azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sync: auto-sync from GURU-5070 at 2026-06-03 11:52:45

Browse Source 
Author: Mike Swanson
Machine: GURU-5070
Timestamp: 2026-06-03 11:52:45
This commit is contained in:
Mike Swanson
2026-06-03 11:52:50 -07:00
parent 6228793152
commit 6de0ce6098
45 changed files with 1452 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

109
wiki/clients/glaztech.md
View File

@@ -2,14 +2,17 @@
type: client
name: glaztech
display_name: Glaz-Tech Industries
last_compiled: 2026-06-02
last_compiled: 2026-06-03
compiled_by: DESKTOP-0O8A1RL/claude-main
sources:
- clients/glaztech/session-logs/2026-04-20-session.md
- clients/glaztech/session-logs/2026-04-21-session.md
- clients/glaztech/session-logs/2026-05-28-session.md
- clients/glaztech/session-logs/2026-06-02-session.md
- clients/glaztech/session-logs/2026-06-03-session.md
- clients/glaztech/reports/2026-04-17-phishing-incident-report.md
- clients/glaztech/reports/2026-06-03-pci-cardholder-data-finding.md
- clients/glaztech/reports/2026-06-03-website-security-assessment.md
- clients/glaztech/PROJECT_STATE.md
- clients/glaztech/README.md
backlinks: []
@@ -23,7 +26,8 @@ backlinks: []
- **Key contacts:** Steve Eastman — seastman@glaztech.com — internal IT, ~200 users, 9 locations. Desktop-level tech; guides technical direction, ACG implements.
- **Billing rate:** [unverified — not recorded in session logs]
- **Syncro customer ID:** 143932
- **Active tickets:** #32176 (DMARC override, Invoiced), #32186 (M365 Security Review / MFA, In Progress as of 2026-04-21)
- **Active tickets:** #32186 (M365 Security Review / MFA, In Progress as of 2026-04-21), #32376 (Apex 404 + redirect, Resolved, 2026-06-03), #32377 (CyberSource TLS payment outage, Resolved, 2026-06-03), #32378 (Security assessment / PCI remediation, In Progress as of 2026-06-03)
- **Prepaid block remaining:** ~22.25 hrs (drew 26.5 → 22.25 on 2026-06-03)
- **GuruRMM client ID:** d857708c-5713-4ee5-a314-679f86d2f9f9
- **GuruRMM site:** SLC - Salt Lake City (Site ID: 290bd2ea-4af5-49c6-8863-c6d58c5a55de)
@@ -31,13 +35,19 @@ backlinks: []
### Servers & Services
No dedicated on-premises server infrastructure documented. Multi-site Windows environment (~200 users, 9 locations). Active Directory confirmed (OUs referenced in deployment scripts). IP range: 192.168.0.0/24 through 192.168.9.0/24 (10 site subnets, one per site).
Multi-site Windows environment (~200 users, 9 locations). Active Directory confirmed (OUs referenced in deployment scripts). IP range: 192.168.0.0/24 through 192.168.9.0/24 (10 site subnets, one per site).
| Server | Role | OS / Build | Local IP | Public IP | Notes |
|---|---|---|---|---|---|
| WWW | IIS web server — customer/e-commerce site | Windows Server 2019 Standard, build 10.0.17763.8755 (patched ~May 2026) | 192.168.8.72 | 65.113.52.88 | IIS 10.0, .NET 4.8; site `glaztech_new` at `D:\web\glaztech_4`; full VB.NET source on disk (not precompiled); LE cert CN=www.glaztech.com, SAN apex+www, exp 2026-08-19 via Certify The Web (HTTP-01); GuruRMM agent 455a1bc7-1c29-42bc-b597-fa1e64f08eec; **doubles as dev workstation** (VS 2015+2022 installed — see Security Posture) |
| SQL backend | SQL Server — 15 per-office databases + Sage 100 + TimeForce | [unverified — Server 2019 assumed, co-located with Glaztech infra] | 192.168.8.62,3436 | — | Login `tom` (creds in site Web.config, NOT vaulted); DBs: glaz_prod (tuc), glaz_prod_phx, glaz_prod_slc, glaz_prod_elp, glaz_prod_den, glaz_prod_alb, glaz_prod_boi, glaz_prod_brl, glaz_prod_shp, glaz_prod_corp + mas_gti (Sage 100) + qqest (TimeForce) |
| Service | Details | Notes |
|---|---|---|
| M365 tenant | glaztechindustries.onmicrosoft.com | ~200 users, basic licensing (no Entra P1) |
| Exchange Online | glaztech.com | MailProtector inbound filter (MX 5 primary) |
