Reorganize repo: compartmentalize scripts by client/project

Move 150+ scripts from root and scripts/ into client/project directories:
- clients/dataforth/scripts/ (110 files: AD2, sync, SSH, DB, DOS scripts)
- clients/bg-builders/scripts/ (14 files: Lesley mgmt, Exchange, termination)
- clients/internal-infrastructure/scripts/ (10 files: GDAP, Gitea, backups)
- projects/msp-tools/scripts/ (9 files: CIPP, MSP onboarding, Datto)
- projects/gururmm-agent/scripts/ (3 files: API test, JWT, record counts)
- clients/glaztech/scripts/ (1 file: CentraStage removal)

Also reorganized:
- VPN scripts → infrastructure/vpn-configs/
- Retrieved API/JS files → api/
- Forum posts → projects/community-forum/forum-posts/
- SSH docs → clients/internal-infrastructure/docs/
- NWTOC/CTONW docs → projects/wrightstown-smarthome/docs/
- ACG website files → projects/internal/acg-website-2025/
- Dataforth docs → clients/dataforth/docs/
- schema-retrieved.sql → docs/database/

Deleted 24 tmp_*.ps1 one-off debug scripts (preserved in git history).
Root reduced from 220+ files to 62 items (docs + directories only).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

infrastructure/vpn-configs/Create-PeacefulSpiritVPN.ps1

@@ -0,0 +1,242 @@
+# Create VPN Connection for Peaceful Spirit with Pre-Login Access
+# Run as Administrator
+
+param(
+    [string]$VpnServer = "",  # VPN server address (IP or hostname)
+    [string]$Username = "",
+    [string]$Password = "",
+    [string]$ConnectionName = "Peaceful Spirit VPN",
+    [string]$TunnelType = "L2tp",  # Options: Pptp, L2tp, Sstp, IKEv2, Automatic
+    [string]$L2tpPsk = "",  # Pre-shared key for L2TP (if using L2TP)
+    [string]$RemoteNetwork = "192.168.0.0/24",  # Remote network to route through VPN
+    [string]$DnsServer = "192.168.0.2",  # DNS server at remote site
+    [switch]$SplitTunneling = $true  # Enable split tunneling (default: true)
+)
+
+# Ensure running as Administrator
+if (-not ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
+    Write-Host "[ERROR] This script must be run as Administrator" -ForegroundColor Red
+    Write-Host "Right-click PowerShell and select 'Run as Administrator'" -ForegroundColor Yellow
+    exit 1
+}
+
+Write-Host "=========================================="
+Write-Host "Peaceful Spirit VPN Setup"
+Write-Host "=========================================="
+Write-Host ""
+
+# Prompt for missing parameters
+if ([string]::IsNullOrWhiteSpace($VpnServer)) {
+    $VpnServer = Read-Host "Enter VPN server address (IP or hostname)"
+}
+
+if ([string]::IsNullOrWhiteSpace($Username)) {
+    $Username = Read-Host "Enter VPN username"
+}
+
+if ([string]::IsNullOrWhiteSpace($Password)) {
+    $SecurePassword = Read-Host "Enter VPN password" -AsSecureString
+    $BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($SecurePassword)
+    $Password = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
+}
+
+if ($TunnelType -eq "L2tp" -and [string]::IsNullOrWhiteSpace($L2tpPsk)) {
+    $L2tpPsk = Read-Host "Enter L2TP Pre-Shared Key (leave blank if not using)"
+}
+
+Write-Host ""
+Write-Host "[INFO] Configuration:"
+Write-Host "  VPN Server: $VpnServer"
+Write-Host "  Username: $Username"
+Write-Host "  Connection Name: $ConnectionName"
+Write-Host "  Tunnel Type: $TunnelType"
+Write-Host "  Remote Network: $RemoteNetwork"
+Write-Host "  DNS Server: $DnsServer"
+Write-Host "  Split Tunneling: $SplitTunneling"
+Write-Host ""
+
+# Remove existing connection if it exists
+Write-Host "[1/6] Checking for existing VPN connection..."
