azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sync: auto-sync from GURU-5070 at 2026-06-02 07:33:26

Browse Source 
Author: Mike Swanson
Machine: GURU-5070
Timestamp: 2026-06-02 07:33:26
This commit is contained in:
Mike Swanson
2026-06-02 07:33:31 -07:00
parent 4789476307
commit c52faa24a8
3 changed files with 350 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

158
clients/rednour/session-logs/2026-06-02-session.md Normal file
View File

@@ -0,0 +1,158 @@
## User
- **User:** Mike Swanson (mike)
- **Machine:** GURU-5070
- **Role:** admin
## Session Summary
Resolved a follow-up to last week's Rednour Law mailbox rename (Emma -> Carla). Carrie Rednour
(tenant Global Admin) texted Mike that inbound mail from Carla still displayed under the old name
"Emma - Rednour Law" and asked if it could be fixed. Mike pulled up the issue and Claude
investigated via the remediation tool against the rednourlaw.com tenant
(`4a4ca18a-f516-478b-99da-2e0722c5dc18`).
First verified the server side was actually correct: Carla's Azure AD `displayName` (Graph) and
her Exchange mailbox `DisplayName` (Get-Mailbox via Exchange REST) were both "Carla Skinner". An
initial wrong hypothesis — that "Emma - Rednour Law" was never a server value because the other
mailboxes follow a "First Last" naming convention — was corrected by Mike and confirmed against
the 2026-05-31 audit report, which showed the mailbox's pre-rename `displayName` had in fact been
literally "Emma - Rednour Law". That reframed the problem as a stale client-side artifact on
Carrie's end.
Graph apps in the suite have no `Contacts.Read` permission (confirmed 403 on a Graph contacts
call, and no Contacts/Mail roles in the user-manager or tenant-admin tokens), so Claude read
Carrie's contacts over EWS using the Exchange Operator SP's `full_access_as_app` role with
`ExchangeImpersonation` of crednour@rednourlaw.com. Her default Contacts folder (237 items) had no
Emma/Carla entry, but a deep sweep of all contact folders found the culprit in her Quick Contacts
folder (`IPF.Contact.MOC.QuickContacts`): a pinned contact "Emma - Rednour Law" mapped to
emma@rednourlaw.com. Because emma@ is still a live proxy alias on Carla's mailbox (deliberately
retained last session), Outlook resolved Carla's new mail to that old pin and rendered its name.
With Mike's go-ahead (he chose "delete the pin"), the contact was removed via EWS DeleteItem
(MoveToDeletedItems, recoverable) and the removal verified.
Mike then asked to check the other mailboxes. The same EWS contact-folder sweep ran against Nick
Pafford, the receptionist mailbox, and Carla's own mailbox — all clean, no stale Emma/Carla
entries. The issue was isolated entirely to Carrie. Closed out by writing a follow-up report to
`clients/rednour/reports/`, posting an internal (hidden) documentation comment to Syncro #32343,
and posting the mandatory #bot-alerts notification. No time was billed (Mike did not specify
minutes/labor type).
## Key Decisions
- **Delete the pin rather than rename it or hand it to Carrie.** Mike chose deletion via EWS;
Carla's mail now falls back to the GAL ("Carla Skinner"). Carrie can re-pin from the GAL if she
wants the favorite back.
- **Used EWS, not Graph, to read/modify Carrie's contacts.** No app in the suite holds
`Contacts.Read`/`ReadWrite` on Graph; the Exchange apps' `full_access_as_app` reaches personal
contact folders via EWS impersonation. Per skill scope rules, did not attempt to add a Graph
scope to work around it.
- **Left the emma@ alias in place.** It's the enabling factor for the shadowing, but mail to
emma@ still reaches Carla and it was retained by design last session. Removing it would break
delivery to emma@ and only mask the contact issue rather than fix it.
- **No time billed on the follow-up.** Mike's standing rule: never assume minutes/labor type.
Added a documentation comment only; flagged that time can be added to #32343 on request.
- **Internal/hidden Syncro comment, not customer-visible.** Mike is communicating with Carrie
directly over text; the ticket note is for the technical record.
