import: ingested 160 files from C:\Users\howar\Clients

Howard's personal MSP client documentation folder imported into shared
ClaudeTools repo via /import command. Scope:

Clients (structured MSP docs under clients/<name>/docs/):
- anaise       (NEW)  - 13 files
- cascades-tucson     - 47 files merged (existing had only reports/)
- dataforth           - 18 files merged (alongside incident reports)
- instrumental-music-center - 14 files merged
- khalsa       (NEW)  - 22 files, multi-site (camden, river)
- kittle       (NEW)  - 16 files incl. fix-pdf-preview, gpo-intranet-zone
- lens-auto-brokerage (NEW) - 3 files (name matches SOPS vault)
- _client_template    - 13-file scaffold for new clients

MSP tooling (projects/msp-tools/):
- msp-audit-scripts/ - server_audit.ps1, workstation_audit.ps1, README
- utilities/         - clean_printer_ports, win11_upgrade,
                       screenconnect-toolbox-commands

Credential handling:
- Extracted 1 inline password (Anaise DESKTOP-O8GF4SD / david)
  to SOPS vault: clients/anaise/desktop-o8gf4sd.sops.yaml
- Redacted overview.md with vault reference pattern
- Scanned all 160 files for keys/tokens/connection strings -
  no other credentials found

Skipped:
- Cascades/.claude/settings.local.json (per-machine config)
- Source-root CLAUDE.md (personal, claudetools has its own)
- scripts/server_audit.ps1 and workstation_audit.ps1 at source root
  (identical duplicates of msp-audit-scripts versions)

Memory updates:
- reference_client_docs_structure.md (layout, conventions, active list)
- reference_msp_audit_scripts.md (locations, ScreenConnect 80-char rule)

Session log: session-logs/2026-04-16-howard-client-docs-import.md

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

projects/msp-tools/msp-audit-scripts/README.md

@@ -0,0 +1,46 @@
+# MSP Audit Scripts
+
+Universal Windows audit scripts for MSP use. Run via ScreenConnect Toolbox as SYSTEM.
+
+## Scripts
+
+| Script | Target | Output |
+|--------|--------|--------|
+| `server_audit.ps1` | Windows Server 2012-2025 | `C:\Temp\HOSTNAME_server_audit_YYYY-MM-DD.json` |
+| `workstation_audit.ps1` | Windows 10/11 | `C:\Temp\HOSTNAME_workstation_audit_YYYY-MM-DD.json` |
+
+## ScreenConnect Toolbox Commands
+
+### Server Audit
+```powershell
+#!ps
+#maxlength=500000
+#timeout=600000
+Set-ExecutionPolicy Bypass -Scope Process -Force
+New-Item -Path C:\Temp -ItemType Directory -Force | Out-Null
+$u = "https://raw.githubusercontent.com/Howweird/msp-audit-scripts/master/server_audit.ps1"
+Invoke-WebRequest -Uri $u -OutFile "C:\Temp\server_audit.ps1" -UseBasicParsing
+. C:\Temp\server_audit.ps1
+```
+
+### Workstation Audit
+```powershell
+#!ps
+#maxlength=500000
+#timeout=600000
+Set-ExecutionPolicy Bypass -Scope Process -Force
+New-Item -Path C:\Temp -ItemType Directory -Force | Out-Null
+$u = "https://raw.githubusercontent.com/Howweird/msp-audit-scripts/master/workstation_audit.ps1"
+Invoke-WebRequest -Uri $u -OutFile "C:\Temp\workstation_audit.ps1" -UseBasicParsing
+. C:\Temp\workstation_audit.ps1
+```
+
+## Requirements
+
+- Must run as SYSTEM or local Administrator
+- Output directory: `C:\Temp` (created automatically)
+- No dependencies beyond built-in Windows PowerShell modules
+
+## Output
+
+- `.json` — Structured data with hostname in filename for multi-machine audits