| Active Directory | glaztech.com domain | [unverified — AD inferred from OU references in scripts] |
| Payment processing | CyberSource REST (api.cybersource.com/pts/v2/payments) — PNC merchant processor for card payments; CyberSource SOAP toolkit for eCheck/ACH (cybs.log) | Card path: online-payment-pnc.aspx; eCheck path: ach.aspx; card-on-file auto-pay via gt_auto_process_2020.dll |
### Email & Identity
@@ -98,7 +108,74 @@ Note on Priority 1: The "GTIMail No-Reply - Reject Inbound" rule rejects ALL inb
- **Exchange Operator vault:** `msp-tools/computerguru-exchange-operator.sops.yaml`
- **Token acquisition:** `bash .claude/skills/remediation-tool/scripts/get-token.sh <tenant-id> exchange-op``Connect-ExchangeOnline -AccessToken $token -Organization 'glaztechindustries.onmicrosoft.com'`
- **DNS access:** `root@172.16.3.10` (IX server)
- **Deploy (endpoints):** ScreenConnect or GuruRMM
- **Deploy (endpoints):** GuruRMM (preferred) or ScreenConnect
- **MailProtector / CloudFilter partner portal:** NO credentials in vault — manual partner-portal login required for any MailProtector changes (provisioning, spam summary enable). Consider vaulting.
- **Glaztech SQL login (`tom`):** present in `D:\web\glaztech_4\Web.config` connectionStrings — NOT in vault. Read-only access for assessment only; do NOT use outside of authorized sessions.
## Security Posture — CRITICAL (Active Issue — Ticket #32378)
**Classification: CONFIDENTIAL/Security.** Full detail in:
- `clients/glaztech/reports/2026-06-03-pci-cardholder-data-finding.md`
- `clients/glaztech/reports/2026-06-03-website-security-assessment.md`
A full read-only security assessment of the Glaztech e-commerce web application and SQL backend was performed 2026-06-03. Overall risk: **CRITICAL**. Key findings (no card numbers or passwords are reproduced here):
### Cardholder Data — PCI-DSS Violations (Req 3.2 + 3.4)
- **`cc_file` (~780 saved cards):** Full PAN stored in plaintext in every per-office database (`glaz_prod`, `glaz_prod_phx`, `glaz_prod_slc`, `glaz_prod_elp`, `glaz_prod_den`, `glaz_prod_alb`, `glaz_prod_boi`, `glaz_prod_brl`, `glaz_prod_shp`, `glaz_prod_corp`). Zero encrypted rows. `cc_file.cc_code` retains CVV/CID (50/54 rows in tuc; mirrors expected in all offices). **CVV retention is a PCI Req 3.2 violation — indefensible; no exception even if encrypted.**
- **`cof_payments_header` (historical payments):** Phoenix alone: 14,496 rows, 11,794 plaintext PANs. Tuc: 2,245 rows, ~367 plaintext + ~597 formatted. Years of transaction history with recoverable card numbers.
- **Why cards are stored:** Card-on-file invoice auto-pay. `i_get_cc_on_file_invoices` joins `invoice` × `cc_file`; `gt_auto_process_2020.dll` reads stored PANs and bills them via CyberSource. Stale copies in `Old_bin`/`Old_code\Bin`. **Feature can be preserved by migrating to CyberSource token vault — store a token reference instead of the raw PAN.**
- **Containment:** Exposure is limited to the 15 custom web-app databases on 192.168.8.62. The Sage 100 ERP DB (`mas_gti`) uses proper tokenization (`CreditCardGUID`, `Last4Unencrypted`, `EncryptedCreditCardNo`) and is materially compliant. **Database backups also contain plaintext PANs — cleanup must address backups, not just live data.**
### Authentication — Plaintext Passwords
- `web_security` table: ~9,000+ plaintext customer passwords (corp 6,017 + tuc 3,012 confirmed, other offices expected); 0 hash-like values; lengths 319 chars; no complexity enforcement.
- Auth stored proc `get_web_accesslevel`: `WHERE acct_no=@username AND web_password=@passwd` — direct plaintext comparison.
- Employee "forgot password" flow emails the user their existing plaintext password — possible only with reversible/plaintext storage.
- No account lockout, no rate-limiting; username = customer account number (guessable).
