diff --git a/clients/at-trebesch/README.md b/clients/at-trebesch/README.md new file mode 100644 index 0000000..e432b69 --- /dev/null +++ b/clients/at-trebesch/README.md @@ -0,0 +1,3 @@ +# Moved -> clients/attrebesch/ +Consolidated 2026-06-11. "AT Trebesch" canonical slug = `attrebesch` (matches wiki + vault). +All docs now in `clients/attrebesch/`. Wiki: `wiki/clients/attrebesch.md`. Vault: `clients/attrebesch/`. diff --git a/clients/at-trebesch/PROJECT_STATE.md b/clients/attrebesch/PROJECT_STATE.md similarity index 100% rename from clients/at-trebesch/PROJECT_STATE.md rename to clients/attrebesch/PROJECT_STATE.md diff --git a/clients/at-trebesch/cloud/azure.md b/clients/attrebesch/cloud/azure.md similarity index 96% rename from clients/at-trebesch/cloud/azure.md rename to clients/attrebesch/cloud/azure.md index 4c7e869..2b6ed92 100644 --- a/clients/at-trebesch/cloud/azure.md +++ b/clients/attrebesch/cloud/azure.md @@ -1,28 +1,28 @@ -# Azure / Cloud Services - -## Azure Subscription -- Subscription Name: -- Subscription ID: -- Resource Group(s): -- Region: -- Monthly Spend (approx): - -## Virtual Machines -| VM Name | Size | OS | IP | Purpose | -|---------------|------------|------------|------------|-----------------| -| | | | | | - -## Networking -- Virtual Network: -- Address Space: -- Subnets: -- VPN Gateway to On-Prem: Yes/No -- ExpressRoute: Yes/No - -## Other Cloud Services - -| Service | Purpose | Admin URL | Notes | -|-----------------|------------------|------------------|-----------------| -| | | | | - -## Notes +# Azure / Cloud Services + +## Azure Subscription +- Subscription Name: +- Subscription ID: +- Resource Group(s): +- Region: +- Monthly Spend (approx): + +## Virtual Machines +| VM Name | Size | OS | IP | Purpose | +|---------------|------------|------------|------------|-----------------| +| | | | | | + +## Networking +- Virtual Network: +- Address Space: +- Subnets: +- VPN Gateway to On-Prem: Yes/No +- ExpressRoute: Yes/No + +## Other Cloud Services + +| Service | Purpose | Admin URL | Notes | +|-----------------|------------------|------------------|-----------------| +| | | | | + +## Notes diff --git a/clients/at-trebesch/cloud/m365.md b/clients/attrebesch/cloud/m365.md similarity index 96% rename from clients/at-trebesch/cloud/m365.md rename to clients/attrebesch/cloud/m365.md index dc32af2..23f077c 100644 --- a/clients/at-trebesch/cloud/m365.md +++ b/clients/attrebesch/cloud/m365.md @@ -1,52 +1,52 @@ -# Microsoft 365 - -## Tenant Info -- Tenant Name: -- Tenant ID: -- Primary Domain: -- Admin Portal URL: https://admin.microsoft.com - -## Licensing -| License Type | Quantity | Assigned | Available | -|--------------------------|----------|----------|-----------| -| Microsoft 365 Business Basic | | | | -| Microsoft 365 Business Standard | | | | -| Microsoft 365 Business Premium | | | | -| Exchange Online Plan 1/2 | | | | -| Other | | | | - -## Exchange Online -- Mail Domain(s): -- MX Record Points To: -- SPF Record: -- DKIM Enabled: Yes/No -- DMARC Policy: -- Shared Mailboxes: -- Distribution Groups: -- Mail Flow Rules: Yes/No (describe below) - -## SharePoint / OneDrive -- SharePoint Sites: -- External Sharing: Enabled/Disabled -- OneDrive Storage Limit: - -## Teams -- Teams Phone System: Yes/No -- Calling Plan / Direct Routing: -- Auto Attendant: - -## Entra ID (Azure AD) -- Hybrid Joined: Yes/No -- Azure AD Connect Server: -- Sync Schedule: -- Password Hash Sync: Yes/No -- MFA Enforced: Yes/No -- Conditional Access Policies: - -## Security -- Defender for Office 365: Yes/No -- Safe Links: Yes/No -- Safe Attachments: Yes/No -- Audit Log Retention: - -## Notes +# Microsoft 365 + +## Tenant Info +- Tenant Name: +- Tenant ID: +- Primary Domain: +- Admin Portal URL: https://admin.microsoft.com + +## Licensing +| License Type | Quantity | Assigned | Available | +|--------------------------|----------|----------|-----------| +| Microsoft 365 Business Basic | | | | +| Microsoft 365 Business Standard | | | | +| Microsoft 365 Business Premium | | | | +| Exchange Online Plan 1/2 | | | | +| Other | | | | + +## Exchange Online +- Mail Domain(s): +- MX Record Points To: +- SPF Record: +- DKIM Enabled: Yes/No +- DMARC Policy: +- Shared Mailboxes: +- Distribution Groups: +- Mail Flow Rules: Yes/No (describe below) + +## SharePoint / OneDrive +- SharePoint Sites: +- External Sharing: Enabled/Disabled +- OneDrive Storage Limit: + +## Teams +- Teams Phone System: Yes/No +- Calling Plan / Direct Routing: +- Auto Attendant: + +## Entra ID (Azure AD) +- Hybrid Joined: Yes/No +- Azure AD Connect Server: +- Sync Schedule: +- Password Hash Sync: Yes/No +- MFA Enforced: Yes/No +- Conditional Access Policies: + +## Security +- Defender for Office 365: Yes/No +- Safe Links: Yes/No +- Safe Attachments: Yes/No +- Audit Log Retention: + +## Notes diff --git a/clients/at-trebesch/issues/log.md b/clients/attrebesch/issues/log.md similarity index 95% rename from clients/at-trebesch/issues/log.md rename to clients/attrebesch/issues/log.md index dd4b53e..8af8070 100644 --- a/clients/at-trebesch/issues/log.md +++ b/clients/attrebesch/issues/log.md @@ -1,19 +1,19 @@ -# Issue Log - -Record past issues and their resolutions here. This helps the AI learn from historical -troubleshooting and avoid repeating failed approaches. - -## Template - -### [DATE] - [Brief Description] -- **Reported By:** -- **Severity:** Low / Medium / High / Critical -- **Symptoms:** -- **Root Cause:** -- **Resolution:** -- **Time to Resolve:** -- **Lessons Learned:** - ---- - - +# Issue Log + +Record past issues and their resolutions here. This helps the AI learn from historical +troubleshooting and avoid repeating failed approaches. + +## Template + +### [DATE] - [Brief