumberVmqAllocated : 0 IovQueuePairCount : 0 IovQueuePairsInUse : 0 IovVirtualFunctionCount : 0 IovVirtualFunctionsInUse : 0 PacketDirectInUse : False DefaultQueueVrssEnabledRequested : True DefaultQueueVrssEnabled : False DefaultQueueVmmqEnabledRequested : False DefaultQueueVmmqEnabled : False DefaultQueueVrssMaxQueuePairsRequested : 16 DefaultQueueVrssMaxQueuePairs : 0 DefaultQueueVrssMinQueuePairsRequested : 1 DefaultQueueVrssMinQueuePairs : 0 DefaultQueueVrssQueueSchedulingModeRequested : StaticVrss DefaultQueueVrssQueueSchedulingMode : StaticVrss DefaultQueueVrssExcludePrimaryProcessorRequested : False DefaultQueueVrssExcludePrimaryProcessor : False BandwidthPercentage : 10 DefaultFlowMinimumBandwidthAbsolute : 1000000000 DefaultFlowMinimumBandwidthWeight : 0 CimSession : CimSession: . ComputerName : VAGRANT-1709 IsDeleted : False DefaultQueueVmmqQueuePairs : 0 DefaultQueueVmmqQueuePairsRequested : 16 >>>>>> Which VM uses DockerNAT? >>>>>> Get-VMNetworkAdapter >>>>>> Get-NetNAT >>>>>> Get-NetIPAddress IPAddress : fe80::846b:de3b:a83b:cf71%13 InterfaceIndex : 13 InterfaceAlias : vEthernet (Ethernet0 2) AddressFamily : IPv6 Type : Unicast PrefixLength : 64 PrefixOrigin : WellKnown SuffixOrigin : Link AddressState : Preferred ValidLifetime : Infinite ([TimeSpan]::MaxValue) PreferredLifetime : Infinite ([TimeSpan]::MaxValue) SkipAsSource : False PolicyStore : ActiveStore IPAddress : fe80::1df2:a636:2dfd:ce3f%4 InterfaceIndex : 4 InterfaceAlias : vEthernet (nat) AddressFamily : IPv6 Type : Unicast PrefixLength : 64 PrefixOrigin : WellKnown SuffixOrigin : Link AddressState : Preferred ValidLifetime : Infinite ([TimeSpan]::MaxValue) PreferredLifetime : Infinite ([TimeSpan]::MaxValue) SkipAsSource : False PolicyStore : ActiveStore IPAddress : ::1 InterfaceIndex : 1 InterfaceAlias : Loopback Pseudo-Interface 1 AddressFamily : IPv6 Type : Unicast PrefixLength : 128 PrefixOrigin : WellKnown SuffixOrigin : WellKnown AddressState : Preferred ValidLifetime : Infinite ([TimeSpan]::MaxValue) PreferredLifetime : Infinite ([TimeSpan]::MaxValue) SkipAsSource : False PolicyStore : ActiveStore IPAddress : 192.168.84.128 InterfaceIndex : 13 InterfaceAlias : vEthernet (Ethernet0 2) AddressFamily : IPv4 Type : Unicast PrefixLength : 24 PrefixOrigin : Dhcp SuffixOrigin : Dhcp AddressState : Preferred ValidLifetime : 00:26:39 PreferredLifetime : 00:26:39 SkipAsSource : False PolicyStore : ActiveStore IPAddress : 172.25.128.1 InterfaceIndex : 4 InterfaceAlias : vEthernet (nat) AddressFamily : IPv4 Type : Unicast PrefixLength : 20 PrefixOrigin : Manual SuffixOrigin : Manual AddressState : Preferred ValidLifetime : Infinite ([TimeSpan]::MaxValue) PreferredLifetime : Infinite ([TimeSpan]::MaxValue) SkipAsSource : False PolicyStore : ActiveStore IPAddress : 127.0.0.1 InterfaceIndex : 1 InterfaceAlias : Loopback Pseudo-Interface 1 AddressFamily : IPv4 Type : Unicast PrefixLength : 8 PrefixOrigin : WellKnown SuffixOrigin : WellKnown AddressState : Preferred ValidLifetime : Infinite ([TimeSpan]::MaxValue) PreferredLifetime : Infinite ([TimeSpan]::MaxValue) SkipAsSource : False PolicyStore : ActiveStore >>>>>> Get-NetIPInterface ifIndex InterfaceAlias AddressFamily NlMtu(Bytes) InterfaceMet ric ------- -------------- ------------- ------------ ------------ 13 vEthernet (Ethernet0 2) IPv6 1500 15 4 vEthernet (nat) IPv6 1500 15 1 Loopback Pseudo-Interface 1 IPv6 4294967295 75 13 vEthernet (Ethernet0 2) IPv4 1450 15 4 vEthernet (nat) IPv4 1500 15 1 Loopback Pseudo-Interface 1 IPv4 4294967295 75 >>>>>> First DNS server Server: UnKnown Address: 192.168.84.2 Name: localhost.localdomain Addresses: 127.0.0.1 127.0.0.1 >>>>>> Test default DNS server Server: UnKnown Address: 192.168.84.2 Name: www.google.com.localdomain Addresses: 216.58.204.36 216.58.204.36 >>>>>> Query DNS servers PSComputerName : VAGRANT-1709 DHCPLeaseExpires : 19691231173157.000000-480 Index : 7 Description : Hyper-V Virtual Ethernet Adapter #2 DHCPEnabled : True DHCPLeaseObtained : 19691231170157.000000-480 DHCPServer : 192.168.84.254 DNSDomain : localdomain DNSDomainSuffixSearchOrder : {localdomain} DNSEnabledForWINSResolution : False DNSHostName : vagrant-1709 DNSServerSearchOrder : {192.168.84.2} DomainDNSRegistrationEnabled : False FullDNSRegistrationEnabled : True IPAddress : {192.168.84.128, fe80::846b:de3b:a83b:cf71} IPConnectionMetric : 15 IPEnabled : True IPFilterSecurityEnabled : False WINSEnableLMHostsLookup : True WINSHostLookupFile : WINSPrimaryServer : 192.168.84.2 WINSScopeID : WINSSecondaryServer : __GENUS : 2 __CLASS : Win32_NetworkAdapterConfiguration __SUPERCLASS : CIM_Setting __DYNASTY : CIM_Setting __RELPATH : Win32_NetworkAdapterConfiguration.Index=7 __PROPERTY_COUNT : 61 __DERIVATION : {CIM_Setting} __SERVER : VAGRANT-1709 __NAMESPACE : root\cimv2 __PATH : \\VAGRANT-1709\root\cimv2:Win32_NetworkAdapterCo nfiguration.Index=7 ArpAlwaysSourceRoute : ArpUseEtherSNAP : Caption : [00000007] Hyper-V Virtual Ethernet Adapter DatabasePath : %SystemRoot%\System32\drivers\etc DeadGWDetectEnabled : DefaultIPGateway : {192.168.84.2} DefaultTOS : DefaultTTL : ForwardBufferMemory : GatewayCostMetric : {0} IGMPLevel : InterfaceIndex : 13 IPPortSecurityEnabled : IPSecPermitIPProtocols : {} IPSecPermitTCPPorts : {} IPSecPermitUDPPorts : {} IPSubnet : {255.255.255.0, 64} IPUseZeroBroadcast : IPXAddress : IPXEnabled : IPXFrameType : IPXMediaType : IPXNetworkNumber : IPXVirtualNetNumber : KeepAliveInterval : KeepAliveTime : MACAddress : 00:0C:29:BD:B4:CD MTU : NumForwardPackets : PMTUBHDetectEnabled : PMTUDiscoveryEnabled : ServiceName : VMSMP SettingID : {61A03B00-7306-4C5A-9C2E-2B921DA6B003} TcpipNetbiosOptions : 0 TcpMaxConnectRetransmissions : TcpMaxDataRetransmissions : TcpNumConnections : TcpUseRFC1122UrgentPointer : TcpWindowSize : Scope : System.Management.ManagementScope Path : \\VAGRANT-1709\root\cimv2:Win32_NetworkAdapterCo nfiguration.Index=7 Options : System.Management.ObjectGetOptions ClassPath : \\VAGRANT-1709\root\cimv2:Win32_NetworkAdapterCo nfiguration Properties : {ArpAlwaysSourceRoute, ArpUseEtherSNAP, Caption, DatabasePath...} SystemProperties : {__GENUS, __CLASS, __SUPERCLASS, __DYNASTY...