wiki: compile michaeljohnson (full) - GuruRMM onboarding (AMBER/RED baselines) + Datto EDR/AV deploy (no Bitdefender present) + static-IP share fix + #32477 billed; break-fix $175 onsite per Syncro
This commit is contained in:
@@ -5,10 +5,12 @@ display_name: Michael Johnson (Law Office)
|
||||
last_compiled: 2026-06-29
|
||||
compiled_by: HOWARD-HOME/claude-main
|
||||
sources:
|
||||
- clients/michaeljohnson/session-logs/2026-06/2026-06-29-howard-rmm-onboard-edr-billing.md
|
||||
- clients/michaeljohnson/onboarding-baselines/DESKTOP-GG4LKSL-20260629T211835.md
|
||||
- clients/michaeljohnson/onboarding-baselines/MJ-PARALEGAL-20260629T211845.md
|
||||
- Syncro customer 152567 (ticket history + contact record)
|
||||
- Syncro customer 152567 (live: profile, tickets, invoices, assets)
|
||||
- GuruRMM onboarding 2026-06-29 (client + site "Main", BRIGHT-RIVER-8998)
|
||||
- Datto EDR org "Michael Johnson" (azcomp4587.infocyte.com)
|
||||
---
|
||||
|
||||
# Michael Johnson (Law Office)
|
||||
@@ -19,23 +21,28 @@ sources:
|
||||
workstation, WordPerfect + "Seabill" legal-billing software, and the recurring
|
||||
shared-file / Outlook-calendar-sync work between Michael's and Crystal's machines.
|
||||
Not formally stated in Syncro (no `business_name` on the record).
|
||||
- **Syncro Customer ID:** 152567 (customer record created 2013-12-04 — long-standing client)
|
||||
- **Billing model:** Break-fix / time-and-materials. **No prepaid block** (`prepay_hours = 0.0`,
|
||||
live 2026-06-29). History is overwhelmingly emergency / onsite / remote one-off tickets.
|
||||
- **Syncro Customer ID:** 152567 (record created 2013-12-04 — long-standing client)
|
||||
- **Contract type:** **Break-fix** / time-and-materials. No prepaid block
|
||||
(`prepay_hours = 0.0`, live 2026-06-29). Invoice history is per-ticket one-offs across
|
||||
2013–2026.
|
||||
- **Billing rate:** $175/hr onsite (most recent labor line, #32477 2026-06-29); historical
|
||||
invoices show mixed remote/onsite labor at standard ACG rates.
|
||||
- **Managed devices (Syncro assets):** 2.
|
||||
- **Address:** 177 N Church, Tucson, AZ 85701
|
||||
- **GuruRMM onboarded:** 2026-06-29 (Howard) — client + site "Main"; both workstations enrolled same day.
|
||||
- **Onboarding grade:** DESKTOP-GG4LKSL = **AMBER**; MJ-PARALEGAL = **RED**.
|
||||
- **Endpoint security:** Datto EDR + AV deployed 2026-06-29 (both endpoints, AV active).
|
||||
|
||||
## Contacts
|
||||
|
||||
| Name | Role | Email / Phone | Notes |
|
||||
|---|---|---|---|
|
||||
| Michael Johnson | Owner / attorney | michaeljohnson311@gmail.com / 520-622-0065 | Primary Syncro contact; uses DESKTOP-GG4LKSL |
|
||||
| Crystal (Krystal) | Paralegal / assistant | (no email on file) / 520-906-4672 | Uses MJ-PARALEGAL; most day-to-day tickets are hers |
|
||||
| Crystal (Krystal) | Paralegal / assistant | (no email on file) / 520-906-4672 | Uses MJ-PARALEGAL; most day-to-day tickets are hers. Syncro contact record holds this phone with no name. |
|
||||
|
||||
Email is on **Gmail / Google Workspace** (consumer/Workspace — not M365). Several past tickets
|
||||
involve Google account storage/payment and Outlook talking to the Google calendar; mail is **not**
|
||||
hosted or managed by ACG M365 tooling.
|
||||
Email is on **Gmail / Google Workspace** (not M365). Several past tickets involve Google account
|
||||
storage/payment and Outlook talking to the Google calendar; mail is **not** hosted or managed by ACG
|
||||
M365 tooling.
|
||||
|
||||
## Infrastructure
|
||||
|
||||
@@ -45,13 +52,14 @@ hosted or managed by ACG M365 tooling.