Description] +- **Reported By:** +- **Severity:** Low / Medium / High / Critical +- **Symptoms:** +- **Root Cause:** +- **Resolution:** +- **Time to Resolve:** +- **Lessons Learned:** + +--- + + diff --git a/clients/at-trebesch/network/dhcp.md b/clients/attrebesch/network/dhcp.md similarity index 95% rename from clients/at-trebesch/network/dhcp.md rename to clients/attrebesch/network/dhcp.md index dc7ad3f..54ea0db 100644 --- a/clients/at-trebesch/network/dhcp.md +++ b/clients/attrebesch/network/dhcp.md @@ -1,31 +1,31 @@ -# DHCP Configuration - -## DHCP Server -- Server Name: -- Server IP: -- Failover Partner: - -## Scopes - -### Scope - [VLAN Name] -- Subnet: -- Range Start: -- Range End: -- Subnet Mask: -- Default Gateway: -- DNS Servers: -- Lease Duration: -- Exclusions: - - - -## Reservations -| Device Name | MAC Address | IP Address | Scope | Notes | -|-----------------|-------------------|-----------------|---------------|---------------| -| | | | | | - -## DHCP Relay -- Relay agents configured on: -- Helper address: - -## Notes +# DHCP Configuration + +## DHCP Server +- Server Name: +- Server IP: +- Failover Partner: + +## Scopes + +### Scope - [VLAN Name] +- Subnet: +- Range Start: +- Range End: +- Subnet Mask: +- Default Gateway: +- DNS Servers: +- Lease Duration: +- Exclusions: + + + +## Reservations +| Device Name | MAC Address | IP Address | Scope | Notes | +|-----------------|-------------------|-----------------|---------------|---------------| +| | | | | | + +## DHCP Relay +- Relay agents configured on: +- Helper address: + +## Notes diff --git a/clients/at-trebesch/network/dns.md b/clients/attrebesch/network/dns.md similarity index 97% rename from clients/at-trebesch/network/dns.md rename to clients/attrebesch/network/dns.md index 7bf8186..7439618 100644 --- a/clients/at-trebesch/network/dns.md +++ b/clients/attrebesch/network/dns.md @@ -1,33 +1,33 @@ -# DNS Configuration - -## Internal DNS Servers -| Server Name | IP Address | Role | -|-------------|-----------|-------------------| -| | | Primary | -| | | Secondary | - -## DNS Forwarders -- Forwarder 1: -- Forwarder 2: - -## Conditional Forwarders -| Domain | Forward To | Purpose | -|----------------------|-----------------|-------------------| -| | | | - -## Key DNS Records -| Record Type | Name | Value | Notes | -|-------------|------------------|------------------|------------------| -| A | | | | -| CNAME | | | | -| MX | | | | -| TXT | | | | - -## External DNS -- Registrar: -- Hosted At: -- Primary Domain: -- Management URL: - -## Notes - +# DNS Configuration + +## Internal DNS Servers +| Server Name | IP Address | Role | +|-------------|-----------|-------------------| +| | | Primary | +| | | Secondary | + +## DNS Forwarders +- Forwarder 1: +- Forwarder 2: + +## Conditional Forwarders +| Domain | Forward To | Purpose | +|----------------------|-----------------|-------------------| +| | | | + +## Key DNS Records +| Record Type | Name | Value | Notes | +|-------------|------------------|------------------|------------------| +| A | | | | +| CNAME | | | | +| MX | | | | +| TXT | | | | + +## External DNS +- Registrar: +- Hosted At: +- Primary Domain: +- Management URL: + +## Notes + diff --git a/clients/at-trebesch/network/firewall.md b/clients/attrebesch/network/firewall.md similarity index 97% rename from clients/at-trebesch/network/firewall.md rename to clients/attrebesch/network/firewall.md index 21d8c8e..90b82fe 100644 --- a/clients/at-trebesch/network/firewall.md +++ b/clients/attrebesch/network/firewall.md @@ -1,47 +1,47 @@ -# Firewall Configuration - -## Device Info -- Vendor/Model: -- Firmware Version: -- Management IP: -- Management URL: -- HA Pair: Yes/No -- License Expiry: - -## Interfaces -| Interface | Zone | IP Address | VLAN | Description | -|-----------|-----------|-----------------|------|-------------------| -| WAN1 | WAN | | | Primary Internet | -| WAN2 | WAN | | | Backup Internet | -| LAN | LAN | | | | -| DMZ | DMZ | | | | - -## NAT Rules -| Name | Source | Destination | Port(s) | NAT To | -|-------------------|---------------|----------------|-------------|-----------------| -| | | | | | - -## Key Firewall Policies -| Name | Source Zone | Dest Zone | Service | Action | Notes | -|-------------------|--------------|---------------|-------------|--------|--------| -| | | | | | | - -## VPN -### Site-to-Site VPNs -| Peer Name | Peer IP | Local Subnet | Remote Subnet | Status | -|-------------------|--------------|----------------|---------------|--------| -| | | | | | - -### SSL/Client VPN -- Enabled: Yes/No -- Portal URL: -- Auth Method: -- IP Pool: -- Split Tunnel: Yes/No - -## Content Filtering -- Web Filter Profile: -- App Control Profile: -- DNS Filter: - -## Notes +# Firewall Configuration + +## Device Info +- Vendor/Model: +- Firmware Version: +- Management IP: +- Management URL: +- HA Pair: Yes/No +- License Expiry: + +## Interfaces +| Interface | Zone | IP Address | VLAN | Description | +|-----------|-----------|-----------------|------|-------------------| +| WAN1 | WAN | | | Primary Internet | +| WAN2 | WAN | | | Backup Internet | +| LAN | LAN | | | | +| DMZ | DMZ | | | | + +## NAT Rules +| Name | Source | Destination | Port(s) | NAT To | +|-------------------|---------------|----------------|-------------|-----------------| +| | | | | | + +## Key Firewall Policies +| Name | Source Zone | Dest Zone | Service | Action | Notes | +|-------------------|--------------|---------------|-------------|--------|--------| +| | | | | | | + +## VPN +### Site-to-Site VPNs +| Peer Name | Peer IP | Local Subnet | Remote Subnet | Status | +|-------------------|--------------|----------------|---------------|--------| +| | | | | | + +### SSL/Client VPN +- Enabled: Yes/No +- Portal URL: +- Auth Method: +- IP Pool: +- Split Tunnel: Yes/No + +## Content Filtering +- Web Filter Profile: +- App Control Profile: +- DNS Filter: + +## Notes diff --git a/clients/at-trebesch/network/topology.md b/clients/attrebesch/network/topology.md similarity index 93% rename from clients/at-trebesch/network/topology.md rename to clients/attrebesch/network/topology.md index 740cf09..5e8b5c7 100644 --- a/clients/at-trebesch/network/topology.md +++ b/clients/attrebesch/network/topology.md @@ -1,43 +1,43 @@ -# Network Topology - -## Internet Connection -- ISP: -- Circuit Type: -- Speed (Down/Up): -- Public IP: -- Gateway: -- Modem Model: - -## Core Switch -- Model: -- IP Address: -- Management URL: -- Firmware Version: -- Location: - -## Additional Switches - -### Switch - [Name/Location] -- Model: -- IP Address: -- Port Count: -- PoE: Yes/No -- Uplink To: - -## Wireless -- Controller Model: -- Controller IP: -- Number of APs: -- AP Model(s): - -### Access Points - -- AP Name: -- Location: -- IP Address: -- Connected Switch/Port: - -## WAN / SD-WAN -- SD-WAN Vendor: -- Number of Sites: -- Hub Site: +# Network Topology + +## Internet Connection +- ISP: +- Circuit Type: +- Speed (Down/Up): +- Public IP: +- Gateway: +- Modem Model: + +## Core Switch +- Model: +- IP Address: +- Management URL: +- Firmware Version: +- Location: + +## Additional Switches + +### Switch - [Name/Location] +- Model: +- IP Address: +- Port Count: +- PoE: Yes/No +- Uplink To: + +## Wireless +- Controller Model: +- Controller IP: +- Number of APs: +- AP Model(s): + +### Access Points + +- AP Name: +- Location: +- IP Address: +- Connected Switch/Port: + +## WAN / SD-WAN +- SD-WAN Vendor: +- Number of Sites: +- Hub Site: diff --git a/clients/at-trebesch/network/vlans.md b/clients/attrebesch/network/vlans.md similarity index 98% rename from clients/at-trebesch/network/vlans.md rename to clients/attrebesch/network/vlans.md index 475f778..5b5a338 100644 --- a/clients/at-trebesch/network/vlans.md +++ b/clients/attrebesch/network/vlans.md @@ -1,21 +1,21 @@ -# VLANs - -## VLAN Table - -| VLAN ID | Name | Subnet | Gateway | DHCP Scope | Purpose | -|---------|---------------|-----------------|-----------------|------------------|------------------------| -| 1 | Default | | | | | -| 10 | Management | | | | Network devices | -| 20 | Servers | | | | Server infrastructure | -| 30 | Workstations | | | | End user devices | -| 40 | VoIP | | | | Phone system | -| 50 | WiFi-Corp | | | | Corporate wireless | -| 60 | WiFi-Guest | | | | Guest wireless | -| 100 | Security | | | | Cameras / access ctrl | - -## Inter-VLAN Routing -- Performed by: -- Routing device IP: - -## VLAN Notes - +# VLANs + +## VLAN Table + +| VLAN ID | Name | Subnet | Gateway | DHCP Scope | Purpose | +|---------|---------------|-----------------|-----------------|------------------|------------------------| +| 1 | Default | | | | | +| 10 | Management | | | | Network devices | +| 20 | Servers | | | | Server infrastructure | +| 30 | Workstations | | | | End user devices | +| 40 | VoIP | | | | Phone system | +| 50 | WiFi-Corp | | | | Corporate wireless | +| 60 | WiFi-Guest | | | | Guest wireless | +| 100 | Security | | | | Cameras / access ctrl | + +## Inter-VLAN Routing +- Performed by: +- Routing device IP: + +## VLAN Notes + diff --git a/clients/at-trebesch/overview.md b/clients/attrebesch/overview.md similarity index 97% rename from clients/at-trebesch/overview.md rename to clients/attrebesch/overview.md index 101f90e..fb3018a 100644 --- a/clients/at-trebesch/overview.md +++ b/clients/attrebesch/overview.md @@ -1,47 +1,47 @@ -# Client Overview - -## Company Name -AT Trebesch - -## Primary Contact -- Name: -- Phone: -- Email: - -## IT Contact -- Name: Howard Enos (MSP) -- Phone: -- Email: howard@azcomputerguru.com - -## Contract Details -- Service Level: -- Hours Covered: -- Contract Renewal Date: - -## Environment Summary -- Total Users: 1+ (`Owner` confirmed; verify others on next visit) -- Total Locations: 1 -- Domain Name: WORKGROUP (no AD) -- Primary Site Address: Tucson area (timezone US Mountain Standard Time, no DST) -- RMM Agent Count: 1 confirmed (Syncro + ScreenConnect + Splashtop all installed) -- Workstation Count: 1 confirmed (DESKTOP-QNP3ON5) — full inventory pending -- Server Count: 0 confirmed - -## Stack Summary (from 2026-04-17 audit of DESKTOP-QNP3ON5) - -| Category | Tooling | Notes | -|---|---|---| -| EDR / AV | Bitdefender Endpoint Security Tools 8.26.4.628 | Primary, all 4 services running | -| Secondary AV | Malwarebytes 5.5.4.252 | **CONFLICT** — running real-time alongside Bitdefender. Recommend uninstall or set to scheduled-only. | -| Backup | Carbonite 6.6.0 build 670 (Dec 2025) | Cloud backup, online | -| Remote Access | ScreenConnect 26.1.24 + Splashtop 3.8.0.4 | Both running. Splashtop likely from Syncro bundle. | -| RMM | Syncro 1.0.200.18380 | Agent installed | -| Office | Microsoft 365 Apps for business / Office 2024 Pro Plus | C2R 16.0.19822.20182 | -| OS | Windows 11 **Home** 25H2 | **Should be Pro** for any business workstation (BitLocker, GPO, etc.) | - -## Notes - -- All workstations currently on Windows 11 Home — flag for Pro upgrade as part of any new-machine refresh cycle. -- Workgroup environment, no AD. Local accounts only. -- "guru" local Administrator account exists on DESKTOP-QNP3ON5 (last logon 2025-10-18) — MSP backdoor, confirm current password is in vault. -- "localadmin" also exists alongside guru — pick one MSP-standard account, retire the other. +# Client Overview + +## Company Name +AT Trebesch + +## Primary Contact +- Name: +- Phone: +- Email: + +## IT Contact +- Name: Howard Enos (MSP) +- Phone: +- Email: howard@azcomputerguru.com + +## Contract