From 727a0757f65bea2eb1d3362983b1fdd00af3bad7 Mon Sep 17 00:00:00 2001 From: Howard Enos Date: Fri, 3 Jul 2026 12:30:08 -0700 Subject: [PATCH] =?UTF-8?q?wiki:=20compile=20peaceful-spirit=20(full)=20?= =?UTF-8?q?=E2=80=94=20Syncro=20refresh,=20VSS=20+=20address,=20root-log?= =?UTF-8?q?=20provenance?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-Authored-By: Claude Opus 4.8 (1M context) --- wiki/clients/peaceful-spirit.md | 13 ++++++++++--- wiki/index.md | 4 ++-- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/wiki/clients/peaceful-spirit.md b/wiki/clients/peaceful-spirit.md index b3dca71c..e170d645 100644 --- a/wiki/clients/peaceful-spirit.md +++ b/wiki/clients/peaceful-spirit.md @@ -2,8 +2,8 @@ type: client name: peaceful-spirit display_name: Peaceful Spirit Therapeutic Massage -last_compiled: 2026-07-02 -compiled_by: GURU-5070/claude-main (update: deletion-report location) +last_compiled: 2026-07-03 +compiled_by: HOWARD-HOME/claude-main (full: Syncro refresh + root-log provenance + VSS/address) sources: - clients/peaceful-spirit/session-logs/2026-05-10-recovered-setup-radius-authentication-for-vpn-access.md - clients/peaceful-spirit/session-logs/2026-05-10-session.md @@ -17,6 +17,9 @@ sources: - clients/peaceful-spirit/session-logs/2026-07/2026-07-01-mike-pst-deletion-scope-shelton-admin-acl.md - clients/peaceful-spirit/AD-DC2-REBUILD-RUNBOOK.md - session-logs/2026-06/2026-06-29-mike-dataforth-nwtoc-pst-deletion-scope-birthbio-corruption.md + - session-logs/2026-06/2026-06-29-mike-birthbio-repatriation-and-pst-soap-recovery.md + - session-logs/2026-07/2026-07-02-mike-pst-reports-ezfag-tags-unifi-adoption-bardach.md + - session-logs/2026-07/2026-07-02-mike-crowdstrike-rollout-365-appsuite.md - clients/peaceful-spirit/server.sops.yaml (vault) - clients/peaceful-spirit/server2.sops.yaml (vault) - clients/peaceful-spirit/vpn.sops.yaml (vault) @@ -35,7 +38,7 @@ Massage therapy practice with two sites: Country Club (CC, primary — all serve - **Business name (Syncro):** Peaceful Spirit Massage (NOT "...Therapeutic Massage" — ID-based lookup required) - **Syncro customer ID:** `278525` -- **Address:** 6650 N Oracle #100, Tucson +- **Addresses (two sites):** CC / Country Club (primary — all server infrastructure): 2930 N Country Club Rd, Tucson AZ (Syncro primary address). NW / Northwest: 6650 N Oracle #100, Tucson AZ. - **Primary contact:** Mara Concordia (owner/operator); generic contact email `info@bestmassageintucson.com`; personal Microsoft account `mara.concordia@gmail.com` (OneDrive). Domain user: `mara`. - **Other key staff:** Bridgette (BridgetteSH); Christine Z (ChristineZ); Calista A (CalistaA); Leslie W (leslieW); Sarah M (SarahM); Katie B (katieb); Sharon S (SharonS); PSTAdmin. - **Contract type:** Break-fix / T&M (verify — recent invoices per-ticket ~$150–300/visit, plus a recurring ~$195.19/month line item; no retainer contract confirmed) @@ -150,6 +153,10 @@ Client SOAP-note and business files reside on **PST-SERVER G:\Shares**. The @Cli - **Status 2026-07-01:** running normally (the 6/29 stop-for-restores self-resumed). - **Caveat:** `cbb list` is unreliable on comma/space folder paths (false zeros, timeouts on large trees). Use restore-to-staging + local diff for any deletion-scope investigation. +### VSS Shadow Copies (PST-SERVER G:) + +Local point-in-time recovery / self-service "Previous Versions" on the data volume, deployed as the near-line complement to the B2 backup (confirmed 2026-07-02). Volume Shadow Copies enabled on **G:** with a **69.8 GB** storage cap and roughly **4 snapshots/day** (observed schedule ~6a / 12p / 1p / 6p). Provides fast in-place rollback of individual files/folders without a B2 restore, and is the "Option 2" alternative to the (NTFS-impossible) recycle-bin design Mara requested. Note: after the 2026-06-13 trim, older snapshots were pruned — earliest snapshot ranges have been observed as recent as 6/25–6/28, so VSS is a short-window safety net, not long-term retention (that role is B2 / MSP360). The Security event log backing the deletion audit is sized to **128 MB max** on PST-SERVER. + ### NTFS Access Control (G:\Shares\Scanned) ACL root is `G:\Shares\Scanned`; permissions inherit to `@Clients` and subdirectories. Hardened 2026-07-01. ACL backup on server: `C:\PST-Recovery\acl-backup-scanned-20260701-072725.txt`. diff --git a/wiki/index.md b/wiki/index.md index 5474937e..b3d0b913 100644 --- a/wiki/index.md +++ b/wiki/index.md @@ -1,6 +1,6 @@ # Wiki Index -Last updated: 2026-07-02 +Last updated: 