import: ingested 160 files from C:\Users\howar\Clients

Howard's personal MSP client documentation folder imported into shared
ClaudeTools repo via /import command. Scope:

Clients (structured MSP docs under clients/<name>/docs/):
- anaise       (NEW)  - 13 files
- cascades-tucson     - 47 files merged (existing had only reports/)
- dataforth           - 18 files merged (alongside incident reports)
- instrumental-music-center - 14 files merged
- khalsa       (NEW)  - 22 files, multi-site (camden, river)
- kittle       (NEW)  - 16 files incl. fix-pdf-preview, gpo-intranet-zone
- lens-auto-brokerage (NEW) - 3 files (name matches SOPS vault)
- _client_template    - 13-file scaffold for new clients

MSP tooling (projects/msp-tools/):
- msp-audit-scripts/ - server_audit.ps1, workstation_audit.ps1, README
- utilities/         - clean_printer_ports, win11_upgrade,
                       screenconnect-toolbox-commands

Credential handling:
- Extracted 1 inline password (Anaise DESKTOP-O8GF4SD / david)
  to SOPS vault: clients/anaise/desktop-o8gf4sd.sops.yaml
- Redacted overview.md with vault reference pattern
- Scanned all 160 files for keys/tokens/connection strings -
  no other credentials found

Skipped:
- Cascades/.claude/settings.local.json (per-machine config)
- Source-root CLAUDE.md (personal, claudetools has its own)
- scripts/server_audit.ps1 and workstation_audit.ps1 at source root
  (identical duplicates of msp-audit-scripts versions)

Memory updates:
- reference_client_docs_structure.md (layout, conventions, active list)
- reference_msp_audit_scripts.md (locations, ScreenConnect 80-char rule)

Session log: session-logs/2026-04-16-howard-client-docs-import.md

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

clients/dataforth/docs/network/dhcp.md

@@ -0,0 +1,11 @@
+# DHCP Configuration
+
+## DHCP Server
+- Details not captured in audit
+- Likely running on UDM (192.168.0.254) or AD1 (192.168.0.27)
+
+## Known Static IPs
+See `network/topology.md` for server IPs. All servers appear to be statically assigned on 192.168.0.0/24.
+
+## Notes
+- DHCP scope details need to be captured from UDM or AD1

clients/dataforth/docs/network/dns.md

@@ -0,0 +1,26 @@
+# DNS Configuration
+
+## Internal DNS Servers
+| Server Name | IP Address | Role |
+|-------------|-----------|------|
+| AD1 | 192.168.0.27 | Primary DNS |
+| AD2 | 192.168.0.6 | Secondary DNS |
+
+## DNS Zones
+| Zone | Type | Notes |
+|------|------|-------|
+| intranet.dataforth.com | Primary | Main forward lookup zone |
+| _msdcs.intranet.dataforth.com | Primary | DC locator records |
+| 0.in-addr.arpa | Primary | Auto-created |
+| 127.in-addr.arpa | Primary | Auto-created |
+| 255.in-addr.arpa | Primary | Auto-created |
+| TrustAnchors | Primary | DNSSEC anchors |
+
+## Known Issues
+- **[HIGH] No reverse lookup zone for 192.168.0.x** — PTR lookups will fail
+
+## External DNS
+- Primary Domain: dataforth.com
+
+## Notes
+- DNS is AD-integrated on both domain controllers

clients/dataforth/docs/network/firewall.md

@@ -0,0 +1,23 @@
+# Firewall Configuration
+
+## Gateway Device
+- Device: UniFi Dream Machine (UDM)
+- IP: 192.168.0.254
+- Public IP: 67.206.163.122
+
+## Firewall Rules (UDM)
+- C2 IPs blocked (iptables): 80.76.49.18, 45.88.91.99 (from 2026-03-27 incident)
+- **[HIGH]** These blocks are iptables rules — need permanent UniFi UI rules
+
+## Windows Firewall (AD2)
+| Profile | Status |
+|---------|--------|
+| Domain | **DISABLED** |
+| Private | **DISABLED** |
+| Public | **DISABLED** |
+
+**[CRITICAL]** All Windows Firewall profiles are disabled on AD2.
+
+## Notes
+- No dedicated firewall appliance — UDM handles all perimeter firewall duties
+- AD2 firewall was opened to HGHAUBNER D$ share on 2026-03-27 for backup access

clients/dataforth/docs/network/topology.md

@@ -0,0 +1,36 @@
+# Network Topology
+
+## Internet Connection
+- Public IP: 67.206.163.122
+- Gateway/Router: UniFi Dream Machine (UDM) at 192.168.0.254
+
+## Network Segments
+| Segment | Subnet | Purpose |
+|---------|--------|---------|
+| Main LAN | 192.168.0.0/24 | Servers, workstations, DOS test stations |
+| Secondary | 192.168.1.x | Some workstations |
+| VPN/Remote | 192.168.6.x | VPN / remote access |
+
+## Key Infrastructure IPs
+| Device | IP | OS / Type | Role |
+|--------|-----|-----------|------|
+| AD1 | 192.168.0.27 | Win Server 2016 | Primary DC, DNS, WINS/NPS |
+| AD2 | 192.168.0.6 | Win Server 2016 | Secondary DC, DNS, DFS, TestDataDB |
+| FILES-D1 | 192.168.0.189 | Win Server 2016 | File Server |
+| SAGE-SQL | 192.168.0.153 | Win Server 2016 | Sage ERP Database |
+| 3CX | 192.168.0.125 | Win Server 2016 | Phone System |
+| D2TESTNAS | 192.168.0.9 | Debian 13 / Samba | SMB1 proxy for DOS machines |
+| ESXi-122 | 192.168.0.122 | VMware ESXi | Hypervisor |
+| ESXi-124 | 192.168.0.124 | VMware ESXi | Hypervisor |
+| DF-HYPERV-B | 192.168.0.123 | Win Server 2025 | Hyper-V Host |
+| UDM | 192.168.0.254 | UniFi Dream Machine | Gateway/Router |
+| ENG-DEV-SERVER | 192.168.0.126 | Win 11 Pro | Engineering Dev Server |
+
+## WINS / NPS
+- Server: AD1 (192.168.0.27)
+- NPS Ports: 1812/1813
+
+## Notes
+- Flat network — no VLANs, everything on 192.168.0.0/24
+- DOS test stations (64) use SMB1 via D2TESTNAS Samba proxy
+- No dedicated firewall appliance — UDM handles routing and firewall

clients/dataforth/docs/network/vlans.md

@@ -0,0 +1,15 @@
+# VLANs
+
+## Current State
+**No VLANs configured.** Dataforth runs a flat network — all devices on 192.168.0.0/24.
+
+## Network Segments (non-VLAN)
+| Segment | Subnet | Purpose |
+|---------|--------|---------|
+| Main LAN | 192.168.0.0/24 | Servers, workstations, DOS test stations |
+| Secondary | 192.168.1.x | Some workstations |
+| VPN | 192.168.6.x | VPN / remote access |
+
+## Notes
+- Flat network is a risk — no segmentation between servers, workstations, and DOS stations
+- DOS stations require SMB1 (via D2TESTNAS), which is a lateral movement risk on a flat network