Details +- Service Level: +- Hours Covered: +- Contract Renewal Date: + +## Environment Summary +- Total Users: 1+ (`Owner` confirmed; verify others on next visit) +- Total Locations: 1 +- Domain Name: WORKGROUP (no AD) +- Primary Site Address: Tucson area (timezone US Mountain Standard Time, no DST) +- RMM Agent Count: 1 confirmed (Syncro + ScreenConnect + Splashtop all installed) +- Workstation Count: 1 confirmed (DESKTOP-QNP3ON5) — full inventory pending +- Server Count: 0 confirmed + +## Stack Summary (from 2026-04-17 audit of DESKTOP-QNP3ON5) + +| Category | Tooling | Notes | +|---|---|---| +| EDR / AV | Bitdefender Endpoint Security Tools 8.26.4.628 | Primary, all 4 services running | +| Secondary AV | Malwarebytes 5.5.4.252 | **CONFLICT** — running real-time alongside Bitdefender. Recommend uninstall or set to scheduled-only. | +| Backup | Carbonite 6.6.0 build 670 (Dec 2025) | Cloud backup, online | +| Remote Access | ScreenConnect 26.1.24 + Splashtop 3.8.0.4 | Both running. Splashtop likely from Syncro bundle. | +| RMM | Syncro 1.0.200.18380 | Agent installed | +| Office | Microsoft 365 Apps for business / Office 2024 Pro Plus | C2R 16.0.19822.20182 | +| OS | Windows 11 **Home** 25H2 | **Should be Pro** for any business workstation (BitLocker, GPO, etc.) | + +## Notes + +- All workstations currently on Windows 11 Home — flag for Pro upgrade as part of any new-machine refresh cycle. +- Workgroup environment, no AD. Local accounts only. +- "guru" local Administrator account exists on DESKTOP-QNP3ON5 (last logon 2025-10-18) — MSP backdoor, confirm current password is in vault. +- "localadmin" also exists alongside guru — pick one MSP-standard account, retire the other. diff --git a/clients/at-trebesch/reports/2026-04-17-initial-audit-DESKTOP-QNP3ON5.md b/clients/attrebesch/reports/2026-04-17-initial-audit-DESKTOP-QNP3ON5.md similarity index 98% rename from clients/at-trebesch/reports/2026-04-17-initial-audit-DESKTOP-QNP3ON5.md rename to clients/attrebesch/reports/2026-04-17-initial-audit-DESKTOP-QNP3ON5.md index bfe2977..cd503eb 100644 --- a/clients/at-trebesch/reports/2026-04-17-initial-audit-DESKTOP-QNP3ON5.md +++ b/clients/attrebesch/reports/2026-04-17-initial-audit-DESKTOP-QNP3ON5.md @@ -1,81 +1,81 @@ -# DESKTOP-QNP3ON5 — initial audit findings (AT Trebesch) - -**Date:** 2026-04-17 -**Technician:** Howard Enos -**Machine:** DESKTOP-QNP3ON5 (Lenovo desktop, Owner) -**Audit script:** workstation_audit.ps1 v2.0.2 (schema 2.0) -**JSON artifact:** `clients/at-trebesch/diagnostics/DESKTOP-QNP3ON5_workstation_audit_2026-04-17.json` (when uploaded) - -## Critical — fix this week - -1. **`Owner` local account requires no password** — anyone with physical access gets a full admin shell. Fix: - ```powershell - Set-LocalUser -Name Owner -PasswordRequired $true - $p = Read-Host -AsSecureString "New password for Owner" - Set-LocalUser -Name Owner -Password $p - ``` - Hand the new password to the user directly. Store nothing in the script. - -2. **Two real-time AV engines installed and active** — Bitdefender Endpoint Security Tools 8.26.4.628 (primary) **and** Malwarebytes 5.5.4.252 are both registered with Security Center and running real-time. Two engines fight over file scans, cause file-lock errors, slow boot, and occasionally bluescreen. Confirm Bitdefender is the intended primary (it is, per our MSP standard) and either uninstall Malwarebytes or set it to scheduled/manual scan only. - -3. **Secure Boot DISABLED** — UEFI machine with TPM 2.0 ready. No reason to be off; turn on in BIOS. Also unblocks BitLocker enrollment if/when this machine moves to Win 11 Pro. - -4. **Windows 11 Home (not Pro)** — for a business workstation, Pro is the right SKU. Without Pro: - - No real BitLocker (only "Device Encryption" auto-mode tied to Microsoft account) - - No GPO, no Group Policy Editor - - No remote management of inactivity timeout, USB lockdown, etc. - - Limits Bitdefender / Defender hardening - - Recommend upgrade path: in-place upgrade to Win 11 Pro via license key (`changepk.exe`). Cost: ~$99/license retail, less via volume. - -## High — fix this month - -5. **Defender Tamper Protection OFF** — registry value 4 = explicitly disabled. Even though Defender is in passive mode, Tamper Protection prevents an attacker from twiddling Defender settings if they ever take over. Enable in Windows Security → Virus & threat protection → Manage settings. - -6. **Defender ASR rules: only 1 rule configured, all disabled** — apply Microsoft's Standard preset rules even in passive mode (sets a fallback baseline if Defender ever becomes primary). - -7. **`localadmin` + `guru` — two MSP backdoor accounts** on the same machine. Pick one as standard, retire the other. Confirm chosen account's password is current and in the SOPS vault. - -8. **Memory at 85% used** (2.3 GB free of 15.3 GB) with only 263 processes — investigate top procs (in JSON) for the offender. Likely candidate: Bitdefender + Malwarebytes overlap (item 2 above) or a leaking app. Reboot + monitor. - -9. **NETLOGON 3095 errors on a WORKGROUP machine** — multiple NETLOGON failures on 2026-04-14. NETLOGON should not be doing anything on a non-domain-joined PC. Verify: - ```powershell - Get-Service Netlogon | Format-List Name, Status, StartType - nltest /sc_query:WORKGROUP - ``` - If Netlogon is running or set to Auto, change to Manual + Stopped. - -## Medium — schedule - -10. **No screen lock / inactivity timeout configured** — set `MachineInactivityLimit = 900` (15 min) via local policy. -11. **USB storage unrestricted** — depending on what AT Trebesch handles, lock down via local policy. -12. **AutoPlay not disabled** — disable to reduce USB-borne malware risk. -13. **HOSTS file has 17 active