wiki: compile michaeljohnson (full) - GuruRMM onboarding (AMBER/RED baselines) + Datto EDR/AV deploy (no Bitdefender present) + static-IP share fix + #32477 billed; break-fix $175 onsite per Syncro

This commit is contained in:
2026-06-29 22:50:08 -07:00
parent fa589a198b
commit 0eb32e8b1d
2 changed files with 68 additions and 48 deletions

View File

@@ -5,10 +5,12 @@ display_name: Michael Johnson (Law Office)
last_compiled: 2026-06-29
compiled_by: HOWARD-HOME/claude-main
sources:
- clients/michaeljohnson/session-logs/2026-06/2026-06-29-howard-rmm-onboard-edr-billing.md
- clients/michaeljohnson/onboarding-baselines/DESKTOP-GG4LKSL-20260629T211835.md
- clients/michaeljohnson/onboarding-baselines/MJ-PARALEGAL-20260629T211845.md
- Syncro customer 152567 (ticket history + contact record)
- Syncro customer 152567 (live: profile, tickets, invoices, assets)
- GuruRMM onboarding 2026-06-29 (client + site "Main", BRIGHT-RIVER-8998)
- Datto EDR org "Michael Johnson" (azcomp4587.infocyte.com)
---
# Michael Johnson (Law Office)
@@ -19,23 +21,28 @@ sources:
workstation, WordPerfect + "Seabill" legal-billing software, and the recurring
shared-file / Outlook-calendar-sync work between Michael's and Crystal's machines.
Not formally stated in Syncro (no `business_name` on the record).
- **Syncro Customer ID:** 152567 (customer record created 2013-12-04 — long-standing client)
- **Billing model:** Break-fix / time-and-materials. **No prepaid block** (`prepay_hours = 0.0`,
live 2026-06-29). History is overwhelmingly emergency / onsite / remote one-off tickets.
- **Syncro Customer ID:** 152567 (record created 2013-12-04 — long-standing client)
- **Contract type:** **Break-fix** / time-and-materials. No prepaid block
(`prepay_hours = 0.0`, live 2026-06-29). Invoice history is per-ticket one-offs across
20132026.
- **Billing rate:** $175/hr onsite (most recent labor line, #32477 2026-06-29); historical
invoices show mixed remote/onsite labor at standard ACG rates.
- **Managed devices (Syncro assets):** 2.
- **Address:** 177 N Church, Tucson, AZ 85701
- **GuruRMM onboarded:** 2026-06-29 (Howard) — client + site "Main"; both workstations enrolled same day.
- **Onboarding grade:** DESKTOP-GG4LKSL = **AMBER**; MJ-PARALEGAL = **RED**.
- **Endpoint security:** Datto EDR + AV deployed 2026-06-29 (both endpoints, AV active).
## Contacts
| Name | Role | Email / Phone | Notes |
|---|---|---|---|
| Michael Johnson | Owner / attorney | michaeljohnson311@gmail.com / 520-622-0065 | Primary Syncro contact; uses DESKTOP-GG4LKSL |
| Crystal (Krystal) | Paralegal / assistant | (no email on file) / 520-906-4672 | Uses MJ-PARALEGAL; most day-to-day tickets are hers |
| Crystal (Krystal) | Paralegal / assistant | (no email on file) / 520-906-4672 | Uses MJ-PARALEGAL; most day-to-day tickets are hers. Syncro contact record holds this phone with no name. |
Email is on **Gmail / Google Workspace** (consumer/Workspace — not M365). Several past tickets
involve Google account storage/payment and Outlook talking to the Google calendar; mail is **not**
hosted or managed by ACG M365 tooling.
Email is on **Gmail / Google Workspace** (not M365). Several past tickets involve Google account
storage/payment and Outlook talking to the Google calendar; mail is **not** hosted or managed by ACG
M365 tooling.
## Infrastructure
@@ -45,13 +52,14 @@ hosted or managed by ACG M365 tooling.