|
||||
`PartOfDomain=False` / `Domain=WORKGROUP`.
|
||||
- **LAN subnet:** 192.168.1.0/24.
|
||||
- Shared files are served peer-to-peer between the two workstations (consistent with the long
|
||||
history of "can't access shared files" tickets) — exact share host/path **not yet mapped**.
|
||||
history of "can't access shared files" tickets). As of 2026-06-29, Michael's machine is on a
|
||||
**static IP** and the paralegal machine is configured to reach the share via that static IP.
|
||||
|
||||
### Workstations (GuruRMM enrolled 2026-06-29, site "Main")
|
||||
|
||||
| Hostname | User | Model | CPU | RAM | OS | IP | Agent ID | Grade |
|
||||
| Hostname | User | Model | CPU | RAM | OS | IP | RMM Agent ID | Grade |
|
||||
|---|---|---|---|---|---|---|---|---|
|
||||
| DESKTOP-GG4LKSL | Michael | HP Pavilion Gaming TG01-2xxx | i7-11700F 8c/16t | 31.8 GB | Win 11 Pro 25H2 (build 26200) | 192.168.1.135 (Wi-Fi) | 09c08484-2b51-404b-a294-6e39f498867c | AMBER |
|
||||
| DESKTOP-GG4LKSL | Michael | HP Pavilion Gaming TG01-2xxx | i7-11700F 8c/16t | 31.8 GB | Win 11 Pro 25H2 (build 26200) | 192.168.1.135 (Wi-Fi; now static) | 09c08484-2b51-404b-a294-6e39f498867c | AMBER |
|
||||
| MJ-PARALEGAL | Crystal | ASUS (desktop, generic board) | i5-10400 6c/12t | 15.8 GB | Win 11 Pro 25H2 (build 26200) | 192.168.1.136 (wired) | 4537ac34-e548-484c-b4e9-fd91e7f97a23 | RED |
|
||||
|
||||
Both on Win 11 25H2 (supported until 2027-10-12), OS activated, agent v0.6.75, Defender active &
|
||||
@@ -65,65 +73,58 @@ MJ-PARALEGAL was recently recovered + upgraded to Win11 (Syncro #31768).
|
||||
- **Install page:** https://rmm.azcomputerguru.com/install/BRIGHT-RIVER-8998
|
||||
- **Enrollment key vault path:** `clients/michaeljohnson/gururmm-site-main.sops.yaml` (also stamped `syncro_customer_id: 152567`)
|
||||
|
||||
### Datto EDR / AV
|
||||
|
||||
- **Tenant:** azcomp4587.infocyte.com · **Org:** Michael Johnson `fef82618-de1d-4b5c-b92e-7fd078e2b983`
|
||||
- **Target group:** Main `3b844ef0-d792-4be9-bc0e-7d4848b99180`
|
||||
- **Agents:** desktop-gg4lksl `798dadc9-dd72-40fe-bd06-e6b5506ebf73`, mj-paralegal `963178af-23b1-4bee-90e8-f9a6dbac7aec` — both online, AV on, v3.17.1.5552.
|
||||
- **Reg key vault path:** `clients/michaeljohnson/datto-edr.sops.yaml`
|
||||
|
||||
## Onboarding Findings (2026-06-29 baselines)
|
||||
|
||||
### MJ-PARALEGAL — RED (2 critical / 4 warning)
|
||||
|
||||
- **[CRITICAL] Firewall OFF on Private + Public profiles** (`Domain=True` only). Exposed to inbound /
|
||||
lateral attacks on the local network. Re-enable all profiles.
|
||||
- **[CRITICAL] E: drive 0% free** (0 GB of 255.6 GB). Risk of failed updates, crashes, corruption.
|
||||
Find what is filling it (likely data / scanned docs) and clean up or expand urgently.
|
||||
- **[CRITICAL] Firewall OFF on Private + Public profiles** (`Domain=True` only). Re-enable all profiles.
|
||||
- **[CRITICAL] E: drive 0% free** (0 GB of 255.6 GB). Find what's filling it and clean up/expand urgently.
|
||||
- [WARNING] BitLocker off on C: · 2 pending Windows updates · 1 unexpected shutdown in last 14 days ·
|
||||
6 auto-start services stopped (Asus/Lenovo/Google updaters + Intel TPM provisioning — mostly benign,
|
||||
but note Lenovo *and* Asus services on the same box suggests image/hardware churn).