projects/msp-tools/utilities/clean_printer_ports.ps1

@@ -0,0 +1,47 @@
+# ==========================================
+# CLEAN STALE PRINTER PORTS
+# Removes unused TCP/IP ports, reports dead ones still in use
+# ==========================================
+
+$ports = Get-PrinterPort -ErrorAction SilentlyContinue |
+    Where-Object {
+        $_.PortMonitor -eq "TCPMON.DLL" -or
+        $_.PortMonitor -eq "Standard TCP/IP Port"
+    }
+
+$printers = Get-Printer -ErrorAction SilentlyContinue
+
+$usedPorts = @($printers | ForEach-Object { $_.PortName })
+
+$removed = 0
+$inUse = 0
+$dead = 0
+
+foreach ($port in $ports) {
+    $name = $port.Name
+    $ip = $port.PrinterHostAddress
+
+    if ($usedPorts -contains $name) {
+        # Port is used by a printer — test if alive
+        $ping = Test-Connection $ip -Count 1 -Quiet -ErrorAction SilentlyContinue
+        if (-not $ping) {
+            Write-Host "[WARN] In use but DEAD: $name ($ip)" -ForegroundColor Yellow
+            $dead++
+        }
+        $inUse++
+    } else {
+        # Port is orphaned — remove it
+        try {
+            Remove-PrinterPort -Name $name -ErrorAction Stop
+            Write-Host "[REMOVED] $name ($ip)" -ForegroundColor Green
+            $removed++
+        } catch {
+            Write-Host "[FAIL] $name - $($_.Exception.Message)" -ForegroundColor Red
+        }
+    }
+}
+
+Write-Host ""
+Write-Host "Ports in use: $inUse"
+Write-Host "Dead but in use: $dead (remove printer first)"
+Write-Host "Orphans removed: $removed"