`PartOfDomain=False` / `Domain=WORKGROUP`.
- **LAN subnet:** 192.168.1.0/24.
- Shared files are served peer-to-peer between the two workstations (consistent with the long
history of "can't access shared files" tickets) — exact share host/path **not yet mapped**.
history of "can't access shared files" tickets). As of 2026-06-29, Michael's machine is on a
**static IP** and the paralegal machine is configured to reach the share via that static IP.
### Workstations (GuruRMM enrolled 2026-06-29, site "Main")
| Hostname | User | Model | CPU | RAM | OS | IP | Agent ID | Grade |
| Hostname | User | Model | CPU | RAM | OS | IP | RMM Agent ID | Grade |
|---|---|---|---|---|---|---|---|---|
| DESKTOP-GG4LKSL | Michael | HP Pavilion Gaming TG01-2xxx | i7-11700F 8c/16t | 31.8 GB | Win 11 Pro 25H2 (build 26200) | 192.168.1.135 (Wi-Fi) | 09c08484-2b51-404b-a294-6e39f498867c | AMBER |
| DESKTOP-GG4LKSL | Michael | HP Pavilion Gaming TG01-2xxx | i7-11700F 8c/16t | 31.8 GB | Win 11 Pro 25H2 (build 26200) | 192.168.1.135 (Wi-Fi; now static) | 09c08484-2b51-404b-a294-6e39f498867c | AMBER |
| MJ-PARALEGAL | Crystal | ASUS (desktop, generic board) | i5-10400 6c/12t | 15.8 GB | Win 11 Pro 25H2 (build 26200) | 192.168.1.136 (wired) | 4537ac34-e548-484c-b4e9-fd91e7f97a23 | RED |
Both on Win 11 25H2 (supported until 2027-10-12), OS activated, agent v0.6.75, Defender active &
@@ -65,65 +73,58 @@ MJ-PARALEGAL was recently recovered + upgraded to Win11 (Syncro #31768).
- **Install page:** https://rmm.azcomputerguru.com/install/BRIGHT-RIVER-8998
- **Enrollment key vault path:** `clients/michaeljohnson/gururmm-site-main.sops.yaml` (also stamped `syncro_customer_id: 152567`)
### Datto EDR / AV
- **Tenant:** azcomp4587.infocyte.com · **Org:** Michael Johnson `fef82618-de1d-4b5c-b92e-7fd078e2b983`
- **Target group:** Main `3b844ef0-d792-4be9-bc0e-7d4848b99180`
- **Agents:** desktop-gg4lksl `798dadc9-dd72-40fe-bd06-e6b5506ebf73`, mj-paralegal `963178af-23b1-4bee-90e8-f9a6dbac7aec` — both online, AV on, v3.17.1.5552.
- **Reg key vault path:** `clients/michaeljohnson/datto-edr.sops.yaml`
## Onboarding Findings (2026-06-29 baselines)
### MJ-PARALEGAL — RED (2 critical / 4 warning)
- **[CRITICAL] Firewall OFF on Private + Public profiles** (`Domain=True` only). Exposed to inbound /
lateral attacks on the local network. Re-enable all profiles.
- **[CRITICAL] E: drive 0% free** (0 GB of 255.6 GB). Risk of failed updates, crashes, corruption.
Find what is filling it (likely data / scanned docs) and clean up or expand urgently.
- **[CRITICAL] Firewall OFF on Private + Public profiles** (`Domain=True` only). Re-enable all profiles.
- **[CRITICAL] E: drive 0% free** (0 GB of 255.6 GB). Find what's filling it and clean up/expand urgently.
- [WARNING] BitLocker off on C: · 2 pending Windows updates · 1 unexpected shutdown in last 14 days ·
6 auto-start services stopped (Asus/Lenovo/Google updaters + Intel TPM provisioning — mostly benign,
but note Lenovo *and* Asus services on the same box suggests image/hardware churn).