|
||||
- DNS server set to **172.16.132.1** on a 192.168.1.x LAN — anomalous (looks like a stale/foreign
|
||||
resolver, possibly a leftover VPN/management DNS). Verify and correct to the local gateway/ISP DNS.
|
||||
6 auto-start services stopped (Asus/Lenovo/Google updaters + Intel TPM provisioning — mostly benign;
|
||||
Lenovo *and* Asus services on one box suggests image/hardware churn).
|
||||
- DNS server set to **172.16.132.1** on a 192.168.1.x LAN — anomalous (stale/foreign resolver). Correct
|
||||
to the local gateway / ISP DNS.
|
||||
- Local admins: `Administrator`, `localadmin`, `Paralegal`.
|
||||
|
||||
### DESKTOP-GG4LKSL — AMBER (0 critical / 5 warning)
|
||||
|
||||
- [WARNING] BitLocker off on C: · 4 pending Windows updates · D: 14.6% free (68.1 GB of 465.8 GB) ·
|
||||
1 unexpected shutdown in last 14 days · 3 auto-start services stopped (Google updaters + Intel TPM).
|
||||
- Note: C: is the large/healthy volume (690 GB free of 930 GB); **D: is the low one** — confirm which
|
||||
volume holds working data before cleanup.
|
||||
- Windows Time source is **time1.aliyun.com** (Alibaba NTP) — unusual; reset to a standard pool
|
||||
(`time.windows.com` / `pool.ntp.org`).
|
||||
- C: is the large/healthy volume (690 GB free of 930 GB); **D: is the low one** — confirm which volume
|
||||
holds working data before cleanup.
|
||||
- Windows Time source is **time1.aliyun.com** (Alibaba NTP) — unusual; reset to a standard pool.
|
||||
- Local admins: `Administrator`, `Localadmin`, `owner`.
|
||||
|
||||
### Common to both
|
||||
- No BitLocker (workgroup, no escrow target — would need manual key storage / vault).
|
||||
- No backup agent on either machine — **no backup coverage confirmed.** For a law office this is the
|
||||
biggest gap; confirm whether anything (cloud sync, manual) protects the working files.
|
||||
- Defender-only AV, firewall (GG4LKSL all-on / PARALEGAL needs fixing), SMBv1 off — baseline security
|
||||
otherwise reasonable.
|
||||
- No BitLocker (workgroup — no AD escrow target; would need manual key storage / vault).
|
||||
- No backup agent on either machine — **no backup coverage confirmed.** Biggest gap for a law office.
|
||||
- Defender-only AV at baseline; now augmented by Datto EDR/AV. SMBv1 off.
|
||||
- ACG remote tooling present and expected: ScreenConnect on both; Splashtop + Syncro agent additionally
|
||||
on MJ-PARALEGAL. No competitor/foreign RMM agents detected.
|
||||
|
||||
## Syncro
|
||||
|
||||
- **Customer:** Michael Johnson, id `152567` (since 2013-12-04). Break-fix, no prepaid block.
|
||||
- **Open ticket:** #32477 — *Onsite - Check machine connections and printers.* (New)
|
||||
- **Recent relevant:** #31768 *Recovered Paralegal Machine and Win11 Upgrade* (Invoiced) — origin of the
|
||||
current MJ-PARALEGAL build; #32329 *Calendar issues* (Resolved).
|
||||
- **Recurring ticket themes** across ~50 tickets: printer setup/offline errors, Outlook<->Google
|
||||
calendar sync between Michael & Crystal, "can't access shared files", mice failing after power
|
||||
outages, WordPerfect/Seabill hangs, new-machine builds.
|
||||
on MJ-PARALEGAL. No competitor/foreign RMM agents detected — and **no Bitdefender** (verified 2026-06-29).
|
||||
|
||||
## Patterns & Known Issues
|
||||
|
||||
- **Two-person peer-to-peer office.** Everything is workgroup + shared files between Michael's and
|
||||
Crystal's PCs. Shared-file and calendar-sync breakage is the single most common call — there is no
|
||||
server, so a machine being down/offline breaks the other's access.
|
||||
server, so a machine being down/offline breaks the other's access. (Mitigated 2026-06-29 by moving
|
||||
Michael's PC to a static IP so the share target stops moving.)
|
||||
- **Mail is Google, not M365.** Do not reach for the ComputerGuru M365 remediation suite here — Outlook
|
||||
is configured against a Google account. Google storage/billing has caused outages historically.
