wiki: compile birth-biologic (full) — mail migration live, Datto VM recovered, tenant fully onboarded

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-06-26 06:42:02 -07:00
parent 6d65bff791
commit 15f2d03d7b
2 changed files with 104 additions and 50 deletions

View File

@@ -2,11 +2,13 @@
type: client
name: birth-biologic
display_name: BirthBiologic
last_compiled: 2026-06-02
compiled_by: GURU-BEAST-ROG/discord-bot
last_compiled: 2026-06-26
compiled_by: GURU-5070/claude-main
sources:
- clients/birth-biologic/session-logs/2026-04-21-session.md
- clients/birth-biologic/session-logs/2026-06-02-session.md
- clients/birth-biologic/session-logs/2026-06/2026-06-26-mike-birthbio-mail-migration-and-datto-vm.md
- clients/birth-biologic/docs/migration/google-to-m365-scope.md
backlinks:
- projects/gururmm
aliases: [birthbiologic]
@@ -16,14 +18,18 @@ aliases: [birthbiologic]
## Profile
- **Company type:** Corporate (exact industry not documented — biological/healthcare services implied by name and SharePoint site structure: Donor Services, Quality Department, Birth Biologic Activity Reports)
- **Contract type:** [unverified — MSP-managed implied; no explicit contract type documented]
- **Company type:** Biological/healthcare services (cord blood / donor services implied by site structure: Donor Services, Quality Department, Birth Biologic Activity Reports); Stilwell, KS
- **Contract type:** Prepaid hour block
- **Key contacts:**
- Annise — primary client contact for SharePoint migration; no last name or email documented
- sysadmin@birthbiologic.com — M365 shared admin account; M365 Business Premium license assigned 2026-04-21
- **Billing rate:** [unverified]
- **Syncro ticket:** #109277420 (Datto Workplace to SharePoint Migration; assigned to Mike Swanson, user_id 1735; contact: Annise; due 2026-04-22)
- **Syncro customer ID:** [unverified — not documented in available session logs]
- Annise — primary client contact for migration work; no last name or email documented
- Kristin Steen — ksteen@birthbiologic.com (known Syncro contact; workstation KSTEENBB2025)
- sysadmin@birthbiologic.com — M365/Google shared admin account (ACG-managed); M365 Business Premium license assigned 2026-04-21; SharePoint admin role confirmed
- **Billing rate:** (verify — check Syncro invoices)
- **Hours remaining (prepaid):** 10.0 hrs as of 2026-06-26
- **Syncro customer ID:** 17983014
- **Managed assets (Syncro):** 13
- **Open tickets:** 0 as of 2026-06-26
- **Historical ticket:** #109277420 — Datto Workplace to SharePoint Migration; assigned Mike Swanson; contact Annise; closed/historical
## Infrastructure
@@ -31,46 +37,72 @@ aliases: [birthbiologic]
| Host | IP | Role | OS | Notes |
|---|---|---|---|---|
| BB-SERVER | [unverified] | On-premise Windows server | Windows Server 2016 | GuruRMM agent installed 2026-04-21; used as command channel for Datto→SharePoint migration script execution |
| BB-SERVER | (verify) | On-premise Windows server | Windows Server 2016 | GuruRMM agent `6c02baa7-0f1c-4990-b466-c9ab9eaefd3b` installed 2026-04-21; Datto Workplace Server installed; custom Datto→SP migration script artifacts at `C:\GuruMigration`; state file shows 160 Supply Mgmt + 49 ITSvcs uploaded April 2026 |
