wiki: compile dataforth (full) — fold in Phase 2 shares target-state strawman
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -2,8 +2,8 @@
|
||||
type: client
|
||||
name: dataforth
|
||||
display_name: Dataforth Corporation
|
||||
last_compiled: 2026-06-20
|
||||
compiled_by: GURU-5070/claude-main
|
||||
last_compiled: 2026-06-23
|
||||
compiled_by: Howard-Home/claude-main
|
||||
sources:
|
||||
- clients/dataforth/docs/overview.md
|
||||
- clients/dataforth/docs/active-directory.md
|
||||
@@ -31,6 +31,8 @@ sources:
|
||||
- clients/dataforth/docs/projects/shares-permissions/current-state-2026-06-10.md
|
||||
- clients/dataforth/docs/projects/shares-permissions/acl-audit-detail-2026-06-10.md
|
||||
- clients/dataforth/docs/projects/shares-permissions/discovery-email-draft.md
|
||||
- clients/dataforth/docs/projects/shares-permissions/target-structure-draft-2026-06-22.md
|
||||
- clients/dataforth/session-logs/2026-06/2026-06-23-howard-dataforth-share-plan-recovery.md
|
||||
- clients/dataforth/docs/aoi-xp-vlan-backup-runbook.md
|
||||
- clients/dataforth/session-logs/2026-03-23-galactic-advisors-report.md
|
||||
- clients/dataforth/session-logs/2026-03-27-security-incident-mfa-datasheets.md
|
||||
@@ -77,7 +79,7 @@ backlinks:
|
||||
|
||||
# Dataforth Corporation
|
||||
|
||||
Signal conditioning / data acquisition manufacturer in Tucson, AZ. Long-standing ACG client. Active managed relationship — monthly prepaid block. Notable for 64 MS-DOS 6.22 test stations, a major security incident in March 2026, an ongoing test datasheet pipeline modernization project, an incomplete 2025 post-ransomware recovery restore that silently dropped files across multiple shares (active audit underway), and a new shares/permissions remediation project (Phase 1 pending client input as of 2026-06-19).
|
||||
Signal conditioning / data acquisition manufacturer in Tucson, AZ. Long-standing ACG client. Active managed relationship — monthly prepaid block. Notable for 64 MS-DOS 6.22 test stations, a major security incident in March 2026, an ongoing test datasheet pipeline modernization project, an incomplete 2025 post-ransomware recovery restore that silently dropped files across multiple shares (active audit underway), and a new shares/permissions remediation project (Phase 1 still pending client input; a Phase 2 target-state strawman was drafted 2026-06-22).
|
||||
|
||||
---
|
||||
|
||||
@@ -103,10 +105,10 @@ Signal conditioning / data acquisition manufacturer in Tucson, AZ. Long-standing
|
||||
|
||||
- **External distributor:** Ginger (gy@quatronix-cn.com) — Quatronix China; receives datasheets
|
||||
- **Billing rate:** Prepaid block; all invoices show $0.00 — hours drawn from block
|
||||
- **Hours remaining:** 31.5 hrs as of 2026-06-19 (live-check Syncro before billing — `GET /customers/578095`)
|
||||
- **Hours remaining:** 31.5 hrs as of 2026-06-23 (live-check Syncro before billing — `GET /customers/578095`)
|
||||
- **Syncro customer ID:** 578095
|
||||
- **Syncro managed assets:** 50
|
||||
- **Open Syncro tickets:** 0 as of 2026-06-19
|
||||
- **Open Syncro tickets:** 0 as of 2026-06-23
|
||||
- **Invoice CC:** jantar@dataforth.com
|
||||
|
||||
---
|
||||
@@ -409,7 +411,10 @@ Syncro asset IDs: 23845, 149614, 9708445, 9357407, 9276901, 9212922, 9078651, 88
|
||||
### Shares ACL State — All Open to All Staff
|
||||
- **All 8 business shares grant access to every employee** via `Everyone`/`Domain Users` (FullControl on 4 shares, Modify on 3). No department-based security groups exist. Sensitive data — Payroll, OSHA records, Purchase Orders, Accounting/QuickBooks, Sage financials — is fully readable and writable by all domain users.
