sync: auto-sync from HOWARD-HOME at 2026-06-29 14:23:40
Author: Howard Enos Machine: HOWARD-HOME Timestamp: 2026-06-29 14:23:40
This commit is contained in:
1
.bdcheck_GG4LKSL
Normal file
1
.bdcheck_GG4LKSL
Normal file
@@ -0,0 +1 @@
|
||||
23a8b2e8-c67f-4e70-b219-4a723dc1b957
|
||||
1
.bdcheck_MJ-PARALEGAL
Normal file
1
.bdcheck_MJ-PARALEGAL
Normal file
@@ -0,0 +1 @@
|
||||
6dfebcb5-df2d-45fa-b1d6-22695d52895c
|
||||
@@ -0,0 +1,744 @@
|
||||
{
|
||||
"host": "DESKTOP-GG4LKSL",
|
||||
"collected_at_utc": "2026-06-29T21:17:50Z",
|
||||
"os": {
|
||||
"caption": "Microsoft Windows 11 Pro",
|
||||
"version": "10.0.26200",
|
||||
"build": "26200",
|
||||
"install_date": "2025-06-30T15:13:20Z",
|
||||
"last_boot_utc": "2026-06-29T14:27:52Z",
|
||||
"architecture": "64-bit"
|
||||
},
|
||||
"facts": {
|
||||
"builtin_admin_enabled": false,
|
||||
"os_eol": {
|
||||
"eol_date": "2027-10-12",
|
||||
"release": "Win11 25H2"
|
||||
},
|
||||
"pending_updates": 4,
|
||||
"pending_reboot": false,
|
||||
"uptime_days": 0.3,
|
||||
"acg_managed_tools": "ScreenConnect / ConnectWise Control",
|
||||
"hardware": {
|
||||
"model": "HP Pavilion Gaming Desktop TG01-2xxx",
|
||||
"manufacturer": "HP",
|
||||
"bios_date": "2023-07-11",
|
||||
"cpu_logical": 16,
|
||||
"bios_version": "F.21",
|
||||
"cpu_cores": 8,
|
||||
"ram_gb": 31.8,
|
||||
"serial": "4CE136C774",
|
||||
"cpu": "11th Gen Intel(R) Core(TM) i7-11700F @ 2.50GHz"
|
||||
},
|
||||
"third_party_av_active": false,
|
||||
"os_build": "26200",
|
||||
"secure_boot": false,
|
||||
"backup_agents": null,
|
||||
"autoruns_run_keys": [
|
||||
{
|
||||
"key": "HKLM:\\Software\\Microsoft\\Windows\\CurrentVersion\\Run",
|
||||
"name": "SecurityHealth",
|
||||
"value": "C:\\WINDOWS\\system32\\SecurityHealthSystray.exe"
|
||||
},
|
||||
{
|
||||
"key": "HKLM:\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Run",
|
||||
"name": "QuickFinder Scheduler",
|
||||
"value": "\"c:\\Program Files (x86)\\Corel\\WordPerfect Office 2021\\Programs\\QFSCHD210.EXE\""
|
||||
}
|
||||
],
|
||||
"physical_disks": [
|
||||
{
|
||||
"health": "Healthy",
|
||||
"model": "Seagate Backup+ BK",
|
||||
"media_type": "Unspecified"
|
||||
},
|
||||
{
|
||||
"health": "Healthy",
|
||||
"model": "WD Green SN350 1TB 2G0C",
|
||||
"media_type": "SSD"
|
||||
}
|
||||
],
|
||||
"local_users": [
|
||||
{
|
||||
"last_logon": "",
|
||||
"name": "Administrator",
|
||||
"password_never_expires": false,
|
||||
"enabled": false
|
||||
},
|
||||
{
|
||||
"last_logon": "",
|
||||
"name": "DefaultAccount",
|
||||
"password_never_expires": false,
|
||||
"enabled": false
|
||||
},
|
||||
{
|
||||
"last_logon": "2025-06-30",
|
||||
"name": "Guest",
|
||||
"password_never_expires": false,
|
||||
"enabled": false
|
||||
},
|
||||
{
|
||||
"last_logon": "2026-06-29",
|
||||
"name": "Localadmin",
|
||||
"password_never_expires": false,
|
||||
"enabled": true
|
||||
},
|
||||
{
|
||||
"last_logon": "2026-06-29",
|
||||
"name": "owner",
|
||||
"password_never_expires": false,
|
||||
"enabled": true
|
||||
},
|
||||
{
|
||||
"last_logon": "",
|
||||
"name": "WDAGUtilityAccount",
|
||||
"password_never_expires": false,
|
||||
"enabled": false
|
||||
}
|
||||
],
|
||||
"scheduled_tasks_count": 18,
|
||||
"volumes": [
|
||||
{
|
||||
"drive": "D:",
|
||||
"size_gb": 465.8,
|
||||
"free_pct": 14.6,
|
||||
"free_gb": 68.1
|
||||
},
|
||||
{
|
||||
"drive": "[unlabeled]",
|
||||
"size_gb": 0.7,
|
||||
"free_pct": 8.3,
|
||||
"free_gb": 0.1
|
||||
},
|
||||
{
|
||||
"drive": "[unlabeled]",
|
||||
"size_gb": 0.1,
|
||||
"free_pct": 38.7,
|
||||
"free_gb": 0
|
||||
},
|
||||
{
|
||||
"drive": "C:",
|
||||
"size_gb": 930.6,
|
||||
"free_pct": 74.2,
|
||||
"free_gb": 690.6
|
||||
}
|
||||
],
|
||||
"network_adapters": [
|
||||
{
|
||||
"dhcp": false,
|
||||
"description": "Intel(R) Wi-Fi 6 AX201 160MHz",
|
||||
"gateway": [
|
||||
"192.168.1.1"
|
||||
],
|
||||
"mac": "4C:44:5B:57:C8:D0",
|
||||
"ip": [
|
||||
"192.168.1.135",
|
||||
"fe80::b290:dac4:8c2:f9d6"
|
||||
],
|
||||
"dns": [
|
||||
null
|
||||
]
|
||||
}
|
||||
],
|
||||
"failed_autostart_services": [
|
||||
{
|
||||
"name": "GoogleUpdaterInternalService150.0.7863.0",
|
||||
"display": "Google Updater Internal Service (GoogleUpdaterInternalService150.0.7863.0)",
|
||||
"state": "Stopped"
|
||||
},
|
||||
{
|
||||
"name": "GoogleUpdaterService150.0.7863.0",
|
||||
"display": "Google Updater Service (GoogleUpdaterService150.0.7863.0)",
|
||||
"state": "Stopped"
|
||||
},
|
||||
{
|
||||
"name": "Intel(R) TPM Provisioning Service",
|
||||
"display": "Intel(R) TPM Provisioning Service",
|
||||
"state": "Stopped"
|
||||
}
|
||||
],
|
||||
"stability_14d": {
|
||||
"unexpected_shutdowns": 1,
|
||||
"disk_errors": 0,
|
||||
"bugchecks": 0
|
||||
},
|
||||
"exposure": {
|
||||
"smb1_enabled": false,
|
||||
"laps_present": true,
|
||||
"rdp_enabled": false,
|
||||
"uac_enabled": true,
|
||||
"rdp_nla": true
|
||||
},
|
||||
"accounts_password_never_expires": [],
|
||||
"installed_software": [
|
||||
{
|
||||
"publisher": "Adobe",
|
||||
"name": "Adobe Acrobat (64-bit)",
|
||||
"version": "26.001.21691"
|
||||
},
|
||||
{
|
||||
"publisher": "Adobe Systems Incorporated",
|
||||
"name": "Adobe Refresh Manager",
|
||||
"version": "1.8.0"
|
||||
},
|
||||
{
|
||||
"publisher": "Microsoft Corporation",
|
||||
"name": "Copilot",
|
||||
"version": "149.0.4022.80"
|
||||
},
|
||||
{
|
||||
"publisher": "Corel corporation",
|
||||
"name": "Corel Update Manager",
|
||||
"version": "2.14.630"
|
||||
},
|
||||
{
|
||||
"publisher": "Google LLC",
|
||||
"name": "Google Chrome",
|
||||
"version": "149.0.7827.197"
|
||||
},
|
||||
{
|
||||
"publisher": "",
|
||||
"name": "HP LaserJet Professional P1100-P1560-P1600 Series",
|
||||
"version": ""
|
||||
},
|
||||
{
|
||||
"publisher": "Vantage Linguistics",
|
||||
"name": "iSEEK AnswerWorks English Runtime",
|
||||
"version": "010.000.0101"
|
||||
},
|
||||
{
|
||||
"publisher": "Chaos Software Group, Inc.",
|
||||
"name": "Legal Billing",
|
||||
"version": ""
|
||||
},
|
||||
{
|
||||
"publisher": "Microsoft Corporation",
|
||||
"name": "Microsoft 365 Apps for business - en-us",
|
||||
"version": "16.0.20026.20182"
|
||||
},
|
||||
{
|
||||
"publisher": "Microsoft Corporation",
|
||||
"name": "Microsoft Edge",
|
||||
"version": "149.0.4022.98"
|
||||
},
|
||||
{
|
||||
"publisher": "Microsoft Corporation",
|
||||
"name": "Microsoft Edge WebView2 Runtime",
|
||||
"version": "149.0.4022.98"
|
||||
},
|
||||
{
|
||||
"publisher": "Microsoft Corporation",
|
||||
"name": "Microsoft OneDrive",
|
||||
"version": "26.106.0603.0003"
|
||||
},
|
||||
{
|
||||
"publisher": "Microsoft Corporation",
|
||||
"name": "Microsoft Update Health Tools",
|
||||
"version": "5.72.0.0"
|
||||
},
|
||||
{
|
||||
"publisher": "Microsoft Corporation",
|
||||
"name": "Microsoft Visual Basic for Applications 7.1 (x86)",
|
||||
"version": "7.1.00.00"
|
||||
},
|
||||
{
|
||||
"publisher": "Microsoft Corporation",
|
||||
"name": "Microsoft Visual Basic for Applications 7.1 (x86) English",
|
||||
"version": "7.1.0.0"
|
||||
},
|
||||
{
|
||||
"publisher": "Microsoft Corporation",
|
||||
"name": "Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.44.35211",
|
||||
"version": "14.44.35211.0"
|
||||
},
|
||||
{
|
||||
"publisher": "Microsoft Corporation",
|
||||
"name": "Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.44.35211",
|
||||
"version": "14.44.35211.0"
|
||||
},
|
||||
{
|
||||
"publisher": "Microsoft Corporation",
|
||||
"name": "Microsoft Visual C++ 2022 X64 Additional Runtime - 14.44.35211",
|
||||
"version": "14.44.35211"
|
||||
},
|
||||
{
|
||||
"publisher": "Microsoft Corporation",
|
||||
"name": "Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.44.35211",
|
||||
"version": "14.44.35211"
|
||||
},
|
||||
{
|
||||
"publisher": "Microsoft Corporation",
|
||||
"name": "Microsoft Visual C++ 2022 X86 Additional Runtime - 14.44.35211",
|
||||
"version": "14.44.35211"
|
||||
},
|
||||
{
|
||||
"publisher": "Microsoft Corporation",
|
||||
"name": "Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.44.35211",
|
||||
"version": "14.44.35211"
|
||||
},
|
||||
{
|
||||
"publisher": "NVIDIA Corporation",
|
||||
"name": "NVIDIA Control Panel 391.35",
|
||||
"version": "391.35"
|
||||
},
|
||||
{
|
||||
"publisher": "NVIDIA Corporation",
|
||||
"name": "NVIDIA Display Container",
|
||||
"version": "1.2"
|
||||
},
|
||||
{
|
||||
"publisher": "NVIDIA Corporation",
|
||||
"name": "NVIDIA Display Container LS",
|
||||
"version": "1.2"
|
||||
},
|
||||
{
|
||||
"publisher": "NVIDIA Corporation",
|
||||
"name": "NVIDIA Display Session Container",
|
||||
"version": "1.2"
|
||||
},
|
||||
{
|
||||
"publisher": "NVIDIA Corporation",
|
||||
"name": "NVIDIA Display Watchdog Plugin",
|
||||
"version": "1.2"
|
||||
},
|
||||
{
|
||||
"publisher": "NVIDIA Corporation",
|
||||
"name": "NVIDIA Install Application",
|
||||
"version": "2.1002.275.2323"
|
||||
},
|
||||
{
|
||||
"publisher": "Microsoft Corporation",
|
||||
"name": "Office 16 Click-to-Run Extensibility Component",
|
||||
"version": "16.0.20026.20076"
|
||||
},
|
||||
{
|
||||
"publisher": "Intuit",
|
||||
"name": "Quicken 2013",
|
||||
"version": "22.1.12.7"
|
||||
},
|
||||
{
|
||||
"publisher": "ScreenConnect Software",
|
||||
"name": "ScreenConnect Client (1912bf3444b41a08)",
|
||||
"version": "26.3.11.9650"
|
||||
},
|
||||
{
|
||||
"publisher": "Corel Corporation",
|
||||
"name": "WordPerfect Office 2021",
|
||||
"version": "21.0"
|
||||
},
|
||||
{
|
||||
"publisher": "Corel Corporation",
|
||||
"name": "WordPerfect Office 2021",
|
||||
"version": "21.0.0.81"
|
||||
},
|
||||
{
|
||||
"publisher": "Corel Corporation",
|
||||
"name": "WordPerfect Office 2021 - Common Files",
|
||||
"version": "21.0"
|
||||
},
|
||||
{
|
||||
"publisher": "Corel Corporation",
|
||||
"name": "WordPerfect Office 2021 - Common Files English",
|
||||
"version": "21.0"
|
||||
},
|
||||
{
|
||||
"publisher": "Corel Corporation",
|
||||
"name": "WordPerfect Office 2021 - IPM",
|
||||