} Qualifiers : {dynamic, Locale, provider, UUID} Site : Container : >>>>>> Internet settings DisableCachingOfSSLPages : 0 IE5_UA_Backup_Flag : 5.0 PrivacyAdvanced : 1 SecureProtocols : 2688 User Agent : Mozilla/4.0 (compatible; MSIE 8.0; Win32) CertificateRevocation : 1 ZonesSecurityUpgrade : {61, 163, 79, 141...} EnableNegotiate : 1 ProxyEnable : 0 PSPath : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USE R\Software\Microsoft\Windows\CurrentVersion\Internet Settings PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USE R\Software\Microsoft\Windows\CurrentVersion PSChildName : Internet Settings PSDrive : HKCU PSProvider : Microsoft.PowerShell.Core\Registry >>>>>> netstat -abno Active Connections Proto Local Address Foreign Address State PID TCP 0.0.0.0:22 0.0.0.0:0 LISTENING 932 [sshd.exe] TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 852 RpcSs [svchost.exe] TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4 Can not obtain ownership information TCP 0.0.0.0:2179 0.0.0.0:0 LISTENING 1864 [vmms.exe] TCP 0.0.0.0:2375 0.0.0.0:0 LISTENING 496 [dockerd.exe] TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 72 TermService [svchost.exe] TCP 0.0.0.0:5985 0.0.0.0:0 LISTENING 4 Can not obtain ownership information TCP 0.0.0.0:7946 0.0.0.0:0 LISTENING 496 [dockerd.exe] TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING 4 Can not obtain ownership information TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING 480 Can not obtain ownership information TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING 1016 EventLog [svchost.exe] TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING 1036 Schedule [svchost.exe] TCP 0.0.0.0:49669 0.0.0.0:0 LISTENING 1564 PolicyAgent [svchost.exe] TCP 0.0.0.0:49670 0.0.0.0:0 LISTENING 612 Can not obtain ownership information TCP 0.0.0.0:49685 0.0.0.0:0 LISTENING 624 [lsass.exe] TCP 172.25.128.1:53 0.0.0.0:0 LISTENING 496 [dockerd.exe] TCP 172.25.128.1:139 0.0.0.0:0 LISTENING 4 Can not obtain ownership information TCP 192.168.84.128:22 192.168.84.1:34710 ESTABLISHED 932 [sshd.exe] TCP 192.168.84.128:139 0.0.0.0:0 LISTENING 4 Can not obtain ownership information TCP 192.168.84.128:7946 192.168.84.130:46216 TIME_WAIT 0 TCP 192.168.84.128:7946 192.168.84.130:46232 TIME_WAIT 0 TCP 192.168.84.128:7946 192.168.84.130:46238 TIME_WAIT 0 TCP 192.168.84.128:49743 192.168.84.130:2377 ESTABLISHED 496 [dockerd.exe] TCP 192.168.84.128:50533 40.77.226.250:443 TIME_WAIT 0 TCP 192.168.84.128:50539 192.168.84.130:7946 TIME_WAIT 0 TCP 192.168.84.128:50541 192.168.84.130:7946 TIME_WAIT 0 TCP 192.168.84.128:50543 192.168.84.130:7946 TIME_WAIT 0 TCP 192.168.84.128:50544 192.168.84.130:7946 TIME_WAIT 0 TCP 192.168.84.128:50545 192.168.84.130:7946 TIME_WAIT 0 TCP 192.168.84.128:50547 192.168.84.130:7946 TIME_WAIT 0 TCP 192.168.84.128:50549 192.168.84.130:7946 TIME_WAIT 0 TCP 192.168.84.128:50551 192.168.84.130:7946 TIME_WAIT 0 TCP 192.168.84.128:50553 192.168.84.130:7946 TIME_WAIT 0 TCP [::]:22 [::]:0 LISTENING 932 [sshd.exe] TCP [::]:135 [::]:0 LISTENING 852 RpcSs [svchost.exe] TCP [::]:445 [::]:0 LISTENING 4 Can not obtain ownership information TCP [::]:2179 [::]:0 LISTENING 1864 [vmms.exe] TCP [::]:2375 [::]:0 LISTENING 496 [dockerd.exe] TCP [::]:3389 [::]:0 LISTENING 72 TermService [svchost.exe] TCP [::]:5985 [::]:0 LISTENING 4 Can not obtain ownership information TCP [::]:7946 [::]:0 LISTENING 496 [dockerd.exe] TCP [::]:47001 [::]:0 LISTENING 4 Can not obtain ownership information TCP [::]:49664 [::]:0 LISTENING 480 Can not obtain ownership information TCP [::]:49665 [::]:0 LISTENING 1016 EventLog [svchost.exe] TCP [::]:49666 [::]:0 LISTENING 1036 Schedule [svchost.exe] TCP [::]:49669 [::]:0 LISTENING 1564 PolicyAgent [svchost.exe] TCP [::]:49670 [::]:0 LISTENING 612 Can not obtain ownership information TCP [::]:49685 [::]:0 LISTENING 624 [lsass.exe] UDP 0.0.0.0:123 *:* 1756 W32Time [svchost.exe] UDP 0.0.0.0:500 *:* 1036 IKEEXT [svchost.exe] UDP 0.0.0.0:3389 *:* 72 TermService [svchost.exe] UDP 0.0.0.0:4500 *:* 1036 IKEEXT [svchost.exe] UDP 0.0.0.0:5353 *:* 1316 Dnscache [svchost.exe] UDP 0.0.0.0:5355 *:* 1316 Dnscache [svchost.exe] UDP 0.0.0.0:7946 *:* 496 [dockerd.exe] UDP 127.0.0.1:63359 *:* 1036 iphlpsvc [svchost.exe] UDP 172.25.128.1:53 *:* 496 [dockerd.exe] UDP 172.25.128.1:137 *:* 4 Can not obtain ownership information UDP 172.25.128.1:138 *:* 4 Can not obtain ownership information UDP 192.168.84.128:137 *:* 4 Can not obtain ownership information UDP 192.168.84.128:138 *:* 4 Can not obtain ownership information UDP [::]:123 *:* 1756 W32Time [svchost.exe] UDP [::]:500 *:* 1036 IKEEXT [svchost.exe] UDP [::]:3389 *:* 72 TermService [svchost.exe] UDP [::]:4500 *:* 1036 IKEEXT [svchost.exe] UDP [::]:5353 *:* 1316 Dnscache [svchost.exe] UDP [::]:5355 *:* 1316 Dnscache [svchost.exe] UDP [::]:7946 *:* 496 [dockerd.exe] >>>>>> netstat -rs IPv4 Statistics Packets Received = 1933163 Received Header Errors = 0 Received Address Errors = 14 Datagrams Forwarded = 0 Unknown Protocols Received = 243 Received Packets Discarded = 306 Received Packets Delivered = 967776 Output Requests = 582641 Routing Discards = 0 Discarded Output Packets = 5 Output Packet No Route = 8 Reassembly Required = 121 Reassembly Successful = 36 Reassembly Failures = 0 Datagrams Successfully Fragmented = 36 Datagrams Failing Fragmentation = 0 Fragments Created = 121 IPv6 Statistics Packets Received = 66 Received Header Errors = 0 Received Address Errors = 55 Datagrams Forwarded = 0 Unknown Protocols Received = 0 Received Packets Discarded = 55 Received Packets Delivered = 11 Output Requests = 354 Routing Discards = 0 Discarded Output Packets = 0 Output Packet No Route = 0 Reassembly Required = 0 Reassembly Successful = 0 Reassembly Failures = 0 Datagrams Successfully Fragmented = 0 Datagrams Failing Fragmentation = 0 Fragments Created = 0 ICMPv4 Statistics Received Sent Messages 1086 1348 Errors 0 0 Destination Unreachable 0 259 Time Exceeded 0 0 Parameter Problems 0 0 Source Quenches 0 0 Redirects 0 0 Echo Replies 1086 0 Echos 0 1089 Timestamps 0 0 Timestamp Replies 0 0 Address Masks 0 0 Address Mask Replies 0 0 Router Solicitations 0 0 Router