azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

import: ingested 160 files from C:\Users\howar\Clients

Browse Source 
Howard's personal MSP client documentation folder imported into shared
ClaudeTools repo via /import command. Scope:

Clients (structured MSP docs under clients/<name>/docs/):
- anaise       (NEW)  - 13 files
- cascades-tucson     - 47 files merged (existing had only reports/)
- dataforth           - 18 files merged (alongside incident reports)
- instrumental-music-center - 14 files merged
- khalsa       (NEW)  - 22 files, multi-site (camden, river)
- kittle       (NEW)  - 16 files incl. fix-pdf-preview, gpo-intranet-zone
- lens-auto-brokerage (NEW) - 3 files (name matches SOPS vault)
- _client_template    - 13-file scaffold for new clients

MSP tooling (projects/msp-tools/):
- msp-audit-scripts/ - server_audit.ps1, workstation_audit.ps1, README
- utilities/         - clean_printer_ports, win11_upgrade,
                       screenconnect-toolbox-commands

Credential handling:
- Extracted 1 inline password (Anaise DESKTOP-O8GF4SD / david)
  to SOPS vault: clients/anaise/desktop-o8gf4sd.sops.yaml
- Redacted overview.md with vault reference pattern
- Scanned all 160 files for keys/tokens/connection strings -
  no other credentials found

Skipped:
- Cascades/.claude/settings.local.json (per-machine config)
- Source-root CLAUDE.md (personal, claudetools has its own)
- scripts/server_audit.ps1 and workstation_audit.ps1 at source root
  (identical duplicates of msp-audit-scripts versions)

Memory updates:
- reference_client_docs_structure.md (layout, conventions, active list)
- reference_msp_audit_scripts.md (locations, ScreenConnect 80-char rule)

Session log: session-logs/2026-04-16-howard-client-docs-import.md

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Howard Enos
2026-04-16 19:43:58 -07:00
parent 6eaba02b71
commit 8d975c1b44
160 changed files with 16002 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
clients/kittle/docs/network/dhcp.md Normal file
View File

@@ -0,0 +1,46 @@
# DHCP Configuration
## DHCP Server
- Server Name: ISP Router
- Server IP: 10.0.0.1
- Failover Partner: None
**Note:** The Windows Server DHCP role is installed on SERVER (10.0.0.5) but has **zero scopes configured**. All DHCP is handled by the ISP router.
## Scopes
### Scope - LAN (ISP Router)
- Subnet: 10.0.0.0/24
- Range Start: Unknown — need to check ISP router admin interface
- Range End: Unknown
- Subnet Mask: 255.255.255.0
- Default Gateway: 10.0.0.1
- DNS Servers: **Unknown — critical to verify** (should be 10.0.0.5 for AD)
- Lease Duration: Unknown
## Reservations
No reservations documented. Need to check ISP router for any existing DHCP reservations.
| Device Name | MAC Address | IP Address | Scope | Notes |
|------------|-------------|------------|-------|-------|
| SERVER | — | 10.0.0.5 | LAN | DC — should be reserved or static |
| UniFi Switch | 0C:EA:14:8A:8D:7F | 10.0.0.122 | LAN | Should be reserved |
## DHCP Relay
- Not applicable — single subnet, DHCP server on same segment
## Issues
1. **DHCP on ISP router instead of server** — Less control over DHCP options (DNS, NTP, lease times). Cannot manage reservations centrally via Windows tools. ISP router may hand out ISP DNS instead of the DC's DNS (10.0.0.5), which would break AD name resolution.
2. **Windows DHCP role installed but unused** — Creates confusion. Either uninstall or migrate DHCP to the server.
## Recommendations
1. **Migrate DHCP to Windows Server** — Provides centralized management, AD-integrated DNS updates, DHCP reservations via PowerShell, and logging.
2. **Create reservations** for: SERVER (10.0.0.5), UniFi switch (10.0.0.122), printers, and any other infrastructure.
3. **Set DNS option** — Ensure DHCP hands out 10.0.0.5 as the primary DNS server.
## TODO
- [ ] Log into ISP router and document DHCP scope, range, DNS settings, and any reservations
- [ ] Verify what DNS servers DHCP clients receive
- [ ] Plan DHCP migration from ISP router to Windows Server
- [ ] Create DHCP reservations for infrastructure devices