## Problems Encountered
- **Wrong initial assertion that "Emma - Rednour Law" was never a server value.** Based on the
other mailboxes' "First Last" convention. Mike corrected it; confirmed against the 2026-05-31
audit report that the pre-rename displayName was exactly that string. Lesson: check the prior
session's recorded before-state, don't infer from sibling-object conventions.
- **Security Investigator EXO token 401'd** on the InvokeCommand read even though the token had
`aud=outlook.office365.com` and `full_access_as_app`. Switched to the Exchange Operator SP
token (proven on this tenant last session), which returned HTTP 200.
- **py wrote itemid file to the wrong /tmp.** `open('/tmp/emma-itemid.txt')` in Windows Python
resolves to `C:\tmp`, not the msys `/tmp` that bash reads — so the delete step initially got an
empty ItemId. Fixed by piping the ItemId/ChangeKey through stdout (`read IID CK < <(py -c ...)`)
and copying EWS responses to a repo-relative file both interpreters agree on before parsing.
- **EWS "Id is malformed"** when a folder's GUID-style DisplayName was passed as a FolderId.
Several MOC contact folders have no friendly name (DisplayName is a GUID); used the real
base64 EWS FolderId from FindFolder instead.
## Configuration Changes
**ClaudeTools repo (committed this session):**
- `clients/rednour/reports/2026-06-02-carrie-emma-display-name-stale-pin.md` — new follow-up
report documenting diagnosis, fix, and the all-mailbox sweep.
- `clients/rednour/session-logs/2026-06-02-session.md` — this log.
- `wiki/clients/rednour.md` + `wiki/index.md` — seeded/updated in Phase 3 (if synthesis ran).
**rednourlaw.com tenant (mailbox data):**
- Deleted the "Emma - Rednour Law" -> emma@rednourlaw.com contact from Carrie Rednour's
(crednour@) Quick Contacts folder (`IPF.Contact.MOC.QuickContacts`) via EWS DeleteItem
(MoveToDeletedItems — recoverable from her Deleted Items).
**Syncro:**
- Internal/hidden comment `416427937` on ticket #32343 (id 111409967). No line item, no invoice.
## Credentials & Secrets
No new credentials created or discovered this session. Tokens used were app-only client-credentials
flows for the existing ComputerGuru MSP SPs (cached under `/tmp/remediation-tool/<tenant>/`):
- Exchange Operator SP `b43e7342-5b4b-492f-890f-bb5a4f7f40e9` (`full_access_as_app`, aud
`https://outlook.office365.com`) — used for EWS reads + the contact delete.
- Security Investigator SP `bfbc12a4-f0dd-4e12-b06d-997e7271e10c` — Graph read (displayName);
its EXO token 401'd for InvokeCommand.
## Infrastructure & Servers
- **Tenant:** rednourlaw.com = `4a4ca18a-f516-478b-99da-2e0722c5dc18`
- **EWS endpoint:** `https://outlook.office365.com/EWS/Exchange.asmx` (SOAP; `ExchangeImpersonation`
via `<t:ConnectingSID><t:SmtpAddress>` header)
- **Exchange REST InvokeCommand:** `https://outlook.office365.com/adminapi/beta/<tenant>/InvokeCommand`
- **Mailboxes (5 recipients):** carla@ (Carla Skinner, was Emma; obj `93074d1a-6db2-4794-8f7d-c84a619e4494`),
crednour@ (Carrie Rednour, Global Admin, obj `a0fc8517-1c2a-4d72-b774-c0d5c929167a`),
npafford@ (Nick Pafford, alias nick@), receptionist@, + system DiscoverySearchMailbox.
- **Carla proxyAddresses:** SMTP:carla@, smtp:emma@, smtp:dgarcia@, smtp:alee@,
smtp:dgarcia@rednourlaw.onmicrosoft.com.