"version": "21.0"
|
||||
},
|
||||
{
|
||||
"publisher": "Corel Corporation",
|
||||
"name": "WordPerfect Office 2021 - IPM Content",
|
||||
"version": "21.0"
|
||||
},
|
||||
{
|
||||
"publisher": "Corel Corporation",
|
||||
"name": "WordPerfect Office 2021 - Lightning Files",
|
||||
"version": "21.0"
|
||||
},
|
||||
{
|
||||
"publisher": "Corel Corporation",
|
||||
"name": "WordPerfect Office 2021 - Lightning Files English",
|
||||
"version": "21.0"
|
||||
},
|
||||
{
|
||||
"publisher": "Corel Corporation",
|
||||
"name": "WordPerfect Office 2021 - Presentations Files",
|
||||
"version": "21.0"
|
||||
},
|
||||
{
|
||||
"publisher": "Corel Corporation",
|
||||
"name": "WordPerfect Office 2021 - Presentations Files English",
|
||||
"version": "21.0"
|
||||
},
|
||||
{
|
||||
"publisher": "Corel Corporation",
|
||||
"name": "WordPerfect Office 2021 - Quattro Pro Files",
|
||||
"version": "21.0"
|
||||
},
|
||||
{
|
||||
"publisher": "Corel Corporation",
|
||||
"name": "WordPerfect Office 2021 - Quattro Pro Files English",
|
||||
"version": "21.0"
|
||||
},
|
||||
{
|
||||
"publisher": "Corel Corporation",
|
||||
"name": "WordPerfect Office 2021 - Redists",
|
||||
"version": "21.0"
|
||||
},
|
||||
{
|
||||
"publisher": "Corel Corporation",
|
||||
"name": "WordPerfect Office 2021 - Setup Files",
|
||||
"version": "21.0"
|
||||
},
|
||||
{
|
||||
"publisher": "Corel Corporation",
|
||||
"name": "WordPerfect Office 2021 - WordPerfect Files",
|
||||
"version": "21.0"
|
||||
},
|
||||
{
|
||||
"publisher": "Corel Corporation",
|
||||
"name": "WordPerfect Office 2021 - WordPerfect Files English",
|
||||
"version": "21.0"
|
||||
},
|
||||
{
|
||||
"publisher": "Corel Corporation",
|
||||
"name": "WordPerfect Office 2021 - WPD format Props x64",
|
||||
"version": "21.0"
|
||||
},
|
||||
{
|
||||
"publisher": " Corel Corporation",
|
||||
"name": "WordPerfect Office 2021 - Writing Tools",
|
||||
"version": "21.0"
|
||||
},
|
||||
{
|
||||
"publisher": "Corel Corporation",
|
||||
"name": "WordPerfect Office IFilter 32-bit",
|
||||
"version": "1.8"
|
||||
},
|
||||
{
|
||||
"publisher": "Corel Corporation",
|
||||
"name": "WordPerfect Office IFilter 64-bit",
|
||||
"version": "1.8"
|
||||
}
|
||||
],
|
||||
"tpm": {
|
||||
"enabled": true,
|
||||
"ready": true,
|
||||
"present": true
|
||||
},
|
||||
"local_groups": [
|
||||
"Access Control Assistance Operators",
|
||||
"Administrators",
|
||||
"Backup Operators",
|
||||
"Cryptographic Operators",
|
||||
"Device Owners",
|
||||
"Distributed COM Users",
|
||||
"Event Log Readers",
|
||||
"Guests",
|
||||
"Hyper-V Administrators",
|
||||
"IIS_IUSRS",
|
||||
"Network Configuration Operators",
|
||||
"OpenSSH Users",
|
||||
"Performance Log Users",
|
||||
"Performance Monitor Users",
|
||||
"Power Users",
|
||||
"Remote Desktop Users",
|
||||
"Remote Management Users",
|
||||
"Replicator",
|
||||
"System Managed Accounts Group",
|
||||
"User Mode Hardware Operators",
|
||||
"Users"
|
||||
],
|
||||
"battery": {
|
||||
"present": false
|
||||
},
|
||||
"activation": {
|
||||
"edition": "Microsoft Windows 11 Pro",
|
||||
"description": "Windows(R) Operating System, OEM_DM channel",
|
||||
"licensed": true,
|
||||
"license_status_code": 1
|
||||
},
|
||||
"time_source": "time1.aliyun.com",
|
||||
"chassis_types": [
|
||||
3
|
||||
],
|
||||
"last_hotfix": {
|
||||
"hotfix_id": "KB5094126",
|
||||
"installed_on": "2026-06-10T07:00:00Z"
|
||||
},
|
||||
"scheduled_tasks": [
|
||||
{
|
||||
"path": "\\",
|
||||
"name": "Adobe Acrobat Update Task",
|
||||
"state": "Ready"
|
||||
},
|
||||
{
|
||||
"path": "\\",
|
||||
"name": "CorelUpdateHelperTask-6FE3C4EAF0EA6F48A355A006CED9B153",
|
||||
"state": "Ready"
|
||||
},
|
||||
{
|
||||
"path": "\\",
|
||||
"name": "CorelUpdateHelperTaskCore",
|
||||
"state": "Ready"
|
||||
},
|
||||
{
|
||||
"path": "\\",
|
||||
"name": "MicrosoftEdgeUpdateTaskMachineCore",
|
||||
"state": "Ready"
|
||||
},
|
||||
{
|
||||
"path": "\\",
|
||||
"name": "MicrosoftEdgeUpdateTaskMachineUA",
|
||||
"state": "Ready"
|
||||
},
|
||||
{
|
||||
"path": "\\",
|
||||
"name": "OneDrive Per-Machine Standalone Update Task",
|
||||
"state": "Ready"
|
||||
},
|
||||
{
|
||||
"path": "\\",
|
||||
"name": "OneDrive Reporting Task-S-1-5-21-176541868-3255397159-941698718-1001",
|
||||
"state": "Ready"
|
||||
},
|
||||
{
|
||||
"path": "\\",
|
||||
"name": "OneDrive Reporting Task-S-1-5-21-176541868-3255397159-941698718-1002",
|
||||
"state": "Ready"
|
||||
},
|
||||
{
|
||||
"path": "\\",
|
||||
"name": "OneDrive Startup Task-S-1-5-21-176541868-3255397159-941698718-1001",
|
||||
"state": "Ready"
|
||||
},
|
||||
{
|
||||
"path": "\\",
|
||||
"name": "OneDrive Startup Task-S-1-5-21-176541868-3255397159-941698718-1002",
|
||||
"state": "Ready"
|
||||
},
|
||||
{
|
||||
"path": "\\",
|
||||
"name": "RtkAudUService64_BG",
|
||||
"state": "Running"
|
||||
},
|
||||
{
|
||||
"path": "\\",
|
||||
"name": "ZoomUpdateTaskUser-S-1-5-21-176541868-3255397159-941698718-1002",
|
||||
"state": "Ready"
|
||||
},
|
||||
{
|
||||
"path": "\\GoogleSystem\\GoogleUpdater\\",
|
||||
"name": "GoogleUpdaterTaskSystem150.0.7863.0{187F8684-438D-4B52-A213-1183A437F60E}",
|
||||
"state": "Ready"
|
||||
},
|
||||
{
|
||||
"path": "\\GoogleUserPEH\\",
|
||||
"name": "RunPlatformExperienceHelperOnUnlock",
|
||||
"state": "Ready"
|
||||
},
|
||||
{
|
||||
"path": "\\GoogleUserPEH\\",
|
||||
"name": "RunPlatformExperienceHelper_Daily",
|
||||
"state": "Ready"
|
||||
},
|
||||
{
|
||||
"path": "\\GoogleUserPEH\\",
|
||||
"name": "RunPlatformExperienceHelper_Metrics",
|
||||
"state": "Ready"
|
||||
},
|
||||
{
|
||||
"path": "\\SoftLanding\\S-1-5-21-176541868-3255397159-941698718-1002\\",
|
||||
"name": "SoftLandingCreativeManagementTask",
|
||||
"state": "Ready"
|
||||
},
|
||||
{
|
||||
"path": "\\SoftLanding\\S-1-5-21-176541868-3255397159-941698718-1002\\",
|
||||
"name": "SoftLandingDeferralTask-{7f5041b8-2c64-40bd-a455-a605b3186491}",
|
||||
"state": "Ready"
|
||||
}
|
||||
],
|
||||
"antivirus_products": [
|
||||
"Windows Defender"
|
||||
],
|
||||
"domain_joined": false,
|
||||
"defender": {
|
||||
"antispyware_signature_age": 0,
|
||||
"tamper_protected": true,
|
||||
"real_time_protection": true,
|
||||
"nis_enabled": true,
|
||||
"available": true,
|
||||
"antivirus_enabled": true,
|
||||
"am_service_enabled": true
|
||||
},
|
||||
"bitlocker": {
|
||||
"os_volume": "C:",
|
||||
"key_protectors": [],
|
||||
"recovery_key_present": false,
|
||||
"available": true,
|
||||
"encryption_percent": 0,
|
||||
"protection_status": "Off"
|
||||
},
|
||||
"is_laptop": false,
|
||||
"installed_software_count": 50,
|
||||
"local_administrators": [
|
||||
"DESKTOP-GG4LKSL\\Administrator",
|
||||
"DESKTOP-GG4LKSL\\Localadmin",
|
||||
"DESKTOP-GG4LKSL\\owner"
|
||||
],
|
||||
"firewall_profiles": {
|
||||
"Private": true,
|
||||
"Domain": true,
|
||||
"Public": true
|
||||
},
|
||||
"domain": "WORKGROUP",
|
||||
"foreign_agents": null
|
||||
},
|
||||
"findings": [
|
||||
{
|
||||
"id": "sec.defender.ok",
|
||||
"category": "security",
|
||||
"severity": "info",
|
||||
"title": "Defender active and current",
|
||||
"detail": "Real-time protection on, service running, signatures current.",
|
||||
"evidence": "RealTimeProtectionEnabled=True; AMServiceEnabled=True; AntispywareSignatureAge=0 days; IsTamperProtected=True"
|
||||
},
|
||||
{
|
||||
"id": "sec.av_products.defender_only",
|
||||
"category": "security",
|
||||
"severity": "info",
|
||||
"title": "Defender is the only registered AV",
|
||||
"detail": "Only Microsoft/Windows Defender is registered in Security Center.",
|
||||
"evidence": "Windows Defender"
|
||||
},
|
||||
{
|
||||
"id": "sec.foreign_agents.none",
|
||||
"category": "security",
|
||||
"severity": "info",
|
||||
"title": "No competitor/leftover management agents detected",
|
||||
"detail": "No known competitor RMM or unmanaged remote-access agents found in installed programs or services.",
|
||||
"evidence": "Scanned uninstall hives (HKLM + WOW6432Node) and Win32_Service"
|
||||
},
|
||||
{
|
||||
"id": "sec.foreign_agents.acg.screenconnect_connectwise_control",
|
||||
"category": "security",
|
||||
"severity": "info",
|
||||
"title": "Expected ACG management tooling present: ScreenConnect / ConnectWise Control",
|
||||
"detail": "This is Arizona Computer Guru managed/remote-access tooling that we deploy. Its presence is expected and not a foreign-agent risk.",
|
||||
"evidence": "program: ScreenConnect Client (1912bf3444b41a08) 26.3.11.9650\nservice: ScreenConnect Client (1912bf3444b41a08) (ScreenConnect Client (1912bf3444b41a08)) Running"
|
||||
},
|
||||
{
|
||||
"id": "sec.firewall.ok",
|
||||
"category": "security",
|
||||
"severity": "info",
|
||||
"title": "All firewall profiles enabled",
|
||||
"detail": "Domain, Private, and Public firewall profiles are all enabled.",
|
||||
"evidence": "Private=True; Domain=True; Public=True"
|
||||
},
|
||||
{
|
||||
"id": "sec.bitlocker.unencrypted",
|
||||
"category": "security",
|
||||
"severity": "warning",
|
||||
"title": "OS volume is NOT encrypted with BitLocker",
|
||||
"detail": "The operating system volume is unencrypted. Data is exposed if the disk is removed or the device is lost. Enable BitLocker and escrow the recovery key.",
|
||||
"evidence": "Volume=C:; ProtectionStatus=Off; EncryptionPercentage=0; KeyProtectors="
|
||||
},
|
||||
{
|
||||
"id": "sec.local_admins.list",
|
||||
"category": "security",
|
||||
"severity": "info",
|
||||
"title": "Local administrators (3)",
|
||||
"detail": "Members of the local Administrators group. Review for unexpected or unknown accounts (especially leftover MSP/vendor accounts from a prior provider).",
|
||||
"evidence": "DESKTOP-GG4LKSL\\Administrator\nDESKTOP-GG4LKSL\\Localadmin\nDESKTOP-GG4LKSL\\owner"
|
||||
},
|
||||
{
|
||||
"id": "sec.patch.os_supported",
|
||||
"category": "security",
|
||||
"severity": "info",
|
||||
"title": "OS build supported: Win11 25H2",
|
||||
"detail": "Build 26200 (Win11 25H2) is in support until 2027-10-12.",