- DNS server set to **172.16.132.1** on a 192.168.1.x LAN — anomalous (looks like a stale/foreign
resolver, possibly a leftover VPN/management DNS). Verify and correct to the local gateway/ISP DNS.
6 auto-start services stopped (Asus/Lenovo/Google updaters + Intel TPM provisioning — mostly benign;
Lenovo *and* Asus services on one box suggests image/hardware churn).
- DNS server set to **172.16.132.1** on a 192.168.1.x LAN — anomalous (stale/foreign resolver). Correct
to the local gateway / ISP DNS.
- Local admins: `Administrator`, `localadmin`, `Paralegal`.
### DESKTOP-GG4LKSL — AMBER (0 critical / 5 warning)
- [WARNING] BitLocker off on C: · 4 pending Windows updates · D: 14.6% free (68.1 GB of 465.8 GB) ·
1 unexpected shutdown in last 14 days · 3 auto-start services stopped (Google updaters + Intel TPM).
- Note: C: is the large/healthy volume (690 GB free of 930 GB); **D: is the low one** — confirm which
volume holds working data before cleanup.
- Windows Time source is **time1.aliyun.com** (Alibaba NTP) — unusual; reset to a standard pool
(`time.windows.com` / `pool.ntp.org`).
- C: is the large/healthy volume (690 GB free of 930 GB); **D: is the low one** — confirm which volume
holds working data before cleanup.
- Windows Time source is **time1.aliyun.com** (Alibaba NTP) — unusual; reset to a standard pool.
- Local admins: `Administrator`, `Localadmin`, `owner`.
### Common to both
- No BitLocker (workgroup, no escrow target would need manual key storage / vault).
- No backup agent on either machine — **no backup coverage confirmed.** For a law office this is the
biggest gap; confirm whether anything (cloud sync, manual) protects the working files.
- Defender-only AV, firewall (GG4LKSL all-on / PARALEGAL needs fixing), SMBv1 off — baseline security
otherwise reasonable.
- No BitLocker (workgroup no AD escrow target; would need manual key storage / vault).
- No backup agent on either machine — **no backup coverage confirmed.** Biggest gap for a law office.
- Defender-only AV at baseline; now augmented by Datto EDR/AV. SMBv1 off.
- ACG remote tooling present and expected: ScreenConnect on both; Splashtop + Syncro agent additionally
on MJ-PARALEGAL. No competitor/foreign RMM agents detected.
## Syncro
- **Customer:** Michael Johnson, id `152567` (since 2013-12-04). Break-fix, no prepaid block.
- **Open ticket:** #32477*Onsite - Check machine connections and printers.* (New)
- **Recent relevant:** #31768 *Recovered Paralegal Machine and Win11 Upgrade* (Invoiced) — origin of the
current MJ-PARALEGAL build; #32329 *Calendar issues* (Resolved).
- **Recurring ticket themes** across ~50 tickets: printer setup/offline errors, Outlook<->Google
calendar sync between Michael & Crystal, "can't access shared files", mice failing after power
outages, WordPerfect/Seabill hangs, new-machine builds.
on MJ-PARALEGAL. No competitor/foreign RMM agents detected — and **no Bitdefender** (verified 2026-06-29).
## Patterns & Known Issues
- **Two-person peer-to-peer office.** Everything is workgroup + shared files between Michael's and
Crystal's PCs. Shared-file and calendar-sync breakage is the single most common call — there is no
server, so a machine being down/offline breaks the other's access.
server, so a machine being down/offline breaks the other's access. (Mitigated 2026-06-29 by moving
Michael's PC to a static IP so the share target stops moving.)
- **Mail is Google, not M365.** Do not reach for the ComputerGuru M365 remediation suite here — Outlook
is configured against a Google account. Google storage/billing has caused outages historically.
