import: ingested 160 files from C:\Users\howar\Clients
Howard's personal MSP client documentation folder imported into shared
ClaudeTools repo via /import command. Scope:
Clients (structured MSP docs under clients/<name>/docs/):
- anaise (NEW) - 13 files
- cascades-tucson - 47 files merged (existing had only reports/)
- dataforth - 18 files merged (alongside incident reports)
- instrumental-music-center - 14 files merged
- khalsa (NEW) - 22 files, multi-site (camden, river)
- kittle (NEW) - 16 files incl. fix-pdf-preview, gpo-intranet-zone
- lens-auto-brokerage (NEW) - 3 files (name matches SOPS vault)
- _client_template - 13-file scaffold for new clients
MSP tooling (projects/msp-tools/):
- msp-audit-scripts/ - server_audit.ps1, workstation_audit.ps1, README
- utilities/ - clean_printer_ports, win11_upgrade,
screenconnect-toolbox-commands
Credential handling:
- Extracted 1 inline password (Anaise DESKTOP-O8GF4SD / david)
to SOPS vault: clients/anaise/desktop-o8gf4sd.sops.yaml
- Redacted overview.md with vault reference pattern
- Scanned all 160 files for keys/tokens/connection strings -
no other credentials found
Skipped:
- Cascades/.claude/settings.local.json (per-machine config)
- Source-root CLAUDE.md (personal, claudetools has its own)
- scripts/server_audit.ps1 and workstation_audit.ps1 at source root
(identical duplicates of msp-audit-scripts versions)
Memory updates:
- reference_client_docs_structure.md (layout, conventions, active list)
- reference_msp_audit_scripts.md (locations, ScreenConnect 80-char rule)
Session log: session-logs/2026-04-16-howard-client-docs-import.md
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
61
clients/kittle/docs/scripts/fix-pdf-preview.ps1
Normal file
61
clients/kittle/docs/scripts/fix-pdf-preview.ps1
Normal file
@@ -0,0 +1,61 @@
|
||||
#Requires -RunAsAdministrator
|
||||
<#
|
||||
.SYNOPSIS
|
||||
Adds the Kittle file server to the Local Intranet zone so PDF preview
|
||||
works on network shares (blocked by Oct 2025 security update).
|
||||
|
||||
.DESCRIPTION
|
||||
Windows security updates from October 14, 2025 onward disable preview
|
||||
for files in the "Internet Zone". UNC shares may be classified as Internet
|
||||
Zone if not explicitly added to Local Intranet or Trusted Sites.
|
||||
|
||||
This script adds \\SERVER and \\10.0.0.5 to the Local Intranet zone
|
||||
(zone 1) via HKLM registry so it applies to all users on the machine.
|
||||
|
||||
Run on WORKSTATIONS ONLY — not needed on the server.
|
||||
|
||||
.NOTES
|
||||
Ref: https://support.microsoft.com/en-us/topic/56d55920-6187-4aae-a4f6-102454ef61fb
|
||||
#>
|
||||
|
||||
$ErrorActionPreference = 'Stop'
|
||||
|
||||
# Zone 1 = Local Intranet
|
||||
$zone = 1
|
||||
$basePath = 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap'
|
||||
|
||||
# Add server by hostname
|
||||
$hostKey = Join-Path $basePath 'Domains\SERVER'
|
||||
if (-not (Test-Path $hostKey)) {
|
||||
New-Item -Path $hostKey -Force | Out-Null
|
||||
}
|
||||
Set-ItemProperty -Path $hostKey -Name 'file' -Value $zone -Type DWord
|
||||
Write-Host "Added \\SERVER to Local Intranet zone" -ForegroundColor Green
|
||||
|
||||
# Add server by IP
|
||||
$ipKey = Join-Path $basePath 'Domains\10.0.0.5'
|
||||
if (-not (Test-Path $ipKey)) {
|
||||
New-Item -Path $ipKey -Force | Out-Null
|
||||
}
|
||||
Set-ItemProperty -Path $ipKey -Name 'file' -Value $zone -Type DWord
|
||||
Write-Host "Added \\10.0.0.5 to Local Intranet zone" -ForegroundColor Green
|
||||
|
||||
# Also add to EscDomains in case IE ESC is somehow enabled
|
||||
$escBase = Join-Path $basePath 'EscDomains'
|
||||
if (Test-Path $escBase) {
|
||||
$escHostKey = Join-Path $escBase 'SERVER'
|
||||
if (-not (Test-Path $escHostKey)) {
|
||||
New-Item -Path $escHostKey -Force | Out-Null
|
||||
}
|
||||
Set-ItemProperty -Path $escHostKey -Name 'file' -Value $zone -Type DWord
|
||||
|
||||
$escIpKey = Join-Path $escBase '10.0.0.5'
|
||||
if (-not (Test-Path $escIpKey)) {
|
||||
New-Item -Path $escIpKey -Force | Out-Null
|
||||
}
|
||||
Set-ItemProperty -Path $escIpKey -Name 'file' -Value $zone -Type DWord
|
||||
Write-Host "Added to EscDomains as well" -ForegroundColor Green
|
||||
}
|
||||
|
||||
Write-Host "`nDone. Restart File Explorer or log off/on for changes to take effect." -ForegroundColor Cyan
|
||||
Write-Host "Verify: Internet Options > Security > Local Intranet > Sites > Advanced" -ForegroundColor Cyan
|
||||
68
clients/kittle/docs/scripts/gpo-intranet-zone.ps1
Normal file
68
clients/kittle/docs/scripts/gpo-intranet-zone.ps1
Normal file
@@ -0,0 +1,68 @@
|
||||
#Requires -RunAsAdministrator
|
||||
<#
|
||||
.SYNOPSIS
|
||||
Creates a GPO that adds \\SERVER and \\10.0.0.5 to the Local Intranet zone.