|
||||
"evidence": "Microsoft Windows 11 Pro build 26200"
|
||||
},
|
||||
{
|
||||
"id": "sec.patch.pending",
|
||||
"category": "security",
|
||||
"severity": "warning",
|
||||
"title": "4 pending Windows updates",
|
||||
"detail": "Windows Update reports pending (not installed, not hidden) updates. Some may be security updates. Approve/install on the next maintenance window.",
|
||||
"evidence": "Microsoft.Update.Session search IsInstalled=0 and IsHidden=0 -> 4"
|
||||
},
|
||||
{
|
||||
"id": "sec.patch.last_hotfix",
|
||||
"category": "security",
|
||||
"severity": "info",
|
||||
"title": "Last hotfix: KB5094126",
|
||||
"detail": "Most recently installed update (from Get-HotFix; reflects CBS/MSU packages, not all cumulative metadata).",
|
||||
"evidence": "KB5094126 installed 2026-06-10T07:00:00Z"
|
||||
},
|
||||
{
|
||||
"id": "sec.exposure.smb1_off",
|
||||
"category": "security",
|
||||
"severity": "info",
|
||||
"title": "SMBv1 disabled",
|
||||
"detail": "SMBv1 server protocol is disabled.",
|
||||
"evidence": "EnableSMB1Protocol=False"
|
||||
},
|
||||
{
|
||||
"id": "sec.exposure.laps_present",
|
||||
"category": "security",
|
||||
"severity": "info",
|
||||
"title": "LAPS detected",
|
||||
"detail": "A LAPS mechanism is present.",
|
||||
"evidence": "Windows LAPS reg key"
|
||||
},
|
||||
{
|
||||
"id": "health.disk_space.D",
|
||||
"category": "health",
|
||||
"severity": "warning",
|
||||
"title": "Disk low: D: at 14.6% free",
|
||||
"detail": "Less than 15 percent free. Plan cleanup or expansion.",
|
||||
"evidence": "D: free 68.1 GB of 465.8 GB (14.6%)"
|
||||
},
|
||||
{
|
||||
"id": "health.stability.some",
|
||||
"category": "health",
|
||||
"severity": "warning",
|
||||
"title": "Stability events present in the last 14 days",
|
||||
"detail": "One or more unexpected shutdowns, BSODs, or disk errors occurred recently. Monitor and correlate with user reports.",
|
||||
"evidence": "Unexpected shutdowns (id 41)=1; Bugchecks/BSOD (id 1001)=0; Disk errors (id 7/51/153)=0"
|
||||
},
|
||||
{
|
||||
"id": "health.failed_services.stopped",
|
||||
"category": "health",
|
||||
"severity": "warning",
|
||||
"title": "3 auto-start service(s) not running",
|
||||
"detail": "These services are set to start automatically but are not running. Some may be benign; review for security agents, backup agents, or AV that should be running.",
|
||||
"evidence": "GoogleUpdaterInternalService150.0.7863.0 (Google Updater Internal Service (GoogleUpdaterInternalService150.0.7863.0)) = Stopped\nGoogleUpdaterService150.0.7863.0 (Google Updater Service (GoogleUpdaterService150.0.7863.0)) = Stopped\nIntel(R) TPM Provisioning Service (Intel(R) TPM Provisioning Service) = Stopped"
|
||||
},
|
||||
{
|
||||
"id": "health.domain.workgroup",
|
||||
"category": "health",
|
||||
"severity": "info",
|
||||
"title": "Not domain-joined (workgroup)",
|
||||
"detail": "This machine is in workgroup/Azure AD only mode (Domain=WORKGROUP). No on-prem AD secure channel applies.",
|
||||
"evidence": "PartOfDomain=False; Domain=WORKGROUP"
|
||||
},
|
||||
{
|
||||
"id": "health.time.source",
|
||||
"category": "health",
|
||||
"severity": "info",
|
||||
"title": "Time service source",
|
||||
"detail": "Current Windows Time service source.",
|
||||
"evidence": "Source=time1.aliyun.com"
|
||||
},
|
||||
{
|
||||
"id": "health.backup.none",
|
||||
"category": "health",
|
||||
"severity": "info",
|
||||
"title": "No backup agent detected",
|
||||
"detail": "No known backup agent service found. Backup expectation varies by endpoint; confirm whether this machine is supposed to have local/cloud backup and whether server-side or M365 backup covers it.",
|
||||
"evidence": "No matching backup service in Win32_Service"
|
||||
}
|
||||
]
|
||||
}
|
||||
@@ -0,0 +1,226 @@
|
||||
# Onboarding Diagnostic Baseline - DESKTOP-GG4LKSL
|
||||
|
||||
- **Grade:** AMBER
|
||||
- **Host:** DESKTOP-GG4LKSL
|
||||
- **Client:** Michael Johnson (`michaeljohnson`)
|
||||
- **Collected (UTC):** 2026-06-29T21:17:50Z
|
||||
- **Agent ID:** 09c08484-2b51-404b-a294-6e39f498867c
|
||||
- **Command ID:** 67f70181-51cd-470e-a9e2-edd2d53df135
|
||||
- **Findings:** 0 critical / 5 warning / 13 info / 0 unknown
|
||||
|
||||
- **OS:** Microsoft Windows 11 Pro (build 26200)
|
||||
|
||||
---
|
||||
|
||||
## WARNING (5)
|
||||
|
||||
### OS volume is NOT encrypted with BitLocker
|
||||
- **Category:** security
|
||||
- **ID:** `sec.bitlocker.unencrypted`
|
||||
- The operating system volume is unencrypted. Data is exposed if the disk is removed or the device is lost. Enable BitLocker and escrow the recovery key.
|
||||
|
||||
```
|
||||
Volume=C:; ProtectionStatus=Off; EncryptionPercentage=0; KeyProtectors=
|
||||
```
|
||||
|
||||
### 4 pending Windows updates
|
||||
- **Category:** security
|
||||
- **ID:** `sec.patch.pending`
|
||||
- Windows Update reports pending (not installed, not hidden) updates. Some may be security updates. Approve/install on the next maintenance window.
|
||||
|
||||
```
|
||||
Microsoft.Update.Session search IsInstalled=0 and IsHidden=0 -> 4
|
||||
```
|
||||
|
||||
### Disk low: D: at 14.6% free
|
||||
- **Category:** health
|
||||
- **ID:** `health.disk_space.D`
|
||||
- Less than 15 percent free. Plan cleanup or expansion.
|
||||
|
||||
```
|
||||
D: free 68.1 GB of 465.8 GB (14.6%)
|
||||
```
|
||||
|
||||
### Stability events present in the last 14 days
|
||||
- **Category:** health
|
||||
- **ID:** `health.stability.some`
|
||||
- One or more unexpected shutdowns, BSODs, or disk errors occurred recently. Monitor and correlate with user reports.
|
||||
|
||||
```
|
||||
Unexpected shutdowns (id 41)=1; Bugchecks/BSOD (id 1001)=0; Disk errors (id 7/51/153)=0
|
||||
```
|
||||
|
||||
### 3 auto-start service(s) not running
|
||||
- **Category:** health
|
||||
- **ID:** `health.failed_services.stopped`
|
||||
- These services are set to start automatically but are not running. Some may be benign; review for security agents, backup agents, or AV that should be running.
|
||||
|
||||
```
|
||||
GoogleUpdaterInternalService150.0.7863.0 (Google Updater Internal Service (GoogleUpdaterInternalService150.0.7863.0)) = Stopped
|
||||
GoogleUpdaterService150.0.7863.0 (Google Updater Service (GoogleUpdaterService150.0.7863.0)) = Stopped
|
||||
Intel(R) TPM Provisioning Service (Intel(R) TPM Provisioning Service) = Stopped
|
||||
```
|
||||
|
||||
|
||||
## INFO (13)
|
||||
|
||||
### Defender active and current
|
||||
- **Category:** security
|
||||
- **ID:** `sec.defender.ok`
|
||||
- Real-time protection on, service running, signatures current.
|
||||
|
||||
```
|
||||
RealTimeProtectionEnabled=True; AMServiceEnabled=True; AntispywareSignatureAge=0 days; IsTamperProtected=True
|
||||
```
|
||||
|
||||
### Defender is the only registered AV
|
||||
- **Category:** security
|
||||
- **ID:** `sec.av_products.defender_only`
|
||||
- Only Microsoft/Windows Defender is registered in Security Center.
|
||||
|
||||
```
|
||||
Windows Defender
|
||||
```
|
||||
|
||||
### No competitor/leftover management agents detected
|
||||
- **Category:** security
|
||||
- **ID:** `sec.foreign_agents.none`
|
||||
- No known competitor RMM or unmanaged remote-access agents found in installed programs or services.
|
||||
|
||||
```
|
||||
Scanned uninstall hives (HKLM + WOW6432Node) and Win32_Service
|
||||
```
|
||||
|
||||
### Expected ACG management tooling present: ScreenConnect / ConnectWise Control
|
||||
- **Category:** security
|
||||
- **ID:** `sec.foreign_agents.acg.screenconnect_connectwise_control`
|
||||
- This is Arizona Computer Guru managed/remote-access tooling that we deploy. Its presence is expected and not a foreign-agent risk.
|
||||
|
||||
```
|
||||
program: ScreenConnect Client (1912bf3444b41a08) 26.3.11.9650
|
||||
service: ScreenConnect Client (1912bf3444b41a08) (ScreenConnect Client (1912bf3444b41a08)) Running
|
||||
```
|
||||
|
||||
### All firewall profiles enabled
|
||||
- **Category:** security
|
||||
- **ID:** `sec.firewall.ok`
|
||||
- Domain, Private, and Public firewall profiles are all enabled.
|
||||
|
||||
```
|
||||
Private=True; Domain=True; Public=True
|
||||
```
|
||||
|
||||
### Local administrators (3)
|
||||
- **Category:** security
|
||||
- **ID:** `sec.local_admins.list`
|
||||
- Members of the local Administrators group. Review for unexpected or unknown accounts (especially leftover MSP/vendor accounts from a prior provider).
|
||||
|
||||
```
|
||||
DESKTOP-GG4LKSL\Administrator
|
||||
DESKTOP-GG4LKSL\Localadmin
|
||||
DESKTOP-GG4LKSL\owner
|
||||
```
|
||||
|
||||
### OS build supported: Win11 25H2
|
||||
- **Category:** security
|
||||
- **ID:** `sec.patch.os_supported`
|
||||
- Build 26200 (Win11 25H2) is in support until 2027-10-12.
|
||||
|
||||
```
|
||||
Microsoft Windows 11 Pro build 26200
|
||||
```
|
||||
|
||||
### Last hotfix: KB5094126
|
||||
- **Category:** security
|
||||
- **ID:** `sec.patch.last_hotfix`
|
||||
- Most recently installed update (from Get-HotFix; reflects CBS/MSU packages, not all cumulative metadata).
|
||||
|
||||
```
|
||||
KB5094126 installed 2026-06-10T07:00:00Z
|
||||
```
|
||||
|
||||
### SMBv1 disabled
|
||||
- **Category:** security
|
||||
- **ID:** `sec.exposure.smb1_off`
|
||||
- SMBv1 server protocol is disabled.
|
||||
|
||||
```
|
||||
EnableSMB1Protocol=False
|
||||
```
|
||||
|
||||
### LAPS detected
|
||||
- **Category:** security
|
||||
- **ID:** `sec.exposure.laps_present`
|
||||
- A LAPS mechanism is present.
|
||||
|
||||
```
|
||||
Windows LAPS reg key
|
||||
```
|
||||
|
||||
### Not domain-joined (workgroup)
|
||||
- **Category:** health
|
||||
- **ID:** `health.domain.workgroup`
|
||||
- This machine is in workgroup/Azure AD only mode (Domain=WORKGROUP). No on-prem AD secure channel applies.
|
||||
|
||||
```
|
||||
PartOfDomain=False; Domain=WORKGROUP
|
||||
```
|
||||
|
||||
### Time service source
|
||||
- **Category:** health
|
||||
- **ID:** `health.time.source`
|
||||
- Current Windows Time service source.