Advertisements 0 0 ICMPv6 Statistics Received Sent Messages 3 82 Errors 0 0 Destination Unreachable 0 0 Packet Too Big 0 0 Time Exceeded 0 0 Parameter Problems 0 0 Echos 0 0 Echo Replies 0 0 MLD Queries 0 0 MLD Reports 0 0 MLD Dones 0 0 Router Solicitations 0 48 Router Advertisements 0 0 Neighbor Solicitations 1 17 Neighbor Advertisements 2 17 Redirects 0 0 Router Renumberings 0 0 TCP Statistics for IPv4 Active Opens = 820 Passive Opens = 473 Failed Connection Attempts = 155 Reset Connections = 28 Current Connections = 3 Segments Received = 960892 Segments Sent = 577704 Segments Retransmitted = 304 TCP Statistics for IPv6 Active Opens = 0 Passive Opens = 0 Failed Connection Attempts = 0 Reset Connections = 0 Current Connections = 0 Segments Received = 0 Segments Sent = 0 Segments Retransmitted = 0 UDP Statistics for IPv4 Datagrams Received = 5332 No Ports = 310 Receive Errors = 0 Datagrams Sent = 5958 UDP Statistics for IPv6 Datagrams Received = 4 No Ports = 55 Receive Errors = 0 Datagrams Sent = 79 =========================================================================== Interface List 4...00 15 5d 22 9e 95 ......Hyper-V Virtual Ethernet Adapter 13...00 0c 29 bd b4 cd ......Hyper-V Virtual Ethernet Adapter #2 1...........................Software Loopback Interface 1 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.84.2 192.168.84.128 15 127.0.0.0 255.0.0.0 On-link 127.0.0.1 331 127.0.0.1 255.255.255.255 On-link 127.0.0.1 331 127.255.255.255 255.255.255.255 On-link 127.0.0.1 331 172.25.128.0 255.255.240.0 On-link 172.25.128.1 271 172.25.128.1 255.255.255.255 On-link 172.25.128.1 271 172.25.143.255 255.255.255.255 On-link 172.25.128.1 271 192.168.84.0 255.255.255.0 On-link 192.168.84.128 271 192.168.84.128 255.255.255.255 On-link 192.168.84.128 271 192.168.84.255 255.255.255.255 On-link 192.168.84.128 271 224.0.0.0 240.0.0.0 On-link 127.0.0.1 331 224.0.0.0 240.0.0.0 On-link 172.25.128.1 271 224.0.0.0 240.0.0.0 On-link 192.168.84.128 271 255.255.255.255 255.255.255.255 On-link 127.0.0.1 331 255.255.255.255 255.255.255.255 On-link 172.25.128.1 271 255.255.255.255 255.255.255.255 On-link 192.168.84.128 271 =========================================================================== Persistent Routes: Network Address Netmask Gateway Address Metric 0.0.0.0 0.0.0.0 172.25.128.1 Default 0.0.0.0 0.0.0.0 10.0.1.1 Default =========================================================================== IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 1 331 ::1/128 On-link 4 271 fe80::/64 On-link 13 271 fe80::/64 On-link 4 271 fe80::1df2:a636:2dfd:ce3f/128 On-link 13 271 fe80::846b:de3b:a83b:cf71/128 On-link 1 331 ff00::/8 On-link 4 271 ff00::/8 On-link 13 271 ff00::/8 On-link =========================================================================== Persistent Routes: None >>>>>> net share New connections will be remembered. Status Local Remote Network ------------------------------------------------------------------------------- Unavailable Z: \\vmware-host\Shared Folders VMware Shared Folders The command completed successfully.