import: ingested 160 files from C:\Users\howar\Clients

Howard's personal MSP client documentation folder imported into shared
ClaudeTools repo via /import command. Scope:

Clients (structured MSP docs under clients/<name>/docs/):
- anaise       (NEW)  - 13 files
- cascades-tucson     - 47 files merged (existing had only reports/)
- dataforth           - 18 files merged (alongside incident reports)
- instrumental-music-center - 14 files merged
- khalsa       (NEW)  - 22 files, multi-site (camden, river)
- kittle       (NEW)  - 16 files incl. fix-pdf-preview, gpo-intranet-zone
- lens-auto-brokerage (NEW) - 3 files (name matches SOPS vault)
- _client_template    - 13-file scaffold for new clients

MSP tooling (projects/msp-tools/):
- msp-audit-scripts/ - server_audit.ps1, workstation_audit.ps1, README
- utilities/         - clean_printer_ports, win11_upgrade,
                       screenconnect-toolbox-commands

Credential handling:
- Extracted 1 inline password (Anaise DESKTOP-O8GF4SD / david)
  to SOPS vault: clients/anaise/desktop-o8gf4sd.sops.yaml
- Redacted overview.md with vault reference pattern
- Scanned all 160 files for keys/tokens/connection strings -
  no other credentials found

Skipped:
- Cascades/.claude/settings.local.json (per-machine config)
- Source-root CLAUDE.md (personal, claudetools has its own)
- scripts/server_audit.ps1 and workstation_audit.ps1 at source root
  (identical duplicates of msp-audit-scripts versions)

Memory updates:
- reference_client_docs_structure.md (layout, conventions, active list)
- reference_msp_audit_scripts.md (locations, ScreenConnect 80-char rule)

Session log: session-logs/2026-04-16-howard-client-docs-import.md

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

clients/dataforth/docs/servers/3cx.md

@@ -0,0 +1,11 @@
+# Server: 3CX
+
+## General Info
+- Hostname: 3CX
+- IP Address: 192.168.0.125
+- OS: Windows Server 2016
+- Role: Phone System (3CX PBX)
+
+## Notes
+- Last logon: 2025-10-01 — **may be inactive/decommissioned**
+- Needs investigation to determine if still in use

clients/dataforth/docs/servers/ad1.md

@@ -0,0 +1,29 @@
+# Server: AD1
+
+## General Info
+- Hostname: AD1
+- IP Address: 192.168.0.27
+- OS: Windows Server 2016 Standard
+- Physical / Virtual: Unknown (likely VM on ESXi)
+
+## Roles and Services
+- [x] Primary Domain Controller (all FSMO roles assumed)
+- [x] DNS Server
+- [x] WINS / NPS Server (ports 1812/1813)
+- [ ] File Server (Engineering share)
+
+## Storage
+- **C: drive at 90% full** — C:\Engineering consuming 787 GB
+
+## Shares
+| Share Name | Path | Notes |
+|-----------|------|-------|
+| Engineering | C:\Engineering | 787 GB — ENGR/ATE source code and specs |
+| ITSvc | C:\Shares\ITSvc | IT service files, mapped as B: |
+
+## Drive Mappings (from AD1)
+- B: = \\ad1\itsvc
+
+## Known Issues
+- **[CRITICAL]** C: drive at 90% capacity — Engineering folder needs to move off this DC
+- Running AD DS on a server with 787 GB of engineering data is a risk