+$existingVpn = Get-VpnConnection -Name $ConnectionName -AllUserConnection -ErrorAction SilentlyContinue
+if ($existingVpn) {
+    Write-Host "  [INFO] Removing existing connection..."
+    Remove-VpnConnection -Name $ConnectionName -AllUserConnection -Force
+    Write-Host "  [OK] Existing connection removed"
+} else {
+    Write-Host "  [OK] No existing connection found"
+}
+
+# Create VPN connection (AllUserConnection for pre-login access)
+Write-Host ""
+Write-Host "[2/6] Creating VPN connection..."
+
+$vpnParams = @{
+    Name = $ConnectionName
+    ServerAddress = $VpnServer
+    TunnelType = $TunnelType
+    AllUserConnection = $true
+    RememberCredential = $true
+    SplitTunneling = $SplitTunneling
+    PassThru = $true
+}
+
+# Add L2TP Pre-Shared Key if provided
+if ($TunnelType -eq "L2tp" -and -not [string]::IsNullOrWhiteSpace($L2tpPsk)) {
+    $vpnParams['L2tpPsk'] = $L2tpPsk
+    $vpnParams['AuthenticationMethod'] = 'MsChapv2'  # Use MS-CHAPv2 for L2TP/IPSec with PSK
+    $vpnParams['EncryptionLevel'] = 'Required'
+}
+
+try {
+    $vpn = Add-VpnConnection @vpnParams
+    Write-Host "  [OK] VPN connection created"
+    if ($SplitTunneling) {
+        Write-Host "  [OK] Split tunneling enabled (only remote network traffic uses VPN)"
+    }
+} catch {
+    Write-Host "  [ERROR] Failed to create VPN connection: $_" -ForegroundColor Red
+    exit 1
+}
+
+# Add route for remote network
+Write-Host ""
+Write-Host "[3/6] Configuring route for remote network..."
+try {
+    # Add route for specified remote network through VPN
+    Add-VpnConnectionRoute -ConnectionName $ConnectionName -DestinationPrefix $RemoteNetwork -AllUserConnection
+    Write-Host "  [OK] Route added: $RemoteNetwork via VPN"
+
+    # Configure DNS servers for the VPN connection
+    Set-DnsClientServerAddress -InterfaceAlias $ConnectionName -ServerAddresses $DnsServer -ErrorAction SilentlyContinue
+    Write-Host "  [OK] DNS server configured: $DnsServer"
+} catch {
+    Write-Host "  [WARNING] Could not configure route: $_" -ForegroundColor Yellow
+    Write-Host "  [INFO] You may need to add the route manually after connecting"
+}
+
+# Configure VPN connection for pre-login (Windows logon screen)
+Write-Host ""
+Write-Host "[4/6] Configuring for pre-login access..."
+
+# Set connection to be available before user logs on
+$rasphonePath = "$env:ProgramData\Microsoft\Network\Connections\Pbk\rasphone.pbk"
+
+if (Test-Path $rasphonePath) {
+    # Modify rasphone.pbk to enable pre-login
+    $rasphoneContent = Get-Content $rasphonePath -Raw
+
+    # Find the connection section
+    if ($rasphoneContent -match "\[$ConnectionName\]") {
+        # Add or update UseRasCredentials setting
+        $rasphoneContent = $rasphoneContent -replace "(?m)^UseRasCredentials=.*$", "UseRasCredentials=1"
+        if ($rasphoneContent -notmatch "UseRasCredentials=") {
+            $rasphoneContent = $rasphoneContent -replace "(\[$ConnectionName\])", "`$1`r`nUseRasCredentials=1"
+        }
+
+        Set-Content -Path $rasphonePath -Value $rasphoneContent
+        Write-Host "  [OK] Pre-login access configured in rasphone.pbk"
+    }
+} else {
+    Write-Host "  [WARNING] rasphone.pbk not found (connection still created)" -ForegroundColor Yellow
+}
+
+# Save credentials using rasdial
+Write-Host ""
+Write-Host "[5/6] Saving VPN credentials..."