### SQL Injection — `quo()` Helper
```vb
Function quo(stext) As String
Return "'" + stext + "'" ' wraps in quotes, does NOT escape embedded quotes
End Function
```
Used to build concatenated dynamic SQL in payment pages (`ach.aspx.vb`, `quick-pay-ach.aspx.vb`, `quick-pay-pnc.aspx.vb`, `quick-pay.aspx.vb`, `order-detail*`). 59 concatenated SQL statements identified (~10 joining user input). The login path itself is parameterized (sproc) and not injectable; 948 parameterized calls elsewhere. **Any input containing `'` breaks out and allows injection; a logged-in attacker can UNION-inject full PANs + CVV.**
### Other Critical/High Findings
| Finding | Severity |
|---|---|
| Reflected XSS: `gt_errorpage.aspx``errmsg` query param → `lblerr.Text` unencoded | High |
| `debug="true"` + `customErrors=Off` + exceptions echoed to users in URLs | High |
| Production server is also a dev workstation: VS Community 2015 + 2022, .NET 8 SDKs, MSBuild, IIS Express, full VB.NET source on disk | High |
| Remote-access sprawl: RealVNC Enterprise E4.2.8 (~2009, EoL), stale ScreenConnect v6.0.11622 (2018), Splashtop, Datto RMM+EDR, Syncro, GuruRMM (6+ agents) | High |
| Server listener accepts TLS 1.0 + 1.1 (SChannel Enabled=1) | High |
| Single shared SQL login (`tom`) with full read on card + password columns; creds in `Web.config` in cleartext | High |
| No Secure/HttpOnly cookies; no session regeneration on login; session-fixation risk | High |
### Attack Chain Summary
Obtain a customer login (LOW difficulty — no lockout, guessable username = account number, plaintext passwords as short as 3 chars) → access payment pages → SQL inject with `quo()` to UNION-dump `cc_file` → full PAN + CVV for all saved cards in the office, plaintext. **Every compensating control (lockout, password hashing, PAN encryption, parameterized queries) is absent; first failure is last failure.**
### Remediation Roadmap (Ticket #32378 — In Progress)
**Now (days):**
1. Purge stored CVV (`cc_file.cc_code`, backup-first — needs Tom/Steve explicit sign-off)
2. `debug="false"` + `customErrors="On"`; HTML-encode `gt_errorpage.aspx`; stop echoing exception text to users
3. Remove RealVNC 4.2.8 and stale ScreenConnect v6
4. Disable TLS 1.0/1.1 on the IIS/SChannel listener
**Short term (weeks):**
5. Hash all passwords (PBKDF2/bcrypt/Argon2); replace email-the-password flow with reset-token flow; force global reset
6. Parameterize all concatenated SQL in payment pages; delete `quo()`
7. Add Secure+HttpOnly cookies, session regeneration on login, login throttling/lockout
8. Migrate card-on-file to CyberSource token vault; purge/encrypt historical `cc_number` columns; address backups
**Structural:**
9. Separate dev from production; deploy precompiled; remove SDKs/IDE/source from prod host
10. Least-privilege SQL accounts; secret management for Web.config connection strings; TDE at rest; re-scope merchant PCI SAQ after remediation
## Patterns & Known Issues
@@ -114,6 +191,11 @@ Note on Priority 1: The "GTIMail No-Reply - Reject Inbound" rule rejects ALL inb
- **glassservices.com SPF broken:** `bossier@glassservices.com` publishes `v=spf1 -all` — rejected by all mail providers. SCL=-1 rule covers this as a workaround. Steve should notify vendor to fix SPF.
- **Client tone:** ACG has managed GlazTech ~15 years. Steve Eastman is a trusted internal IT partner. Comments and communication should lead with what we know, state findings and actions taken, ask only one targeted question if needed — not open-ended discovery.
- **Unlicensed accounts (pending Steve confirmation):** Chauntelle@glaztech.com, Denouser1@glaztech.com, Gti-FaxFinder@glaztech.com.
- **IIS apex binding — always add both http:80 and https:443 for the bare domain:** The glaztech_new IIS site originally had only a www host-header binding. Apex (glaztech.com) returned 404 from HTTP.sys (not a 301 redirect, a real 404) because no binding matched. Fix: add `http/IP:80:glaztech.com` + `https/IP:443:glaztech.com` bindings reusing the existing SAN cert. When adding HTTP→HTTPS redirect via URL Rewrite, always include a negate condition on `/.well-known/acme-challenge/` so Certify The Web (HTTP-01) LE renewals are not blocked.