|
||||
- **Remediation project in progress** (Shares & Permissions, started 2026-06-10). Phase 0 (discovery) complete. Phase 1 (client input/department matrix) pending email to Dan Center. Do not apply ACL changes until after client sign-off on the target model. Details: `clients/dataforth/docs/projects/shares-permissions/`.
|
||||
- **Special shares excluded from remediation:** `test` (DOS/SMB1 guest — leave open); `webshare` (preserve `svc_testdatadb:Full`); `ITSvc` (Domain Computers needs Read).
|
||||
- **Special shares excluded from remediation:** `test` (DOS/SMB1 guest — leave open); `webshare` (preserve `svc_testdatadb:Full`); `ITSvc` (Domain Computers needs Read); Sage app data path (restrict by group at the share, but keep the live UNC stable for the ERP/SQL).
|
||||
- **Phase 2 target-state strawman (drafted 2026-06-22, pre-client-input):** `target-structure-draft-2026-06-22.md`. Inferred from the existing share/folder layout (which is already department-shaped) plus a client-facing render at `Dataforth-Shared-Drives-Plan.html`. Target = one logical tree: `Company\Departments\` (Engineering [+Test-Engineering], Manufacturing, Quality, Sales-Marketing, Shipping-Receiving, Purchasing, IT), a `Restricted\` branch with **broken inheritance / no Domain Users** (Accounting-Finance, Payroll, HR, OSHA, Purchase-Orders), a read-mostly `Company-Wide\`, per-user `Users\`, and read-only `Archive\`. ABE on. Groups named `SG-<Resource>-<RW|RO>`; users get **Modify** via the RW group (never Full), SYSTEM/Administrators keep Full.
|
||||
- **Drive-letter strategy — Option A recommended:** keep current Q/S/T/W/Y/B mappings and realize the tree *logically* (reorg folders within each share + apply groups) for the first rollout — lowest disruption, no app/UNC breakage, no retraining. Hold physical consolidation to one `Company` drive (Option B) as a later optional phase after a hard-coded-UNC-path audit (DOS, Sage, datasheet pipeline, GageTrak/Epicor). The permission model is identical either way.
|
||||
- **Strawman is NOT a build order — six items still gate Phase 2 sign-off (need the client):** confirm the inferred department list; the per-department RW/RO/none access matrix; named access for sensitive data (Payroll/OSHA/POs/Accounting — likely HR/Finance sign-off, not just Dan); department rosters to populate groups; legacy cleanup approval (person-named / "Do not use" folders); and an Engineering destination volume (AD1 C: ~90% full blocks any ENGR restructure).
|
||||
|
||||
### Security
|
||||
- **C2 IP blocks are iptables only** — do not survive UDM reboot. Must add to permanent UniFi block list via UI. C2 IPs: 80.76.49.18, 45.88.91.99 (AS399486 Virtuo, Montreal).
|
||||
@@ -432,9 +437,9 @@ Syncro asset IDs: 23845, 149614, 9708445, 9357407, 9276901, 9212922, 9078651, 88
|
||||
|
||||
## Active Work
|
||||
|
||||
As of 2026-06-19 (no open Syncro tickets):
|
||||
As of 2026-06-23 (no open Syncro tickets):
|
||||
|
||||
- **Shares & Permissions project (Phase 1 — BLOCKING, pending client input):** Phase 0 (discovery) completed 2026-06-10 — read-only ACL audit confirmed all 8 business shares open to all employees; Domain Users has FullControl on 4 shares. Discovery email to Dan Center drafted (`clients/dataforth/docs/projects/shares-permissions/discovery-email-draft.md`); not yet sent. Phase 1 blocked on client responses: department list, access matrix, sensitive-data rules, staff rosters. Full roadmap: `clients/dataforth/docs/projects/shares-permissions/roadmap.md`.