+
+try {
+    # Connect once to save credentials
+    $rasDialOutput = rasdial $ConnectionName $Username $Password 2>&1
+    Start-Sleep -Seconds 2
+
+    # Disconnect
+    rasdial $ConnectionName /disconnect 2>&1 | Out-Null
+
+    Write-Host "  [OK] Credentials saved"
+} catch {
+    Write-Host "  [WARNING] Could not save credentials via rasdial: $_" -ForegroundColor Yellow
+}
+
+# Set registry keys for pre-login VPN
+Write-Host ""
+Write-Host "[6/6] Configuring registry settings..."
+
+try {
+    # Enable pre-logon VPN
+    $regPath = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
+
+    # Create or update registry values
+    if (-not (Test-Path $regPath)) {
+        New-Item -Path $regPath -Force | Out-Null
+    }
+
+    # Set UseRasCredentials to enable VPN before logon
+    Set-ItemProperty -Path $regPath -Name "UseRasCredentials" -Value 1 -Type DWord
+
+    Write-Host "  [OK] Registry settings configured"
+} catch {
+    Write-Host "  [WARNING] Could not set registry values: $_" -ForegroundColor Yellow
+}
+
+# Summary
+Write-Host ""
+Write-Host "=========================================="
+Write-Host "Setup Complete!"
+Write-Host "=========================================="
+Write-Host ""
+Write-Host "VPN Connection Details:"
+Write-Host "  Name: $ConnectionName"
+Write-Host "  Server: $VpnServer"
+Write-Host "  Type: $TunnelType"
+Write-Host "  Pre-Login: Enabled"
+Write-Host "  Split Tunneling: $SplitTunneling"
+Write-Host "  Remote Network: $RemoteNetwork"
+Write-Host "  DNS Server: $DnsServer"
+Write-Host ""
+if ($SplitTunneling) {
+    Write-Host "Network Traffic:"
+    Write-Host "  - Traffic to $RemoteNetwork -> VPN tunnel"
+    Write-Host "  - All other traffic -> Local internet connection"
+    Write-Host ""
+}
+
+Write-Host "Testing Connection:"
+Write-Host "  To test: rasdial `"$ConnectionName`""
+Write-Host "  To disconnect: rasdial `"$ConnectionName`" /disconnect"
+Write-Host ""
+Write-Host "At Windows Login Screen:"
+Write-Host "  1. Click the network icon (bottom right)"
+Write-Host "  2. Select '$ConnectionName'"
+Write-Host "  3. Click 'Connect'"
+Write-Host "  4. Enter credentials if prompted"
+Write-Host "  5. Log in to Windows after VPN connects"
+Write-Host ""
+Write-Host "PowerShell Connection:"
+Write-Host "  Connect: rasdial `"$ConnectionName`" $Username [password]"
+Write-Host "  Status: Get-VpnConnection -Name `"$ConnectionName`" -AllUserConnection"
+Write-Host ""
+
+# Test connection
+Write-Host "Would you like to test the connection now? (Y/N)"
+$test = Read-Host
+if ($test -eq 'Y' -or $test -eq 'y') {
+    Write-Host ""
+    Write-Host "Testing VPN connection..."
+    rasdial $ConnectionName $Username $Password
+
+    Start-Sleep -Seconds 3
+
+    Write-Host ""
+    Write-Host "Connection status:"
+    Get-VpnConnection -Name $ConnectionName -AllUserConnection | Select-Object Name, ConnectionStatus, ServerAddress
+
+    Write-Host ""
+    Write-Host "Disconnecting..."
+    rasdial $ConnectionName /disconnect
+    Write-Host "[OK] Test complete"
+}
+
+Write-Host ""
+Write-Host "=========================================="
+Write-Host "[SUCCESS] VPN setup complete!"