- **Legacy .NET + modern payment gateway TLS:** .NET Framework 4.x apps on Windows Server 2019 do NOT automatically use TLS 1.2 unless the registry keys `SchUseStrongCrypto=1` + `SystemDefaultTlsVersions=1` are set under BOTH `HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319` AND `HKLM\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319`. Payment gateways (CyberSource, etc.) that drop TLS 1.0/1.1 will silently fail with "Could not create SSL/TLS secure channel" without this fix. App pool recycle required after registry change. Verify via the payments DB (look for fresh approvals), not just a TLS probe.
- **MailProtector digest provisioning is per-mailbox on the MailProtector side:** The SCL=-1 transport rule (Priority 4) ensures digest emails from `noreply@azcomputerguru.com` are not spam-filtered by EOP — but a mailbox that was never provisioned in MailProtector will never receive a digest regardless of EOP rules. Confirmed via message trace (shannon@glaztech.com: 629 digests sent to ~60 recipients over 10 days, 0 to Shannon). Fix is on the MailProtector partner portal — no Exchange change needed.
- **Glaztech custom web app — stored card feature requires tokenization to remediate safely:** Cards in `cc_file` are there for auto-pay via `gt_auto_process_2020.dll`. Deleting the PANs without a replacement breaks the auto-billing feature. The safe path is CyberSource token vault migration (tokenize on write, replace stored PAN with token, update `gt_auto_process` to bill by token). Quick win: purge CVV (`cc_code`) immediately — this has no functional impact and is the fastest PCI Req 3.2 remediation.
- **Glaztech SQL login (`tom`) + Web.config creds are NOT in the SOPS vault.** Do not commit these credentials. If future automation needs SQL access, vault them first.
## Active Work
@@ -139,9 +221,21 @@ Waiting on Steve's reply to:
MFA rollout plan: Phase 1 — user communication (install Authenticator); Phase 2 — enable enforcement; Phase 3 — follow-up stragglers; Phase 4 (future/P1) — Conditional Access with trusted IPs for office locations.
### Website Security Remediation (Ticket #32378 — In Progress)
Security assessment complete 2026-06-03. Awaiting Mike/Steve direction to begin remediation. See Security Posture section and reports in `clients/glaztech/reports/` for full detail. Key actions queued but not yet executed (require client sign-off):
- Purge CVV from `cc_file.cc_code` (backup-first; needs explicit go-ahead from Tom)
- `debug="false"` + `customErrors="On"` — can apply quickly with low risk
- Remove RealVNC 4.2.8 and stale ScreenConnect v6
- Disable TLS 1.0/1.1 on IIS/SChannel listener
### gtimail@glaztech.com Daily Digest Failure (Pending — review with Steve)
The "GTIMail No-Reply - Reject Inbound" transport rule (Priority 1) rejects all inbound mail to `gtimail@glaztech.com`, causing the daily MailProtector digest for that address to fail every day. This is a pre-existing rule and was not modified during the 2026-06-02 session. Confirm with Steve Eastman whether `gtimail@glaztech.com` should receive MailProtector digests — if so, the rule needs an exception or the recipient needs to be removed from the MailProtector digest list.
The "GTIMail No-Reply - Reject Inbound" transport rule (Priority 1) rejects all inbound mail to `gtimail@glaztech.com`, causing the daily MailProtector digest for that address to fail every day. This is a pre-existing rule and was not modified. Confirm with Steve Eastman whether `gtimail@glaztech.com` should receive MailProtector digests — if so, the rule needs an exception or the recipient needs to be removed from the MailProtector digest list.
### shannon@glaztech.com — MailProtector Digest Not Received (Pending — MailProtector portal)
Message trace confirmed shannon@glaztech.com receives no MailProtector digests at all (0 of 629 digests over 10 days). This is a MailProtector-side provisioning issue — she is not provisioned/enabled in the MailProtector spam summary settings. No Exchange change needed. Fix: log into the MailProtector partner portal and enable the Spam Summary for shannon@glaztech.com. No vault credentials exist for MailProtector — manual portal access only.