| ACG-DWP-X-BB | 172.16.3.45 | ACG-owned Datto/SPMT migration VM (Jupiter libvirt) | Windows Server 2019 build 17763 (libvirt domain label "Windows Server 2016") | Static IP /22, GW 172.16.0.1, DNS 172.16.0.1+1.1.1.1; virtio NIC 52:54:00:d4:8e:59 on br0 (vnet14); Datto Workplace Server (svc `datto_workplace_server.default`) + SPMT (under Administrator profile); source tree `C:\Users\Public\Desktop\Datto Workplace Server Projects`; GuruRMM agent `a4524e85-8a07-45d0-91b1-51ce7e2ca74a` enrolled 2026-06-26 |
### Email & Identity
- **M365 tenant:** birthbiologic.com (tenant ID: [unverified — "not yet looked up" as of 2026-04-21 session])
- **License:** M365 Business Premium (SKU `cbdc14ab-d96c-4132-b7f4-1f3a3a819bb4`) assigned to sysadmin@birthbiologic.com; includes EMS (standalone EMS removed after upgrade)
- **MFA status:** [unverified]
- **ACG remediation tool consent status (as of 2026-04-21):**
- Security Investigator: consented
- Tenant Admin (`709e6eed-0711-4875-9c44-2d3518c47063`): consented
- Exchange Operator: NOT consented
- User Manager: NOT consented
- Defender Add-on: NOT consented
- **sysadmin SharePoint role:** sysadmin@birthbiologic.com confirmed as SharePoint admin (required for SPMT destination access)
- **M365 tenant:** birthbiologic.com / tenant ID `19a568e8-9e88-413b-9341-cbc224b39145`
- **Target delivery domain (migration):** birthbiologic.onmicrosoft.com
- **Accepted domains:** birthbiologic.com (default), birthbiologic.onmicrosoft.com
- **MX (as of 2026-06-26):** Google Workspace (`aspmx.l.google.com` + alts) — live mail still on Google; M365 cutover NOT yet done
- **DNS host:** SiteGround (`ns1/ns2.us92.siteground.us`); Registrar: Name.com; `www` → GCP 35.215.115.203 (not in scope)
- **M365 licensing (all consumed as of 2026-06-26):**
- Business Premium (skuId `cbdc14ab-d96c-4c30-b9f4-6ada7cdc1d46`): 14/14
- Exchange Online Plan 1 — EXCHANGESTANDARD (skuId `4b9405b0-7788-4568-add1-99614e613b69`): 7/7
- Active-12 staff + sysadmin@ + operations@ on Business Premium; Dr. Chris Gillis (`medicaldirector@`) + Michael Merritt (`mmerritt@`) created 2026-06-26 with Exchange-only (passwords vaulted); 5 former employees (`sabron`, `aboutte`, `araso`, `khoffman`, `pnelson`) Exchange-only with sign-in disabled (future shared-mailbox targets, license reclaimable post-conversion)
- Mindi address mismatch: `mindim@` (Google) vs `mmaher@` (M365) — mapped via CSV `Username` column + `smtp:mindim@birthbiologic.com` proxy added to her mailbox via `Set-Mailbox`
- **MFA status:** (verify)
- **ACG remediation tool consent status (as of 2026-06-26 — FULLY ONBOARDED):**
- Security Investigator: consented (SP `bf684a4b-…`)
- Tenant Admin: consented (app client_id `709e6eed-0711-4875-9c44-2d3518c47063`; SP object `7a199b11-97fb-4e65-917d-f8d29a53ba49`; consent redirect URI must be `https://azcomputerguru.com`, NOT `https://rmm.azcomputerguru.com`)
- Exchange Operator: consented 2026-06-26 (SP `bab4699b-32a3-4434-9cad-7a4a08cc4d9e`; Exchange Administrator role)
- User Manager: consented 2026-06-26 (SP `3347ebcc-…`)
- Defender Add-on: consented 2026-06-26 (SP `161b8f61-…`)
- **Note:** sysadmin@birthbiologic.com did not have a SharePoint/M365 license prior to 2026-04-21. For SharePoint app-only access, use Tenant Admin app with `Sites.ReadWrite.All` (no user license required for app-only).