+Write-Host "=========================================="

infrastructure/vpn-configs/Setup-PeacefulSpiritVPN.ps1

@@ -0,0 +1,195 @@
+# Setup Peaceful Spirit VPN with Pre-Login Access
+# Run as Administrator
+# This script uses the actual credentials and creates a fully configured VPN connection
+
+# Ensure running as Administrator
+if (-not ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
+    Write-Host "[ERROR] This script must be run as Administrator" -ForegroundColor Red
+    Write-Host "Right-click PowerShell and select 'Run as Administrator'" -ForegroundColor Yellow
+    exit 1
+}
+
+Write-Host "=========================================="
+Write-Host "Peaceful Spirit VPN Setup"
+Write-Host "=========================================="
+Write-Host ""
+
+# Configuration
+$VpnName = "Peaceful Spirit VPN"
+$ServerAddress = "98.190.129.150"
+$L2tpPsk = "z5zkNBds2V9eIkdey09Zm6Khil3DAZs8"
+$Username = "pst-admin"
+$Password = "24Hearts$"
+
+# Network Configuration (UniFi Router at CC)
+$RemoteNetwork = "192.168.0.0/24"  # Peaceful Spirit CC network
+$DnsServer = "192.168.0.2"         # DNS server at CC
+$Gateway = "192.168.0.10"          # Gateway at CC
+
+Write-Host "[INFO] Configuration:"
+Write-Host "  Name: $VpnName"
+Write-Host "  Server: $ServerAddress"
+Write-Host "  Type: L2TP/IPSec"
+Write-Host "  Username: $Username"
+Write-Host "  Remote Network: $RemoteNetwork"
+Write-Host "  DNS Server: $DnsServer"
+Write-Host ""
+
+# Remove existing connection if it exists
+Write-Host "[1/6] Checking for existing VPN connection..."
+$existing = Get-VpnConnection -Name $VpnName -AllUserConnection -ErrorAction SilentlyContinue
+if ($existing) {
+    Write-Host "  [INFO] Removing existing connection..."
+    Remove-VpnConnection -Name $VpnName -AllUserConnection -Force
+    Write-Host "  [OK] Removed"
+}
+Write-Host "  [OK] Ready to create connection"
+Write-Host ""
+
+# Create VPN connection
+Write-Host "[2/6] Creating VPN connection..."
+try {
+    Add-VpnConnection `
+        -Name $VpnName `
+        -ServerAddress $ServerAddress `
+        -TunnelType L2tp `
+        -L2tpPsk $L2tpPsk `
+        -AuthenticationMethod MsChapv2 `
+        -EncryptionLevel Required `
+        -AllUserConnection `
+        -RememberCredential `
+        -SplitTunneling $true `
+        -Force
+    Write-Host "  [OK] VPN connection created"
+    Write-Host "  [OK] Split tunneling enabled (only CC traffic uses VPN)"
+} catch {
+    Write-Host "  [ERROR] Failed to create connection: $_" -ForegroundColor Red
+    exit 1
+}
+Write-Host ""
+
+# Add route for remote network
+Write-Host "[3/6] Configuring route for Peaceful Spirit CC network..."
+try {
+    # Add route for 192.168.0.0/24 through VPN
+    Add-VpnConnectionRoute -ConnectionName $VpnName -DestinationPrefix $RemoteNetwork -AllUserConnection
+    Write-Host "  [OK] Route added: $RemoteNetwork via VPN"
+
+    # Configure DNS servers for the VPN connection
+    Set-DnsClientServerAddress -InterfaceAlias $VpnName -ServerAddresses $DnsServer -ErrorAction SilentlyContinue
+    Write-Host "  [OK] DNS server configured: $DnsServer"
+} catch {
+    Write-Host "  [WARNING] Could not configure route: $_" -ForegroundColor Yellow
+    Write-Host "  [INFO] You may need to add the route manually after connecting"
+}
+Write-Host ""
+
+# Save credentials
+Write-Host "[4/6] Saving VPN credentials for pre-login access..."