### Pending follow-ups
@@ -153,6 +247,8 @@ The "GTIMail No-Reply - Reject Inbound" transport rule (Priority 1) rejects all
- Notify Steve: glassservices.com vendor needs to fix their SPF record (`v=spf1 -all`)
- Harts Glass original rejected emails need to be resent by sender — our SCL bypass is live but NDR'd messages do not auto-retry
- Consider creating retroactive Syncro ticket for 2026-05-28 SHVSALES email delivery work
- Monitor continued card payment success on WWW after 2026-06-03 TLS fix (verify `web_payment_header` for ongoing approvals)
- Tom code fallback (`ServicePointManager.SecurityProtocol = Tls12` in app code) staged but not deployed — can apply if registry fix ever regresses
## History Highlights
@@ -162,7 +258,8 @@ The "GTIMail No-Reply - Reject Inbound" transport rule (Priority 1) rejects all
- **2026-04-20** — Exchange transport rule created to allow clearcutglass.com mail (DMARC bypass, SCL=-1) while Team Logic IT fixed their DNS. Ticket #32176 created.
- **2026-04-21** — clearcutglass.com DNS fixed by Team Logic IT (Jordan Fox). Transport rule removed. External Global Admin (glaztechadmin from tomakkglass.com / Team Logic IT) removed from tenant. M365 security review surfaced: no MFA, 38 OAuth grants, unlicensed accounts, service account audit needed. Ticket #32186 opened for MFA implementation. Feedback: use expert-partner tone with Steve, not open-ended discovery questions.
- **2026-05-28** — SHVSALES@glaztech.com vendor email delivery failure. Root cause: vendors (centurytel.net, eastexglass.com) publish DMARC p=reject; Enhanced Filtering re-evaluates past MailProtector relay, producing 550 5.7.509 NDR. Fix: two SCL=-1 transport rules created (Priority 2: specific addresses for hartsglass, olemons, SSales, bossier; Priority 3: aaaglassinc.com domain). glassservices.com SPF broken (`-all`) — workaround only, vendor must fix.
- **2026-06-02** — MailProtector quarantine digest messages from `noreply@azcomputerguru.com` confirmed hitting `FilteredAsSpam` for some recipients (e.g., tshaw@glaztech.com). Transport rule created: "SCL Bypass - noreply@azcomputerguru.com (MailProtector digests)" at Priority 4 (From=noreply@azcomputerguru.com, SetSCL=-1). Message trace via `Get-MessageTraceV2` also revealed `gtimail@glaztech.com` failing daily due to pre-existing Priority 1 reject rule — flagged for Steve review.
- **2026-06-02** — MailProtector quarantine digest messages from `noreply@azcomputerguru.com` confirmed hitting `FilteredAsSpam` for some recipients (e.g., tshaw@glaztech.com). Transport rule created: "SCL Bypass - noreply@azcomputerguru.com (MailProtector digests)" at Priority 4 (From=noreply@azcomputerguru.com, SetSCL=-1). Message trace via `Get-MessageTraceV2` also revealed `gtimail@glaztech.com` failing daily due to pre-existing Priority-1 reject rule — flagged for Steve review.
- **2026-06-03** — Three tickets on web server `WWW` (192.168.8.72 / 65.113.52.88), all via GuruRMM. (1) **Apex 404 emergency:** glaztech.com returned 404 (IIS site `glaztech_new` had www-only binding); added apex http:80+https:443 bindings (cert SAN already covered apex), then added HTTP→HTTPS 301 URL Rewrite redirect with `/.well-known/acme-challenge/` exclusion (Certify/LE HTTP-01 renewal safe). `web.config.bak-20260603-090701` created. Ticket #32376 — Resolved, 1h remote. (2) **CyberSource payment outage ("Could not create SSL/TLS secure channel"):** CyberSource (PNC merchant processor) disabled TLS 1.0/1.1; .NET 4.x on Server 2019 defaulted to old TLS. Fix: `SchUseStrongCrypto=1` + `SystemDefaultTlsVersions=1` in both `.NETFramework\v4.0.30319` hives + app pool `glaztech_new` recycle. Verified via payments DB (credit-card approval at 09:36 post-fix). Ticket #32377 — Resolved, 1.5h emergency remote. (3) **Security assessment:** read-only deep inspection of IIS config, VB.NET source, and SQL backend revealed CRITICAL posture: full PANs + CVV plaintext, ~9,000+ plaintext passwords, SQL injection via `quo()` helper in payment pages, reflected XSS, debug mode on, dev workstation on prod, RealVNC 4.2.8, TLS 1.0/1.1 listener, single shared SQL login. Exposure contained to custom web-app DBs (not Sage 100 which tokenizes). Two reports created. Ticket #32378 opened and left In Progress for remediation. Billed 1h remote. Prepaid block: 26.5 → 22.25 hrs. Also: shannon@glaztech.com digest-not-received confirmed as MailProtector provisioning issue (not Exchange) — requires MailProtector partner-portal fix.
