wiki: update PST (deletion-report location) + add fast wiki-compile 'update' mode

- peaceful-spirit: record the standing 'Mara audit log' (daily PST Deletion Report task,
  SACL 4660/4663 on G:\Shares\Scanned) and its new output location under the legal/
  partner-review folder (moved 2026-07-02). Surgical update, no full recompile.
- wiki-compile: add an incremental UPDATE mode (now the no-flag default) that folds only
  session logs newer than last_compiled via targeted section edits — no Sonnet subagent,
  no full-article regeneration. --full is now the explicit REBUILD; --syncro is the
  instant Syncro-only refresh. Addresses the slow-rebuild complaint.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
2026-07-02 17:27:23 -07:00
parent 7ff092f7bb
commit 59b5f1f5f2
3 changed files with 95 additions and 13 deletions

View File

@@ -2,8 +2,8 @@
type: client
name: peaceful-spirit
display_name: Peaceful Spirit Therapeutic Massage
last_compiled: 2026-07-01
compiled_by: GURU-5070/claude-main
last_compiled: 2026-07-02
compiled_by: GURU-5070/claude-main (update: deletion-report location)
sources:
- clients/peaceful-spirit/session-logs/2026-05-10-recovered-setup-radius-authentication-for-vpn-access.md
- clients/peaceful-spirit/session-logs/2026-05-10-session.md
@@ -163,6 +163,8 @@ ACL root is `G:\Shares\Scanned`; permissions inherit to `@Clients` and subdirect
A report that client files disappeared (trigger: the "Glennda" folder) prompted a staged restore-and-diff investigation. The 6/24 10:05 AM restore point was staged to `C:\PST-Recovery\PreDelete-0624` (~99 GB). Authoritative diff: **47,749 files deleted from @Clients since 6/24 10:05**; ~93% intentional duplicate cleanup (33,711 in folders labeled "duplicate DO NOT USE or delete"; ~10,696 in nested misfile-buckets A\A, D\A, P\O, H\I whose canonical client folders remain live). Genuine loss estimate: **~3,342 files**, recoverable via no-overwrite copy-back from staging (not yet executed — awaiting Mike/Mara approval; writes to live HIPAA data). The 10:05->12:05 PM window had only 2 deletions (Ballard, Kathy and Rivera, Anthony SOAP PDFs) — mass deletion occurred later. Glennda trigger: `EDWARDS, GLENDA` (single-N, 79 files, deleted) was a misspelled duplicate of the active canonical `EDWARDS, GLENNDA VA REFERRAL` (double-N, 127 files, live and growing). Shelton report: only 6 old Shelton files exist (20112015), loose in `S\`, CreationTime 2025-06-02 (migration), unchanged since 6/24 — not a 2026 deletion; the 6/29/2025 restore point needed for further check has been purged. Staging artifacts (~200 GB, removable after recovery decision): `C:\PST-Recovery\{PreDelete-0624, PostDelete-0624, authdiff, incidentdiff, acl-backup-scanned-20260701-072725.txt}`.
**Standing deletion audit (the "Mara audit log").** Object-access auditing (SACL: Everyone / Delete+DC / Success on `G:\Shares\Scanned`) feeds a daily scheduled task **`PST Deletion Report (Daily)`** → `C:\PST-Tools\PST-DeletionReport.ps1` (runs as SYSTEM, 06:30). It harvests Security events 4660/4663 into a per-day HTML report of who deleted / renamed / moved files under `G:\Shares\Scanned` (server + backup activity excluded; 90-day retention). This is the ongoing record Mara reviews for further deletions. **Report output location: `G:\Shares\Private\Partner Review\Legal Documents - DO NOT DELETE\_Deletion Reports`** — moved there 2026-07-02 (from the original `G:\Shares\Scanned\_Deletion Reports`); pre-change script backup at `C:\PST-Tools\PST-DeletionReport.ps1.bak-20260702`. Only `$OutDir` was repointed; the monitored root (`$Root = G:\Shares\Scanned`) is unchanged. PST-SERVER is reachable for this kind of change via GuruRMM (agent `87293069-...`) when the site VPN is down.
---
## Access
@@ -266,6 +268,7 @@ As of 2026-07-01 session end:
| 2026-06-14 | SERVER2 static IP set (192.168.1.5/24); timezone -> Mountain; stale .127 DNS records cleaned. Gate 4 DFS-R rebuilt clean with PST-SERVER G:\Shares PRIMARY and SERVER2 C:\Shares receiver; ~221/265 GB replicated. Session ended blocked: SERVER2 began flapping (NW site stability, not DFS). Gate 4 finish deferred. |
| 2026-06-29 | File-deletion investigation initiated. Stopped MSP360 backup, staged the 6/24 10:05 AM restore point. Mtime heuristic ruled out; restore-and-local-diff adopted as authoritative. |
| 2026-07-01 | Deletion-scope analysis complete: 47,749 files deleted since 6/24 10:05, ~93% duplicate cleanup, ~3,342 genuine recoverable. Incident window (10:05->12:05) had only 2 deletions. Glennda trigger = misspelled duplicate; canonical folder intact. Shelton check blocked (6/29/2025 restore point purged). Admin1/Admin2 NTFS hardening: removed incorrect Admin2-in-Admin1 nesting; Admin1 -> allow RX,W + DENY D,DC; Admin2 retained Full Control. ACL backup saved. |
| 2026-07-02 | Standing deletion audit operationalized: daily `PST Deletion Report` task (SACL 4660/4663 on G:\Shares\Scanned -> per-person HTML). Report output relocated to the legal/partner-review folder `G:\Shares\Private\Partner Review\Legal Documents - DO NOT DELETE\_Deletion Reports` (backup of the script kept). Change made via GuruRMM (site VPN was down); validated by a test run (report written, 6 items). |
---