+try {
+    # Connect to save credentials
+    $output = rasdial $VpnName $Username $Password 2>&1
+    Start-Sleep -Seconds 2
+
+    # Disconnect
+    rasdial $VpnName /disconnect 2>&1 | Out-Null
+    Start-Sleep -Seconds 1
+
+    Write-Host "  [OK] Credentials saved"
+} catch {
+    Write-Host "  [WARNING] Could not save credentials: $_" -ForegroundColor Yellow
+}
+Write-Host ""
+
+# Enable pre-login VPN via registry
+Write-Host "[5/6] Enabling pre-login VPN access..."
+try {
+    $regPath = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
+    Set-ItemProperty -Path $regPath -Name "UseRasCredentials" -Value 1 -Type DWord
+    Write-Host "  [OK] Pre-login access enabled"
+} catch {
+    Write-Host "  [WARNING] Could not set registry value: $_" -ForegroundColor Yellow
+}
+Write-Host ""
+
+# Verify connection
+Write-Host "[6/6] Verifying VPN connection..."
+$vpn = Get-VpnConnection -Name $VpnName -AllUserConnection
+if ($vpn) {
+    Write-Host "  [OK] Connection verified"
+    Write-Host ""
+    Write-Host "Connection Details:"
+    Write-Host "  Name: $($vpn.Name)"
+    Write-Host "  Server: $($vpn.ServerAddress)"
+    Write-Host "  Type: $($vpn.TunnelType)"
+    Write-Host "  All Users: $($vpn.AllUserConnection)"
+} else {
+    Write-Host "  [ERROR] Connection not found!" -ForegroundColor Red
+    exit 1
+}
+Write-Host ""
+
+# Summary
+Write-Host "=========================================="
+Write-Host "Setup Complete!"
+Write-Host "=========================================="
+Write-Host ""
+Write-Host "VPN Connection: $VpnName"
+Write-Host "  Status: Ready"
+Write-Host "  Pre-Login: Enabled"
+Write-Host "  Split Tunneling: Enabled"
+Write-Host "  Remote Network: $RemoteNetwork"
+Write-Host "  DNS Server: $DnsServer"
+Write-Host ""
+Write-Host "Network Traffic:"
+Write-Host "  - Traffic to 192.168.0.0/24 -> VPN tunnel"
+Write-Host "  - All other traffic -> Local internet connection"
+Write-Host ""
+Write-Host "To Connect:"
+Write-Host "  PowerShell: rasdial `"$VpnName`""
+Write-Host "  Or: GUI -> Network icon -> $VpnName -> Connect"
+Write-Host ""
+Write-Host "To Disconnect:"
+Write-Host "  rasdial `"$VpnName`" /disconnect"
+Write-Host ""
+Write-Host "At Login Screen:"
+Write-Host "  1. Click network icon (bottom right)"
+Write-Host "  2. Select '$VpnName'"
+Write-Host "  3. Click 'Connect'"
+Write-Host "  4. VPN will connect before you log in"
+Write-Host ""
+
+# Test connection
+Write-Host "Would you like to test the connection now? (Y/N)"
+$test = Read-Host
+if ($test -eq 'Y' -or $test -eq 'y') {
+    Write-Host ""
+    Write-Host "Testing VPN connection..."
+    Write-Host "=========================================="
+    rasdial $VpnName $Username $Password
+
+    Write-Host ""
+    Write-Host "Waiting 3 seconds..."
+    Start-Sleep -Seconds 3
+
+    Write-Host ""
+    Write-Host "Connection Status:"
+    Get-VpnConnection -Name $VpnName -AllUserConnection | Select-Object Name, ConnectionStatus, ServerAddress
+
+    Write-Host ""
+    Write-Host "Disconnecting..."
+    rasdial $VpnName /disconnect
+
+    Write-Host "[OK] Test complete"
+    Write-Host ""
+}
+
+Write-Host "=========================================="
+Write-Host "[SUCCESS] VPN setup complete!"
+Write-Host "=========================================="
+Write-Host ""
+Write-Host "You can now:"
+Write-Host "  - Connect from PowerShell: rasdial `"$VpnName`""
+Write-Host "  - Connect from login screen before logging in"
+Write-Host "  - Connect from Windows network menu"
+Write-Host ""