entries** — unusual on a clean workgroup workstation. Pull from JSON and review what's there. Could be legit dev mappings, ad-blocker entries, or worth investigating further. -14. **Cached logons count = 10** — lower to 4 for security on a single-user workstation. -15. **NTLM LmCompatibilityLevel blank** — set explicitly to 5. -16. **TLS protocols all "OS Default"** — Win 11 25H2 defaults are reasonable; explicit policy is better but low priority. - -## Cleanup - -17. **Classic Shell 4.3.1** — abandoned (last release 2017). Replace with maintained fork "Open-Shell-Menu", or remove if Win 11 default Start menu is acceptable to user. -18. **ExplorerPatcher** — third-party shell mod, sometimes breaks after Windows feature updates and occasionally flagged by AV. Confirm intentional with user. Likely paired with Classic Shell for Win 10 look. -19. **Windows 11 Installation Assistant** — leftover from Win 10 → Win 11 upgrade. Safe to uninstall. -20. **Bluetooth Network Connection adapter** — usually unused. Disable adapter if not actively used. -21. **`Time source / Last sync` blank** — verify with `w32tm /query /status` from elevated prompt. Either parsing failure in the audit script or W32time service isn't healthy. - -## Working well — call out the wins - -- Bitdefender EDR running, all 4 services up -- Carbonite cloud backup installed (Dec 2025 build) -- Firewall enabled on all 3 profiles -- LSA Protection (RunAsPPL) enabled -- WDigest cleartext disabled -- 0 suspicious scheduled tasks, 0 IFEO debugger hijacks, 0 suspicious recently-modified files -- 0 Defender detections in last 30 days -- Updates current (KB5088467 + KB5083769 from 4/15) -- Disk healthy with 598 GB / 953 GB free - -## Audit script false positives noted (to fix in v2.0.3, NOT findings on this machine) - -- Section 38 flagged `SyncroOvermind` (legitimate Syncro RMM agent at `C:\ProgramData\Syncro\bin\`). Need to add Syncro to the path allowlist alongside the Defender Platform exception. -- Section 35 displayed `Full scan age: d` (cosmetic — empty value rendering when full scan never ran; JSON value is correctly null). +# DESKTOP-QNP3ON5 — initial audit findings (AT Trebesch) + +**Date:** 2026-04-17 +**Technician:** Howard Enos +**Machine:** DESKTOP-QNP3ON5 (Lenovo desktop, Owner) +**Audit script:** workstation_audit.ps1 v2.0.2 (schema 2.0) +**JSON artifact:** `clients/at-trebesch/diagnostics/DESKTOP-QNP3ON5_workstation_audit_2026-04-17.json` (when uploaded) + +## Critical — fix this week + +1. **`Owner` local account requires no password** — anyone with physical access gets a full admin shell. Fix: + ```powershell + Set-LocalUser -Name Owner -PasswordRequired $true + $p = Read-Host -AsSecureString "New password for Owner" + Set-LocalUser -Name Owner -Password $p + ``` + Hand the new password to the user directly. Store nothing in the script. + +2. **Two real-time AV engines installed and active** — Bitdefender Endpoint Security Tools 8.26.4.628 (primary) **and** Malwarebytes 5.5.4.252 are both registered with Security Center and running real-time. Two engines fight over file scans, cause file-lock errors, slow boot, and occasionally bluescreen. Confirm Bitdefender is the intended primary (it is, per our MSP standard) and either uninstall Malwarebytes or set it to scheduled/manual scan only. + +3. **Secure Boot DISABLED** — UEFI machine with TPM 2.0 ready. No reason to be off; turn on in BIOS. Also unblocks BitLocker enrollment if/when this machine moves to Win 11 Pro. + +4. **Windows 11 Home (not Pro)** — for a business workstation, Pro is the right SKU. Without Pro: + - No real BitLocker (only "Device Encryption" auto-mode tied to Microsoft account) + - No GPO, no Group Policy Editor + - No remote management of inactivity timeout, USB lockdown, etc. + - Limits Bitdefender / Defender hardening + + Recommend upgrade path: in-place upgrade to Win 11 Pro via license key (`changepk.exe`). Cost: ~$99/license retail, less via volume. + +## High — fix this month + +5. **Defender Tamper Protection OFF** — registry value 4 = explicitly disabled. Even though Defender is in passive mode, Tamper Protection prevents an attacker from twiddling Defender settings if they ever take over. Enable in Windows Security → Virus & threat protection → Manage settings. + +6. **Defender ASR rules: only 1 rule configured, all disabled** — apply Microsoft's Standard preset rules even in passive mode (sets a fallback baseline if Defender ever becomes primary). + +7. **`localadmin` + `guru` — two MSP backdoor accounts** on the same machine. Pick one as standard, retire the other. Confirm chosen account's password is current and in the SOPS vault. + +8. **Memory at 85% used** (2.3 GB free of 15.3 GB) with only 263 processes — investigate top procs (in JSON) for the offender. Likely candidate: Bitdefender + Malwarebytes overlap (item 2 above) or a leaking app. Reboot + monitor. + +9. **NETLOGON 3095 errors on a WORKGROUP machine** — multiple NETLOGON failures on 2026-04-14. NETLOGON should not be doing anything on a non-domain-joined PC. Verify: + ```powershell + Get-Service Netlogon | Format-List Name, Status, StartType + nltest /sc_query:WORKGROUP + ``` + If Netlogon is running or set to Auto, change to Manual + Stopped. + +## Medium — schedule + +10. **No screen lock / inactivity timeout configured** — set `MachineInactivityLimit = 900` (15 min) via local policy. +11. **USB storage unrestricted** — depending on what AT Trebesch handles, lock down via local policy. +12. **AutoPlay not disabled** — disable to reduce USB-borne malware risk. +13. **HOSTS file has 17 active entries** — unusual on a clean workgroup workstation. Pull from JSON and review what's there. Could be legit dev mappings, ad-blocker