wiki: compile peaceful-spirit (full) — Syncro refresh, VSS + address, root-log provenance

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-07-03 12:30:08 -07:00
parent 6cb90c5b09
commit 727a0757f6
2 changed files with 12 additions and 5 deletions

View File

@@ -2,8 +2,8 @@
type: client
name: peaceful-spirit
display_name: Peaceful Spirit Therapeutic Massage
last_compiled: 2026-07-02
compiled_by: GURU-5070/claude-main (update: deletion-report location)
last_compiled: 2026-07-03
compiled_by: HOWARD-HOME/claude-main (full: Syncro refresh + root-log provenance + VSS/address)
sources:
- clients/peaceful-spirit/session-logs/2026-05-10-recovered-setup-radius-authentication-for-vpn-access.md
- clients/peaceful-spirit/session-logs/2026-05-10-session.md
@@ -17,6 +17,9 @@ sources:
- clients/peaceful-spirit/session-logs/2026-07/2026-07-01-mike-pst-deletion-scope-shelton-admin-acl.md
- clients/peaceful-spirit/AD-DC2-REBUILD-RUNBOOK.md
- session-logs/2026-06/2026-06-29-mike-dataforth-nwtoc-pst-deletion-scope-birthbio-corruption.md
- session-logs/2026-06/2026-06-29-mike-birthbio-repatriation-and-pst-soap-recovery.md
- session-logs/2026-07/2026-07-02-mike-pst-reports-ezfag-tags-unifi-adoption-bardach.md
- session-logs/2026-07/2026-07-02-mike-crowdstrike-rollout-365-appsuite.md
- clients/peaceful-spirit/server.sops.yaml (vault)
- clients/peaceful-spirit/server2.sops.yaml (vault)
- clients/peaceful-spirit/vpn.sops.yaml (vault)
@@ -35,7 +38,7 @@ Massage therapy practice with two sites: Country Club (CC, primary — all serve
- **Business name (Syncro):** Peaceful Spirit Massage (NOT "...Therapeutic Massage" — ID-based lookup required)
- **Syncro customer ID:** `278525`
- **Address:** 6650 N Oracle #100, Tucson
- **Addresses (two sites):** CC / Country Club (primary — all server infrastructure): 2930 N Country Club Rd, Tucson AZ (Syncro primary address). NW / Northwest: 6650 N Oracle #100, Tucson AZ.
- **Primary contact:** Mara Concordia (owner/operator); generic contact email `info@bestmassageintucson.com`; personal Microsoft account `mara.concordia@gmail.com` (OneDrive). Domain user: `mara`.
- **Other key staff:** Bridgette (BridgetteSH); Christine Z (ChristineZ); Calista A (CalistaA); Leslie W (leslieW); Sarah M (SarahM); Katie B (katieb); Sharon S (SharonS); PSTAdmin.
- **Contract type:** Break-fix / T&M (verify — recent invoices per-ticket ~$150300/visit, plus a recurring ~$195.19/month line item; no retainer contract confirmed)
@@ -150,6 +153,10 @@ Client SOAP-note and business files reside on **PST-SERVER G:\Shares**. The @Cli
- **Status 2026-07-01:** running normally (the 6/29 stop-for-restores self-resumed).
- **Caveat:** `cbb list` is unreliable on comma/space folder paths (false zeros, timeouts on large trees). Use restore-to-staging + local diff for any deletion-scope investigation.
### VSS Shadow Copies (PST-SERVER G:)
Local point-in-time recovery / self-service "Previous Versions" on the data volume, deployed as the near-line complement to the B2 backup (confirmed 2026-07-02). Volume Shadow Copies enabled on **G:** with a **69.8 GB** storage cap and roughly **4 snapshots/day** (observed schedule ~6a / 12p / 1p / 6p). Provides fast in-place rollback of individual files/folders without a B2 restore, and is the "Option 2" alternative to the (NTFS-impossible) recycle-bin design Mara requested. Note: after the 2026-06-13 trim, older snapshots were pruned — earliest snapshot ranges have been observed as recent as 6/256/28, so VSS is a short-window safety net, not long-term retention (that role is B2 / MSP360). The Security event log backing the deletion audit is sized to **128 MB max** on PST-SERVER.
### NTFS Access Control (G:\Shares\Scanned)
ACL root is `G:\Shares\Scanned`; permissions inherit to `@Clients` and subdirectories. Hardened 2026-07-01. ACL backup on server: `C:\PST-Recovery\acl-backup-scanned-20260701-072725.txt`.