|
||||
- **Shares & Permissions project (Phase 1 — BLOCKING, pending client input):** Phase 0 (discovery) completed 2026-06-10 — read-only ACL audit confirmed all 8 business shares open to all employees; Domain Users has FullControl on 4 shares. Discovery email to Dan Center drafted (`clients/dataforth/docs/projects/shares-permissions/discovery-email-draft.md`); **not yet sent — recipients/sender not locked** (Dan Center primary; CC Kevin Wackerly?; Mike or Howard sending?). Phase 1 blocked on client responses: department list, access matrix, sensitive-data rules, staff rosters. A **Phase 2 target-state strawman was drafted 2026-06-22** (`target-structure-draft-2026-06-22.md` + client-facing `Dataforth-Shared-Drives-Plan.html`) from the existing layout — see [Shares ACL State](#shares-acl-state--all-open-to-all-staff); it still needs the Phase 1 client matrix to finalize. Next-step options: polish the client HTML, finalize + send the discovery email to unblock Phase 1, or refine the internal strawman. Full roadmap: `clients/dataforth/docs/projects/shares-permissions/roadmap.md`.
|
||||
|
||||
- **8B/5B/SCM render completion (parked with AD2):** Root-caused a `parseRawData` bug (PASS/FAIL line consumed as step-response for families that omit `"0","0",v` line). 136 8B/5B/SCM templates mined from Hoffman API (2026-06-18). Completion — wiring templates into the live renderer with correct slotmaps, QB rounding, and frequency/AAC accuracy — handed to AD2 (its now-proven machinery from DSCA33/45 work). Sync handoff at `projects/dataforth-dos/8B5BSCM-RENDER-VERIFY-2026-06-18.md`. ~9,624 records remain unpublished; this is a render-coverage gap (null renders correctly skipped), not a backlog.
|
||||
|
||||
@@ -505,6 +510,7 @@ As of 2026-06-19 (no open Syncro tickets):
|
||||
| 2026-06-10 | **Shares & Permissions Phase 0 complete.** Read-only ACL audit of all 8 business shares: all grant Domain Users/Everyone Full or Modify; no department security groups exist; Payroll/OSHA/PO/accounting data open to all employees. Phase 1 (client input) pending discovery email to Dan Center. |
|
||||
| 2026-06-17 | AD2 identity.json + Python 3.12.8 installed. `CLAUDE.dataforth.md` created for AD2 context file (relocated from in-line `.claude/CLAUDE.md` edits to maintain clean fork). |
|
||||
| 2026-06-18 | **DSCA33/45 certs recovered via Hoffman API** — 56 model templates mined, 1,452 new DSCA33/45 certs published on AD2 (0 overwrites). Root-caused `parseRawData` bug affecting 8B/5B/SCM families. 136 8B/5B/SCM templates mined from Hoffman and handed to AD2 for wiring. TestDataDB UI redesigned and deployed on AD2 (cert-fit, publish chips, push toasts, full-screen inspector). AD2 SSH PMTU blackhole diagnosed (GURU-5070 adapter MTU 1500 vs tunnel ~1424) and fixed (MTU 1400). Syncro #32441. |
|
||||
| 2026-06-22 | **Shares & Permissions Phase 2 target-state strawman drafted** — proposed `Company\Departments\…Restricted\…Company-Wide\…Users\…Archive\` tree with `SG-<Resource>-<RW|RO>` groups, current→target migration map, and Option-A (keep drive letters) rollout, all inferred from the existing layout. Internal draft + client-facing HTML render. Phase 1 client input still gates sign-off. |
|
||||
|
||||
---
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# Wiki Index
|
||||
|
||||
Last updated: 2026-06-22
|
||||
Last updated: 2026-06-23
|
||||
Compiled by: HOWARD-HOME/claude-main
|
||||
|
||||
This wiki is LLM-maintained. Do not edit articles manually — run `/wiki-compile` to update.