entries, or worth investigating further. +14. **Cached logons count = 10** — lower to 4 for security on a single-user workstation. +15. **NTLM LmCompatibilityLevel blank** — set explicitly to 5. +16. **TLS protocols all "OS Default"** — Win 11 25H2 defaults are reasonable; explicit policy is better but low priority. + +## Cleanup + +17. **Classic Shell 4.3.1** — abandoned (last release 2017). Replace with maintained fork "Open-Shell-Menu", or remove if Win 11 default Start menu is acceptable to user. +18. **ExplorerPatcher** — third-party shell mod, sometimes breaks after Windows feature updates and occasionally flagged by AV. Confirm intentional with user. Likely paired with Classic Shell for Win 10 look. +19. **Windows 11 Installation Assistant** — leftover from Win 10 → Win 11 upgrade. Safe to uninstall. +20. **Bluetooth Network Connection adapter** — usually unused. Disable adapter if not actively used. +21. **`Time source / Last sync` blank** — verify with `w32tm /query /status` from elevated prompt. Either parsing failure in the audit script or W32time service isn't healthy. + +## Working well — call out the wins + +- Bitdefender EDR running, all 4 services up +- Carbonite cloud backup installed (Dec 2025 build) +- Firewall enabled on all 3 profiles +- LSA Protection (RunAsPPL) enabled +- WDigest cleartext disabled +- 0 suspicious scheduled tasks, 0 IFEO debugger hijacks, 0 suspicious recently-modified files +- 0 Defender detections in last 30 days +- Updates current (KB5088467 + KB5083769 from 4/15) +- Disk healthy with 598 GB / 953 GB free + +## Audit script false positives noted (to fix in v2.0.3, NOT findings on this machine) + +- Section 38 flagged `SyncroOvermind` (legitimate Syncro RMM agent at `C:\ProgramData\Syncro\bin\`). Need to add Syncro to the path allowlist alongside the Defender Platform exception. +- Section 35 displayed `Full scan age: d` (cosmetic — empty value rendering when full scan never ran; JSON value is correctly null). diff --git a/clients/at-trebesch/rmm/rmm.md b/clients/attrebesch/rmm/rmm.md similarity index 97% rename from clients/at-trebesch/rmm/rmm.md rename to clients/attrebesch/rmm/rmm.md index 819596b..feea500 100644 --- a/clients/at-trebesch/rmm/rmm.md +++ b/clients/attrebesch/rmm/rmm.md @@ -1,34 +1,34 @@ -# RMM / Monitoring - -## RMM Solution -- Product: -- Console URL: -- Agent Version: - -## Agent Deployment -- Total Devices: -- Servers Monitored: -- Workstations Monitored: -- Network Devices Monitored: - -## Monitoring Policies -| Policy Name | Applies To | Alert Condition | Action | -|-------------------|----------------|-------------------------|---------------| -| Disk Space | All Servers | < 10% free | Alert + Ticket| -| CPU | All Servers | > 90% for 15 min | Alert | -| Service Monitor | All Servers | | | -| Backup Monitor | | | | -| Offline Alert | All Agents | Offline > 30 min | Alert | - -## Patch Management -- Patch Policy: -- Patch Window: -- Auto-approve: Yes/No -- Exclusions: - -## Scripting / Automation -| Script Name | Schedule | Purpose | -|---------------------|-------------|--------------------------| -| | | | - -## Notes +# RMM / Monitoring + +## RMM Solution +- Product: +- Console URL: +- Agent Version: + +## Agent Deployment +- Total Devices: +- Servers Monitored: +- Workstations Monitored: +- Network Devices Monitored: + +## Monitoring Policies +| Policy Name | Applies To | Alert Condition | Action | +|-------------------|----------------|-------------------------|---------------| +| Disk Space | All Servers | < 10% free | Alert + Ticket| +| CPU | All Servers | > 90% for 15 min | Alert | +| Service Monitor | All Servers | | | +| Backup Monitor | | | | +| Offline Alert | All Agents | Offline > 30 min | Alert | + +## Patch Management +- Patch Policy: +- Patch Window: +- Auto-approve: Yes/No +- Exclusions: + +## Scripting / Automation +| Script Name | Schedule | Purpose | +|---------------------|-------------|--------------------------| +| | | | + +## Notes diff --git a/clients/at-trebesch/security/antivirus.md b/clients/attrebesch/security/antivirus.md similarity index 93% rename from clients/at-trebesch/security/antivirus.md rename to clients/attrebesch/security/antivirus.md index d495dfc..786f4ec 100644 --- a/clients/at-trebesch/security/antivirus.md +++ b/clients/attrebesch/security/antivirus.md @@ -1,26 +1,26 @@ -# Endpoint Security / Antivirus - -## Solution -- Product: -- Console URL: -- License Count: -- License Expiry: -- Managed By: - -## Policy -- Real-time Protection: Yes/No -- Scheduled Scans: (frequency) -- Exclusions: - -## Deployment Status -- Total Endpoints: -- Protected: -- Missing Agent: -- Out of Date: - -## EDR / XDR -- EDR Enabled: Yes/No -- Product: -- Console URL: - -## Notes +# Endpoint Security / Antivirus + +## Solution +- Product: +- Console URL: +- License Count: +- License Expiry: +- Managed By: + +## Policy +- Real-time Protection: Yes/No +- Scheduled Scans: (frequency) +- Exclusions: + +## Deployment Status +- Total Endpoints: +- Protected: +- Missing Agent: +- Out of Date: + +## EDR / XDR +- EDR Enabled: Yes/No +- Product: +- Console URL: + +## Notes diff --git a/clients/at-trebesch/security/backup.md b/clients/attrebesch/security/backup.md similarity index 96% rename from clients/at-trebesch/security/backup.md rename to clients/attrebesch/security/backup.md index 4ed13a4..a0e6ef1 100644 --- a/clients/at-trebesch/security/backup.md +++ b/clients/attrebesch/security/backup.md @@ -1,34 +1,34 @@ -# Backup and Disaster Recovery - -## Backup Solution -- Product: -- Console URL: -- License/Subscription: - -## Backup Targets -| Target Name | Type | Location | Capacity | Encrypted | -|----------------|----------------|-----------------|--------------|-----------| -| | Local