projects/msp-tools/utilities/screenconnect-toolbox-commands.txt

@@ -0,0 +1,184 @@
+== Server Audit ==
+
+#!ps
+#maxlength=500000
+#timeout=600000
+Set-ExecutionPolicy Bypass -Scope Process -Force
+New-Item -Path C:\Temp -ItemType Directory -Force | Out-Null
+$u = "https://raw.githubusercontent.com/Howweird/msp-audit-scripts/master/server_audit.ps1"
+Invoke-WebRequest -Uri $u -OutFile "C:\Temp\server_audit.ps1" -UseBasicParsing
+. C:\Temp\server_audit.ps1
+
+
+== Workstation Audit ==
+
+#!ps
+#maxlength=500000
+#timeout=600000
+Set-ExecutionPolicy Bypass -Scope Process -Force
+New-Item -Path C:\Temp -ItemType Directory -Force | Out-Null
+$u = "https://raw.githubusercontent.com/Howweird/msp-audit-scripts/master/workstation_audit.ps1"
+Invoke-WebRequest -Uri $u -OutFile "C:\Temp\workstation_audit.ps1" -UseBasicParsing
+. C:\Temp\workstation_audit.ps1
+
+
+
+== Auto-Patch + Win 11 Upgrade ==
+
+#!ps
+#maxlength=10000
+#timeout=300000
+New-Item -Path C:\Temp -ItemType Directory -Force | Out-Null
+Install-PackageProvider -Name NuGet -Force -Confirm:$false
+Install-Module PSWindowsUpdate -Force -Confirm:$false
+$cmd1 = "Import-Module PSWindowsUpdate; Install-WindowsUpdate -AcceptAll -AutoReboot"
+$a1 = "-ExecutionPolicy Bypass -Command `"$cmd1`""
+$action1 = New-ScheduledTaskAction -Execute "powershell.exe" -Argument $a1
+$trigger1 = New-ScheduledTaskTrigger -AtStartup
+$set = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries
+$pri = New-ScheduledTaskPrincipal -UserId "SYSTEM" -RunLevel Highest
+Register-ScheduledTask -TaskName "AutoPatch" -Action $action1 -Trigger $trigger1 -Settings $set -Principal $pri -Force
+$u = "https://go.microsoft.com/fwlink/?linkid=2171764"
+$f = "C:\Temp\Win11Upgrade.exe"
+Invoke-WebRequest -Uri $u -OutFile $f -UseBasicParsing
+reg add HKLM\SYSTEM\Setup\MoSetup /v AllowUpgradesWithUnsupportedTPMOrCPU /t REG_DWORD /d 1 /f | Out-Null
+$action2 = New-ScheduledTaskAction -Execute $f -Argument "/quietinstall /skipeula /auto upgrade /copylogs C:\Temp"
+$trigger2 = New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(5)
+Register-ScheduledTask -TaskName "Win11Upgrade" -Action $action2 -Trigger $trigger2 -Settings $set -Principal $pri -Force
+Start-ScheduledTask -TaskName "AutoPatch"
+Write-Host "[OK] AutoPatch + Win11Upgrade tasks created and started"
+
+
+== Auto-Patch Only (no Win 11 upgrade) ==
+
+#!ps
+#maxlength=10000
+#timeout=300000
+Install-PackageProvider -Name NuGet -Force -Confirm:$false
+Install-Module PSWindowsUpdate -Force -Confirm:$false
+$cmd = "Import-Module PSWindowsUpdate; Install-WindowsUpdate -AcceptAll -AutoReboot"
+$a = "-ExecutionPolicy Bypass -Command `"$cmd`""
+$action = New-ScheduledTaskAction -Execute "powershell.exe" -Argument $a
+$trigger = New-ScheduledTaskTrigger -AtStartup
+$set = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries
+$pri = New-ScheduledTaskPrincipal -UserId "SYSTEM" -RunLevel Highest
+Register-ScheduledTask -TaskName "AutoPatch" -Action $action -Trigger $trigger -Settings $set -Principal $pri -Force
+Start-ScheduledTask -TaskName "AutoPatch"
+Write-Host "[OK] AutoPatch task created and started"
+
+
+== Stop Updates + Cleanup at 5AM ==
+
+#!ps
+#maxlength=10000
+#timeout=60000
+$cmd = @'
+Stop-Process -Name "powershell" -Force -ErrorAction SilentlyContinue
+Stop-Process -Name "Windows10UpgraderApp" -Force -ErrorAction SilentlyContinue
+Unregister-ScheduledTask -TaskName "AutoPatch" -Confirm:$false -ErrorAction SilentlyContinue
+Unregister-ScheduledTask -TaskName "Win11Upgrade" -Confirm:$false -ErrorAction SilentlyContinue
+Unregister-ScheduledTask -TaskName "StopUpdates5AM" -Confirm:$false -ErrorAction SilentlyContinue
+'@
+$scriptPath = "C:\Temp\StopUpdates.ps1"
+$cmd | Out-File $scriptPath -Encoding utf8
+$a = "-ExecutionPolicy Bypass -File `"$scriptPath`""
+$action = New-ScheduledTaskAction -Execute "powershell.exe" -Argument $a
+$tomorrow = (Get-Date).Date.AddDays(1).AddHours(5)
+$trigger = New-ScheduledTaskTrigger -Once -At $tomorrow
+$set = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries
+$pri = New-ScheduledTaskPrincipal -UserId "SYSTEM" -RunLevel Highest
+Register-ScheduledTask -TaskName "StopUpdates5AM" -Action $action -Trigger $trigger -Settings $set -Principal $pri -Force
+Write-Host "[OK] Updates will stop at 5AM tomorrow ($tomorrow)"
+
+
+== Upgrade to Pro ==
+
+#!ps
+#maxlength=10000
+#timeout=120000
+$key = "BP2XJ-CGNYY-7K8TK-GWXXJ-HMJ4K"
+changepk.exe /ProductKey $key
+Write-Host "[OK] Pro key applied to $env:COMPUTERNAME"
+
+
+== Clean Stale Printer Ports ==
+
+#!ps
+#maxlength=50000
+#timeout=120000
+$ports = Get-PrinterPort -ErrorAction SilentlyContinue |
+  Where-Object {
+    $_.PortMonitor -eq "TCPMON.DLL" -or
+    $_.PortMonitor -eq "Standard TCP/IP Port"
+  }
+$printers = Get-Printer -ErrorAction SilentlyContinue
+$used = @($printers | ForEach-Object { $_.PortName })
+$removed = 0; $deadCount = 0; $inUse = 0
+foreach ($port in $ports) {
+  $n = $port.Name
+  $ip = $port.PrinterHostAddress
+  if ($used -contains $n) {
+    $ping = Test-Connection $ip -Count 1 -Quiet -ErrorAction SilentlyContinue
+    if (-not $ping) {
+      Write-Host "[WARN] In use but DEAD: $n ($ip)" -ForegroundColor Yellow
+      $deadCount++
+    }
+    $inUse++
+  } else {
+    try {
+      Remove-PrinterPort -Name $n -ErrorAction Stop
+      Write-Host "[REMOVED] $n ($ip)" -ForegroundColor Green
+      $removed++
+    } catch {
+      Write-Host "[FAIL] $n - $($_.Exception.Message)" -ForegroundColor Red
+    }
+  }
+}
+Write-Host ""
+Write-Host "Ports in use: $inUse"
+Write-Host "Dead but in use: $deadCount (remove printer first)"
+Write-Host "Orphans removed: $removed"
+
+
+== Fix Wi-Fi Disconnect on Idle ==
+
+#!ps
+#maxlength=100000
+#timeout=60000
+
+$wifi = Get-PnpDevice -Class Net |
+    Where-Object {
+        $_.Status -eq 'OK' -and
+        $_.FriendlyName -match
+            'Wi-Fi|Wireless|WLAN' -and
+        $_.FriendlyName -notmatch
+            'Virtual|Direct'
+    }
+if ($wifi) {
+    $id = $wifi.InstanceId
+    $p = "HKLM:\SYSTEM\CurrentControlSet"
+    $p += "\Enum\$id"
+    Set-ItemProperty $p `
+        -Name "PnPCapabilities" `
+        -Value 24 -Type DWord
+    $n = $wifi.FriendlyName
+    Write-Host "Wi-Fi power saving off: $n"
+} else {
+    Write-Host "No Wi-Fi adapter found!"
+}
+$r = "HKLM:\SYSTEM\CurrentControlSet"
+$r += "\Control\Session Manager\Power"
+Set-ItemProperty $r `
+    -Name "HiberbootEnabled" `
+    -Value 0 -Type DWord
+Write-Host "Fast Startup disabled."
+Write-Host "Reboot needed to apply."
+
+
+== Clear C:\Temp ==
+
+#!ps
+#maxlength=10000
+#timeout=30000
+Remove-Item -Path "C:\Temp\*" -Recurse -Force
+Write-Host "[OK] C:\Temp cleared" -ForegroundColor Green