- **Power-outage sensitivity.** Multiple "mouse/peripheral dead after a power outage" and
"machines went down" tickets — no UPS protection documented; a UPS on each machine would cut repeat
emergency calls.
- **Backups unverified.** No backup agent on either workstation. For a legal practice's working files
this is the top risk to close.
- **Power-outage sensitivity.** Multiple "mouse/peripheral dead after a power outage" and "machines went
down" tickets — no UPS protection documented; a UPS on each machine would cut repeat emergency calls.
- **Backups unverified.** No backup agent on either workstation. Top risk to close for a legal practice.
- **MJ-PARALEGAL E: full + firewall off** are the two immediate must-fix items from onboarding.
## Active Work / Open Items
## Active Work
*No open tickets in Syncro as of 2026-06-29 (#32477 billed + Invoiced this session). Open remediation items below come from the onboarding baselines.*
| Priority | Action | Owner | Notes |
|---|---|---|---|
@@ -131,13 +132,32 @@ MJ-PARALEGAL was recently recovered + upgraded to Win11 (Syncro #31768).
| P1 | Clear/expand E: on MJ-PARALEGAL (0% free) | Howard | CRITICAL; identify what's filling 255 GB |
| P1 | Establish/confirm backup coverage for both PCs | Howard/Mike | No backup agent on either; law-office data |
| P2 | Fix anomalous DNS (172.16.132.1) on MJ-PARALEGAL | Howard | Should be local gateway / ISP DNS |
| P2 | Onsite #32477 — check machine connections + printers | Howard | Open Syncro ticket |
| P2 | Install pending Windows updates (4 on GG4LKSL, 2 on PARALEGAL) | Howard | Next maintenance window |
| P3 | Free space on GG4LKSL D: (14.6%) | Howard | Confirm which volume holds data first |
| P3 | Reset GG4LKSL time source off Alibaba NTP | Howard | Use standard NTP pool |
| P3 | Evaluate UPS for both machines | Mike | Repeat post-outage peripheral failures |
| P3 | Consider BitLocker (with key escrow) | Howard | Both unencrypted; workgroup needs manual key storage |
## History Highlights
- **2013-12-04** — Syncro customer record created; long-standing break-fix relationship.
- **20132026** — Recurring break-fix work: printer setup/offline errors, Outlook<->Google calendar sync
between Michael & Crystal, "can't access shared files", peripherals failing after power outages,
WordPerfect/Seabill hangs, multiple new-machine builds.
- **2026-06-29** — GuruRMM onboarding: client + site "Main" (`BRIGHT-RIVER-8998`) created; both
workstations enrolled; onboarding diagnostics run (DESKTOP-GG4LKSL AMBER, MJ-PARALEGAL RED).
- **2026-06-29** — Datto EDR/AV deployed to both endpoints. "Remove Bitdefender" request was a no-op —
RMM-verified that neither machine had Bitdefender (Defender-only). New Datto org + "Main" group + reg
key; both agents registered, online, AV on.
- **2026-06-29** — #32477 (onsite): set Michael's PC to a static IP and reconfigured the paralegal
machine to reach the share via the new IP. Billed 0.5h onsite ($87.50), invoice #1650843860, Invoiced.
## Access
- GuruRMM enrollment key: vault `clients/michaeljohnson/gururmm-site-main.sops.yaml`.
- Datto EDR registration key + org/group IDs: vault `clients/michaeljohnson/datto-edr.sops.yaml`.
- No workstation local-account credentials vaulted yet (verify if needed for future remote work).