|
||||
- **Power-outage sensitivity.** Multiple "mouse/peripheral dead after a power outage" and
|
||||
"machines went down" tickets — no UPS protection documented; a UPS on each machine would cut repeat
|
||||
emergency calls.
|
||||
- **Backups unverified.** No backup agent on either workstation. For a legal practice's working files
|
||||
this is the top risk to close.
|
||||
- **Power-outage sensitivity.** Multiple "mouse/peripheral dead after a power outage" and "machines went
|
||||
down" tickets — no UPS protection documented; a UPS on each machine would cut repeat emergency calls.
|
||||
- **Backups unverified.** No backup agent on either workstation. Top risk to close for a legal practice.
|
||||
- **MJ-PARALEGAL E: full + firewall off** are the two immediate must-fix items from onboarding.
|
||||
|
||||
## Active Work / Open Items
|
||||
## Active Work
|
||||
|
||||
*No open tickets in Syncro as of 2026-06-29 (#32477 billed + Invoiced this session). Open remediation items below come from the onboarding baselines.*
|
||||
|
||||
| Priority | Action | Owner | Notes |
|
||||
|---|---|---|---|
|
||||
@@ -131,13 +132,32 @@ MJ-PARALEGAL was recently recovered + upgraded to Win11 (Syncro #31768).
|
||||
| P1 | Clear/expand E: on MJ-PARALEGAL (0% free) | Howard | CRITICAL; identify what's filling 255 GB |
|
||||
| P1 | Establish/confirm backup coverage for both PCs | Howard/Mike | No backup agent on either; law-office data |
|
||||
| P2 | Fix anomalous DNS (172.16.132.1) on MJ-PARALEGAL | Howard | Should be local gateway / ISP DNS |
|
||||
| P2 | Onsite #32477 — check machine connections + printers | Howard | Open Syncro ticket |
|
||||
| P2 | Install pending Windows updates (4 on GG4LKSL, 2 on PARALEGAL) | Howard | Next maintenance window |
|
||||
| P3 | Free space on GG4LKSL D: (14.6%) | Howard | Confirm which volume holds data first |
|
||||
| P3 | Reset GG4LKSL time source off Alibaba NTP | Howard | Use standard NTP pool |
|
||||
| P3 | Evaluate UPS for both machines | Mike | Repeat post-outage peripheral failures |
|
||||
| P3 | Consider BitLocker (with key escrow) | Howard | Both unencrypted; workgroup needs manual key storage |
|
||||
|
||||
## History Highlights
|
||||
|
||||
- **2013-12-04** — Syncro customer record created; long-standing break-fix relationship.
|
||||
- **2013–2026** — Recurring break-fix work: printer setup/offline errors, Outlook<->Google calendar sync
|
||||
between Michael & Crystal, "can't access shared files", peripherals failing after power outages,
|
||||
WordPerfect/Seabill hangs, multiple new-machine builds.
|
||||
- **2026-06-29** — GuruRMM onboarding: client + site "Main" (`BRIGHT-RIVER-8998`) created; both
|
||||
workstations enrolled; onboarding diagnostics run (DESKTOP-GG4LKSL AMBER, MJ-PARALEGAL RED).
|
||||
- **2026-06-29** — Datto EDR/AV deployed to both endpoints. "Remove Bitdefender" request was a no-op —
|
||||
RMM-verified that neither machine had Bitdefender (Defender-only). New Datto org + "Main" group + reg
|
||||
key; both agents registered, online, AV on.
|
||||
- **2026-06-29** — #32477 (onsite): set Michael's PC to a static IP and reconfigured the paralegal
|
||||
machine to reach the share via the new IP. Billed 0.5h onsite ($87.50), invoice #1650843860, Invoiced.
|
||||
|
||||
## Access
|
||||
|
||||
- GuruRMM enrollment key: vault `clients/michaeljohnson/gururmm-site-main.sops.yaml`.
|
||||
- Datto EDR registration key + org/group IDs: vault `clients/michaeljohnson/datto-edr.sops.yaml`.
|
||||
- No workstation local-account credentials vaulted yet (verify if needed for future remote work).
|
||||
|
||||
## Backlinks
|
||||
|
||||
- [[projects/gururmm]] — DESKTOP-GG4LKSL + MJ-PARALEGAL enrolled (site: Main / BRIGHT-RIVER-8998)
|
||||
|
||||
@@ -58,7 +58,7 @@ Run `/wiki-lint` to check for stale entries and broken backlinks.