### Google Workspace (source tenant — migration in progress)
- **Super-admin:** sysadmin@birthbiologic.com; password vaulted at `clients/birth-biologic/google-workspace.sops.yaml` (`credentials.password`)
- **Domain-wide delegation:** acg-msp-access SA (`acg-msp-access@acg-msp-access.iam.gserviceaccount.com`); OAuth2 client ID `102231607889615995452`; GCP project `acg-msp-access` (number 806899474449)
- **Required DWD scopes (5, exact, comma-separated, no spaces):**
`https://mail.google.com/,https://www.googleapis.com/auth/calendar,https://www.google.com/m8/feeds/,https://www.googleapis.com/auth/gmail.settings.sharing,https://www.googleapis.com/auth/contacts`
- **GCP APIs enabled on acg-msp-access:** Gmail, Calendar (calendar-json), People
- **Google roster (DWD pull, 2026-06-26):** 20 accounts — 15 active, 5 suspended
### Gmail Migration Status (as of 2026-06-26)
- **Method:** Native MS "Migration from Google Workspace" via Exchange Operator REST InvokeCommand
- **Endpoint:** `BB-Gmail` (type: Gmail; impersonation admin: sysadmin@birthbiologic.com)
- **Batch 1 (BB-Batch1):** 14 live mailboxes, mail + calendar + contacts, TargetDeliveryDomain `birthbiologic.onmicrosoft.com`, AutoStart, NotificationEmails sysadmin@; **Status: Syncing** (created 2026-06-26)
- **Batch 2:** Not started — 5 former employees; pending un-suspend in Google + free Workspace seats
### File Storage
- **Pre-migration:** Datto Workplace (on-premise network file server, accessed from BB-SERVER)
- **Pre-migration source:** Datto Workplace (server on ACG-DWP-X-BB; original custom-script artifacts on BB-SERVER at `C:\GuruMigration`)
- **Post-migration target:** Microsoft SharePoint (M365)
- **Migration tool:** Custom PowerShell script (`clients/birth-biologic/scripts/migrate-datto-to-sharepoint.ps1`) + SPMT for bulk folders
- **Migration tools:** Custom PowerShell script (`clients/birth-biologic/scripts/migrate-datto-to-sharepoint.ps1`) + SPMT (on ACG-DWP-X-BB under Administrator profile)
### SharePoint Site Map
| Datto Folder | SharePoint Site | Notes |
|---|---|---|
| Admin | birthbiologic.sharepoint.com/sites/Admin | Migrated via SPMT |
| Birth Biologic Activity Reports | birthbiologic.sharepoint.com/sites/Admin | Same site as Admin; SPMT preserves source folder name as subfolder |
| Donor Services | birthbiologic.sharepoint.com/sites/DonorServices | Migrated via SPMT |
| Quality Department | birthbiologic.sharepoint.com/sites/QualityDepartment | Migrated via SPMT |
| Supply Management | birthbiologic.sharepoint.com/sites/SupplyManagement | 160/160 files migrated via custom PS script (2026-04-21) |
| ITSvcs | EXCLUDED | ACG-owned folder; not client data |
| Datto Folder | SharePoint Site | Size / Files | Status |
|---|---|---|---|
| Admin | birthbiologic.sharepoint.com/sites/Admin | 5.8 GB / 6,279 files | SPMT last ran 2026-04-29; completion UNCONFIRMED |
| Birth Biologic Activity Reports | birthbiologic.sharepoint.com/sites/Admin (subfolder) | 1 file | SPMT; SPMT preserves source folder name as subfolder; UNCONFIRMED |
| Donor Services | birthbiologic.sharepoint.com/sites/DonorServices | 109 GB / 56,826 files | SPMT last ran 2026-04-29; completion UNCONFIRMED |
| Quality Department | birthbiologic.sharepoint.com/sites/QualityDepartment | 28 GB / 3,714 files | SPMT last ran 2026-04-29; completion UNCONFIRMED |
| Supply Management | birthbiologic.sharepoint.com/sites/SupplyManagement | 33 MB / 160 files | 160/160 migrated via custom PS script 2026-04-21 — COMPLETE |
| ITSvcs | EXCLUDED | 52 files | ACG-owned folder; never client data |
Site IDs are hardcoded in `$SITE_MAP` hashtable in the migration script.
Site IDs hardcoded in `$SITE_MAP` hashtable in the migration script.
### Network
- **ISP / WAN:** [unverified]
- **Firewall:** [unverified]
- **VPN:** [unverified]
- **ACG Jupiter (Datto VM host):** LAN 172.16.0.0/22, GW pfSense 172.16.0.1; Jupiter at 172.16.3.20 (Unraid, virsh); guest-exec helper `/root/gx.sh`
- **ACG-DWP-X-BB:** 172.16.3.45/22 static (was APIPA after ~2 months parked; pfSense DHCP not leasing that MAC; fixed 2026-06-26)
- **ISP / WAN (BirthBio site):** (verify)
- **Firewall (BirthBio site):** (verify)
- **VPN:** (verify)
## GuruRMM
@@ -82,25 +114,35 @@ Site IDs are hardcoded in `$SITE_MAP` hashtable in the migration script.