|
||||
|
||||
```
|
||||
Source=time1.aliyun.com
|
||||
```
|
||||
|
||||
### No backup agent detected
|
||||
- **Category:** health
|
||||
- **ID:** `health.backup.none`
|
||||
- No known backup agent service found. Backup expectation varies by endpoint; confirm whether this machine is supposed to have local/cloud backup and whether server-side or M365 backup covers it.
|
||||
|
||||
```
|
||||
No matching backup service in Win32_Service
|
||||
```
|
||||
|
||||
|
||||
---
|
||||
|
||||
## Inventory Baseline Summary
|
||||
|
||||
- **Manufacturer / Model:** HP / HP Pavilion Gaming Desktop TG01-2xxx
|
||||
- **Serial:** 4CE136C774
|
||||
- **CPU:** 11th Gen Intel(R) Core(TM) i7-11700F @ 2.50GHz (8 cores / 16 logical)
|
||||
- **RAM (GB):** 31.8
|
||||
- **BIOS:** F.21 (2023-07-11)
|
||||
- **Chassis is laptop:** false
|
||||
- **TPM present / Secure Boot:** true / ?
|
||||
- **Domain joined:** false (WORKGROUP)
|
||||
- **OS activation licensed:** true
|
||||
- **Uptime (days):** 0.3
|
||||
- **Pending reboot:** false
|
||||
- **Installed software count:** 50
|
||||
- **Scheduled tasks (non-MS, enabled):** 18
|
||||
- **Local administrators:** DESKTOP-GG4LKSL\Administrator, DESKTOP-GG4LKSL\Localadmin, DESKTOP-GG4LKSL\owner
|
||||
|
||||
### Fixed volumes
|
||||
|
||||
- D: - 68.1 GB free of 465.8 GB (14.6%)
|
||||
- [unlabeled] - 0.1 GB free of 0.7 GB (8.3%)
|
||||
- [unlabeled] - 0 GB free of 0.1 GB (38.7%)
|
||||
- C: - 690.6 GB free of 930.6 GB (74.2%)
|
||||
|
||||
### Network adapters
|
||||
|
||||
- Intel(R) Wi-Fi 6 AX201 160MHz - IP: 192.168.1.135, fe80::b290:dac4:8c2:f9d6 - DNS: - DHCP: false
|
||||
|
||||
---
|
||||
|
||||
## Diff vs Prior Baseline
|
||||
|
||||
- No prior baseline found for this host. This is the first baseline.
|
||||
|
||||
---
|
||||
|
||||
_Generated by run-onboarding-diagnostic.sh (GuruRMM onboarding diagnostic, Phase 1). Raw snapshot: `DESKTOP-GG4LKSL-20260629T211835.json` (immutable)._
|
||||
File diff suppressed because it is too large
Load Diff
@@ -0,0 +1,254 @@
|
||||
# Onboarding Diagnostic Baseline - MJ-PARALEGAL
|
||||
|
||||
- **Grade:** RED
|
||||
- **Host:** MJ-PARALEGAL
|
||||
- **Client:** Michael Johnson (`michaeljohnson`)
|
||||
- **Collected (UTC):** 2026-06-29T21:17:55Z
|
||||
- **Agent ID:** 4537ac34-e548-484c-b4e9-fd91e7f97a23
|
||||
- **Command ID:** a3095ece-7fd3-4751-acc6-867a1b41507b
|
||||
- **Findings:** 2 critical / 4 warning / 14 info / 0 unknown
|
||||
|
||||
- **OS:** Microsoft Windows 11 Pro (build 26200)
|
||||
|
||||
---
|
||||
|
||||
## CRITICAL (2)
|
||||
|
||||
### Firewall disabled on profile(s): Private, Public
|
||||
- **Category:** security
|
||||
- **ID:** `sec.firewall.disabled`
|
||||
- One or more firewall profiles are OFF. The endpoint is exposed to lateral movement and inbound attacks on those networks. Re-enable all profiles.
|
||||
|
||||
```
|
||||
Profile states: Private=False; Domain=True; Public=False
|
||||
```
|
||||
|
||||
### Disk critically low: E: at 0% free
|
||||
- **Category:** health
|
||||
- **ID:** `health.disk_space.E`
|
||||
- Less than 8 percent free. Risk of failed updates, crashes, and corruption. Free space or expand the volume urgently.
|
||||
|
||||
```
|
||||
E: free 0 GB of 255.6 GB (0%)
|
||||
```
|
||||
|
||||
|
||||
## WARNING (4)
|
||||
|
||||
### OS volume is NOT encrypted with BitLocker
|
||||
- **Category:** security
|
||||
- **ID:** `sec.bitlocker.unencrypted`
|
||||
- The operating system volume is unencrypted. Data is exposed if the disk is removed or the device is lost. Enable BitLocker and escrow the recovery key.
|
||||
|
||||
```
|
||||
Volume=C:; ProtectionStatus=Off; EncryptionPercentage=0; KeyProtectors=
|
||||
```
|
||||
|
||||
### 2 pending Windows updates
|
||||
- **Category:** security
|
||||
- **ID:** `sec.patch.pending`
|
||||
- Windows Update reports pending (not installed, not hidden) updates. Some may be security updates. Approve/install on the next maintenance window.
|
||||
|
||||
```
|
||||
Microsoft.Update.Session search IsInstalled=0 and IsHidden=0 -> 2
|
||||
```
|
||||
|
||||
### Stability events present in the last 14 days
|
||||
- **Category:** health
|
||||
- **ID:** `health.stability.some`
|
||||
- One or more unexpected shutdowns, BSODs, or disk errors occurred recently. Monitor and correlate with user reports.
|
||||
|
||||
```
|
||||
Unexpected shutdowns (id 41)=1; Bugchecks/BSOD (id 1001)=0; Disk errors (id 7/51/153)=0
|
||||
```
|
||||
|
||||
### 6 auto-start service(s) not running
|
||||
- **Category:** health
|
||||
- **ID:** `health.failed_services.stopped`
|
||||
- These services are set to start automatically but are not running. Some may be benign; review for security agents, backup agents, or AV that should be running.
|
||||
|
||||
```
|
||||
AsusUpdateCheck (AsusUpdateCheck) = Stopped
|
||||
GoogleUpdaterInternalService150.0.7863.0 (Google Updater Internal Service (GoogleUpdaterInternalService150.0.7863.0)) = Stopped
|
||||
GoogleUpdaterService150.0.7863.0 (Google Updater Service (GoogleUpdaterService150.0.7863.0)) = Stopped
|
||||
IBMPMSVC (Lenovo PM Service) = Stopped
|
||||
Intel(R) TPM Provisioning Service (Intel(R) TPM Provisioning Service) = Stopped
|
||||
LPlatSvc (Lenovo Platform Service) = Stopped
|
||||
```
|
||||
|
||||
|
||||
## INFO (14)
|
||||
|
||||
### Defender active and current
|
||||
- **Category:** security
|
||||
- **ID:** `sec.defender.ok`
|
||||
- Real-time protection on, service running, signatures current.
|
||||
|
||||
```
|
||||
RealTimeProtectionEnabled=True; AMServiceEnabled=True; AntispywareSignatureAge=1 days; IsTamperProtected=True
|
||||
```
|
||||
|
||||
### Defender is the only registered AV
|
||||
- **Category:** security
|
||||
- **ID:** `sec.av_products.defender_only`
|
||||
- Only Microsoft/Windows Defender is registered in Security Center.
|
||||
|
||||
```
|
||||
Windows Defender
|
||||
```
|
||||
|
||||
### No competitor/leftover management agents detected
|
||||
- **Category:** security
|
||||
- **ID:** `sec.foreign_agents.none`
|
||||
- No known competitor RMM or unmanaged remote-access agents found in installed programs or services.
|
||||
|
||||
```
|
||||
Scanned uninstall hives (HKLM + WOW6432Node) and Win32_Service
|
||||
```
|
||||
|
||||
### Expected ACG management tooling present: ScreenConnect / ConnectWise Control
|
||||
- **Category:** security
|
||||
- **ID:** `sec.foreign_agents.acg.screenconnect_connectwise_control`
|
||||
- This is Arizona Computer Guru managed/remote-access tooling that we deploy. Its presence is expected and not a foreign-agent risk.
|
||||
|
||||
```
|
||||
program: ScreenConnect Client (1912bf3444b41a08) 26.3.11.9650
|
||||
service: ScreenConnect Client (1912bf3444b41a08) (ScreenConnect Client (1912bf3444b41a08)) Running
|
||||
```
|
||||
|
||||
### Expected ACG management tooling present: Splashtop (SOS/Streamer)
|
||||
- **Category:** security
|
||||
- **ID:** `sec.foreign_agents.acg.splashtop_sos_streamer_`
|
||||
- This is Arizona Computer Guru managed/remote-access tooling that we deploy. Its presence is expected and not a foreign-agent risk.
|
||||
|
||||
```
|
||||
program: Splashtop Streamer 3.8.4.0
|
||||
service: SplashtopRemoteService (Splashtop? Remote Service) Running
|
||||
```
|
||||
|
||||
### Expected ACG management tooling present: Syncro / Kabuto
|
||||
- **Category:** security
|
||||
- **ID:** `sec.foreign_agents.acg.syncro_kabuto`
|
||||
- This is Arizona Computer Guru managed/remote-access tooling that we deploy. Its presence is expected and not a foreign-agent risk.
|
||||
|
||||
```
|
||||
program: Syncro 1.0.201.18410
|
||||
service: Syncro (Syncro) Running
|
||||
```
|
||||
|
||||
### Local administrators (3)
|
||||
- **Category:** security
|
||||
- **ID:** `sec.local_admins.list`
|
||||
- Members of the local Administrators group. Review for unexpected or unknown accounts (especially leftover MSP/vendor accounts from a prior provider).
|
||||
|
||||
```
|
||||
MJ-PARALEGAL\Administrator
|
||||
MJ-PARALEGAL\localadmin
|
||||
MJ-PARALEGAL\Paralegal
|
||||
```
|
||||
|
||||
### OS build supported: Win11 25H2
|
||||
- **Category:** security
|
||||
- **ID:** `sec.patch.os_supported`
|
||||
- Build 26200 (Win11 25H2) is in support until 2027-10-12.
|
||||
|
||||
```
|
||||
Microsoft Windows 11 Pro build 26200
|
||||
```
|
||||
|
||||
### Last hotfix: KB5094126
|
||||
- **Category:** security
|
||||
- **ID:** `sec.patch.last_hotfix`
|
||||
- Most recently installed update (from Get-HotFix; reflects CBS/MSU packages, not all cumulative metadata).
|
||||
|
||||
```
|
||||
KB5094126 installed 2026-06-10T07:00:00Z
|
||||
```
|
||||
|
||||
### SMBv1 disabled
|
||||
- **Category:** security
|
||||
- **ID:** `sec.exposure.smb1_off`
|
||||
- SMBv1 server protocol is disabled.
|
||||
|
||||
```
|
||||
EnableSMB1Protocol=False
|
||||
```
|
||||
|
||||
### LAPS detected
|
||||
- **Category:** security
|
||||
- **ID:** `sec.exposure.laps_present`
|
||||
- A LAPS mechanism is present.
|
||||
|
||||
```
|
||||
Windows LAPS reg key
|
||||
```
|
||||
|
||||
### Not domain-joined (workgroup)
|
||||
- **Category:** health
|
||||
- **ID:** `health.domain.workgroup`
|
||||
- This machine is in workgroup/Azure AD only mode (Domain=WORKGROUP). No on-prem AD secure channel applies.
|
||||
|
||||
```
|
||||
PartOfDomain=False; Domain=WORKGROUP
|
||||
```
|
||||
|
||||
### Time service source
|
||||
- **Category:** health
|
||||
- **ID:** `health.time.source`
|
||||
- Current Windows Time service source.
|
||||
|
||||
```
|
||||
Source=time.windows.com,0x9
|
||||
```
|
||||
|
||||
### No backup agent detected
|
||||
- **Category:** health
|
||||
- **ID:** `health.backup.none`
|
||||
- No known backup agent service found. Backup expectation varies by endpoint; confirm whether this machine is supposed to have local/cloud backup and whether server-side or M365 backup covers it.