41
clients/kittle/docs/network/dns.md Normal file
View File

@@ -0,0 +1,41 @@
# DNS Configuration
## Windows DNS Server (AD-Integrated)
- Server: SERVER (10.0.0.5)
- Role: Primary DNS for kittle.lan domain
- DNS Client: 127.0.0.1 (correct — DC points to itself)
## DNS Forwarders
- Forwarder 1: 10.0.0.1 (ISP router — for external resolution)
## DNS Zones
| Zone | Type | AD-Integrated | Notes |
|------|------|---------------|-------|
| kittle.lan | Primary | Yes | Main AD zone |
| _msdcs.kittle.lan | Primary | Yes | AD metadata zone (SRV records) |
**No reverse lookup zone exists for 10.0.0.x** — PTR lookups will fail for all internal hosts.
## DNS Architecture
- **Windows DNS** (10.0.0.5): Authoritative for kittle.lan. Handles AD SRV records, Kerberos, LDAP lookups.
- **ISP Router** (10.0.0.1): Acts as forwarder for external (internet) DNS resolution.
- Workstations should use 10.0.0.5 as primary DNS (the DC) so AD name resolution works correctly.
- If workstations are getting DNS from DHCP on the ISP router, they may be pointed at the ISP's DNS instead of the DC — needs verification.
## External DNS
- Registrar: Unknown
- Primary Domain: kittlearizona.com
- Management URL: Unknown
## Issues
1. **No reverse DNS zone** — Create 0.0.10.in-addr.arpa for PTR lookups on 10.0.0.0/24
2. **DHCP DNS settings unknown** — ISP router handles DHCP; unclear if it hands out 10.0.0.5 as DNS or the ISP's own DNS servers. If clients don't use the DC for DNS, AD name resolution and domain joins may have issues.
3. **Single forwarder** — Only forwarding to 10.0.0.1. Consider adding a secondary forwarder (8.8.8.8 or 1.1.1.1) for redundancy if the ISP router's DNS fails.
## TODO
- [ ] Create reverse lookup zone: 0.0.10.in-addr.arpa
- [ ] Verify what DNS server DHCP clients receive from the ISP router
- [ ] Consider adding secondary DNS forwarder for redundancy
- [ ] Enable DNS scavenging to prevent stale records
- [ ] Document external DNS (registrar, MX records, SPF/DKIM/DMARC for kittlearizona.com)

47
clients/kittle/docs/network/firewall.md Normal file
View File

@@ -0,0 +1,47 @@
# Firewall Configuration
## Device Info
- Vendor/Model:
- Firmware Version:
- Management IP:
- Management URL:
- HA Pair: Yes/No
- License Expiry:
## Interfaces
| Interface | Zone | IP Address | VLAN | Description |
|-----------|-----------|-----------------|------|-------------------|
| WAN1 | WAN | | | Primary Internet |
| WAN2 | WAN | | | Backup Internet |
| LAN | LAN | | | |
| DMZ | DMZ | | | |
## NAT Rules
| Name | Source | Destination | Port(s) | NAT To |
|-------------------|---------------|----------------|-------------|-----------------|
| | | | | |
## Key Firewall Policies
| Name | Source Zone | Dest Zone | Service | Action | Notes |
|-------------------|--------------|---------------|-------------|--------|--------|
| | | | | | |
## VPN
### Site-to-Site VPNs
| Peer Name | Peer IP | Local Subnet | Remote Subnet | Status |
|-------------------|--------------|----------------|---------------|--------|
| | | | | |
### SSL/Client VPN
- Enabled: Yes/No
- Portal URL:
- Auth Method:
- IP Pool:
- Split Tunnel: Yes/No
## Content Filtering
- Web Filter Profile:
- App Control Profile:
- DNS Filter:
## Notes