NAS | | | Yes/No | -| | Cloud | | | Yes/No | -| | Offsite | | | Yes/No | - -## Backup Jobs -| Job Name | Source | Target | Schedule | Retention | Status | -|-----------------|-------------------|------------|---------------|-------------|--------| -| | | | | | | - -## M365 Backup -- M365 Backup Product: -- Exchange Backed Up: Yes/No -- SharePoint Backed Up: Yes/No -- OneDrive Backed Up: Yes/No -- Teams Backed Up: Yes/No - -## Disaster Recovery Plan -- RTO Target: -- RPO Target: -- DR Site: -- Last DR Test Date: -- DR Test Result: - -## Notes +# Backup and Disaster Recovery + +## Backup Solution +- Product: +- Console URL: +- License/Subscription: + +## Backup Targets +| Target Name | Type | Location | Capacity | Encrypted | +|----------------|----------------|-----------------|--------------|-----------| +| | Local NAS | | | Yes/No | +| | Cloud | | | Yes/No | +| | Offsite | | | Yes/No | + +## Backup Jobs +| Job Name | Source | Target | Schedule | Retention | Status | +|-----------------|-------------------|------------|---------------|-------------|--------| +| | | | | | | + +## M365 Backup +- M365 Backup Product: +- Exchange Backed Up: Yes/No +- SharePoint Backed Up: Yes/No +- OneDrive Backed Up: Yes/No +- Teams Backed Up: Yes/No + +## Disaster Recovery Plan +- RTO Target: +- RPO Target: +- DR Site: +- Last DR Test Date: +- DR Test Result: + +## Notes diff --git a/clients/at-trebesch/servers/server_template.md b/clients/attrebesch/servers/server_template.md similarity index 95% rename from clients/at-trebesch/servers/server_template.md rename to clients/attrebesch/servers/server_template.md index d35ab32..dfaf7b0 100644 --- a/clients/at-trebesch/servers/server_template.md +++ b/clients/attrebesch/servers/server_template.md @@ -1,49 +1,49 @@ -# Server: [SERVER NAME] - -## General Info -- Hostname: -- IP Address: -- OS: -- OS Version: -- Physical / Virtual: -- Host (if virtual): -- Location: -- Last Patched: - -## Hardware (if physical) -- Make/Model: -- CPU: -- RAM: -- Storage: -- Warranty Expiry: - -## Roles and Services - -- [ ] Domain Controller -- [ ] DNS Server -- [ ] DHCP Server -- [ ] File Server -- [ ] Print Server -- [ ] Application Server -- [ ] Database Server -- [ ] Backup Target -- [ ] RDS / Terminal Server -- [ ] Hyper-V Host - -## Shares (if file server) -| Share Name | Path | Permissions Group | Notes | -|---------------|-------------------|---------------------|----------------| -| | | | | - -## Applications Installed -| Application | Version | Purpose | License | -|-------------------|------------|----------------------|---------------| -| | | | | - -## Backup -- Backup Method: -- Backup Schedule: -- Backup Target: -- Last Verified Restore: - -## Notes +# Server: [SERVER NAME] + +## General Info +- Hostname: +- IP Address: +- OS: +- OS Version: +- Physical / Virtual: +- Host (if virtual): +- Location: +- Last Patched: + +## Hardware (if physical) +- Make/Model: +- CPU: +- RAM: +- Storage: +- Warranty Expiry: + +## Roles and Services + +- [ ] Domain Controller +- [ ] DNS Server +- [ ] DHCP Server +- [ ] File Server +- [ ] Print Server +- [ ] Application Server +- [ ] Database Server +- [ ] Backup Target +- [ ] RDS / Terminal Server +- [ ] Hyper-V Host + +## Shares (if file server) +| Share Name | Path | Permissions Group | Notes | +|---------------|-------------------|---------------------|----------------| +| | | | | + +## Applications Installed +| Application | Version | Purpose | License | +|-------------------|------------|----------------------|---------------| +| | | | | + +## Backup +- Backup Method: +- Backup Schedule: +- Backup Target: +- Last Verified Restore: + +## Notes diff --git a/clients/at-trebesch/workstations.md b/clients/attrebesch/workstations.md similarity index 97% rename from clients/at-trebesch/workstations.md rename to clients/attrebesch/workstations.md index 6d9e74a..8deb9ea 100644 --- a/clients/at-trebesch/workstations.md +++ b/clients/attrebesch/workstations.md @@ -1,81 +1,81 @@ -# Workstations — AT Trebesch - -Inventory built from on-machine audit runs. Last updated 2026-04-17. - -## Summary - -| PC Name | User/Role | OS | Edition | Domain | BitLocker | Last Audit | -|---|---|---|---|---|---|---| -| DESKTOP-QNP3ON5 | Owner | Win 11 25H2 | **Home** | WORKGROUP | None (decrypted) | 2026-04-17 | - -## DESKTOP-QNP3ON5 - -**Hardware** -- Lenovo (model 91D00000US) -- Serial: MZ025MVK -- BIOS: M68KT23A -- CPU: AMD Ryzen 7 250 w/ Radeon 780M Graphics (8 cores / 16 threads) -- RAM: 15.3 GB -- Storage: 953 GB KIOXIA KBG6AZNV1T02 LA SSD (NVMe), 598 GB free, healthy -- Chassis: Desktop, no battery - -**OS / Activation** -- Windows 11 Home 25H2 (build 26200), 64-bit -- Installed 2025-10-12 -- License: Licensed (StatusCode 1), partial key 6F4JW - -**Network** -- Ethernet: Realtek PCIe GbE — UP, 1 Gbps, 10.0.0.15 -- Wi-Fi: Realtek RTL8852BE WiFi 6 — disconnected -- Bluetooth NIC enabled (unused — recommend disable) -- Saved Wi-Fi profiles: ComputerGuru, Scurda2 - -**Local accounts (enabled)** -| Name | Last Logon | PasswordRequired | Notes | -|---|---|---|---| -| Owner | 2026-04-15 | **False** | **PASSWORD NOT REQUIRED — fix immediately** | -| guru | 2025-10-18 | True | MSP backdoor, in Administrators | -| localadmin | (never logged) | True | Second MSP backdoor, in Administrators | - -**Local Administrators:** Administrator (disabled), guru, localadmin, Owner - -**Security posture (highlights)** -- BitLocker: Off, drive fully decrypted (Win Home limits BitLocker to "Device Encryption" only) -- Secure Boot: **DISABLED** (UEFI capable, TPM 2.0 ready — turn on) -- TPM: present + ready -- WinRE: enabled -- Firewall: enabled on all 3 profiles -- LSA Protection (RunAsPPL): enabled (good) -- WDigest cleartext: disabled (good) -- Cached logons: 10 (recommend lower to 4) -- NTLM LmCompatibilityLevel: blank (defaults to 3, recommend explicit 5) -- UAC: enabled (default settings) -- RDP: disabled -- USB storage: unrestricted -- AutoPlay: not disabled - -**Antivirus posture** -- Bitdefender Endpoint Security Tools 8.26.4.628 — primary EDR, 4 services running -- Malwarebytes 5.5.4.252 — **CONFLICT, also real-time. Pick one.