|
||||
|
||||
```
|
||||
No matching backup service in Win32_Service
|
||||
```
|
||||
|
||||
|
||||
---
|
||||
|
||||
## Inventory Baseline Summary
|
||||
|
||||
- **Manufacturer / Model:** ASUS / System Product Name
|
||||
- **Serial:** System Serial Number
|
||||
- **CPU:** Intel(R) Core(TM) i5-10400 CPU @ 2.90GHz (6 cores / 12 logical)
|
||||
- **RAM (GB):** 15.8
|
||||
- **BIOS:** 1620 (2021-07-09)
|
||||
- **Chassis is laptop:** false
|
||||
- **TPM present / Secure Boot:** true / true
|
||||
- **Domain joined:** false (WORKGROUP)
|
||||
- **OS activation licensed:** true
|
||||
- **Uptime (days):** 0.3
|
||||
- **Pending reboot:** false
|
||||
- **Installed software count:** 98
|
||||
- **Scheduled tasks (non-MS, enabled):** 24
|
||||
- **Local administrators:** MJ-PARALEGAL\Administrator, MJ-PARALEGAL\localadmin, MJ-PARALEGAL\Paralegal
|
||||
|
||||
### Fixed volumes
|
||||
|
||||
- E: - 0 GB free of 255.6 GB (0%)
|
||||
- [unlabeled] - 0.2 GB free of 1 GB (18.7%)
|
||||
- D: - 0 GB free of 0 GB (75.5%)
|
||||
- C: - 70 GB free of 464.2 GB (15.1%)
|
||||
- [unlabeled] - 0.1 GB free of 0.1 GB (64%)
|
||||
- [unlabeled] - 0.1 GB free of 0.5 GB (16.6%)
|
||||
|
||||
### Network adapters
|
||||
|
||||
- Realtek PCIe GBE Family Controller - IP: 192.168.1.136, fe80::b20c:8d0b:48bf:1aea - DNS: 172.16.132.1 - DHCP: true
|
||||
|
||||
---
|
||||
|
||||
## Diff vs Prior Baseline
|
||||
|
||||
- No prior baseline found for this host. This is the first baseline.
|
||||
|
||||
---
|
||||
|
||||
_Generated by run-onboarding-diagnostic.sh (GuruRMM onboarding diagnostic, Phase 1). Raw snapshot: `MJ-PARALEGAL-20260629T211845.json` (immutable)._
|
||||
@@ -0,0 +1,148 @@
|
||||
# Rednour Law — LEGALASST explorer hang on .zip + WordPerfect 5 save error + Win11 plan
|
||||
|
||||
## User
|
||||
- **User:** Howard Enos (howard)
|
||||
- **Machine:** Howard-Home
|
||||
- **Role:** tech
|
||||
|
||||
## Session Summary
|
||||
|
||||
Diagnosed an explorer.exe stability problem on **LEGALASST**, the legal assistant's
|
||||
workstation at Rednour Law (Carla Skinner's box; active local account `emma`, profile
|
||||
`C:\Users\Ale`, OneDrive `carla@rednourlaw.com`). Reported via Carrie Rednour: explorer
|
||||
repeatedly hung/crashed when "opening files or messing with files." Work was driven over
|
||||
GuruRMM (agent `18825ea7-df58-47bb-b492-822cb16fb5ec`); the office subnet was initially
|
||||
unreachable from HOWARD-HOME because Tailscale was stuck in `NoState`, which cleared on its
|
||||
own shortly after.
|
||||
|
||||
Established via the Application event log that explorer was **hanging (AppHang Event 1002),
|
||||
not crashing** — there were no Event 1000 / faulting-module records. Hangs were firing
|
||||
several times per hour on 2026-06-29 and continued after a 10:52 reboot. The `.NET Runtime`
|
||||
Event 1022 "profiling API attach" errors (201 of them) were ruled out as benign noise — no
|
||||
`COR_PROFILER` env var is set, so nothing is being injected into explorer via that path.
|
||||
|
||||
Narrowed the cause by elimination. Blocked the Adobe shell extensions (Acrobat context-menu
|
||||
+ CoreSync overlays) via the Microsoft "Blocked" CLSID list and restarted explorer — no
|
||||
change, so Adobe was ruled out and reverted. Mapped drives X/Y/Z (→ `\\rednourcarrievirt`,
|
||||
the cloned Carrie host) were healthy (`Status OK`, no SMBClient errors). The only
|
||||
non-Microsoft DLLs actually loaded in explorer were the AMD Vega driver
|
||||
(`amdihk64/atidxx64/aticfx64/atiuxp64`), but there were **zero display-driver TDR events**,
|
||||
so the GPU driver was not crash-recovering. OneDrive sync was healthy and its overlay was not
|
||||
even loaded. Howard then supplied the decisive clue: the hang happens **only when opening
|
||||
`.zip` files**, Word/PDF open fine, and the failing zip is on the **local desktop** (not
|
||||
OneDrive, not a network share). That isolated the fault to the **built-in Windows Compressed
|
||||
Folders handler** (explorer's zip-as-folder namespace). `zipfldr.dll` is intact and validly
|
||||
signed, so the hang is environmental, not a corrupt handler DLL.
|
||||
|
||||
Howard installed **7-Zip 26.02** as a workaround — it opens the same zips fine because it is
|
||||
a standalone app that never invokes explorer's zip namespace. He will set 7-Zip as the
|
||||
default for `.zip` (and `.7z`/`.rar`, currently unassociated) via the 7-Zip GUI. A second,
|
||||
separate issue on the same machine was reported: saving from **WordPerfect 5** returns "not
|
||||
enough free space" regardless of save location, despite Howard verifying ample free space.
|
||||
The plan is to **upgrade LEGALASST to Windows 11**, which is expected to resolve the
|
||||
zip-handler hang by rebuilding the shell/system files (and applies the pending SFC repair);
|
||||
the team will test a local zip with the built-in handler after the upgrade. All diagnostic
|
||||
changes were reverted and the box was left clean.
|
||||
|
||||
## Key Decisions
|
||||
|
||||
- Diagnosed live over GuruRMM rather than waiting for on-site access; used `user_session`
|
||||
context for HKCU/OneDrive/shell-folder reads and SYSTEM context for HKLM/event-log reads.
|
||||
- Used the Microsoft **Shell Extensions\Blocked** CLSID list (reversible) to test-disable
|
||||
Adobe/7-Zip shell extensions instead of deleting registrations — clean revert path.
|
||||
- Treated the `.NET 1022` errors as noise after confirming no `COR_PROFILER` was set, instead
|
||||
of chasing the profiler-injection theory.
|
||||
- Did **not** hand-write a per-user UserChoice association hash for `.zip` (hash-protected;
|
||||
a wrong hash leaves a broken "how do you want to open this?" prompt). Howard opted to set
|
||||
the default in the 7-Zip GUI; no DefaultAssociations policy was pushed.
|
||||
- Concluded the Win11 in-place upgrade is the right fix for the zip-handler hang (rebuilds
|
||||
shell/system files) rather than further low-level surgery on a Win10 22H2 EOL box.
|
||||
|
||||
## Problems Encountered
|
||||
|
||||
- **Office subnet unreachable from HOWARD-HOME** — Tailscale daemon RUNNING but backend stuck
|
||||
in `NoState`; a service restart did not clear it, but it came up on its own shortly after.
|
||||
- **Orphaned RMM diagnostic process** — the first diagnostic command timed out server-side at
|
||||
120s (a `HKLM\...\Classes\*\shellex` wildcard scan), but the agent's child `powershell.exe`
|
||||
(PID 1048) kept running on the endpoint for 10+ minutes, churning CPU. This was the
|
||||
"PowerShell that's been running" Howard noticed. Killed it (SYSTEM context). Logged as
|
||||
friction.
|
||||
- **`$pid` reserved-variable collision** — used `$pid` as a variable in a remote script; `$PID`
|
||||
is the automatic current-process-id variable, so the `.zip` ProgID read returned garbage
|
||||
(16044). Re-ran with a non-reserved name. Logged as friction.
|
||||
- **Mis-assumption corrected** — initially assumed LEGALASST was the cloned machine; Carrie's
|
||||
machine was the one cloned (to host `rednourcarrievirt`), LEGALASST is the legal assistant's
|
||||
(unchanged) box. Logged as a correction.
|
||||
|
||||
## Configuration Changes
|
||||
|
||||
Net change to the endpoint: **none** (all diagnostic changes reverted; box left clean). During
|
||||
the session, on LEGALASST:
|
||||
- Added then removed Adobe (4 CLSIDs) and 7-Zip shell-extension CLSIDs in
|
||||
`HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked` (Blocked list now
|
||||
empty).
|
||||
- Restarted explorer.exe several times (user_session).
|
||||
- Killed orphaned diagnostic process PID 1048.
|
||||
- Howard installed 7-Zip 26.02 (standalone; he will set `.zip`/`.7z`/`.rar` defaults).
|
||||
- Howard ran `sfc /scannow` — found and repaired corruption (0 unrepairable); repair pending
|
||||
a reboot to load.
|
||||
|
||||
Repo: this session log; Rednour wiki record update pending (`/wiki-compile client:rednour`).
|
||||
|
||||
## Credentials & Secrets
|
||||
|
||||
None discovered, created, or rotated this session.
|
||||
|
||||
## Infrastructure & Servers
|
||||
|
||||
- **LEGALASST** — legal assistant workstation, Rednour Law "Main Office" site. Win 10 Pro 22H2
|
||||
(build 19045, **EOL**), AMD Ryzen 3 3200G (Vega 8 iGPU), **5.9 GB RAM**, LAN 192.168.10.213.
|
||||
GuruRMM agent `18825ea7-df58-47bb-b492-822cb16fb5ec`. Active local account `emma`, profile
|
||||
`C:\Users\Ale`. OneDrive account `carla@rednourlaw.com`; Documents redirected to
|
||||
`C:\Users\Ale\OneDrive - Rednour Law\Documents`. Leftover **SyncroLive.Agent.Runner** still
|
||||
running.
|
||||
- AMD GPU driver: 31.0.12027.9001 (2023-03-29). 7zFM.exe 26.02 at `C:\Program Files\7-Zip\`.
|
||||
- `zipfldr.dll` = 10.0.19041.1, signature Valid (handler is intact).
|
||||
- Mapped drives (user `emma`): X: `\\rednourcarrievirt\Time Matters Shared Files`, Y:
|
||||
`\\rednourcarrievirt\Timeslips`, Z: `\\rednourcarrievirt\Documents` — all `Status OK`.
|
||||
- GuruRMM server `http://172.16.3.30:3001`; coord `http://172.16.3.30:8001`.
|
||||
|
||||
## Commands & Outputs
|
||||
|
||||
- Diagnostic dispatch pattern: `POST /api/agents/<id>/command` (powershell, `context`
|
||||
system or user_session), poll `GET /api/commands/<id>`.
|
||||
- Key reads: `Get-WinEvent` Application 1000/1002 + ProviderName 'Application Hang'/'.NET
|
||||
Runtime'; explorer loaded modules filtered to non-Microsoft `CompanyName`;
|
||||
`Get-SmbMapping`; `Get-MpComputerStatus`/`Get-MpPreference`; CBS.log `[SR]` parse.
|
||||
- AppHang count = 10 in last 3h on 2026-06-29; latest 11:31:02 (post 10:52 reboot).
|
||||
- `.zip` association: `HKCR\.zip` (default) = `CompressedFolder`, **no UserChoice**. 7-Zip
|
||||
registered only a `7-Zip.iso` ProgId (no `7-Zip.zip`). `.7z`/`.rar` currently unassociated.
|
||||
- SFC (CBS.log): "Verify and Repair Transaction completed... successfully repaired"; 0
|
||||
"cannot repair" entries.
|
||||
- Defender: RTP on, no active scan, signatures fresh, `DisableArchiveScanning=False`,
|
||||
`MAPSReporting=2`, `SubmitSamplesConsent=1` (archive + cloud scanning on).
|
||||
|
||||
## Pending / Incomplete Tasks
|
||||
|
||||
1. **Howard:** set 7-Zip as default app for `.zip` (and `.7z`/`.rar`) via 7-Zip GUI
|
||||
(Tools → Options → System).
|
||||
2. **Upgrade LEGALASST to Windows 11** (expected to resolve the zip-handler hang; applies
|
||||
the pending SFC repair). Pre-reqs: enable fTPM + Secure Boot in BIOS (Ryzen 3 3200G is
|
||||
Win11-supported), bump RAM from 5.9 GB, remove the leftover Syncro agent. **Test a local
|
||||
`.zip` with the built-in handler post-upgrade.**
|
||||
3. **WordPerfect 5 "not enough free space" on save** — investigate. Leading hypothesis:
|
||||
legacy/DOS-era WordPerfect free-space miscalculation on large-capacity volumes (free-space
|
||||
value overflows → false "disk full"). This is app-level and will **not** be fixed by the
|
||||
OS upgrade; mitigate via DOSBox or directing saves to a SUBST'd small-capacity location.
|
||||
Confirm exact WP version/edition (DOS 5.1 vs Windows).
|
||||
4. **If the zip hang persists after the Win11 upgrade:** next lead is Defender archive-scan +
|
||||
cloud (MAPS) lookup stalling the shell when the built-in handler streams zip entries.
|
||||
5. Standing P1s (pre-existing): reboot to apply SFC repair; remove prior MSP agents.
|
||||
|
||||
## Reference Information
|
||||
|
||||
- GuruRMM agent id: `18825ea7-df58-47bb-b492-822cb16fb5ec` (LEGALASST).
|
||||
- Rednour tenant: `rednourlaw.com` (`4a4ca18a-f516-478b-99da-2e0722c5dc18`); Syncro customer
|
||||
`1224246`.
|
||||
- Wiki: `wiki/clients/rednour.md`. Refresh: `/wiki-compile client:rednour --full`.