87
clients/kittle/docs/network/topology.md Normal file
View File

@@ -0,0 +1,87 @@
# Network Topology
## Internet Connection
- ISP: Unknown
- Gateway: 10.0.0.1 (MAC: 42:0f:c1:f0:e6:43)
- Type: ISP router — serves as gateway, DHCP server, and only "firewall"
- **No dedicated firewall appliance**
## Network Design
- Single flat subnet: 10.0.0.0/24
- No VLANs
- All devices (server, workstations, printers, APs) on the same broadcast domain
## Switches
### UniFi USW-Lite-16-PoE
- Model: Ubiquiti USW-Lite-16-PoE
- IP Address: 10.0.0.122
- MAC: 0C:EA:14:8A:8D:7F
- Port Count: 16 (PoE)
- Management: Self-hosted UniFi controller (managed by MSP)
## Key Infrastructure Devices
| Device | IP Address | MAC | Notes |
|--------|-----------|-----|-------|
| ISP Router (Gateway) | 10.0.0.1 | 42:0f:c1:f0:e6:43 | Gateway, DHCP, only firewall |
| SERVER (DC) | 10.0.0.5 | — | HPE ProLiant MicroServer Gen11 |
| UniFi Switch | 10.0.0.122 | 0C:EA:14:8A:8D:7F | USW-Lite-16-PoE |
## ARP Table (All Observed Devices)
| IP Address | MAC Address | Identified As |
|-----------|-------------|--------------|
| 10.0.0.1 | 42:0f:c1:f0:e6:43 | ISP Router (Gateway) |
| 10.0.0.5 | — | SERVER (DC) |
| 10.0.0.52 | 00:50:AA:54:8C:EF | Unknown |
| 10.0.0.100 | C4:5A:B1:F9:48:18 | Unknown |
| 10.0.0.105 | 92:CE:74:91:59:AD | Unknown |
| 10.0.0.106 | 5C:47:5E:7E:87:9E | Unknown |
| 10.0.0.110 | 48:25:67:D4:2B:1F | Unknown |
| 10.0.0.117 | 54:E0:19:E2:21:DD | Unknown |
| 10.0.0.120 | A8:9C:6C:58:9C:98 | Unknown |
| 10.0.0.121 | 48:25:67:D4:29:F0 | Unknown |
| 10.0.0.122 | 0C:EA:14:8A:8D:7F | UniFi USW-Lite-16-PoE |
| 10.0.0.123 | C4:5A:B1:F9:B2:9B | Unknown |
| 10.0.0.131 | 54:E0:19:E2:CF:D1 | Unknown |
| 10.0.0.132 | 48:25:67:D4:2A:FB | Unknown |
| 10.0.0.133 | C4:5A:B1:F9:66:BC | Unknown |
| 10.0.0.134 | 78:46:5C:AF:7A:EF | Unknown |
| 10.0.0.144 | 48:25:67:D4:29:3F | Unknown |
| 10.0.0.145 | 54:E0:19:E2:CB:DB | Unknown |
| 10.0.0.152 | E8:65:38:E9:45:CB | Unknown |
| 10.0.0.156 | 5A:37:74:00:8C:37 | Unknown |
| 10.0.0.161 | B0:7B:25:14:3E:F1 | Unknown |
| 10.0.0.162 | A8:9C:6C:4A:0C:78 | Unknown |
| 10.0.0.168 | 48:25:67:D4:29:57 | Unknown |
| 10.0.0.169 | A4:BB:6D:A8:F8:1B | Unknown |
| 10.0.0.171 | 76:8C:A8:6D:60:3C | Unknown |
| 10.0.0.172 | C0:BF:BE:E8:56:1D | Unknown |
| 10.0.0.184 | 22:7B:45:0B:97:9C | Unknown |
| 10.0.0.189 | 30:8D:99:A9:0B:C3 | Unknown |
| 10.0.0.192 | 48:25:67:D4:2B:0D | Unknown |
| 10.0.0.198 | 48:25:67:D4:2B:13 | Unknown |
| 10.0.0.241 | A4:BB:6D:A9:CC:B1 | Unknown |
**Note:** 31 devices observed on the network via ARP. Many are unidentified — need MAC vendor lookups and onsite correlation to map devices to workstations, printers, phones, etc.
## Network Diagram
```
[Internet]
|
[ISP Router: 10.0.0.1] -- DHCP, Gateway, "Firewall"
|
[UniFi USW-Lite-16-PoE: 10.0.0.122]
|
+-- SERVER (DC): 10.0.0.5
+-- 7 Workstations (Win11 Pro)
+-- ~20 other devices (printers, phones, etc.)
```
## Notes
- Flat network with no segmentation — all devices can reach all other devices
- No dedicated firewall — ISP router is the only perimeter device
- MAC 42:0f:c1:f0:e6:43 on the gateway is an unusual/randomized MAC — confirms consumer-grade ISP equipment
- Several MAC prefixes repeat (48:25:67, C4:5A:B1, 54:E0:19, A8:9C:6C) — likely same vendor, possibly UniFi APs, printers, or phones
- Onsite visit needed to correlate ARP entries to physical devices

21
clients/kittle/docs/network/vlans.md Normal file
View File

@@ -0,0 +1,21 @@
# VLANs
## VLAN Table
| VLAN ID | Name | Subnet | Gateway | DHCP Scope | Purpose |
|---------|---------------|-----------------|-----------------|------------------|------------------------|
| 1 | Default | | | | |
| 10 | Management | | | | Network devices |
| 20 | Servers | | | | Server infrastructure |
| 30 | Workstations | | | | End user devices |
| 40 | VoIP | | | | Phone system |
| 50 | WiFi-Corp | | | | Corporate wireless |
| 60 | WiFi-Guest | | | | Guest wireless |
| 100 | Security | | | | Cameras / access ctrl |
## Inter-VLAN Routing
- Performed by:
- Routing device IP:
## VLAN Notes
<!-- Any special considerations, trunk ports, tagged/untagged config -->