- **Agent enrollment key:** `clients/birthbiologic/gururmm-site-main.sops.yaml` (vault)
- **Install landing page:** `https://rmm.azcomputerguru.com/install/BRIGHT-PEAK-5980`
- **MSI download:** `https://rmm.azcomputerguru.com/sites/3b20ef97-c764-4ef8-9154-79c3d5b486f8/installer`
- **RMM one-liner (Windows):** `irm https://rmm.azcomputerguru.com/install/BRIGHT-PEAK-5980/windows | iex`
### Enrolled Agents
| Agent | Host | OS | Agent ID | Notes |
|---|---|---|---|---|
| BB-SERVER | BB-SERVER | Windows Server 2016 | `6c02baa7-0f1c-4990-b466-c9ab9eaefd3b` | Installed 2026-04-21; used as command channel throughout Datto→SP migration; runs Datto Workplace **Server** |
| KSTEENBB2025 | KSTEENBB2025 | Windows 11 | `ee3c6aea-e9cc-4d2f-9e79-a38dd0eb129e` | Kristin Steen's workstation |
| EVO-X1 | EVO-X1 | Windows 11 | `9595f002-5cfe-4db6-b7aa-1df4a20e9f9b` | Vicki Fountain's workstation; used as SmartBadge fleet reference |
| BB-Office2 | BB-Office2 | Windows 11 | `48763401-4859-49f9-b64a-7a50d0148b23` | Shared/office workstation |
| Agent | Host | OS | Agent ID | IP | Notes |
|---|---|---|---|---|---|
| BB-SERVER | BB-SERVER | Windows Server 2016 | `6c02baa7-0f1c-4990-b466-c9ab9eaefd3b` | (verify) | Installed 2026-04-21; original Datto→SP command channel; Datto Workplace Server; custom migration script artifacts |
| KSTEENBB2025 | KSTEENBB2025 | Windows 11 | `ee3c6aea-e9cc-4d2f-9e79-a38dd0eb129e` | — | Kristin Steen's workstation |
| EVO-X1 | EVO-X1 | Windows 11 | `9595f002-5cfe-4db6-b7aa-1df4a20e9f9b` | — | Vicki Fountain's workstation; SmartBadge fleet reference machine |
| BB-Office2 | BB-Office2 | Windows 11 | `48763401-4859-49f9-b64a-7a50d0148b23` | — | Shared/office workstation |
| ACG-DWP-X-BB | ACG-DWP-X-BB | Windows Server 2019 | `a4524e85-8a07-45d0-91b1-51ce7e2ca74a` | 172.16.3.45 | ACG-owned; Jupiter libvirt VM; Datto Workplace Server + SPMT migration host; enrolled 2026-06-26 under BirthBiologic/Main Office |
## Access
- **GuruRMM:** Dashboard → BirthBiologic → Main Office
- **M365 admin:** sysadmin@birthbiologic.com
- **Google Workspace admin:** sysadmin@birthbiologic.com (same account; password vaulted)
- **Vault paths:**
- `clients/birthbiologic/gururmm-site-main.sops.yaml` — GuruRMM site enrollment key
- `msp-tools/computerguru-tenant-admin.sops.yaml``credentials.credential` — Tenant Admin app secret
- `msp-tools/computerguru-exchange-operator.sops.yaml``credentials.client_secret` — Exchange Operator app secret
- `msp-tools/acg-msp-access-google-workspace.sops.yaml``credentials.credential` — Google SA JSON key (full)
- `clients/birth-biologic/google-workspace.sops.yaml``credentials.password` — Google Workspace super-admin password
- `clients/birth-biologic/m365-medicaldirector.sops.yaml` — Dr. Chris Gillis M365 initial password (forceChangePasswordNextSignIn=true)
- `clients/birth-biologic/m365-mmerritt.sops.yaml` — Michael Merritt M365 initial password (forceChangePasswordNextSignIn=true)
- **Tenant Admin app:** client_id `709e6eed-0711-4875-9c44-2d3518c47063`; consent redirect URI must be `https://azcomputerguru.com` (NOT `https://rmm.azcomputerguru.com`)
- **Exchange Operator SP:** `bab4699b-32a3-4434-9cad-7a4a08cc4d9e`; Exchange Administrator role; drive via REST InvokeCommand (see Patterns)
- **Migration script:** `clients/birth-biologic/scripts/migrate-datto-to-sharepoint.ps1`
- **Migration runbook:** `projects/msp-tools/runbooks/google-workspace-to-m365-migration.md` (updated 2026-06-26 — exact 5-scope string, all-or-nothing gotcha, Contacts API retired/People API, GCP-owner requirement)
## Patterns & Known Issues
@@ -116,21 +158,33 @@ Site IDs are hardcoded in `$SITE_MAP` hashtable in the migration script.