|
||||
- Reversible shell-ext disable mechanism: `HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked` (add CLSID value to block; delete to restore).
|
||||
@@ -0,0 +1,119 @@
|
||||
## User
|
||||
- **User:** Howard Enos (howard)
|
||||
- **Machine:** Howard-Home
|
||||
- **Role:** tech
|
||||
|
||||
## Session Summary
|
||||
|
||||
Resumed work on getting the GuruRMM agent installed on Nick Pafford's Mac at Rednour Law
|
||||
Offices (Rednour's office). The client/site was already onboarded (2026-05-29), so the goal
|
||||
this session was to hand Nick the correct macOS download/install link and confirm enrollment.
|
||||
|
||||
Pulled the Rednour Main site enrollment details from the vault (site_code GREEN-FALCON-7214)
|
||||
and provided the public install page URL. On verification, the install **page**
|
||||
(`/install/GREEN-FALCON-7214`) only exposes clickable buttons for Windows and Linux — there is
|
||||
no Mac button. Confirmed instead that a macOS install path exists as a `curl | sudo bash`
|
||||
one-liner at `/install/GREEN-FALCON-7214/macos`. Verified the script body (LaunchDaemon setup,
|
||||
quarantine strip, site config for GREEN-FALCON-7214) and that the agent binary it downloads is a
|
||||
Mach-O 64-bit arm64 executable (~3.96 MB), matching Nick's Apple Silicon Mac. Handed Nick the
|
||||
Terminal one-liner plus his SMB share credential (from vault).
|
||||
|
||||
Nick (or whoever was at the Mac) ran the installer and it reported success. However, repeated
|
||||
fleet checks (3x over the session) showed the agent NOT checking in — no macOS agent appears
|
||||
under Rednour Law Offices. The three Rednour agents enrolled are all Windows
|
||||
(FrontDeskReception, LegalAsst, rednourcarrievirt). The only Macs in the entire fleet are
|
||||
Scileppi's Mac-mini-2 and Mike's MacBook Air — neither is Nick's. So the install succeeded
|
||||
locally but the agent is not connecting/enrolling to the server.
|
||||
|
||||
Howard is no longer onsite and does not have the user's Mac password, so local diagnostics
|
||||
(foreground run, launchctl check) can't be done right now. Work was deferred. Flagged Mike via
|
||||
Discord DM that the Apple/macOS installer has an issue, that we're working it but lack the
|
||||
user's password, and asked whether he has access to another M1/Apple Silicon Mac to test the
|
||||
installer for repro.
|
||||
|
||||
## Key Decisions
|
||||
|
||||
- Handed Nick the macOS `curl | sudo bash` one-liner rather than the install page, since the
|
||||
page has no Mac download button — only Windows/Linux. The `/macos` script path is the
|
||||
supported macOS install route.
|
||||
- Verified the downloaded binary architecture (arm64 Mach-O) before handing off, to rule out an
|
||||
x86/arch mismatch on Nick's Apple Silicon Mac.
|
||||
- Deferred diagnosis rather than guess: with no onsite access and no user password, the key
|
||||
diagnostic (foreground `sudo /usr/local/bin/gururmm-agent` to see the connect error) can't be
|
||||
run, so escalated to Mike and parked it.
|
||||
- Used a person-targeted Discord DM to Mike (not a #bot-alerts post) since the ask was actionable
|
||||
and directed at him specifically (needs an M1 to test).
|
||||
|
||||
## Problems Encountered
|
||||
|
||||
- **macOS agent installs but does not enroll.** Installer reports success on Nick's Apple
|
||||
Silicon Mac, but no macOS agent shows under Rednour in the fleet after multiple checks.
|
||||
Unresolved — deferred. Likely causes to check next: LaunchDaemon not actually started /
|
||||
crashed on launch, Gatekeeper killing the unsigned binary despite quarantine strip, or
|
||||
outbound connectivity to rmm.azcomputerguru.com blocked. Blocked on onsite access + user
|
||||
password.
|
||||
- **Install page has no Mac button** (Windows/Linux only). Worked around with the `/macos`
|
||||
curl|bash one-liner, which is the real macOS install path.
|
||||
|
||||
## Configuration Changes
|
||||
|
||||
- None to the repo. No code changes. Vault entries were read-only this session (already
|
||||
created in prior sessions).
|
||||
|
||||
## Credentials & Secrets
|
||||
|
||||
- Nick Pafford SMB share access (read this session, already vaulted):
|
||||
- Vault: `clients/rednour/nick-smb-rednourcarrievi.sops.yaml`
|
||||
- Username: `REDNOURCARRIEVI\nick`
|
||||
- Password: `Kg5Qe2Kc3`
|
||||
- Mac mount: `smb://192.168.10.194/Documents` (Finder Cmd+K)
|
||||
- Share: `\\REDNOURCARRIEVI\Documents` -> `C:\Users\Carrie\Documents`, access Modify (rw)
|
||||
- Local Windows account on Carrie Rednour's workstation (workgroup, no AD), PasswordNeverExpires,
|
||||
created 2026-06-25 per Syncro #32343.
|
||||
- GuruRMM Rednour Main site enrollment (already vaulted):
|
||||
- Vault: `clients/rednour/gururmm-site-main.sops.yaml`
|
||||
- site_id: `c7f5787c-8e71-45b3-841f-fa52436f7d26`
|
||||
- site_code: `GREEN-FALCON-7214`
|
||||
|
||||
## Infrastructure & Servers
|
||||
|
||||
- GuruRMM server API: `http://172.16.3.30:3001` (auth via vault gururmm-server.sops.yaml).
|
||||
- GuruRMM public install host: `https://rmm.azcomputerguru.com` (Cloudflare-fronted).
|
||||
- Rednour workstation REDNOURCARRIEVI: `192.168.10.194` (LAN) / `10.147.17.253` (ZeroTier).
|
||||
- Rednour Law Offices fleet (all Windows, online, v0.6.66): FrontDeskReception, LegalAsst,
|
||||
rednourcarrievirt.
|
||||
|
||||
## Commands & Outputs
|
||||
|
||||
- macOS install one-liner handed to Nick:
|
||||
`curl -fsSL https://rmm.azcomputerguru.com/install/GREEN-FALCON-7214/macos | sudo bash`
|
||||
- Mac agent binary verification:
|
||||
`curl .../install/GREEN-FALCON-7214/download/macos` -> HTTP 200, Mach-O 64-bit arm64
|
||||
executable, ~3,960,397 bytes, filename `gururmm-agent-main`.
|
||||
- Fleet check (no Rednour Mac present):
|
||||
`curl -s "$RMM/api/agents" -H "Authorization: Bearer $TOKEN" | jq '... select rednour or macos'`
|
||||
- Suggested local diagnostics for next session (need onsite/password):
|
||||
- `sudo launchctl list | grep gururmm`
|
||||
- `ls -l /usr/local/bin/gururmm-agent /usr/local/etc/gururmm/`
|
||||
- `sudo /usr/local/bin/gururmm-agent` (foreground run to surface connect error)
|
||||
- `curl -fsS -o /dev/null -w "%{http_code}" https://rmm.azcomputerguru.com/install/GREEN-FALCON-7214/macos`
|
||||
|
||||
## Pending / Incomplete Tasks
|
||||
|
||||
- **OPEN:** Nick's Mac GuruRMM agent not enrolling despite successful install. Deferred.
|
||||
- Blocked on: not onsite + no user Mac password.
|
||||
- Next steps: run foreground diagnostic on the Mac to capture the connect/enroll error; check
|
||||
LaunchDaemon state and Gatekeeper; verify outbound to rmm.azcomputerguru.com.
|
||||
- Mike asked (via DM) whether he has access to another M1/Apple Silicon Mac to test/repro the
|
||||
macOS installer.
|
||||
|
||||
## Reference Information
|
||||
|
||||
- Install page: `https://rmm.azcomputerguru.com/install/GREEN-FALCON-7214`
|
||||
- macOS install script: `https://rmm.azcomputerguru.com/install/GREEN-FALCON-7214/macos`
|
||||
- macOS agent binary: `https://rmm.azcomputerguru.com/install/GREEN-FALCON-7214/download/macos`
|
||||
- MSI (Windows): `https://rmm.azcomputerguru.com/api/sites/c7f5787c-8e71-45b3-841f-fa52436f7d26/installer`
|
||||
- Discord DM to Mike: message_id 1521264675965374656
|
||||
- Syncro ticket (SMB access): #32343
|
||||
- Related prior logs: `2026-06-25-howard-nick-smb-share-and-mac-rmm.md`,
|
||||
`2026-06-26-howard-nick-mac-rmm-rootcause.md`
|
||||
18
errorlog.md
18
errorlog.md
@@ -17,6 +17,7 @@ Categories (the `[type]` tag): _(none)_ = skill/command execution failure ·
|
||||
|
||||
<!-- Append entries below this line -->
|
||||
|
||||
<<<<<<< HEAD
|
||||
2026-06-29 | GURU-5070 | remediation-tool/reset-password.sh | [friction] JIT de-elevation can never succeed: an app-only SP cannot remove its OWN Privileged Authentication Administrator assignment ('no privilege to remove self'). Every admin-account reset leaves standing PAA on the ComputerGuru Tenant Admin SP; requires a human Global Admin to remove. Likely also left PAA on birthbiologic.com (2026-06-08). [ctx: tenant=5c53ae9f-7071-4248-b834-8685b646450f sp=fccda86c-77ca-4248-b876-b0cdba8605d4 role=PrivilegedAuthAdmin fix=PIM-or-second-principal-or-human-GA]
|
||||
|
||||
2026-06-29 | GURU-5070 | remediation-tool | reset-password: failed to remove JIT Privileged Auth Admin role - standing privilege left behind, REMOVE MANUALLY [ctx: tenant=5c53ae9f-7071-4248-b834-8685b646450f assignment=ikzke6-tKk6E1qsmSeCKE2yozfzKd0hCuHawzbqGBdQ-1 http=400]
|
||||
@@ -30,6 +31,23 @@ Categories (the `[type]` tag): _(none)_ = skill/command execution failure ·
|
||||
2026-06-29 | GURU-5070 | rmm/bash | [friction] passed ~20KB base64 inline via jq --arg in command line -> 'Argument list too long'; should stage data on the endpoint (it already had the CSV) or chunk-upload, never inline-pass large blobs [ctx: ref=CLAUDE.md windows-rules; host=ACG-DWP-X-BB]
|
||||
|
||||
2026-06-29 | GURU-5070 | migration/datto-to-sharepoint | 2026-06-26 SharePoint push corrupted files: byte array stringified ('$bytes') so each file written as space-separated DECIMAL TEXT instead of binary (xlsx '80 75 3 4...', pdf '37 80 68 70...'); format-agnostic, ~15 local + up to ~3298 cloud-only files modified 06-26; Datto source intact [ctx: client=birth-biologic host=ACG-DWP-X-BB vector=base64/stdout-capture-upload fix=use OneDrive-sync/SPMT or [IO.File]::WriteAllBytes]
|
||||
=======
|
||||
2026-06-29 | Howard-Home | cascades/SG-Caregivers | [correction] assumed adding Feller + Nyanzunda to SG-Caregivers per 6/4 worklist; correct is group = frontline caregivers ONLY, exclude admins/managers/admin-adjacent (Feller PA-remote, Nyanzunda MC admin asst) do NOT go in
|
||||
|
||||
2026-06-29 | Howard-Home | rmm/coord | [friction] 172.16.3.30 unreachable from Howard-Home (RMM :3001 + coord :8001 dead; Cascades VPN up) — ACG-internal route down [ctx: ref=cascades-caregiver-group-task]
|
||||
|
||||
2026-06-29 | Howard-Home | rmm/powershell | [friction] used $pid as a variable in remote PS script; $PID is a reserved automatic variable (current process id) so the .zip ProgID read was clobbered (showed 16044). Use a non-reserved name e.g. $zipProg [ctx: ref=feedback_windows_quote_stripping-style-PS-gotchas]
|
||||
|
||||
2026-06-29 | Howard-Home | rmm/rednour-legalasst | [correction] assumed LEGALASST was the cloned machine; correct is that CARRIE'S machine was cloned (to host rednourcarrievirt) and LEGALASST is EMMA'S machine (not cloned). Emma's drives X/Y/Z were remapped today to
|
||||
ednourcarrievirt [ctx: client=rednour host=LEGALASST]
|
||||
|
||||
2026-06-29 | Howard-Home | rmm-auth/tailscale | [friction] RMM+coord unreachable (http=000); tailscaled service RUNNING but backend stuck in NoState after restart -> 172.16.3.30 unping-able from HOWARD-HOME [ctx: ref=remote-diag fix=tailscale-relogin]
|
||||
|
||||
2026-06-29 | Howard-Home | rmm-auth | RMM login failed (no token returned from /api/auth/login) [ctx: url=http://172.16.3.30:3001 resp=]
|
||||
|
||||
2026-06-29 | Howard-Home | rmm-search | RMM auth failed via rmm-auth.sh (no TOKEN/RMM)
|
||||
|
||||
2026-06-29 | Howard-Home | rmm-search | RMM auth failed via rmm-auth.sh (no TOKEN/RMM)
|
||||
>>>>>>> a0d073f (sync: auto-sync from HOWARD-HOME at 2026-06-29 14:22:54)
|
||||
|
||||
2026-06-29 | Howard-Home | save/rmm-scratch | [friction] wrote RMM command-id scratch files (.netprobe_id, .stage_id, etc.) to repo root C:/claudetools; .netprobe_id got swept into a sync commit by git add -A and needed git rm. Use the session scratchpad dir for transient IDs, not the repo root. [ctx: ref=feedback_tmp_path_windows]
|
||||
|
||||
143
wiki/clients/michaeljohnson.md
Normal file
143
wiki/clients/michaeljohnson.md
Normal file
@@ -0,0 +1,143 @@
|
||||
---
|
||||
type: client
|
||||
name: michaeljohnson
|
||||
display_name: Michael Johnson (Law Office)
|
||||
last_compiled: 2026-06-29
|
||||
compiled_by: HOWARD-HOME/claude-main
|
||||
sources:
|
||||
- clients/michaeljohnson/onboarding-baselines/DESKTOP-GG4LKSL-20260629T211835.md
|
||||
- clients/michaeljohnson/onboarding-baselines/MJ-PARALEGAL-20260629T211845.md
|
||||
- Syncro customer 152567 (ticket history + contact record)
|
||||
- GuruRMM onboarding 2026-06-29 (client + site "Main", BRIGHT-RIVER-8998)
|
||||
---
|
||||
|
||||
# Michael Johnson (Law Office)
|
||||
|
||||
## Profile
|
||||
|
||||
- **Business type:** Solo legal practice (Tucson, AZ) — *inferred* from the paralegal
|
||||
workstation, WordPerfect + "Seabill" legal-billing software, and the recurring
|
||||
shared-file / Outlook-calendar-sync work between Michael's and Crystal's machines.