## Commands & Outputs
```bash
# Tokens
bash .claude/skills/remediation-tool/scripts/get-token.sh <tenant> investigator # Graph read
bash .claude/skills/remediation-tool/scripts/get-token.sh <tenant> exchange-op # EXO/EWS (worked)
# Graph: Carla displayName -> "Carla Skinner"
curl -H "Authorization: Bearer $GTOK" \
"https://graph.microsoft.com/v1.0/users/93074d1a-...?$select=displayName,proxyAddresses"
# Exchange: Get-Mailbox carla -> DisplayName "Carla Skinner" (HTTP 200 with exchange-op token;
# investigator-exo token 401'd)
POST .../adminapi/beta/<tenant>/InvokeCommand {"CmdletInput":{"CmdletName":"Get-Mailbox",...}}
# EWS: enumerate contact folders (FindFolder Deep, msgfolderroot) then FindItem per folder.
# Hit: folder IPF.Contact.MOC.QuickContacts -> contact "Emma - Rednour Law" / emma@rednourlaw.com
# EWS DeleteItem DeleteType="MoveToDeletedItems" -> ResponseClass="Success" / NoError
# Verify: folder TotalItemsInView 2 -> 1; "Emma - Rednour Law" no longer present
# Sweep other boxes (npafford@, receptionist@, carla@): contact folders enumerated, 0 matches
# Counts: Carrie 237 contacts / Nick 0 / receptionist 34 / Carla 40
# Syncro internal comment
POST /tickets/111409967/comment (hidden:true, do_not_email:true) -> comment.id 416427937
bash .claude/scripts/post-bot-alert.sh "[SYNCRO] Mike commented #32343 ..." # message_id 1511375413711212665
```
## Pending / Incomplete Tasks
- **Billing on #32343:** no time logged for this follow-up. Add minutes + labor type if Mike wants
it billed. The earlier 0.5h remote line from 2026-05-31 still sits on the (Resolved) ticket
pending final close-out.
- **Shared-drive access for Nick Pafford** (#32343) — still deferred from the 2026-05-31 session.
- **emma@ alias** remains on Carla's mailbox by design; revisit only if the firm wants emma@
decommissioned.
- If Carrie still sees the old name after sync, a one-time Outlook restart (cached mode) forces
the contact change down.
## Reference Information
- **Syncro:** Customer Rednour Law id `1224246`; Ticket #32343 id `111409967` (Resolved);
comment `416427937`. URL: https://computerguru.syncromsp.com/tickets/111409967
- **Report:** `clients/rednour/reports/2026-06-02-carrie-emma-display-name-stale-pin.md`
- **Prior session:** `session-logs/2026-05-31-mike-rednour-and-claudetools-infra.md` and
`clients/rednour/reports/2026-05-31-onboard-and-rename-emma-to-carla.md`
- **Stale-pin folder class:** `IPF.Contact.MOC.QuickContacts` (Outlook/Skype pinned favorites) —
resolves sender display names ahead of the GAL.

191
wiki/clients/rednour.md Normal file
View File

@@ -0,0 +1,191 @@
---
type: client
name: rednour
display_name: Rednour Law Offices
last_compiled: 2026-06-02
compiled_by: DESKTOP-0O8A1RL/claude-main
sources:
- clients/rednour/reports/2026-05-31-onboard-and-rename-emma-to-carla.md
- clients/rednour/reports/2026-06-01-carla-password-set.md
- clients/rednour/reports/2026-06-02-carrie-emma-display-name-stale-pin.md
- clients/rednour/session-logs/2026-06-02-session.md
- session-logs/2026-05-31-mike-rednour-and-claudetools-infra.md
- clients/rednour/onboarding-baselines/FRONTDESKRECEPT-20260529T195614.md
- clients/rednour/onboarding-baselines/LEGALASST-20260529T200647.md
- clients/rednour/onboarding-baselines/REDNOURCARRIEVI-20260529T202250.md
---
# Rednour Law Offices
## Profile
- **Business type:** Law firm (Arizona)