View File

@@ -32,7 +32,7 @@ Run `/wiki-lint` to check for stale entries and broken backlinks.
| [Pavon](clients/pavon.md) | Former/archive client; GeoVision NVR surveillance; OwnCloud at 172.16.3.22 backed by Uranus; cron stacking fixed; Nextcloud migration deferred 36 months | 2026-05-24 |
| [Rieusset Corp (Tom Sorensen)](clients/rieusset-corp.md) | Small business; email hosted on Neptune Exchange (4 mailboxes: tsorensen, tomrc, ojodeagua, csorensen @rieussetcorp.com); Mailprotector domain ID 57833; outbound via SBR Outbound.Sorensen connector; clipto.com allow rule added 2026-06-08 | 2026-06-08 |
| [Rednour Law Offices](clients/rednour.md) | Law firm (break-fix/T&M, prepay 0); M365 rednourlaw.com (tenant 4a4ca18a) onboarded, 5 ComputerGuru SPs consented, no MDE license; 3 Win workstations GuruRMM-enrolled (all RED, prior MSP agents pending removal) — **all three now on Win 11** (LEGALASST + Carrie/REDNOURCARRIEVI upgraded 2026-06-29); REDNOURCARRIEVI hosts the firm's peer-to-peer SMB shares (Nick's Mac access done 2026-06-25); **Carrie's Win11 upgrade root cause = corrupt download (`ks.sys` 0x80070570 -> SAFE_OS 0x8007000D); fixed via fresh Media Creation Tool media — done in-shop, build 26200**; GuruRMM **works** on the Windows boxes (earlier "not working" disproved); macOS RMM agent still won't enroll (site code-vs-UUID bug, coord 6f2d22be); `endpointprotection.exe` = Datto AV (Defender RTP off by design); #32368 invoiced #67912 $669.55 (Nick = no charge); plaintext local-account creds from Syncro notes vaulted (clients/rednour/local-accounts) | 2026-06-30 |
| [Peaceful Spirit Therapeutic Massage](clients/peaceful-spirit.md) | Massage therapy, two sites (Country Club + Northwest); break-fix, Syncro 278525, 31 assets; **two-DC domain** — PST-SERVER (192.168.0.2, 2016 Essentials, all FSMO) + PST-SERVER2 (192.168.1.5, rebuilt 6/13 from past-tombstone state, NW) with DFS-R (PST-DFS, ~221/265 GB) — **Gate 4 blocked: SERVER2 flapping (NW power/UPS/net)**; L2TP/IPsec RRAS VPN complete (6 GuruRMM agents); **JuneJuly 2026 file-deletion investigation** — 47,749 files gone from `@Clients` since 6/24 but ~93% duplicate cleanup, **~3,342 genuine recoverable** from MSP360/B2 staging (Glennda trigger = misspelled duplicate, canonical folder intact; 6/29/2025 restore point purged by 365-day retention); **Admin1/Admin2 NTFS hardening** on G:\Shares\Scanned (fixed inverted group nesting; Admin1 = RX,W + deny-delete, Admin2 = Full); vault drift open (pst-admin password) | 2026-07-01 |
| [Peaceful Spirit Therapeutic Massage](clients/peaceful-spirit.md) | Massage therapy, two sites (Country Club + Northwest); break-fix, Syncro 278525, 31 assets; **two-DC domain** — PST-SERVER (192.168.0.2, 2016 Essentials, all FSMO) + PST-SERVER2 (192.168.1.5, rebuilt 6/13 from past-tombstone state, NW) with DFS-R (PST-DFS, ~221/265 GB) — **Gate 4 blocked: SERVER2 flapping (NW power/UPS/net)**; L2TP/IPsec RRAS VPN complete (6 GuruRMM agents); **JuneJuly 2026 file-deletion investigation** — 47,749 files gone from `@Clients` since 6/24 but ~93% duplicate cleanup, **~3,342 genuine recoverable** from MSP360/B2 staging (Glennda trigger = misspelled duplicate, canonical folder intact; 6/29/2025 restore point purged by 365-day retention); **Admin1/Admin2 NTFS hardening** on G:\Shares\Scanned (fixed inverted group nesting; Admin1 = RX,W + deny-delete, Admin2 = Full); vault drift open (pst-admin password) | 2026-07-02 |
| [Patriot Internal Medicine](clients/patriot-internal-medicine.md) | Medical practice, two locations (Tucson + Sonoita); GuruRMM client+sites provisioned 2026-06-18 (Tucson: NORTH-WOLF-6270, Sonoita: LIGHT-HARBOR-9617); no agents deployed yet; enrollment keys vaulted; infrastructure discovery pending | 2026-06-18 |
| [Sombra Residential LLC](clients/sombra-residential.md) | Property management; Server2013 (actually WS2012 EOL, unpatched) + DESKTOP-UQRN4K3 GuruRMM enrolled; Transwiz migration artifacts cause Office credential prompts | 2026-05-24 |
| [Stamback Septic](clients/stamback-septic.md) | Septic services; prepaid block ~3.5 hrs remaining; DESKTOP-BTR2AM3 + StambackLaptopNew GuruRMM enrolled; OneDrive identity wipe pattern documented | 2026-05-24 |