|
||||
Not formally stated in Syncro (no `business_name` on the record).
|
||||
- **Syncro Customer ID:** 152567 (customer record created 2013-12-04 — long-standing client)
|
||||
- **Billing model:** Break-fix / time-and-materials. **No prepaid block** (`prepay_hours = 0.0`,
|
||||
live 2026-06-29). History is overwhelmingly emergency / onsite / remote one-off tickets.
|
||||
- **Address:** 177 N Church, Tucson, AZ 85701
|
||||
- **GuruRMM onboarded:** 2026-06-29 (Howard) — client + site "Main"; both workstations enrolled same day.
|
||||
- **Onboarding grade:** DESKTOP-GG4LKSL = **AMBER**; MJ-PARALEGAL = **RED**.
|
||||
|
||||
## Contacts
|
||||
|
||||
| Name | Role | Email / Phone | Notes |
|
||||
|---|---|---|---|
|
||||
| Michael Johnson | Owner / attorney | michaeljohnson311@gmail.com / 520-622-0065 | Primary Syncro contact; uses DESKTOP-GG4LKSL |
|
||||
| Crystal (Krystal) | Paralegal / assistant | (no email on file) / 520-906-4672 | Uses MJ-PARALEGAL; most day-to-day tickets are hers |
|
||||
|
||||
Email is on **Gmail / Google Workspace** (consumer/Workspace — not M365). Several past tickets
|
||||
involve Google account storage/payment and Outlook talking to the Google calendar; mail is **not**
|
||||
hosted or managed by ACG M365 tooling.
|
||||
|
||||
## Infrastructure
|
||||
|
||||
### Network
|
||||
|
||||
- **Topology:** Workgroup, peer-to-peer (no on-prem AD, no domain join). Both machines report
|
||||
`PartOfDomain=False` / `Domain=WORKGROUP`.
|
||||
- **LAN subnet:** 192.168.1.0/24.
|
||||
- Shared files are served peer-to-peer between the two workstations (consistent with the long
|
||||
history of "can't access shared files" tickets) — exact share host/path **not yet mapped**.
|
||||
|
||||
### Workstations (GuruRMM enrolled 2026-06-29, site "Main")
|
||||
|
||||
| Hostname | User | Model | CPU | RAM | OS | IP | Agent ID | Grade |
|
||||
|---|---|---|---|---|---|---|---|---|
|
||||
| DESKTOP-GG4LKSL | Michael | HP Pavilion Gaming TG01-2xxx | i7-11700F 8c/16t | 31.8 GB | Win 11 Pro 25H2 (build 26200) | 192.168.1.135 (Wi-Fi) | 09c08484-2b51-404b-a294-6e39f498867c | AMBER |
|
||||
| MJ-PARALEGAL | Crystal | ASUS (desktop, generic board) | i5-10400 6c/12t | 15.8 GB | Win 11 Pro 25H2 (build 26200) | 192.168.1.136 (wired) | 4537ac34-e548-484c-b4e9-fd91e7f97a23 | RED |
|
||||
|
||||
Both on Win 11 25H2 (supported until 2027-10-12), OS activated, agent v0.6.75, Defender active &
|
||||
current with Tamper Protection on, SMBv1 disabled, LAPS reg key present. Neither has a backup agent.
|
||||
MJ-PARALEGAL was recently recovered + upgraded to Win11 (Syncro #31768).
|
||||
|
||||
### RMM site / enrollment
|
||||
|
||||
- **Client:** Michael Johnson · **Site:** Main · **Site code:** `BRIGHT-RIVER-8998`
|
||||
- **Client ID:** `99022a2e-6b8f-472b-9269-6a746ef0970b` · **Site ID:** `94b5cb21-3d8e-484a-8ef3-8388b66417d2`
|
||||
- **Install page:** https://rmm.azcomputerguru.com/install/BRIGHT-RIVER-8998
|
||||
- **Enrollment key vault path:** `clients/michaeljohnson/gururmm-site-main.sops.yaml` (also stamped `syncro_customer_id: 152567`)
|
||||
|
||||
## Onboarding Findings (2026-06-29 baselines)
|
||||
|
||||
### MJ-PARALEGAL — RED (2 critical / 4 warning)
|
||||
|
||||
- **[CRITICAL] Firewall OFF on Private + Public profiles** (`Domain=True` only). Exposed to inbound /
|
||||
lateral attacks on the local network. Re-enable all profiles.
|
||||
- **[CRITICAL] E: drive 0% free** (0 GB of 255.6 GB). Risk of failed updates, crashes, corruption.
|
||||
Find what is filling it (likely data / scanned docs) and clean up or expand urgently.
|
||||
- [WARNING] BitLocker off on C: · 2 pending Windows updates · 1 unexpected shutdown in last 14 days ·
|
||||
6 auto-start services stopped (Asus/Lenovo/Google updaters + Intel TPM provisioning — mostly benign,
|
||||
but note Lenovo *and* Asus services on the same box suggests image/hardware churn).
|
||||
- DNS server set to **172.16.132.1** on a 192.168.1.x LAN — anomalous (looks like a stale/foreign
|
||||
resolver, possibly a leftover VPN/management DNS). Verify and correct to the local gateway/ISP DNS.
|
||||
- Local admins: `Administrator`, `localadmin`, `Paralegal`.
|
||||
|
||||
### DESKTOP-GG4LKSL — AMBER (0 critical / 5 warning)
|
||||
|
||||
- [WARNING] BitLocker off on C: · 4 pending Windows updates · D: 14.6% free (68.1 GB of 465.8 GB) ·
|
||||
1 unexpected shutdown in last 14 days · 3 auto-start services stopped (Google updaters + Intel TPM).
|
||||
- Note: C: is the large/healthy volume (690 GB free of 930 GB); **D: is the low one** — confirm which
|
||||
volume holds working data before cleanup.
|
||||
- Windows Time source is **time1.aliyun.com** (Alibaba NTP) — unusual; reset to a standard pool
|
||||
(`time.windows.com` / `pool.ntp.org`).
|
||||
- Local admins: `Administrator`, `Localadmin`, `owner`.
|
||||
|
||||
### Common to both
|
||||
- No BitLocker (workgroup, no escrow target — would need manual key storage / vault).
|
||||
- No backup agent on either machine — **no backup coverage confirmed.** For a law office this is the
|
||||
biggest gap; confirm whether anything (cloud sync, manual) protects the working files.
|
||||
- Defender-only AV, firewall (GG4LKSL all-on / PARALEGAL needs fixing), SMBv1 off — baseline security
|
||||
otherwise reasonable.
|
||||
- ACG remote tooling present and expected: ScreenConnect on both; Splashtop + Syncro agent additionally
|
||||
on MJ-PARALEGAL. No competitor/foreign RMM agents detected.
|
||||
|
||||
## Syncro
|
||||
|
||||
- **Customer:** Michael Johnson, id `152567` (since 2013-12-04). Break-fix, no prepaid block.
|
||||
- **Open ticket:** #32477 — *Onsite - Check machine connections and printers.* (New)
|
||||
- **Recent relevant:** #31768 *Recovered Paralegal Machine and Win11 Upgrade* (Invoiced) — origin of the
|
||||
current MJ-PARALEGAL build; #32329 *Calendar issues* (Resolved).
|
||||
- **Recurring ticket themes** across ~50 tickets: printer setup/offline errors, Outlook<->Google
|
||||
calendar sync between Michael & Crystal, "can't access shared files", mice failing after power
|
||||
outages, WordPerfect/Seabill hangs, new-machine builds.
|
||||
|
||||
## Patterns & Known Issues
|
||||
|
||||
- **Two-person peer-to-peer office.** Everything is workgroup + shared files between Michael's and
|
||||
Crystal's PCs. Shared-file and calendar-sync breakage is the single most common call — there is no
|
||||
server, so a machine being down/offline breaks the other's access.
|
||||
- **Mail is Google, not M365.** Do not reach for the ComputerGuru M365 remediation suite here — Outlook
|
||||
is configured against a Google account. Google storage/billing has caused outages historically.
|
||||
- **Power-outage sensitivity.** Multiple "mouse/peripheral dead after a power outage" and
|
||||
"machines went down" tickets — no UPS protection documented; a UPS on each machine would cut repeat
|
||||
emergency calls.
|
||||
- **Backups unverified.** No backup agent on either workstation. For a legal practice's working files
|
||||
this is the top risk to close.
|
||||
- **MJ-PARALEGAL E: full + firewall off** are the two immediate must-fix items from onboarding.
|
||||
|
||||
## Active Work / Open Items
|
||||
|
||||
| Priority | Action | Owner | Notes |
|
||||
|---|---|---|---|
|
||||
| P1 | Re-enable firewall (Private + Public) on MJ-PARALEGAL | Howard | CRITICAL onboarding finding |
|
||||
| P1 | Clear/expand E: on MJ-PARALEGAL (0% free) | Howard | CRITICAL; identify what's filling 255 GB |
|
||||
| P1 | Establish/confirm backup coverage for both PCs | Howard/Mike | No backup agent on either; law-office data |
|
||||
| P2 | Fix anomalous DNS (172.16.132.1) on MJ-PARALEGAL | Howard | Should be local gateway / ISP DNS |
|
||||
| P2 | Onsite #32477 — check machine connections + printers | Howard | Open Syncro ticket |
|
||||
| P2 | Install pending Windows updates (4 on GG4LKSL, 2 on PARALEGAL) | Howard | Next maintenance window |
|
||||
| P3 | Free space on GG4LKSL D: (14.6%) | Howard | Confirm which volume holds data first |
|
||||
| P3 | Reset GG4LKSL time source off Alibaba NTP | Howard | Use standard NTP pool |
|
||||
| P3 | Evaluate UPS for both machines | Mike | Repeat post-outage peripheral failures |
|
||||
| P3 | Consider BitLocker (with key escrow) | Howard | Both unencrypted; workgroup needs manual key storage |
|
||||
|
||||
## Backlinks
|
||||
|
||||
- [[projects/gururmm]] — DESKTOP-GG4LKSL + MJ-PARALEGAL enrolled (site: Main / BRIGHT-RIVER-8998)
|
||||
@@ -2,13 +2,14 @@
|
||||
type: client
|
||||
name: rednour
|
||||
display_name: Rednour Law Offices
|
||||
last_compiled: 2026-06-02
|
||||
compiled_by: DESKTOP-0O8A1RL/claude-main
|
||||
last_compiled: 2026-06-29
|
||||
compiled_by: HOWARD-HOME/claude-main
|
||||
sources:
|
||||
- clients/rednour/reports/2026-05-31-onboard-and-rename-emma-to-carla.md
|
||||
- clients/rednour/reports/2026-06-01-carla-password-set.md
|
||||
- clients/rednour/reports/2026-06-02-carrie-emma-display-name-stale-pin.md
|
||||
- clients/rednour/session-logs/2026-06-02-session.md
|
||||
- clients/rednour/session-logs/2026-06/2026-06-29-howard-legalasst-zip-hang-wp5-win11.md
|
||||
- session-logs/2026-05-31-mike-rednour-and-claudetools-infra.md
|
||||
- clients/rednour/onboarding-baselines/FRONTDESKRECEPT-20260529T195614.md
|
||||
- clients/rednour/onboarding-baselines/LEGALASST-20260529T200647.md
|
||||
@@ -183,6 +184,44 @@ Created a dedicated standard local account **`nick`** on REDNOURCARRIEVI (Passwo
|
||||
|
||||
Operational note: PowerShell `Set-Acl` ACL propagation down Carrie's large Documents tree exceeded the RMM command timeout (twice), and since stdout is dropped on timeout a randomly-generated password was lost each time — generate passwords locally so they survive a timeout (logged to errorlog).