## Backlinks
- [[projects/gururmm]] — DESKTOP-GG4LKSL + MJ-PARALEGAL enrolled (site: Main / BRIGHT-RIVER-8998)

View File

@@ -58,7 +58,7 @@ Run `/wiki-lint` to check for stale entries and broken backlinks.
| [Universal Minerals International](clients/universal-minerals.md) | Minerals/commodities, Tucson AZ; Syncro 34844920; **break-fix, no prepaid/RMM**; CyndyOffice (HP Pavilion TP01, Win11 Home, QuickBooks Enterprise 22.0) intermittent hard-freeze (Kernel-Power 41, no dump = hardware/firmware) — BIOS F.38 + Fast Startup off + memtest passed 2026-06-10, PSU prime remaining suspect; QB messaging crash-loop repaired; ticket #32397 monitoring; temporary diagnostic RMM agent removed same-day | 2026-06-10 |
| [Putt Land Surveying](clients/putt-land-surveying.md) | Land surveying firm; Syncro 7180175; managed services $223.92/mo; 7 devices; M365 direct (8 mailboxes, cloud-only, 2x Basic + 5x Premium); **DNS wipe 2026-06-09** — all records deleted (MX, SPF, autodiscover, A), email+website down; GoDaddy domain in client's own account (no ACG control); ticket #32404 Waiting on Customer; remediation tools onboarded 2026-06-10 | 2026-06-10 |
| [Gonzvar Tax Services](clients/gonzvar-tax-services.md) | Tax services firm; Syncro 1830740 ("Gonzvar Tax Service", break-fix, ~$175/hr); 6 machines in GuruRMM (GTS.local AD, 2 servers + 4 workstations); open security findings from 2026-06-06 onboarding baseline; QuickBooks RemoteApp + Tailscale VPN pending | 2026-06-12 |
| [Michael Johnson (Law Office)](clients/michaeljohnson.md) | Solo legal practice (inferred — WordPerfect/Seabill, paralegal), Tucson AZ; Syncro 152567 (since 2013), break-fix, no prepaid; mail on Google (not M365); 2-person peer-to-peer workgroup (Michael + Crystal); GuruRMM onboarded 2026-06-29 (site Main, BRIGHT-RIVER-8998) — DESKTOP-GG4LKSL (AMBER) + MJ-PARALEGAL (RED: firewall off + E: 0% free); no backup agent on either; open #32477 onsite printers | 2026-06-29 |
| [Michael Johnson (Law Office)](clients/michaeljohnson.md) | Solo legal practice (inferred — WordPerfect/Seabill, paralegal), Tucson AZ; Syncro 152567 (since 2013), break-fix, no prepaid ($175 onsite); mail on Google (not M365); 2-person peer-to-peer workgroup (Michael + Crystal, share now on static IP); GuruRMM onboarded 2026-06-29 (site Main, BRIGHT-RIVER-8998) + Datto EDR/AV on both — DESKTOP-GG4LKSL (AMBER) + MJ-PARALEGAL (RED: firewall off + E: 0% free); no backup agent on either; no open tickets | 2026-06-29 |
| [Tohono O'odham Nation DoIT](clients/tohono-oodham-doit.md) | Tribal government IT dept; Syncro 33069069; Starlink reseller client — 2x Check Point 1550 field sites on Starlink Roam (CGNAT); break-fix $175/hr; VPN design (IPsec vs Tailscale) pending | 2026-05-27 |
| [Tucson Golden Corral](clients/tucson-golden-corral.md) | Restaurant (Tucson AZ); Syncro 3859123; prepaid block 12.75 hrs; email on Neptune Exchange; WS2016 single-box DC/RDS/Hyper-V/SQL + Sage 100 ERP (TGC-SERVER colocated at ACG main office); architecture concerns outstanding | 2026-05-26 |
| [Russo Law Firm](clients/russo-law.md) | Tucson law practice; Syncro 23331699; managed $543.50/mo (GPS+AV+backup+Seafile hosting+Office) + OIT phone $45.44/mo; 12 prepaid hrs; M365 rrs-law.com (~3 seats, admin guru@ vaulted); **active pre-sales 2026-06: wants to move ~6.5 TB from Seafile to SharePoint — full live move ~$1,120/mo (~$13.4K/yr), recommend hybrid (SP Online working set + Seafile bulk); phone meeting pending, client not yet responded** | 2026-06-15 |