- **GuruRMM command body requirements:** `command_type` field is required (use `"powershell"` for PS scripts). Missing field returns 422. JWT must include `sub`, `role`, `orgs`, `exp`, `iat` claims — any missing claim returns 401.
- **GuruRMM `.stdout` null handling in watch scripts:** `jq -r '.stdout'` emits the literal 4-char string `"null"` when the API returns JSON `null` for stdout. Always use `.stdout // empty` (or `.stdout // ""`) so that a null field becomes an empty string, not the word "null". Affects any script that greps command output for a sentinel line.
- **PS5.1 quirks on BB-SERVER:** No Unicode box-drawing characters (parse error in PS5.1); no `@{} + @{}` hashtable merge (use foreach loop); use `${encodedPath}` not `$encodedPath:` in URL strings (colon interpreted as drive reference).
- **Google→M365 migration requires exactly Microsoft's 5-scope DWD set:** Google rejects the migration token all-or-nothing if any scope is missing (`unauthorized_client: … not authorized for any of the scopes requested`). The original DWD grant had only 3 of 5; missing were `m8/feeds` and `gmail.settings.sharing`. The `m8/feeds` scope is a still-valid alias for contacts auth, served by the People API; the standalone Contacts API was retired 2022 (not enableable in GCP, not needed). See exact 5-scope string in the Google Workspace section above.
- **Enabling GCP APIs in acg-msp-access requires ACG project owner identity:** Running `gcloud services enable` as a client super-admin (`sysadmin@birthbiologic.com`) fails — that account has no rights to ACG's `acg-msp-access` GCP project. Must be authenticated as the ACG GCP project owner.
- **Exchange driven via REST InvokeCommand — EXO PS module not available:** Exchange Operator app token (`scope=https://outlook.office365.com/.default`), endpoint `POST https://outlook.office365.com/adminapi/beta/{tenant}/InvokeCommand`, body `{"CmdletInput":{"CmdletName":"…","Parameters":{…}}}`. EXO PowerShell module not installed; the app has no vaulted cert, so `Connect-ExchangeOnline` app-only auth is not available. Byte-array parameters (`ServiceAccountKeyFileData`, `CSVData`) must be passed as base64 strings.
- **`vault.sh get-field` requires dotted field path for nested secrets:** `credentials.client_secret` and `credentials.credential` work; bare leaf names (`client_secret`) return a literal 4-char `null`. Always specify the full dotted path.
- **Tenant's real Business Premium skuId is `cbdc14ab-d96c-4c30-b9f4-6ada7cdc1d46`:** The scope doc had a stale GUID (`cbdc14ab-d96c-4132-b7f4-1f3a3a819bb4`). License assign 400'd until corrected. Pull skuId live from Graph `/subscribedSkus` before any license assignment.