|
||||
@@ -19,7 +19,7 @@ Run `/wiki-lint` to check for stale entries and broken backlinks.
|
||||
| Article | Summary | Last Compiled |
|
||||
|---|---|---|
|
||||
| [Cascades of Tucson](clients/cascades-tucson.md) | Prepaid block $175/hr, **48.75 hrs remaining** (live 2026-06-20); senior living; active domain migration + HIPAA caregiver-lockdown project (GPOs deployed; Entra Hybrid Join + CA allow-list + ALIS SSO model proven); single DC (CS-SERVER) on aging R610, OS RAID-1 degraded 2026-06-15 (data-loss risk; cloud backup started); **Voice VLAN 30 migration COMPLETE 2026-06-19** (~38 devices: 29 Poly + 8 AudioCodes + desktop; awaiting Vertical to set Poly 5GHz-only); **UniFi RF optimized 2026-06-19** (77 U7-Pro APs/~587 clients: 2.4GHz power->Medium on 47 radios + 5GHz clean-DFS 40MHz channel plan -> 5GHz retry halved; 6GHz blocked by WPA3 on PPSK SSID); Syncro 0 open tickets | 2026-06-20 |
|
||||
| [Dataforth Corporation](clients/dataforth.md) | Prepaid block ~$2,099/mo, **31.5 hrs remaining** (live 2026-06-20); signal-conditioning manufacturer; 64 DOS test stations; 2025 ransomware recovery + incomplete file restore (migration-gap audit); 2026-03 phishing + MFA rollout; test-datasheet pipeline (DSCA cert publish via Hoffman API + testdatadb UI on AD2); mail stack INKY->Mailprotector CloudFilter->EXO; FreePBX 17 outage fixed 2026-06-08/09 (qualify_frequency=0; no RTP-forward); shares-ACL project (all open to staff); Syncro asset reconciliation 2026-06-02; GuruRMM fleet ~45; Bitdefender phase-off | 2026-06-20 |
|
||||
| [Dataforth Corporation](clients/dataforth.md) | Prepaid block ~$2,099/mo, **31.5 hrs remaining** (live 2026-06-23); signal-conditioning manufacturer; 64 DOS test stations; 2025 ransomware recovery + incomplete file restore (migration-gap audit); 2026-03 phishing + MFA rollout; test-datasheet pipeline (DSCA cert publish via Hoffman API + testdatadb UI on AD2); mail stack INKY->Mailprotector CloudFilter->EXO; FreePBX 17 outage fixed 2026-06-08/09 (qualify_frequency=0; no RTP-forward); shares-ACL project (all open to staff; Phase 2 target-state strawman drafted 2026-06-22); Syncro asset reconciliation 2026-06-02; GuruRMM fleet ~45; Bitdefender phase-off | 2026-06-23 |
|
||||
| [Instrumental Music Center](clients/instrumental-music-center.md) | Prepaid block $175/hr, 12.5 hrs remaining; music retail/repair; AIMsi POS on SQL Server 2019; phantom DC causing slow logons; GuruRMM enrolled (IMC1) | 2026-05-24 |
|
||||
| [Jimmy Company](clients/jimmy.md) | Break-fix, $150/hr; single aging workstation BLASTER2 (Win10 22H2 EOL, i5-3470/3.8GB — replace); backups the recurring theme (QuickBooks data); onboarded to GuruRMM 2026-06-19 (RDP NLA + Kaseya removal + cleanup); MSP360 local backup drive full, 90-day retention set, space reclaim pending in console (cloud B2 healthy) | 2026-06-19 |
|
||||
| [Valley Wide Plastering](clients/valleywide.md) | Prepaid block, 10 hrs remaining; plastering/stucco contractor; HP DL360 Gen10 + XenServer; VB6 app modernization project; RDWeb brute-force incident; 11 Yealink phones pending | 2026-06-14 |
|
||||
|
||||
Reference in New Issue
Block a user