|
||||
Fixes PDF preview on network shares blocked by Oct 2025 security update.
|
||||
|
||||
.DESCRIPTION
|
||||
Uses the "Site to Zone Assignment List" policy under:
|
||||
Computer Config > Admin Templates > Windows Components > Internet Explorer >
|
||||
Internet Control Panel > Security Page
|
||||
|
||||
Zone 1 = Local Intranet. Applies to all domain-joined machines.
|
||||
|
||||
.NOTES
|
||||
Run on SERVER (10.0.0.5) as Domain Admin.
|
||||
Ref: https://support.microsoft.com/en-us/topic/56d55920-6187-4aae-a4f6-102454ef61fb
|
||||
#>
|
||||
|
||||
$ErrorActionPreference = 'Stop'
|
||||
Import-Module GroupPolicy
|
||||
|
||||
$gpoName = 'Intranet Zone - File Server'
|
||||
$domain = 'kittle.lan'
|
||||
|
||||
# Sites to add to Local Intranet (zone 1)
|
||||
$sites = @(
|
||||
'file://SERVER'
|
||||
'file://10.0.0.5'
|
||||
'\\SERVER'
|
||||
'\\10.0.0.5'
|
||||
)
|
||||
|
||||
# Registry path for the Site to Zone Assignment List policy
|
||||
$policyKey = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapKey'
|
||||
|
||||
# Check if GPO already exists
|
||||
$existing = Get-GPO -Name $gpoName -Domain $domain -ErrorAction SilentlyContinue
|
||||
if ($existing) {
|
||||
Write-Host "GPO '$gpoName' already exists (ID: $($existing.Id)). Updating..." -ForegroundColor Yellow
|
||||
} else {
|
||||
Write-Host "Creating GPO: $gpoName" -ForegroundColor Cyan
|
||||
New-GPO -Name $gpoName -Domain $domain -Comment 'Adds file server to Local Intranet zone for PDF preview on shares' | Out-Null
|
||||
}
|
||||
|
||||
# Set each site to zone 1 (Local Intranet)
|
||||
foreach ($site in $sites) {
|
||||
Set-GPRegistryValue -Name $gpoName -Domain $domain `
|
||||
-Key $policyKey `
|
||||
-ValueName $site `
|
||||
-Type String `
|
||||
-Value '1' | Out-Null
|
||||
Write-Host " Added: $site -> Local Intranet" -ForegroundColor Green
|
||||
}
|
||||
|
||||
# Link the GPO to the domain root (applies to all machines)
|
||||
$linked = (Get-GPInheritance -Target $domain).GpoLinks | Where-Object { $_.DisplayName -eq $gpoName }
|
||||
if (-not $linked) {
|
||||
New-GPLink -Name $gpoName -Target "DC=kittle,DC=lan" -LinkEnabled Yes | Out-Null
|
||||
Write-Host "`nGPO linked to $domain" -ForegroundColor Green
|
||||
} else {
|
||||
Write-Host "`nGPO already linked to $domain" -ForegroundColor Yellow
|
||||
}
|
||||
|
||||
# Summary
|
||||
Write-Host "`n=== Done ===" -ForegroundColor Cyan
|
||||
Write-Host "GPO '$gpoName' is active. Workstations will pick it up at next GP refresh."
|
||||
Write-Host "To force now, run on workstations: gpupdate /force" -ForegroundColor Cyan
|
||||
Write-Host "`nVerify: gpresult /r on a workstation should show '$gpoName' under Computer Settings" -ForegroundColor Cyan
|
||||
Reference in New Issue
Block a user