- **Syncro Customer ID:** 1224246
- **Billing model:** Time and materials [billing rate unverified — not stated in session logs]
- **Contract status:** Active MSP client
- **Primary ticket:** Syncro #32343 (id 111409967) — M365 onboarding + email account changes. Status: Resolved. URL: https://computerguru.syncromsp.com/tickets/111409967
## Contacts
| Name | Role | UPN / Email | Object ID | Notes |
|---|---|---|---|---|
| Carrie Rednour | Owner / attorney; M365 Global Admin | crednour@rednourlaw.com, sysadmin@rednourlaw.com | a0fc8517-1c2a-4d72-b774-c0d5c929167a | sysadmin@ is an alias on the same account; communicates via text with Mike directly |
| Carla Skinner | Legal assistant / employee | carla@rednourlaw.com | 93074d1a-6db2-4794-8f7d-c84a619e4494 | Renamed from Emma on 2026-05-31; emma@ + dgarcia@ + alee@ aliases retained by design (see below) |
| Nick Pafford | Employee | npafford@rednourlaw.com, nick@rednourlaw.com | fe859088-bcbc-49dc-aaea-4c6e68f7d5bb | nick@ added as alias on 2026-05-31; shared-drive access still pending |
| receptionist | Shared mailbox | receptionist@rednourlaw.com | — | No personal contact; 34 contacts in mailbox as of 2026-06-02 sweep |
System recipient: DiscoverySearchMailbox (Exchange system object — not a user).
## Infrastructure
### Network
- **Topology:** Workgroup (no on-prem AD, no domain join). All three enrolled machines report `PartOfDomain=False`.
- **LAN subnet:** 192.168.10.0/24, default gateway 192.168.10.1.
- **ZeroTier:** Present on REDNOURCARRIEVI (IP: 10.147.17.253 / fcfb:1c63:8659:2d21:d189::1). Not documented on other workstations.
### Workstations (GuruRMM enrolled)
All three machines were enrolled by 2026-05-29. Onboarding diagnostic grade: RED across the board (foreign agents, patch gaps — see open items).
| Hostname | Model | CPU | RAM | OS | IP | Agent ID | Grade |
|---|---|---|---|---|---|---|---|
| FRONTDESKRECEPT | Dell OptiPlex 3080 | i5-10505 6c/12t | 15.8 GB | Win 11 Pro build 26200 | 192.168.10.115 | 04765560-3e8a-46e5-a507-c5f5f4ead6eb | RED |
| LEGALASST | Generic OEM | AMD Ryzen 3 3200G 4c/4t | 5.9 GB | Win 10 Pro build 19045 | 192.168.10.213 | 18825ea7-df58-47bb-b492-822cb16fb5ec | RED |
| REDNOURCARRIEVI | Generic OEM | i3-9100 4c/4t | 7.7 GB | Win 10 Pro build 19045 | 192.168.10.194 | 8e4e2221-7e2a-4a6f-9eda-864568539961 | RED |
**Common issues across all three at onboarding:**
- ScreenConnect (ConnectWise Control) running — prior MSP remote-access agent, not yet removed
- Splashtop Streamer running — prior MSP remote-access agent, not yet removed
- Syncro agent running — prior MSP agent, not yet removed
- No backup agent detected on any workstation
**LEGALASST additional:**
- Win 10 22H2 (build 19045) — EOL since 2025-10-14; no longer receives security patches
- 43 days uptime, reboot pending
- Local admins include stale accounts `Ale` and `Emma` (pre-rename artifact)
**REDNOURCARRIEVI additional:**
- Win 10 22H2 (build 19045) — EOL since 2025-10-14
- Defender real-time protection OFF + antimalware service not running at baseline (critical)
- Datto RMM running — prior MSP agent, not yet removed
- C: drive at 11.7% free (54.4 GB of 465.1 GB)
- Last hotfix: 2025-12-20 (severely behind on patches as of 2026-05-29)
- 151 installed programs, 19 non-MS scheduled tasks — elevated attack surface