View File

@@ -1,6 +1,6 @@
# Wiki Index
Last updated: 2026-07-02
Last updated: 2026-07-03
Compiled by: HOWARD-HOME/claude-main
This wiki is LLM-maintained. Do not edit articles manually — run `/wiki-compile` to update.
@@ -32,7 +32,7 @@ Run `/wiki-lint` to check for stale entries and broken backlinks.
| [Pavon](clients/pavon.md) | Former/archive client; GeoVision NVR surveillance; OwnCloud at 172.16.3.22 backed by Uranus; cron stacking fixed; Nextcloud migration deferred 36 months | 2026-05-24 |
| [Rieusset Corp (Tom Sorensen)](clients/rieusset-corp.md) | Small business; email hosted on Neptune Exchange (4 mailboxes: tsorensen, tomrc, ojodeagua, csorensen @rieussetcorp.com); Mailprotector domain ID 57833; outbound via SBR Outbound.Sorensen connector; clipto.com allow rule added 2026-06-08 | 2026-06-08 |
| [Rednour Law Offices](clients/rednour.md) | Law firm (break-fix/T&M, prepay 0); M365 rednourlaw.com (tenant 4a4ca18a) onboarded, 5 ComputerGuru SPs consented, no MDE license; 3 Win workstations GuruRMM-enrolled (all RED, prior MSP agents pending removal) — **all three now on Win 11** (LEGALASST + Carrie/REDNOURCARRIEVI upgraded 2026-06-29); REDNOURCARRIEVI hosts the firm's peer-to-peer SMB shares (Nick's Mac access done 2026-06-25); **Carrie's Win11 upgrade root cause = corrupt download (`ks.sys` 0x80070570 -> SAFE_OS 0x8007000D); fixed via fresh Media Creation Tool media — done in-shop, build 26200**; GuruRMM **works** on the Windows boxes (earlier "not working" disproved); macOS RMM agent still won't enroll (site code-vs-UUID bug, coord 6f2d22be); `endpointprotection.exe` = Datto AV (Defender RTP off by design); #32368 invoiced #67912 $669.55 (Nick = no charge); plaintext local-account creds from Syncro notes vaulted (clients/rednour/local-accounts) | 2026-06-30 |
| [Peaceful Spirit Therapeutic Massage](clients/peaceful-spirit.md) | Massage therapy, two sites (Country Club + Northwest); break-fix, Syncro 278525, 31 assets; **two-DC domain** — PST-SERVER (192.168.0.2, 2016 Essentials, all FSMO) + PST-SERVER2 (192.168.1.5, rebuilt 6/13 from past-tombstone state, NW) with DFS-R (PST-DFS, ~221/265 GB) — **Gate 4 blocked: SERVER2 flapping (NW power/UPS/net)**; L2TP/IPsec RRAS VPN complete (6 GuruRMM agents); **JuneJuly 2026 file-deletion investigation** — 47,749 files gone from `@Clients` since 6/24 but ~93% duplicate cleanup, **~3,342 genuine recoverable** from MSP360/B2 staging (Glennda trigger = misspelled duplicate, canonical folder intact; 6/29/2025 restore point purged by 365-day retention); **Admin1/Admin2 NTFS hardening** on G:\Shares\Scanned (fixed inverted group nesting; Admin1 = RX,W + deny-delete, Admin2 = Full); vault drift open (pst-admin password) | 2026-07-02 |
| [Peaceful Spirit Therapeutic Massage](clients/peaceful-spirit.md) | Massage therapy, two sites (Country Club 2930 N Country Club Rd + Northwest 6650 N Oracle); break-fix, Syncro 278525, 31 assets; **two-DC domain** — PST-SERVER (192.168.0.2, 2016 Essentials, all FSMO) + **PST-DC-NW (192.168.1.5, new 2019 Std physical server, replaced dead PST-SERVER2 on 7/2)** with DFS-R (PST-DFS) — **Gate 4 blocked on initial ~265 GB sync** over S2S VPN; L2TP/IPsec RRAS VPN complete (GuruRMM agents); data protection = B2/MSP360 "Files Backup 2025" + VSS shadow copies on G: + daily deletion-audit report (SACL 4660/4663 → HTML in the legal folder); **JuneJuly 2026 file-deletion investigation** — 47,749 files gone from `@Clients` since 6/24 but ~93% duplicate cleanup, **~3,342 genuine recoverable** from MSP360/B2 staging (Glennda trigger = misspelled duplicate, canonical folder intact; 6/29/2025 restore point purged by 365-day retention); **Admin1/Admin2 NTFS hardening** on G:\Shares\Scanned (fixed inverted group nesting; Admin1 = RX,W + deny-delete, Admin2 = Full); vault drift open (pst-admin password) | 2026-07-03 |
| [Patriot Internal Medicine](clients/patriot-internal-medicine.md) | Medical practice, two locations (Tucson + Sonoita); GuruRMM client+sites provisioned 2026-06-18 (Tucson: NORTH-WOLF-6270, Sonoita: LIGHT-HARBOR-9617); no agents deployed yet; enrollment keys vaulted; infrastructure discovery pending | 2026-06-18 |
| [Sombra Residential LLC](clients/sombra-residential.md) | Property management; Server2013 (actually WS2012 EOL, unpatched) + DESKTOP-UQRN4K3 GuruRMM enrolled; Transwiz migration artifacts cause Office credential prompts | 2026-05-24 |
| [Stamback Septic](clients/stamback-septic.md) | Septic services; prepaid block ~3.5 hrs remaining; DESKTOP-BTR2AM3 + StambackLaptopNew GuruRMM enrolled; OneDrive identity wipe pattern documented | 2026-05-24 |