## Backlinks

4
wiki/index.md
View File

@@ -25,7 +25,7 @@ Run `/wiki-lint` to check for stale entries and broken backlinks.
| [ACG Internal Infrastructure](clients/internal-infrastructure.md) | ACG's own hosting infra — Neptune Exchange (cert expires 2026-05-31, DkimSigner disabled), IX server, Cloudflare tunnel workaround, ACG M365 tenant gaps | 2026-05-24 |
| [BirthBiologic](clients/birth-biologic.md) | Bio/healthcare; BB-SERVER (WS2016) GuruRMM enrolled; Datto→SharePoint migration incomplete; M365 apps partially consented | 2026-05-24 |
| [CryoWeave](clients/cryoweave.md) | Custom cryogenic cable assemblies; cPanel on IX; website redesign + SEO project in progress; Syncro ID not documented | 2026-05-24 |
| [Glaz-Tech Industries](clients/glaztech.md) | ~200 users, 9 locations; M365; two phishing campaigns bypassed MailProtector via secondary MX (removed); no MFA enforcement yet; SCL bypass rules for vendor DMARC failures + MailProtector digests | 2026-06-02 |
| [Glaz-Tech Industries](clients/glaztech.md) | ~200 users, 9 locations; prepaid ~22.25 hrs; web server WWW (192.168.8.72 / 65.113.52.88) — IIS 10/VB.NET e-commerce; CRITICAL security posture (plaintext PANs+CVV, plaintext passwords, SQLi, XSS); apex 404 fixed + payment TLS fixed 2026-06-03; #32378 open for PCI remediation; M365 no MFA; SCL bypass rules for vendor DMARC + MailProtector digests | 2026-06-03 |
| [Grabb & Durando Law Office](clients/grabb-durando.md) | Personal injury law firm; GND-SERVER GuruRMM enrolled; AI demand review app scoped ($4K$7K); website migration pending; plaintext DB password in README needs vaulting | 2026-05-24 |
| [Pavon](clients/pavon.md) | Former/archive client; GeoVision NVR surveillance; OwnCloud at 172.16.3.22 backed by Uranus; cron stacking fixed; Nextcloud migration deferred 36 months | 2026-05-24 |
| [Rednour Law Offices](clients/rednour.md) | Law firm; M365 rednourlaw.com (tenant 4a4ca18a) fully onboarded 2026-05-31; all 5 ComputerGuru SPs consented; no MDE license; 3 workstations GuruRMM enrolled (FRONTDESKRECEPT/LEGALASST/REDNOURCARRIEVI); Carla Skinner renamed from Emma; prior MSP agents (ScreenConnect/Splashtop/Datto) still present; shared-drive access for Nick Pafford deferred | 2026-06-02 |
@@ -88,7 +88,7 @@ Run `/wiki-lint` to check for stale entries and broken backlinks.
| Instrumental Music Center | IMC1 (192.168.0.2), phantom DC ServerIMC (192.168.0.63 — DNS-only, do not use) | GuruRMM (IMC1 enrolled) |
| Valley Wide Plastering | VWP_ADSRVR (192.168.0.25), VWP-QBS (172.16.9.169), HP DL360 iLO (172.16.9.125), UDM (172.16.9.1) | — |
| BirthBiologic | BB-SERVER (WS2016, GuruRMM enrolled) | GuruRMM |
| Glaz-Tech Industries | M365, ~200 users, 9 locations | — |
| Glaz-Tech Industries | M365, ~200 users, 9 locations; WWW (192.168.8.72 / 65.113.52.88, IIS 10 / .NET 4.8, GuruRMM agent 455a1bc7); SQL backend (192.168.8.62,3436); CyberSource REST (PNC merchant) | GuruRMM (WWW agent enrolled) |
| Grabb & Durando Law Office | GND-SERVER (WS2019, GuruRMM enrolled) | GuruRMM; AI demand review app (scoped) |
| Pavon | OwnCloud VM (172.16.3.22), Uranus /Archive storage | — |
| Peaceful Spirit | PST-SERVER (192.168.0.2, GuruRMM enrolled), UCG (98.190.129.150) | GuruRMM |