**FRONTDESKRECEPT additional:**
- BitLocker off on OS volume
- 2 pending Windows updates
- Local admin account `guru` present (ACG account, expected)
### GuruRMM Site
- **Site name:** Main Office
- **Enrollment key vault path:** `clients/rednour/` (enrollment key GREEN-FALCON-7214 in vault per index entry)
## Cloud / M365
- **Tenant domain:** rednourlaw.com
- **Tenant ID:** `4a4ca18a-f516-478b-99da-2e0722c5dc18`
- **Onboarded to ComputerGuru MSP suite:** 2026-05-31 (bootstrapped by Mike during Emma→Carla rename session)
### MSP Service Principals
All five ComputerGuru SPs are fully consented as of 2026-05-31:
| SP Name | App ID | SP Object ID | Role(s) Assigned |
|---|---|---|---|
| Tenant Admin | 709e6eed-0711-4875-9c44-2d3518c47063 | 671a2ace-be9e-440c-a7d6-5ff982e4500c | Conditional Access Administrator |
| Security Investigator | bfbc12a4-f0dd-4e12-b06d-997e7271e10c | 704da463-7f4e-484c-b1da-40e447615d52 | Exchange Administrator |
| Exchange Operator | b43e7342-5b4b-492f-890f-bb5a4f7f40e9 | 59a68ba9-5e1e-4a56-92ae-507a9a669a79 | Exchange Administrator |
| User Manager | 64fac46b-8b44-41ad-93ee-7da03927576c | dc3b79a2-638b-42fe-8ecb-51592db7d40f | User Administrator + Authentication Administrator |
| Defender Add-on | dbf8ad1a-54f4-4bb8-8a9e-ea5b9634635b | 052da8aa-1ca5-4f60-b9c5-7aafcb74264b | None |
[WARNING] No MDE license in this tenant. Defender Add-on is consented but calling Defender ATP endpoints returns AADSTS650052. Skip the `defender` tier for all remediation work against this tenant.
### Mailboxes
| Display Name | UPN | Object ID | Notes |
|---|---|---|---|
| Carla Skinner | carla@rednourlaw.com | 93074d1a-6db2-4794-8f7d-c84a619e4494 | Renamed from Emma on 2026-05-31; aliases: emma@, dgarcia@, alee@, dgarcia@rednourlaw.onmicrosoft.com |
| Carrie Rednour | crednour@rednourlaw.com | a0fc8517-1c2a-4d72-b774-c0d5c929167a | Global Admin; sysadmin@ is also hers |
| Nick Pafford | npafford@rednourlaw.com | fe859088-bcbc-49dc-aaea-4c6e68f7d5bb | nick@ alias added 2026-05-31 |
| receptionist | receptionist@rednourlaw.com | — | 34 contacts in mailbox |
| DiscoverySearchMailbox | (system) | — | Exchange system object |
**Carla's retained aliases:** The mailbox mailNickname was historically `dgarcia` (prior employee Garcia → passed to Emma → now Carla). Both `dgarcia@` and `alee@` were kept by operator's explicit choice on 2026-05-31. The `emma@` alias was kept so mail to emma@ continues to reach Carla. Revisit only if the firm requests decommissioning of these addresses.
## Syncro
- **Customer:** Rednour Law Offices, id `1224246`
- **Primary ticket:** #32343 (id 111409967), Status: Resolved
- 0.5h remote labor (line item 42654682, $75.00, non-taxable, attributed to Mike user_id 1735) — not yet invoiced as of 2026-05-31; pending final close-out after Nick's shared-drive piece
- Comments: 415513323 (hidden/internal), 415514647 (customer-visible), 416427937 (internal — 2026-06-02 follow-up contact fix)
## History
### 2026-05-29 — GuruRMM enrollment + onboarding baselines
Three workstations enrolled in GuruRMM site "Main Office": FRONTDESKRECEPT, LEGALASST, REDNOURCARRIEVI. Onboarding diagnostic baselines captured (all graded RED). Prior MSP agents (ScreenConnect, Splashtop, Syncro, Datto RMM on Carrie's machine) still present — not yet removed.