## Active Work
- **Datto → SharePoint migration:** Supply Management folder complete (160/160 files). SPMT launched for Admin, Birth Biologic Activity Reports, Donor Services, Quality Department as of end of 2026-04-21 session (20% on Donor Services at session end). [WARNING] Migration completion unconfirmed — no follow-up session log found. Outstanding tasks from session log:
- Verify SPMT migration complete for all 4 folders
- Verify file counts in each SharePoint site match Datto source
- Notify Annise to test access
- Schedule delta sync (`-DeltaOnly` flag) after client confirms
- Delete two duplicate Syncro comments on #109277420 (GUI only)
- Verify ITSvcs state file on BB-SERVER is not causing issues
- **Google → M365 mail migration (IN PROGRESS):** BB-Batch1 auto-started 2026-06-26, Status: Syncing, 14 live mailboxes (mail + calendar + contacts). Pending:
- Monitor BB-Batch1: Provisioning → Syncing → Synced
- When Synced: flip MX in SiteGround DNS → M365; update SPF (`include:spf.protection.outlook.com`); enable/publish DKIM (2 CNAMEs); autodiscover CNAME → `autodiscover.outlook.com`; review DMARC; run final delta; complete batch
- Batch 2 — 5 former employees → shared mailboxes: un-suspend each in Google (free Workspace seats by suspending migrated live users first), run Gmail migration batch (`aboutte`, `araso`, `khoffman`, `pnelson`, `sabron` — already EXO-licensed, sign-in disabled), convert to shared mailboxes (<=50 GB = free), reclaim 5 EXO licenses
- Confirm Valerie VanEaton's status (active or departed since mid-May; if departed → former/shared track)
- Confirm Michael Merritt's long-term licensing tier
- Confirm `operations@` fate post-cutover (retain BP or convert to shared)
- **Datto → SharePoint migration reconciliation (BLOCKED — awaiting ACG-DWP-X-BB Datto re-sync):**
- Supply Management complete (160/160 files, 2026-04-21)
- 4 large SPMT folders (Admin 5.8 GB, Donor Services 109 GB, Quality 28 GB, Activity Reports) last SPMT run 2026-04-29; completion UNCONFIRMED — reconciliation pending Datto re-sync on ACG-DWP-X-BB
- After re-sync: compare source vs each SharePoint site, determine what April SPMT run left incomplete, schedule completion run(s)
- Notify Annise to test SharePoint access once confirmed complete; run delta sync (`-DeltaOnly`) post-confirmation
- **pfSense:** add DHCP reservation for 172.16.3.45 (MAC `52:54:00:d4:8e:59`) or confirm it is outside the DHCP pool
## History Highlights
| Date | Event |
|---|---|
| 2026-06-26 | Mike (GURU-5070): Google→M365 mail migration initiated; BB-Batch1 live (14 mailboxes, Status: Syncing). Identified Datto/SPMT migration VM as Jupiter libvirt domain ACG-DWP-X-BB (actual WS2019 build 17763); had APIPA after ~2 months parked (pfSense not leasing MAC); fixed with static IP 172.16.3.45/22; GuruRMM agent enrolled (`a4524e85-…`); Datto Workplace Server reconnected + re-syncing. Confirmed April SPMT run (4 large folders) completion unconfirmed. Fully onboarded BirthBio M365 to ACG suite (Exchange Operator + User Manager + Defender Add-on consented via `onboard365.sh provision`). Provisioned Exchange-only mailboxes for Dr. Chris Gillis (`medicaldirector@`) and Michael Merritt (`mmerritt@`); license redistribution: Mei Mei + Valerie +BP, Savanna BP→EXO, 4 disabled formers +EXO. Created Gmail migration endpoint BB-Gmail; created + auto-started BB-Batch1 (14 mailboxes, TargetDeliveryDomain birthbiologic.onmicrosoft.com). Vaulted Google super-admin creds + new M365 user passwords. |
| 2026-06-02 | Mike (BEAST/discord-bot): SMARTBADGE-WATCH fired a false-positive DRIFT alert. Root cause: `jq -r '.stdout'` emitting literal `"null"` when RMM API returned JSON null stdout. Live re-verify via RMM confirmed KSTEENBB2025 clean (`RESULT: PASS`). Fixed `check-ksteen-smartbadge.sh` (commit `551aaf2`): `.stdout // empty` coercion, INFRA-ERROR vs DRIFT distinction, stderr/exit_code in diagnostics, poll window 80s→120s. |
| 2026-05-29 | Mike: Corrected the SmartBadge fix — Kristin's machine had been left on the *older* Workplace Desktop v8 (diverged from fleet). Revo-removed v8, installed Workplace v10.53.4 (Workplace2), aligned SmartBadge `_CC` add-in/CLSID to EVO-X1, cleared her stuck per-user `LoadBehavior=2`. Verified working. Public tech notes + 1hr warranty on Syncro #32339. Stood up a 7-day daily verification (scheduled task on GURU-5070 + coord todo `4a5b09b3`, expires 2026-06-05). |
| 2026-05-28 | Mike: Initial Kristin Steen SmartBadge remediation (Syncro #32339) — diagnosed dual Workplace2/Workplace Desktop install; **uninstalled the wrong one (Workplace2 v10)**, leaving v8 Desktop (corrected 2026-05-29). |
@@ -138,4 +192,4 @@ Site IDs are hardcoded in `$SITE_MAP` hashtable in the migration script.
