wiki: compile peaceful-spirit (full) — two-DC DFS, deletion investigation, Admin1/Admin2 ACL hardening

This commit is contained in:
2026-07-01 09:09:40 -07:00
parent 02845878d6
commit e583bf43a5
2 changed files with 183 additions and 88 deletions

View File

@@ -1,6 +1,6 @@
# Wiki Index
Last updated: 2026-06-30
Last updated: 2026-07-01
Compiled by: HOWARD-HOME/claude-main
This wiki is LLM-maintained. Do not edit articles manually — run `/wiki-compile` to update.
@@ -32,7 +32,7 @@ Run `/wiki-lint` to check for stale entries and broken backlinks.
| [Pavon](clients/pavon.md) | Former/archive client; GeoVision NVR surveillance; OwnCloud at 172.16.3.22 backed by Uranus; cron stacking fixed; Nextcloud migration deferred 36 months | 2026-05-24 |
| [Rieusset Corp (Tom Sorensen)](clients/rieusset-corp.md) | Small business; email hosted on Neptune Exchange (4 mailboxes: tsorensen, tomrc, ojodeagua, csorensen @rieussetcorp.com); Mailprotector domain ID 57833; outbound via SBR Outbound.Sorensen connector; clipto.com allow rule added 2026-06-08 | 2026-06-08 |
| [Rednour Law Offices](clients/rednour.md) | Law firm (break-fix/T&M, prepay 0); M365 rednourlaw.com (tenant 4a4ca18a) onboarded, 5 ComputerGuru SPs consented, no MDE license; 3 Win workstations GuruRMM-enrolled (all RED, prior MSP agents pending removal) — **all three now on Win 11** (LEGALASST + Carrie/REDNOURCARRIEVI upgraded 2026-06-29); REDNOURCARRIEVI hosts the firm's peer-to-peer SMB shares (Nick's Mac access done 2026-06-25); **Carrie's Win11 upgrade root cause = corrupt download (`ks.sys` 0x80070570 -> SAFE_OS 0x8007000D); fixed via fresh Media Creation Tool media — done in-shop, build 26200**; GuruRMM **works** on the Windows boxes (earlier "not working" disproved); macOS RMM agent still won't enroll (site code-vs-UUID bug, coord 6f2d22be); `endpointprotection.exe` = Datto AV (Defender RTP off by design); #32368 invoiced #67912 $669.55 (Nick = no charge); plaintext local-account creds from Syncro notes vaulted (clients/rednour/local-accounts) | 2026-06-30 |
| [Peaceful Spirit Therapeutic Massage](clients/peaceful-spirit.md) | Massage therapy practice; PST-SERVER (192.168.0.2) + 5 GuruRMM agents; L2TP/IPsec RRAS VPN complete; 2026-06-04 site-wide outage resolved (UDR Ultra reboot dropped VPN port-forward, re-added in controller); BridgettePSHomeComputer re-enrolled (new UUID 01160fc8); vault drift open (pst-admin password); Syncro 278525 (Peaceful Spirit Massage) | 2026-06-04 |
| [Peaceful Spirit Therapeutic Massage](clients/peaceful-spirit.md) | Massage therapy, two sites (Country Club + Northwest); break-fix, Syncro 278525, 31 assets; **two-DC domain** — PST-SERVER (192.168.0.2, 2016 Essentials, all FSMO) + PST-SERVER2 (192.168.1.5, rebuilt 6/13 from past-tombstone state, NW) with DFS-R (PST-DFS, ~221/265 GB) — **Gate 4 blocked: SERVER2 flapping (NW power/UPS/net)**; L2TP/IPsec RRAS VPN complete (6 GuruRMM agents); **JuneJuly 2026 file-deletion investigation** — 47,749 files gone from `@Clients` since 6/24 but ~93% duplicate cleanup, **~3,342 genuine recoverable** from MSP360/B2 staging (Glennda trigger = misspelled duplicate, canonical folder intact; 6/29/2025 restore point purged by 365-day retention); **Admin1/Admin2 NTFS hardening** on G:\Shares\Scanned (fixed inverted group nesting; Admin1 = RX,W + deny-delete, Admin2 = Full); vault drift open (pst-admin password) | 2026-07-01 |
| [Patriot Internal Medicine](clients/patriot-internal-medicine.md) | Medical practice, two locations (Tucson + Sonoita); GuruRMM client+sites provisioned 2026-06-18 (Tucson: NORTH-WOLF-6270, Sonoita: LIGHT-HARBOR-9617); no agents deployed yet; enrollment keys vaulted; infrastructure discovery pending | 2026-06-18 |
| [Sombra Residential LLC](clients/sombra-residential.md) | Property management; Server2013 (actually WS2012 EOL, unpatched) + DESKTOP-UQRN4K3 GuruRMM enrolled; Transwiz migration artifacts cause Office credential prompts | 2026-05-24 |
| [Stamback Septic](clients/stamback-septic.md) | Septic services; prepaid block ~3.5 hrs remaining; DESKTOP-BTR2AM3 + StambackLaptopNew GuruRMM enrolled; OneDrive identity wipe pattern documented | 2026-05-24 |