projects/msp-tools/utilities/win11_upgrade.ps1

@@ -0,0 +1,74 @@
+# ================================
+# Fleet Windows 11 Upgrade Script
+# ================================
+
+$logFile = "C:\Temp\Win11Upgrade.log"
+$dir = "C:\Temp"
+New-Item -ItemType Directory -Path $dir -Force | Out-Null
+
+function Write-Log {
+    param ([string]$msg)
+    $time = (Get-Date).ToString("yyyy-MM-dd HH:mm:ss")
+    "$time - $msg" | Out-File -FilePath $logFile -Append -Encoding utf8
+    Write-Host $msg
+}
+
+Write-Log "===== Starting Upgrade Script ====="
+
+# Get OS info (fast)
+$os = Get-CimInstance Win32_OperatingSystem
+$build = [int]$os.BuildNumber
+Write-Log "OS: $($os.Caption)"
+Write-Log "Build: $build"
+
+# Check if upgrade is needed
+$targetBuild = 26000
+if ($os.Caption -like "*Windows 11*" -and $build -ge $targetBuild) {
+    Write-Log "Already on latest Windows 11. Exiting."
+    exit 0
+}
+
+Write-Log "Upgrade required. Proceeding..."
+
+# Enable unsupported hardware bypass (safe if not needed)
+Write-Log "Setting compatibility bypass registry key"
+reg add HKLM\SYSTEM\Setup\MoSetup /v AllowUpgradesWithUnsupportedTPMOrCPU /t REG_DWORD /d 1 /f | Out-Null
+
+# Download Installation Assistant
+$url = "https://go.microsoft.com/fwlink/?linkid=2171764"
+$file = "$dir\Win11Upgrade.exe"
+
+Write-Log "Downloading Windows 11 Installation Assistant..."
+try {
+    Invoke-WebRequest $url -OutFile $file -UseBasicParsing -ErrorAction Stop
+} catch {
+    Write-Log "Download failed: $($_.Exception.Message)"
+    exit 1
+}
+
+if (!(Test-Path $file)) {
+    Write-Log "Download file not found. Exiting."
+    exit 1
+}
+
+Write-Log "Download complete"
+
+# Kill any previous upgrade processes
+Get-Process -ErrorAction SilentlyContinue |
+    Where-Object { $_.Name -like "*Windows10UpgraderApp*" } |
+    Stop-Process -Force -ErrorAction SilentlyContinue
+
+# Run upgrade silently
+Write-Log "Starting upgrade process (this will take 30-60+ minutes)..."
+$args = "/quietinstall /skipeula /auto upgrade /copylogs $dir"
+$proc = Start-Process $file -ArgumentList $args -Wait -PassThru
+
+Write-Log "Upgrade process exited with code: $($proc.ExitCode)"
+
+if ($proc.ExitCode -eq 0) {
+    Write-Log "Upgrade succeeded. Machine will reboot automatically."
+} else {
+    Write-Log "Upgrade may have failed. Check $dir for logs."
+}
+
+Write-Log "===== Script Complete ====="