|
||||
| [Universal Minerals International](clients/universal-minerals.md) | Minerals/commodities, Tucson AZ; Syncro 34844920; **break-fix, no prepaid/RMM**; CyndyOffice (HP Pavilion TP01, Win11 Home, QuickBooks Enterprise 22.0) intermittent hard-freeze (Kernel-Power 41, no dump = hardware/firmware) — BIOS F.38 + Fast Startup off + memtest passed 2026-06-10, PSU prime remaining suspect; QB messaging crash-loop repaired; ticket #32397 monitoring; temporary diagnostic RMM agent removed same-day | 2026-06-10 |
|
||||
| [Putt Land Surveying](clients/putt-land-surveying.md) | Land surveying firm; Syncro 7180175; managed services $223.92/mo; 7 devices; M365 direct (8 mailboxes, cloud-only, 2x Basic + 5x Premium); **DNS wipe 2026-06-09** — all records deleted (MX, SPF, autodiscover, A), email+website down; GoDaddy domain in client's own account (no ACG control); ticket #32404 Waiting on Customer; remediation tools onboarded 2026-06-10 | 2026-06-10 |
|
||||
| [Gonzvar Tax Services](clients/gonzvar-tax-services.md) | Tax services firm; Syncro 1830740 ("Gonzvar Tax Service", break-fix, ~$175/hr); 6 machines in GuruRMM (GTS.local AD, 2 servers + 4 workstations); open security findings from 2026-06-06 onboarding baseline; QuickBooks RemoteApp + Tailscale VPN pending | 2026-06-12 |
|
||||
| [Michael Johnson (Law Office)](clients/michaeljohnson.md) | Solo legal practice (inferred — WordPerfect/Seabill, paralegal), Tucson AZ; Syncro 152567 (since 2013), break-fix, no prepaid; mail on Google (not M365); 2-person peer-to-peer workgroup (Michael + Crystal); GuruRMM onboarded 2026-06-29 (site Main, BRIGHT-RIVER-8998) — DESKTOP-GG4LKSL (AMBER) + MJ-PARALEGAL (RED: firewall off + E: 0% free); no backup agent on either; open #32477 onsite printers | 2026-06-29 |
|
||||
| [Michael Johnson (Law Office)](clients/michaeljohnson.md) | Solo legal practice (inferred — WordPerfect/Seabill, paralegal), Tucson AZ; Syncro 152567 (since 2013), break-fix, no prepaid ($175 onsite); mail on Google (not M365); 2-person peer-to-peer workgroup (Michael + Crystal, share now on static IP); GuruRMM onboarded 2026-06-29 (site Main, BRIGHT-RIVER-8998) + Datto EDR/AV on both — DESKTOP-GG4LKSL (AMBER) + MJ-PARALEGAL (RED: firewall off + E: 0% free); no backup agent on either; no open tickets | 2026-06-29 |
|
||||
| [Tohono O'odham Nation DoIT](clients/tohono-oodham-doit.md) | Tribal government IT dept; Syncro 33069069; Starlink reseller client — 2x Check Point 1550 field sites on Starlink Roam (CGNAT); break-fix $175/hr; VPN design (IPsec vs Tailscale) pending | 2026-05-27 |
|
||||
| [Tucson Golden Corral](clients/tucson-golden-corral.md) | Restaurant (Tucson AZ); Syncro 3859123; prepaid block 12.75 hrs; email on Neptune Exchange; WS2016 single-box DC/RDS/Hyper-V/SQL + Sage 100 ERP (TGC-SERVER colocated at ACG main office); architecture concerns outstanding | 2026-05-26 |
|
||||
| [Russo Law Firm](clients/russo-law.md) | Tucson law practice; Syncro 23331699; managed $543.50/mo (GPS+AV+backup+Seafile hosting+Office) + OIT phone $45.44/mo; 12 prepaid hrs; M365 rrs-law.com (~3 seats, admin guru@ vaulted); **active pre-sales 2026-06: wants to move ~6.5 TB from Seafile to SharePoint — full live move ~$1,120/mo (~$13.4K/yr), recommend hybrid (SP Online working set + Seafile bulk); phone meeting pending, client not yet responded** | 2026-06-15 |
|
||||
|
||||
Reference in New Issue
Block a user