### 2026-05-31 — M365 onboarding + Emma → Carla rename
**Syncro ticket #32343.** Operator: Mike Swanson.
Tenant had never been fully onboarded to the ComputerGuru MSP suite — only Tenant Admin was consented, and Exchange Operator lacked Exchange Administrator role. Root cause surfaced as an HTTP 403 when attempting Get-Mailbox during the rename. Resolution: Mike clicked the Tenant Admin admin-consent URL as Global Admin (Carrie's account), then ran `onboard-tenant.sh rednourlaw.com` to consent the remaining four SPs and assign directory roles.
After Exchange role propagation (~60s), the rename was executed in three calls:
1. `Set-Mailbox` via Exchange REST — updated EmailAddresses (carla@ as primary, emma@/dgarcia@/alee@ as aliases)
2. Graph `PATCH /users/{id}` — updated UPN, displayName, mailNickname, givenName, surname
3. `POST /users/{id}/revokeSignInSessions` — invalidated active tokens
Nick Pafford already existed as `npafford@`; `smtp:nick@rednourlaw.com` was added as an alias on his existing mailbox (no UPN change, no session revoke). Ticket set to Resolved; shared-drive access for Nick deferred.
### 2026-06-01 — Carla password set (client-directed)
Carla's account password set administratively via Graph User Manager app at client direction (`forceChangePasswordNextSignIn: false`, no session revocation). Password quality flagged to operator as weak (dictionary word + sequential digits) but applied as directed.
### 2026-06-02 — Stale pinned contact fix (Carrie's mailbox)
Carrie reported inbound mail from Carla still showed "Emma - Rednour Law". Server-side state was correct; root cause was a leftover pinned contact (`IPF.Contact.MOC.QuickContacts`) in Carrie's own mailbox mapping `emma@rednourlaw.com` → display name "Emma - Rednour Law". Because `emma@` is a live proxy alias on Carla's mailbox, Outlook resolved Carla's new mail to this stale pin.
Fix: deleted the pin via EWS (`ExchangeImpersonation` of crednour@rednourlaw.com using Exchange Operator SP `full_access_as_app`; `DeleteItem` with `MoveToDeletedItems` — recoverable). Graph contacts call (403) confirmed no `Contacts.Read` scope in any suite app; EWS was the correct path.
All four real-user mailboxes swept — only Carrie was affected:
| Mailbox | Contacts scanned | Stale entries found |
|---|---|---|
| Carrie Rednour | 237 (across 10 folders) | 1 — deleted |
| Nick Pafford | 0 (empty) | none |
| receptionist | 34 (across 10 folders) | none |
| Carla Skinner | 40 (across 9 folders) | none |
No time billed on this follow-up per Mike's standing rule (never log time without explicit minutes + labor type).
## Patterns & Known Issues
- **EWS required for personal contact work.** No app in the ComputerGuru suite holds `Contacts.Read` or `Contacts.ReadWrite` on Graph. Personal contact folder reads and modifications must go through EWS (`full_access_as_app` on the Exchange Operator SP with `ExchangeImpersonation`).
- **Security Investigator EXO token unreliable on this tenant.** The `investigator` SP's EXO token (aud=outlook.office365.com) returned 401 on InvokeCommand during the 2026-06-02 session; the Exchange Operator SP token worked. Prefer Exchange Operator for EXO InvokeCommand on rednourlaw.com.
- **Stale-pin shadowing pattern:** `IPF.Contact.MOC.QuickContacts` folder entries override the GAL for display-name resolution in Outlook/Teams. If any user reports a renamed sender still showing the old name, run the EWS contact-folder sweep against that user's mailbox.
- **emma@ alias is live by design.** Mail to emma@rednourlaw.com routes to Carla Skinner. Do not remove unless the firm explicitly requests it.
- **No MDE license — skip Defender tier.** Defender Add-on is consented but ATP endpoints 650052. Do not attempt Defender-tier calls for this tenant.
- **Prior MSP agents still installed.** ScreenConnect, Splashtop, and Syncro on all workstations; Datto RMM on REDNOURCARRIEVI. Not yet remediated as of 2026-06-02.
- **LEGALASST and REDNOURCARRIEVI are on Win 10 22H2 (EOL).** No security updates since 2025-10-14. Plan OS upgrade to Win 11 or Win 10 newer build.