2026-07-03 Compiled by: HOWARD-HOME/claude-main This wiki is LLM-maintained. Do not edit articles manually — run `/wiki-compile` to update. @@ -32,7 +32,7 @@ Run `/wiki-lint` to check for stale entries and broken backlinks. | [Pavon](clients/pavon.md) | Former/archive client; GeoVision NVR surveillance; OwnCloud at 172.16.3.22 backed by Uranus; cron stacking fixed; Nextcloud migration deferred 3–6 months | 2026-05-24 | | [Rieusset Corp (Tom Sorensen)](clients/rieusset-corp.md) | Small business; email hosted on Neptune Exchange (4 mailboxes: tsorensen, tomrc, ojodeagua, csorensen @rieussetcorp.com); Mailprotector domain ID 57833; outbound via SBR Outbound.Sorensen connector; clipto.com allow rule added 2026-06-08 | 2026-06-08 | | [Rednour Law Offices](clients/rednour.md) | Law firm (break-fix/T&M, prepay 0); M365 rednourlaw.com (tenant 4a4ca18a) onboarded, 5 ComputerGuru SPs consented, no MDE license; 3 Win workstations GuruRMM-enrolled (all RED, prior MSP agents pending removal) — **all three now on Win 11** (LEGALASST + Carrie/REDNOURCARRIEVI upgraded 2026-06-29); REDNOURCARRIEVI hosts the firm's peer-to-peer SMB shares (Nick's Mac access done 2026-06-25); **Carrie's Win11 upgrade root cause = corrupt download (`ks.sys` 0x80070570 -> SAFE_OS 0x8007000D); fixed via fresh Media Creation Tool media — done in-shop, build 26200**; GuruRMM **works** on the Windows boxes (earlier "not working" disproved); macOS RMM agent still won't enroll (site code-vs-UUID bug, coord 6f2d22be); `endpointprotection.exe` = Datto AV (Defender RTP off by design); #32368 invoiced #67912 $669.55 (Nick = no charge); plaintext local-account creds from Syncro notes vaulted (clients/rednour/local-accounts) | 2026-06-30 | -| [Peaceful Spirit Therapeutic Massage](clients/peaceful-spirit.md) | Massage therapy, two sites (Country Club + Northwest); break-fix, Syncro 278525, 31 assets; **two-DC domain** — PST-SERVER (192.168.0.2, 2016 Essentials, all FSMO) + PST-SERVER2 (192.168.1.5, rebuilt 6/13 from past-tombstone state, NW) with DFS-R (PST-DFS, ~221/265 GB) — **Gate 4 blocked: SERVER2 flapping (NW power/UPS/net)**; L2TP/IPsec RRAS VPN complete (6 GuruRMM agents); **June–July 2026 file-deletion investigation** — 47,749 files gone from `@Clients` since 6/24 but ~93% duplicate cleanup, **~3,342 genuine recoverable** from MSP360/B2 staging (Glennda trigger = misspelled duplicate, canonical folder intact; 6/29/2025 restore point purged by 365-day retention); **Admin1/Admin2 NTFS hardening** on G:\Shares\Scanned (fixed inverted group nesting; Admin1 = RX,W + deny-delete, Admin2 = Full); vault drift open (pst-admin password) | 2026-07-02 | +| [Peaceful Spirit Therapeutic Massage](clients/peaceful-spirit.md) | Massage therapy, two sites (Country Club 2930 N Country Club Rd + Northwest 6650 N Oracle); break-fix, Syncro 278525, 31 assets; **two-DC domain** — PST-SERVER (192.168.0.2, 2016 Essentials, all FSMO) + **PST-DC-NW (192.168.1.5, new 2019 Std physical server, replaced dead PST-SERVER2 on 7/2)** with DFS-R (PST-DFS) — **Gate 4 blocked on initial ~265 GB sync** over S2S VPN; L2TP/IPsec RRAS VPN complete (GuruRMM agents); data protection = B2/MSP360 "Files Backup 2025" + VSS shadow copies on G: + daily deletion-audit report (SACL 4660/4663 → HTML in the legal folder); **June–July 2026 file-deletion investigation** — 47,749 files gone from `@Clients` since 6/24 but ~93% duplicate cleanup, **~3,342 genuine recoverable** from MSP360/B2 staging (Glennda trigger = misspelled duplicate, canonical folder intact; 6/29/2025 restore point purged by 365-day retention); **Admin1/Admin2 NTFS hardening** on G:\Shares\Scanned (fixed inverted group nesting; Admin1 = RX,W + deny-delete, Admin2 = Full); vault drift open (pst-admin password) | 2026-07-03 | | [Patriot Internal Medicine](clients/patriot-internal-medicine.md) | Medical practice, two locations (Tucson + Sonoita); GuruRMM client+sites provisioned 2026-06-18 (Tucson: NORTH-WOLF-6270, Sonoita: LIGHT-HARBOR-9617); no agents deployed yet; enrollment keys vaulted; infrastructure discovery pending | 2026-06-18 | | [Sombra Residential LLC](clients/sombra-residential.md) | Property management; Server2013 (actually WS2012 EOL, unpatched) + DESKTOP-UQRN4K3 GuruRMM enrolled; Transwiz migration artifacts cause Office credential prompts | 2026-05-24 | | [Stamback Septic](clients/stamback-septic.md) | Septic services; prepaid block ~3.5 hrs remaining; DESKTOP-BTR2AM3 + StambackLaptopNew GuruRMM enrolled; OneDrive identity wipe pattern documented | 2026-05-24 |