** -- Defender: Passive Mode (correct, deferring to Bitdefender), but Tamper Protection disabled -- Defender ASR rules: 1 configured, 0 in Block mode - -**Apps of note** -- Office 365 Apps Pro Plus (Office 2024) -- Carbonite 6.6.0 (Dec 2025 build) -- Classic Shell 4.3.1 — abandoned project, replace with Open-Shell-Menu or remove -- ExplorerPatcher 26100.4946.69.6 — Win10-style shell mod -- Lenovo System Update 5.08.03.59 -- AMD Software 26.3.1 -- Canon MX490 series MP Drivers 1.02 (printer) -- Windows 11 Installation Assistant — leftover, can uninstall - -**Performance** -- Memory at 85.1% used (2.3 GB free of 15.3 GB) — investigate top procs in audit JSON -- Uptime: 2.6 days (boot 2026-04-14) -- 263 processes running - -**Updates** -- KB5083769, KB5082417, KB5088467 (4/14-4/15 cycle) installed -- 1 pending update -- 0 WU failures in last 30d +# Workstations — AT Trebesch + +Inventory built from on-machine audit runs. Last updated 2026-04-17. + +## Summary + +| PC Name | User/Role | OS | Edition | Domain | BitLocker | Last Audit | +|---|---|---|---|---|---|---| +| DESKTOP-QNP3ON5 | Owner | Win 11 25H2 | **Home** | WORKGROUP | None (decrypted) | 2026-04-17 | + +## DESKTOP-QNP3ON5 + +**Hardware** +- Lenovo (model 91D00000US) +- Serial: MZ025MVK +- BIOS: M68KT23A +- CPU: AMD Ryzen 7 250 w/ Radeon 780M Graphics (8 cores / 16 threads) +- RAM: 15.3 GB +- Storage: 953 GB KIOXIA KBG6AZNV1T02 LA SSD (NVMe), 598 GB free, healthy +- Chassis: Desktop, no battery + +**OS / Activation** +- Windows 11 Home 25H2 (build 26200), 64-bit +- Installed 2025-10-12 +- License: Licensed (StatusCode 1), partial key 6F4JW + +**Network** +- Ethernet: Realtek PCIe GbE — UP, 1 Gbps, 10.0.0.15 +- Wi-Fi: Realtek RTL8852BE WiFi 6 — disconnected +- Bluetooth NIC enabled (unused — recommend disable) +- Saved Wi-Fi profiles: ComputerGuru, Scurda2 + +**Local accounts (enabled)** +| Name | Last Logon | PasswordRequired | Notes | +|---|---|---|---| +| Owner | 2026-04-15 | **False** | **PASSWORD NOT REQUIRED — fix immediately** | +| guru | 2025-10-18 | True | MSP backdoor, in Administrators | +| localadmin | (never logged) | True | Second MSP backdoor, in Administrators | + +**Local Administrators:** Administrator (disabled), guru, localadmin, Owner + +**Security posture (highlights)** +- BitLocker: Off, drive fully decrypted (Win Home limits BitLocker to "Device Encryption" only) +- Secure Boot: **DISABLED** (UEFI capable, TPM 2.0 ready — turn on) +- TPM: present + ready +- WinRE: enabled +- Firewall: enabled on all 3 profiles +- LSA Protection (RunAsPPL): enabled (good) +- WDigest cleartext: disabled (good) +- Cached logons: 10 (recommend lower to 4) +- NTLM LmCompatibilityLevel: blank (defaults to 3, recommend explicit 5) +- UAC: enabled (default settings) +- RDP: disabled +- USB storage: unrestricted +- AutoPlay: not disabled + +**Antivirus posture** +- Bitdefender Endpoint Security Tools 8.26.4.628 — primary EDR, 4 services running +- Malwarebytes 5.5.4.252 — **CONFLICT, also real-time. Pick one.** +- Defender: Passive Mode (correct, deferring to Bitdefender), but Tamper Protection disabled +- Defender ASR rules: 1 configured, 0 in Block mode + +**Apps of note** +- Office 365 Apps Pro Plus (Office 2024) +- Carbonite 6.6.0 (Dec 2025 build) +- Classic Shell 4.3.1 — abandoned project, replace with Open-Shell-Menu or remove +- ExplorerPatcher 26100.4946.69.6 — Win10-style shell mod +- Lenovo System Update 5.08.03.59 +- AMD Software 26.3.1 +- Canon MX490 series MP Drivers 1.02 (printer) +- Windows 11 Installation Assistant — leftover, can uninstall + +**Performance** +- Memory at 85.1% used (2.3 GB free of 15.3 GB) — investigate top procs in audit JSON +- Uptime: 2.6 days (boot 2026-04-14) +- 263 processes running + +**Updates** +- KB5083769, KB5082417, KB5088467 (4/14-4/15 cycle) installed +- 1 pending update +- 0 WU failures in last 30d diff --git a/wiki/clients/attrebesch.md b/wiki/clients/attrebesch.md index 7e60263..94358a7 100644 --- a/wiki/clients/attrebesch.md +++ b/wiki/clients/attrebesch.md @@ -8,6 +8,7 @@ sources: - clients/attrebesch/session-logs/2026-06-01-session.md backlinks: - projects/gururmm +aliases: [at-trebesch] --- # AT Trebesch diff --git a/wiki/clients/birth-biologic.md b/wiki/clients/birth-biologic.md index aa28948..f99f295 100644 --- a/wiki/clients/birth-biologic.md +++ b/wiki/clients/birth-biologic.md @@ -9,6 +9,7 @@ sources: - clients/birth-biologic/session-logs/2026-06-02-session.md backlinks: - projects/gururmm +aliases: [birthbiologic] --- # BirthBiologic diff --git a/wiki/clients/lonestar-electrical.md b/wiki/clients/lonestar-electrical.md index 05c2413..a3009da 100644 --- a/wiki/clients/lonestar-electrical.md +++ b/wiki/clients/lonestar-electrical.md @@ -20,6 +20,7 @@ sources: - temp/lonestar-kyla-reset.py - temp/lonestar-kyla-2fa-fix.py backlinks: [] +aliases: [lonestar] --- # Lone Star Electrical Systems LLC diff --git a/wiki/clients/scileppi-law.md b/wiki/clients/scileppi-law.md index d908be4..dddfae6 100644 --- a/wiki/clients/scileppi-law.md +++ b/wiki/clients/scileppi-law.md @@ -6,6 +6,7 @@ last_compiled: 2026-05-24 compiled_by: DESKTOP-0O8A1RL/claude-main sources: - clients/scileppi-law/session-logs/2026-05-07-howard-sylvia-mac-mini-mail-memory.md +aliases: [scileppi] --- # The Law Offices of Chris Scileppi