- **REDNOURCARRIEVI: Defender was off at onboarding.** Confirm it has been re-enabled; it is a critical finding.
## Active Work / Open Items
| Priority | Action | Owner | Notes |
|---|---|---|---|
| P1 | Re-enable Defender on REDNOURCARRIEVI | Howard/Mike | Was off at onboarding 2026-05-29; confirm current state |
| P1 | Remove prior MSP agents (ScreenConnect, Splashtop, Syncro, Datto RMM) | Mike/Howard | Present on all 3 machines; Datto RMM on REDNOURCARRIEVI only |
| P1 | Upgrade LEGALASST and REDNOURCARRIEVI to a supported OS | Mike | Both on Win 10 22H2 (EOL 2025-10-14) |
| P2 | Shared-drive access for Nick Pafford | Mike | Deferred from #32343; ticket Resolved without it |
| P2 | Final invoice on Syncro #32343 | Mike | 0.5h remote labor (line item 42654682) sitting on Resolved ticket |
| P2 | Address BitLocker gap on FRONTDESKRECEPT | Mike/Howard | OS volume unencrypted at onboarding |
| P3 | Remove stale local admin accounts (Ale, Emma on LEGALASST) | Howard | Left from prior user assignment |
| P3 | emma@ alias — revisit if firm wants it decommissioned | Mike | Retained by design; currently serves as Carla's legacy address |
## Backlinks
- [[projects/gururmm]] — FRONTDESKRECEPT, LEGALASST, REDNOURCARRIEVI enrolled (site: Main Office)

2
wiki/index.md
View File

@@ -28,7 +28,7 @@ Run `/wiki-lint` to check for stale entries and broken backlinks.
| [Glaz-Tech Industries](clients/glaztech.md) | ~200 users, 9 locations; M365; two phishing campaigns bypassed MailProtector via secondary MX (removed); no MFA enforcement yet | 2026-05-24 |
| [Grabb & Durando Law Office](clients/grabb-durando.md) | Personal injury law firm; GND-SERVER GuruRMM enrolled; AI demand review app scoped ($4K$7K); website migration pending; plaintext DB password in README needs vaulting | 2026-05-24 |
| [Pavon](clients/pavon.md) | Former/archive client; GeoVision NVR surveillance; OwnCloud at 172.16.3.22 backed by Uranus; cron stacking fixed; Nextcloud migration deferred 36 months | 2026-05-24 |
| [Rednour Law Offices](clients/rednour.md) | Law firm; GuruRMM Main site deployed; LegalAsst workstation enrolled and online (PIN: 1634); enrollment key GREEN-FALCON-7214 in vault | 2026-05-29 |
| [Rednour Law Offices](clients/rednour.md) | Law firm; M365 rednourlaw.com (tenant 4a4ca18a) fully onboarded 2026-05-31; all 5 ComputerGuru SPs consented; no MDE license; 3 workstations GuruRMM enrolled (FRONTDESKRECEPT/LEGALASST/REDNOURCARRIEVI); Carla Skinner renamed from Emma; prior MSP agents (ScreenConnect/Splashtop/Datto) still present; shared-drive access for Nick Pafford deferred | 2026-06-02 |
| [Peaceful Spirit Therapeutic Massage](clients/peaceful-spirit.md) | Massage therapy practice; PST-SERVER (192.168.0.2) + 5 GuruRMM agents; L2TP/IPsec RRAS VPN complete across all machines; Syncro 278525 (Peaceful Spirit Massage) | 2026-06-02 |
| [Sombra Residential LLC](clients/sombra-residential.md) | Property management; Server2013 (actually WS2012 EOL, unpatched) + DESKTOP-UQRN4K3 GuruRMM enrolled; Transwiz migration artifacts cause Office credential prompts | 2026-05-24 |
| [Stamback Septic](clients/stamback-septic.md) | Septic services; prepaid block ~3.5 hrs remaining; DESKTOP-BTR2AM3 + StambackLaptopNew GuruRMM enrolled; OneDrive identity wipe pattern documented | 2026-05-24 |