clients/dataforth/docs/servers/ad2.md

@@ -0,0 +1,84 @@
+# Server: AD2
+
+## General Info
+- Hostname: AD2
+- IP Address: 192.168.0.6
+- OS: Windows Server 2016 Standard
+- Physical / Virtual: VM (VMware Tools + VGAuthService running, on ESXi)
+
+## Roles and Services
+- [x] Secondary Domain Controller
+- [x] DNS Server
+- [x] DFS Replication / Namespace
+- [x] File Server (multiple shares)
+- [x] TestDataDB host (Node.js + SQLite on port 3000)
+- [x] NAS sync (rsync every 15 min)
+
+## Storage
+- C: drive 1 TB, 405 GB free
+- E: drive (VSS shadow copy target)
+
+## Shares
+| Share Name | Path | Mapped As | Notes |
+|-----------|------|-----------|-------|
+| c-drive | C:\Shares\c-drive | Q: | — |
+| e-drive | C:\Shares\e-drive | T: | — |
+| test | C:\Shares\test | — | NAS sync staging, DOS station data |
+| webshare | C:\Shares\webshare | X: | Contains For_Web datasheets |
+
+## Key Applications
+### TestDataDB
+- Type: Node.js + SQLite web app
+- URL: http://192.168.0.6:3000
+- Location: C:\Shares\testdatadb\
+- Database: C:\Shares\testdatadb\database\testdata.db (~3 GB)
+- Service: `testdatadb` (Windows service, runs as INTRANET\svc_testdatadb)
+- Stats: 2,281,524 test records, 33,745 work orders, 1,470+ model specs
+
+## Scheduled Tasks
+| Task | Status | Schedule | Notes |
+|------|--------|----------|-------|
+| Sync-FromNAS | Ready | Every 15 min | Bidirectional rsync with D2TESTNAS |
+| TestDataDB-Backup | Ready | Scheduled | SQLite DB backup |
+| VSS Shadow Copy | Ready | Daily 2:00 AM | E: drive |
+| ClaudeTools Log Rotation | Ready | — | Log rotation |
+| AgentBinaryUpdate | Ready | — | RMM agent update |
+| AgentRestart | Ready | — | GuruRMM restart |
+| GuruRMM-Rollback | Ready | — | RMM rollback |
+| TestDataDB Server | Disabled | — | Replaced by Windows service |
+| TestDataDB_NodeServer | Disabled | — | Alternate startup (disabled) |
+| BulkSync-Catchup | Disabled | — | One-time bulk sync (done) |
+
+## Running Services (Non-Default)
+| Service | Purpose | Run As |
+|---------|---------|--------|
+| testdatadb | TestDataDB web app (Node.js port 3000) | INTRANET\svc_testdatadb |
+| CagService | Datto RMM agent | — |
+| GuruRMMAgent | GuruRMM monitoring | — |
+| ScreenConnect Client | Remote access | — |
+| Online Backup Service | Backup agent | — |
+| VGAuthService | VMware guest auth | — |
+| VMTools | VMware Tools | — |
+| NTDS | AD DS | — |
+| Kdc | Kerberos KDC | — |
+| ADWS | AD Web Services | — |
+| DFSR | DFS Replication | — |
+| Dfs | DFS Namespace | — |
+| ssh-agent | OpenSSH auth agent | — |
+
+## Windows Firewall
+| Profile | Status |
+|---------|--------|
+| Domain | **DISABLED** |
+| Private | **DISABLED** |
+| Public | **DISABLED** |
+
+## History
+- **Wiped and rebuilt after 2025 crypto/ransomware attack**
+- Many files lost (C:\DFWDS\, scheduled tasks, service configs)
+- TestDataDB pipeline rebuilt 2026-03-27–29
+
+## Known Issues
+- **[CRITICAL]** All firewall profiles disabled
+- **[LOW]** DVD ISO still mounted on D: drive
+- **[MEDIUM]** TestDataDB Server scheduled task still exists but disabled

clients/dataforth/docs/servers/d2testnas.md

@@ -0,0 +1,27 @@
+# Server: D2TESTNAS
+
+## General Info
+- Hostname: D2TESTNAS
+- IP Address: 192.168.0.9
+- OS: Debian 13 Linux
+- Role: SMB1 proxy for DOS test stations, rsync endpoint
+
+## Services
+| Service | Port | Notes |
+|---------|------|-------|
+| Samba (SMB1) | 445 | Guest access (no password) for DOS machines |
+| SSH | 22 | Root access with password auth |
+| rsync daemon | 873 | Module "test" → /data/test |
+
+## Storage
+- /data/test — Test station data
+- /data/test/STAGE — TXT datasheet staging area
+
+## Sync
+- rsync module "test" maps to /data/test
+- AD2 pulls from NAS every 15 min (Sync-FromNAS scheduled task)
+- Bidirectional: DAT/reports pulled to AD2, software updates pushed to NAS
+
+## Known Issues
+- **[MEDIUM]** Root SSH with password authentication — should use key-based auth
+- **[MEDIUM]** Guest Samba access (no password) — required for DOS SMB1 compatibility

clients/dataforth/docs/servers/df-hyperv-b.md

@@ -0,0 +1,11 @@
+# Server: DF-HYPERV-B
+
+## General Info
+- Hostname: DF-HYPERV-B
+- IP Address: 192.168.0.123
+- OS: Windows Server 2025
+- Role: Hyper-V Host
+
+## Notes
+- Newest server in the environment (Server 2025)
+- VM inventory not captured in audit

clients/dataforth/docs/servers/files-d1.md

@@ -0,0 +1,16 @@
+# Server: FILES-D1
+
+## General Info
+- Hostname: FILES-D1
+- IP Address: 192.168.0.189
+- OS: Windows Server 2016
+- Role: File Server
+
+## Shares
+| Share Name | Mapped As | Notes |
+|-----------|-----------|-------|
+| sales | W: | Sales documents |
+| archive | Y: | Archive storage |
+
+## Notes
+- Primary file server for sales and archive data

clients/dataforth/docs/servers/sage-sql.md

@@ -0,0 +1,16 @@
+# Server: SAGE-SQL
+
+## General Info
+- Hostname: SAGE-SQL
+- IP Address: 192.168.0.153
+- OS: Windows Server 2016
+- Role: Sage ERP Database Server
+
+## Shares
+| Share Name | Mapped As | Notes |
+|-----------|-----------|-------|
+| sage | S: | Sage ERP data |
+
+## Notes
+- Hosts Sage ERP database
+- Backup status unknown — not included in any identified backup job