|
||||
|
||||
### 2026-06-29 — LEGALASST (legal assistant / "Emma") explorer hang on .zip + WordPerfect 5 save error; Win11 upgrade planned
|
||||
|
||||
**Operator: Howard Enos** (reported via Carrie). The legal assistant's workstation
|
||||
**LEGALASST** (Carla Skinner's box; active local account `emma`, profile `C:\Users\Ale`,
|
||||
OneDrive `carla@rednourlaw.com`) repeatedly hung explorer when opening files. Diagnosed live
|
||||
over GuruRMM (agent `18825ea7-df58-47bb-b492-822cb16fb5ec`).
|
||||
|
||||
- **explorer HANGS, not crashes** — AppHang Event 1002 (no Event 1000 / faulting module);
|
||||
~10 in 3h on 2026-06-29, continuing after a 10:52 reboot.
|
||||
- **Root cause: the built-in Windows Compressed Folders handler** (explorer's zip-as-folder
|
||||
namespace). Symptom narrowed to **opening `.zip` only** (Word/PDF/folders fine), and the
|
||||
failing zip is **local (desktop)** — not OneDrive, not a network share. `zipfldr.dll` is
|
||||
intact + validly signed, so the hang is environmental, not a corrupt handler DLL.
|
||||
- **Ruled out:** Adobe shell extensions (blocked/tested via the Microsoft `Shell Extensions\
|
||||
Blocked` list, no change, reverted); AMD Vega driver (only non-MS DLLs in explorer, but
|
||||
zero TDR events); OneDrive (overlay not even loaded, sync healthy); remapped drives X/Y/Z →
|
||||
`\\rednourcarrievirt` (Status OK, SMB healthy); `.NET Runtime 1022` "profiling API attach"
|
||||
(201 events but no `COR_PROFILER` set — benign noise).
|
||||
- **SFC** (run by Howard) found and repaired corruption (0 unrepairable) — repair pending a
|
||||
reboot to load.
|
||||
- **Workaround:** Howard installed **7-Zip 26.02** (`C:\Program Files\7-Zip\7zFM.exe`); it
|
||||
opens the zips fine (bypasses explorer's zip namespace). Howard to set 7-Zip as default for
|
||||
`.zip` (and `.7z`/`.rar`, currently unassociated). `.zip` had no UserChoice; 7-Zip only
|
||||
registered a `7-Zip.iso` ProgId on install.
|
||||
- **Second issue (same machine): WordPerfect 5 "not enough free space" on save** regardless
|
||||
of save location, despite Howard verifying ample free space. Leading hypothesis: legacy/
|
||||
DOS-era WordPerfect free-space miscalculation on large-capacity volumes (free-space value
|
||||
overflows → false "disk full"). App-level; **the OS upgrade will not fix it**. Mitigate via
|
||||
DOSBox or a SUBST'd small-capacity save target. Exact WP version/edition (DOS 5.1 vs
|
||||
Windows) to be confirmed.
|
||||
- **Plan: upgrade LEGALASST to Windows 11** — expected to resolve the zip-handler hang by
|
||||
rebuilding the shell/system files (also applies the SFC repair). Verify by opening a local
|
||||
`.zip` with the *built-in* handler post-upgrade. If the hang persists, next lead is Defender
|
||||
archive-scan + cloud (MAPS) lookup stalling the shell.
|
||||
|
||||
All diagnostic changes were reverted (Adobe/7-Zip Blocked-list test entries removed; an
|
||||
orphaned RMM diagnostic process killed) — the box was left clean.
|
||||
|
||||
## Patterns & Known Issues
|
||||
|
||||
- **EWS required for personal contact work.** No app in the ComputerGuru suite holds `Contacts.Read` or `Contacts.ReadWrite` on Graph. Personal contact folder reads and modifications must go through EWS (`full_access_as_app` on the Exchange Operator SP with `ExchangeImpersonation`).
|
||||
@@ -194,6 +233,18 @@ Operational note: PowerShell `Set-Acl` ACL propagation down Carrie's large Docum
|
||||
- **macOS RMM agent won't run on Apple Silicon if unsigned.** The site-code installer serves an unsigned aarch64 binary; Apple Silicon SIGKILLs unsigned Mach-O. Until the server publishes a signed/notarized build (`build-macos-signed.sh`), Apple Silicon Mac enrollment fails (blocks Nick's Mac; same root issue likely affects Scileppi's Mac).
|
||||
- **LEGALASST and REDNOURCARRIEVI are on Win 10 22H2 (EOL).** No security updates since 2025-10-14. Plan OS upgrade to Win 11 or Win 10 newer build.
|
||||
- **REDNOURCARRIEVI: Defender was off at onboarding.** Confirm it has been re-enabled; it is a critical finding.
|
||||
- **LEGALASST: built-in Compressed Folders handler hangs explorer on `.zip` open.** Local zips;
|
||||
Word/PDF fine. `zipfldr.dll` intact (environmental, not a corrupt DLL). AppHang Event 1002,
|
||||
no faulting module. Workaround = 7-Zip as default for `.zip`. Win11 upgrade planned to
|
||||
resolve. If it persists post-upgrade, suspect Defender archive-scan + cloud (MAPS) lookup
|
||||
stalling the shell. To test-disable any shell extension reversibly, add its CLSID to
|
||||
`HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked` (delete to restore).
|
||||
- **LEGALASST: WordPerfect 5 "not enough free space" on save** despite verified free space and
|
||||
regardless of save location. Likely legacy free-space overflow on large-capacity volumes;
|
||||
**OS upgrade will not fix it**; mitigate via DOSBox / SUBST small-capacity drive. Confirm WP
|
||||
version/edition.
|
||||
- **`.NET Runtime 1022` "profiling API attach" errors are noise** unless a `COR_PROFILER` env
|
||||
var is actually set — do not chase them as a hang cause.
|
||||
|
||||
## Active Work / Open Items
|
||||
|
||||
@@ -202,6 +253,9 @@ Operational note: PowerShell `Set-Acl` ACL propagation down Carrie's large Docum
|
||||
| P1 | Re-enable Defender on REDNOURCARRIEVI | Howard/Mike | Was off at onboarding 2026-05-29; confirm current state |
|
||||
| P1 | Remove prior MSP agents (ScreenConnect, Splashtop, Syncro, Datto RMM) | Mike/Howard | Present on all 3 machines; Datto RMM on REDNOURCARRIEVI only |
|
||||
| P1 | Upgrade LEGALASST and REDNOURCARRIEVI to a supported OS | Mike | Both on Win 10 22H2 (EOL 2025-10-14) |
|
||||
| P1 | Upgrade LEGALASST to Windows 11 | Mike/Howard | 2026-06-29: expected to resolve the explorer-on-.zip hang (rebuilds shell/system files) + applies pending SFC repair. Pre-reqs: enable fTPM + Secure Boot (Ryzen 3 3200G is Win11-supported), bump RAM from 5.9 GB, remove leftover Syncro agent. Test a local `.zip` with the built-in handler post-upgrade |
|
||||
| P2 | LEGALASST: WordPerfect 5 "not enough free space" on save | Howard | 2026-06-29: error on save regardless of location; ample free space verified. Likely legacy free-space overflow on large volume; OS upgrade will NOT fix. Mitigate via DOSBox / SUBST small-capacity drive; confirm WP version/edition |
|
||||
| INTERIM | LEGALASST: set 7-Zip as default for `.zip`/`.7z`/`.rar` | Howard | 2026-06-29: 7-Zip 26.02 installed as workaround for the built-in zip-handler hang; set defaults via 7-Zip GUI (Tools -> Options -> System) |
|
||||
| DONE | Shared-drive access for Nick Pafford | Howard | 2026-06-25: created local `nick` account on REDNOURCARRIEVI; `Documents` share = Change + NTFS = Modify; cred vaulted `clients/rednour/nick-smb-rednourcarrievi.sops.yaml`; Nick's Apple Silicon Mac mounts `smb://192.168.10.194/Documents` |
|
||||
| P1 | Fix GuruRMM macOS agent install on Nick's Apple Silicon Mac | Howard/Mike | 2026-06-25 install failed. Likely cause: served aarch64 binary is **unsigned** -> Apple Silicon SIGKILLs it. Fix: serve the signed+notarized binary (`agent/build-macos-signed.sh`, Mike's Developer ID) or ad-hoc `codesign -s -` in the installer. Confirm with Mac log (`killed: 9`). Deferred (limited ScreenConnect session only) |
|
||||
| P2 | Return visit: phone + printer setup at Rednour | Howard | 2026-06-25: pending; may require running a new wire / installing a switch |
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# Wiki Index
|
||||
|
||||
Last updated: 2026-06-26
|
||||
Last updated: 2026-06-29
|
||||
Compiled by: HOWARD-HOME/claude-main
|
||||
|
||||
This wiki is LLM-maintained. Do not edit articles manually — run `/wiki-compile` to update.
|
||||
@@ -58,6 +58,7 @@ Run `/wiki-lint` to check for stale entries and broken backlinks.
|
||||
| [Universal Minerals International](clients/universal-minerals.md) | Minerals/commodities, Tucson AZ; Syncro 34844920; **break-fix, no prepaid/RMM**; CyndyOffice (HP Pavilion TP01, Win11 Home, QuickBooks Enterprise 22.0) intermittent hard-freeze (Kernel-Power 41, no dump = hardware/firmware) — BIOS F.38 + Fast Startup off + memtest passed 2026-06-10, PSU prime remaining suspect; QB messaging crash-loop repaired; ticket #32397 monitoring; temporary diagnostic RMM agent removed same-day | 2026-06-10 |
|
||||
| [Putt Land Surveying](clients/putt-land-surveying.md) | Land surveying firm; Syncro 7180175; managed services $223.92/mo; 7 devices; M365 direct (8 mailboxes, cloud-only, 2x Basic + 5x Premium); **DNS wipe 2026-06-09** — all records deleted (MX, SPF, autodiscover, A), email+website down; GoDaddy domain in client's own account (no ACG control); ticket #32404 Waiting on Customer; remediation tools onboarded 2026-06-10 | 2026-06-10 |
|
||||
| [Gonzvar Tax Services](clients/gonzvar-tax-services.md) | Tax services firm; Syncro 1830740 ("Gonzvar Tax Service", break-fix, ~$175/hr); 6 machines in GuruRMM (GTS.local AD, 2 servers + 4 workstations); open security findings from 2026-06-06 onboarding baseline; QuickBooks RemoteApp + Tailscale VPN pending | 2026-06-12 |
|
||||
| [Michael Johnson (Law Office)](clients/michaeljohnson.md) | Solo legal practice (inferred — WordPerfect/Seabill, paralegal), Tucson AZ; Syncro 152567 (since 2013), break-fix, no prepaid; mail on Google (not M365); 2-person peer-to-peer workgroup (Michael + Crystal); GuruRMM onboarded 2026-06-29 (site Main, BRIGHT-RIVER-8998) — DESKTOP-GG4LKSL (AMBER) + MJ-PARALEGAL (RED: firewall off + E: 0% free); no backup agent on either; open #32477 onsite printers | 2026-06-29 |
|
||||
| [Tohono O'odham Nation DoIT](clients/tohono-oodham-doit.md) | Tribal government IT dept; Syncro 33069069; Starlink reseller client — 2x Check Point 1550 field sites on Starlink Roam (CGNAT); break-fix $175/hr; VPN design (IPsec vs Tailscale) pending | 2026-05-27 |
|
||||
| [Tucson Golden Corral](clients/tucson-golden-corral.md) | Restaurant (Tucson AZ); Syncro 3859123; prepaid block 12.75 hrs; email on Neptune Exchange; WS2016 single-box DC/RDS/Hyper-V/SQL + Sage 100 ERP (TGC-SERVER colocated at ACG main office); architecture concerns outstanding | 2026-05-26 |
|
||||
| [Russo Law Firm](clients/russo-law.md) | Tucson law practice; Syncro 23331699; managed $543.50/mo (GPS+AV+backup+Seafile hosting+Office) + OIT phone $45.44/mo; 12 prepaid hrs; M365 rrs-law.com (~3 seats, admin guru@ vaulted); **active pre-sales 2026-06: wants to move ~6.5 TB from Seafile to SharePoint — full live move ~$1,120/mo (~$13.4K/yr), recommend hybrid (SP Online working set + Seafile bulk); phone meeting pending, client not yet responded** | 2026-06-15 |
|
||||
|
||||
Reference in New Issue
Block a user