## Backlinks
- [[projects/gururmm]] — BB-SERVER enrolled (site: Main Office)
- [[projects/gururmm]] — BB-SERVER + ACG-DWP-X-BB enrolled (site: Main Office)

View File

@@ -1,6 +1,6 @@
# Wiki Index
Last updated: 2026-06-25
Last updated: 2026-06-26
Compiled by: HOWARD-HOME/claude-main
This wiki is LLM-maintained. Do not edit articles manually — run `/wiki-compile` to update.
@@ -24,7 +24,7 @@ Run `/wiki-lint` to check for stale entries and broken backlinks.
| [Jimmy Company](clients/jimmy.md) | Break-fix, $150/hr; single aging workstation BLASTER2 (Win10 22H2 EOL, i5-3470/3.8GB — replace); backups the recurring theme (QuickBooks data); onboarded to GuruRMM 2026-06-19 (RDP NLA + Kaseya removal + cleanup); MSP360 local backup drive full, 90-day retention set, space reclaim pending in console (cloud B2 healthy) | 2026-06-19 |
| [Valley Wide Plastering](clients/valleywide.md) | Prepaid block, 15.5 hrs remaining; plastering/stucco contractor; HP DL360 Gen10 + XenServer; VWP-FILES (G:) on Hyper-V — SMB1 enabled for the legacy XP Orders VM (V-XP); VB6 app modernization project; RDWeb brute-force incident; 11 Yealink phones pending | 2026-06-23 |
| [ACG Internal Infrastructure](clients/internal-infrastructure.md) | ACG's own hosting infra — Neptune Exchange (cert expires 2026-05-31, DkimSigner disabled), IX server, Cloudflare tunnel workaround, ACG M365 tenant gaps | 2026-05-24 |
| [BirthBiologic](clients/birth-biologic.md) | Bio/healthcare; BB-SERVER (WS2016) GuruRMM enrolled; Datto→SharePoint migration incomplete; M365 apps partially consented | 2026-05-24 |
| [BirthBiologic](clients/birth-biologic.md) | Bio/healthcare (cord blood/donor services), Stilwell KS; Syncro 17983014, prepaid 10.0 hrs; **Google Workspace→M365 mail migration LIVE** (Batch 1 syncing — 14 mailboxes, mail+cal+contacts; MX still on Google, cutover pending); tenant FULLY onboarded (Exchange Operator/User Manager/Defender added 2026-06-26); 14 Business Premium + 7 Exchange-Online-P1 (all consumed); **Datto→SharePoint** migration VM ACG-DWP-X-BB (Jupiter, 172.16.3.45) recovered + RMM-enrolled + re-syncing — 4 SPMT folders (Admin/Donor Services 109GB/Quality/Activity) UNCONFIRMED pending sync | 2026-06-26 |
| [CryoWeave](clients/cryoweave.md) | Custom cryogenic cable assemblies; cPanel on IX; website redesign + SEO project in progress; Syncro ID not documented | 2026-05-24 |
| [Darrell Delphen](clients/darrell-delphen.md) | Break-fix residential (Yantis, TX); single Windows workstation DDDOffice072023 (GuruRMM); 2026-06-18 Outlook email links failing = ISP-managed Extreme EXOS gateway "NetIQ" SNI-filtering of Intermedia's url.emailprotection.link rewriter (WARP interim bypass, ISP disabled the feature for permanent fix); Syncro #35996725 | 2026-06-18 |
| [Glaz-Tech Industries](clients/glaztech.md) | ~200 users, 9 locations; prepaid ~22.25 hrs; web server WWW (192.168.8.72 / 65.113.52.88) — IIS 10/VB.NET e-commerce; CRITICAL security posture: website connects to GTI-INV-SQL as sysadmin (login `tom`, named SQL login, C0 top finding) + plaintext PANs+CVV (stored by GTIware PSA, not website) + plaintext passwords + SQLi via `quo()` + XSS; apex 404 fixed + payment TLS fixed 2026-06-03; intrusion/brute-force log review 2026-06-04 (no attacker found; H5 detection blind spot confirmed — HTTP 200 on both success/failure + no failed-login logging); #32378 Waiting on Customer (assessment + reports + Appendix A delivered); M365 no MFA; SCL bypass rules for vendor DMARC + MailProtector digests | 2026-06-04 |