azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
707 Commits 3 Branches 0 Tags
main
Commit Graph

30 Commits

Author SHA1 Message Date
Howard Enos
35d3a39242 client/cascades: britney.thompson M365 offboarding complete — sign-in blocked, license removed, litigation hold 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-20 14:42:05 -07:00
Howard Enos
ae791e321d client/cascades: Phase 2.6 COMPLETE — 13 printers, 4 GPOs, 5 accounts disabled 
Detailed context:
- Task: Cascades of Tucson Phase 2.6 — printer migration, GPO deployment, account cleanup
- Changes:
  - phase2-print-server.ps1: all 13 printers complete, Epson driver/share notes added
  - active-directory.md: 5 stale accounts disabled, 4 GPOs created, pending issues cleared, printer share table updated
  - Session log: 2026-05-20 Howard session covering all Phase 2.6 work
- Status: Phase 2.6 complete

Files modified:
- clients/cascades-tucson/docs/migration/scripts/phase2-print-server.ps1
- clients/cascades-tucson/docs/servers/active-directory.md
- clients/cascades-tucson/session-logs/2026-05-20-howard-phase2.6-printers-gpos-account-cleanup.md

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-20 14:04:08 -07:00
Howard Enos
dc29e2ff24 client/cascades: phase2-print-server.ps1 — 8 printers installed on CS-SERVER 
Rewrote with verified IPs and confirmed drivers. All 8 printers created and
shared via GuruRMM 2026-05-20. Deferred: FrontDesk Epson (needs Epson
Universal driver), Health-206 Konica Minolta (needs KM PCL6 Universal driver).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-20 14:04:08 -07:00
Howard Enos
75e3d38de8 client/cascades: n.castro cleanup, share docs, hook path fix 
- active-directory.md: disable n.castro (AD + M365), fix stale Alma.Montt
  pending entry (she is intentionally cloud-only), restructure SMB shares
  section into new Phase 2.5 / legacy / system buckets (verified live via
  GuruRMM Get-SmbShare 2026-05-20)
- settings.json: remove hardcoded D:/claudetools UserPromptSubmit hook
  (machine-specific path belongs in settings.local.json only; Howard's
  machine is C:/claudetools)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-20 14:04:08 -07:00
Howard Enos
468f4287bf client/cascades: session log + AD doc update 2026-05-20 
Phase 2.5 complete. Folder redirection GPO decision documented — deferred
to Phase 3 (blocked on domain joins). Pending items carried forward.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-19 22:32:20 -07:00
Howard Enos
3328a24742 client/cascades: Phase 2.5 AD groups and shares — COMPLETE 
Created SG-Mgmt-RW, SG-Sales-RO, SG-Activities-RW in OU=Groups.
Created SMB shares Management, Sales, Activities, Server on D:\Shares
with ABE enabled and correct NTFS ACLs per group.
Scripts run on CS-SERVER via GuruRMM 2026-05-20. AD doc updated to live state.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-19 22:32:20 -07:00
Howard Enos
2919b3dec6 sync: auto-sync from HOWARD-HOME at 2026-05-16 13:49:46 
Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-05-16 13:49:46
 2026-05-16 13:49:48 -07:00
Howard Enos
56f7a53bf4 docs: Cascades Microsoft BAA resolved — covered by MCA for Business plan subscribers 
Gap #13 in hipaa.md marked resolved. Same update in hipaa-caregiver-controls.md and m365.md.
Confirmed 2026-05-14: no separate HIPAA BAA acceptance exists or is required for M365 Business
plan tenants under the Microsoft Customer Agreement.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-14 18:49:50 -07:00
Howard Enos
d6fc1cf5be session: Cascades phone verification & closeout — Entra Connect staging exited, CA policies re-pointed to AD-synced SG-Caregivers 
- Full tenant verification sweep: all Intune/Entra objects match session logs
- Entra Connect staging mode exited; 17 AD groups synced to cloud
- CA policies (Block-off-network, Sign-in-frequency-8h, Block-non-compliant) patched from SG-Caregivers-Pilot to AD-synced SG-Caregivers
- Registration Campaign exclusion updated to SG-Caregivers
- Deleted test accounts: howard.enos (AD) and pilot.test (M365)
- Documented Christine Nyanzunda collision risk, Ederick Yuzon open item, standing security-group rule
- Session log written

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-14 17:45:30 -07:00
Howard Enos
0a0054c9ca sync: auto-sync from HOWARD-HOME at 2026-05-11 18:06:36 
Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-05-11 18:06:36
 2026-05-11 18:06:39 -07:00
Howard Enos
95ad40bdbe cascades: document Teams rollout + HIPAA test plan 
Lauren Hasselman could not create a Teams group on 2026-05-05.
Diagnostic confirmed the block is at the Teams Admin policy layer
(intentional, gated on HIPAA prerequisites in m365.md issues #12-#14),
not an Entra/M365-Group permissions defect. New teams-rollout.md
captures prerequisites, HIPAA config checklist, canary test plan
(Lauren as primary canary), and exit criteria. Linked from m365.md
issue #14.
 2026-05-05 22:01:28 -07:00
Howard Enos
db086c3bbf sync: auto-sync from HOWARD-HOME at 2026-04-24 18:11:47 
Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-04-24 18:11:47
 2026-04-24 18:11:48 -07:00
Howard Enos
5019db4558 sync: auto-sync from HOWARD-HOME at 2026-04-24 14:31:14 
Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-04-24 14:31:14
 2026-04-24 14:31:17 -07:00
Howard Enos
6e2d99bd23 sync: auto-sync from HOWARD-HOME at 2026-04-23 21:12:42 
Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-04-23 21:12:42
 2026-04-23 21:12:43 -07:00
Howard Enos
6ec260c023 cascades: LE folder redirection end-to-end + share access review doc 
Major work from 2026-04-23:

Folder redirection (OU=Life Enrichment):
- Added 5 folders (Desktop, Pictures, Music, Videos, Favorites) to CSC - Folder
  Redirection (LE) alongside existing Documents + Downloads. All use Flags=1021
  (Basic + create folder per user + move contents + policy-removal: redirect back).
- Created CSC - Always Wait For Network GPO, linked at OU=Workstations. Disables
  FLO via correct Winlogon registry path (HKLM\Software\Policies\Microsoft\
  Windows NT\CurrentVersion\Winlogon\SyncForegroundPolicy=1). First attempt used
  wrong path (Windows\System) which Winlogon ignored.
- Proved GPO FR works for clean-hive users (test user LE.FRTest, now removed).
- Wrote susan-profile-fix.ps1 to repair ProfWiz-poisoned profiles: robocopies
  local content to \CS-SERVER\homes\<user>, loads NTUSER.DAT, rewrites User
  Shell Folders (legacy + modern GUIDs) to UNC, unloads. Applied to Susan Hicks,
  verified via live SMB session + content access.

Share access review doc:
- share-access-matrix-2026-04-23.md drafted for John/Meredith review. One
  short block per employee (department + position + folders they can access).
  All settled decisions from today's calls captured (Sandra Fish = Meredith-
  only, Culinary = kitchen + M/J/A, no chat share, caregivers zero on-prem,
  Veronica = Meredith tier, CasAdmin201 retired, pacs empty).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-23 20:07:59 -07:00
Howard Enos
e5dc77cb96 sync: auto-sync from HOWARD-HOME at 2026-04-23 11:09:16 
Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-04-23 11:09:16
 2026-04-23 11:09:18 -07:00
Howard Enos
7e2e3a5882 sync: auto-sync from HOWARD-HOME at 2026-04-23 06:21:23 
Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-04-23 06:21:23
 2026-04-23 06:21:24 -07:00
Howard Enos
abfb0a18b0 cascades: M365 orphan/stale user cleanup (pre-Entra Connect) 
Deleted 7 former-employee / zombie accounts via Graph user-manager tier.
All verified in soft-delete bin (30-day recovery):

- ann.dery, anna.pitzlin, jeff.bristol, kristiana.dowse, nela.durut-azizi,
  nick.pavloff (all were disabled already)
- jodi.ramstack (was a zombie: enabled in M365 with 1 Business Standard
  license but deleted from AD 2026-04-13. Freed $12.50/mo seat.)

admin@NETORGFT... (Sandra Fish) confirmed already gone from tenant.

Role-based accounts (accounting@, frontdesk@, hr@, etc.) NOT touched —
pending delegation decisions before shared-mailbox conversion. Stephanie.Devin
left alone pending Meredith confirmation.

Report: reports/2026-04-22-m365-orphan-deletes.md
Docs updated: docs/cloud/m365.md

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-22 22:10:49 -07:00
Howard Enos
5c6f7dca5e sync: auto-sync from HOWARD-HOME at 2026-04-22 21:40:31 
Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-04-22 21:40:31
 2026-04-22 21:40:33 -07:00
Howard Enos
1534a2f9a0 sync: auto-sync from HOWARD-HOME at 2026-04-22 19:47:23 
Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-04-22 19:47:23
 2026-04-22 19:47:24 -07:00
Howard Enos
af4ad0aea3 cascades: CS-SERVER preflight verified + Synology discovery complete 
CS-SERVER post-reboot verification: time sync, TLS 1.2 enforcement, and
Windows Server Backup feature all persisted cleanly. dcdiag clean. Ready
for Entra Connect install.

Synology cascadesDS permission inventory captured via DSM API (SSH
disabled by default on Synology). 35 users, 4 groups, 10 shares.
Analysis identifies 7 shared-account role logins (HIPAA violation),
8 departed-employee accounts to clean up, and 4 shares needing
Meredith-side confirmation before migration (pacs most sensitive).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-22 18:59:38 -07:00
Howard Enos
6bd416657c sync: auto-sync from HOWARD-HOME at 2026-04-22 17:39:56 
Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-04-22 17:39:56
 2026-04-22 17:39:57 -07:00
Howard Enos
90d4f386aa sync: auto-sync from HOWARD-HOME at 2026-04-22 16:38:05 
Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-04-22 16:38:05
 2026-04-22 16:38:06 -07:00
Howard Enos
7bffbfbb89 sync: auto-sync from HOWARD-HOME at 2026-04-22 16:24:58 
Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-04-22 16:24:58
 2026-04-22 16:24:58 -07:00
Howard Enos
e0a120b74e sync: auto-sync from HOWARD-HOME at 2026-04-22 15:36:21 
Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-04-22 15:36:21
 2026-04-22 15:36:22 -07:00
Howard Enos
c077d58372 cascades: ingest staff CSV + AD/M365 user rollout plan 
Meredith/John returned the staff-editor questionnaire (70 people, 11
departments). CSV ingested to reports/; p2-staff-candidates.md updated
with real persona breakdown. Wrote full AD/M365 user rollout plan (8
personas, license mapping, OU/group layout, CA policies, 4-wave
sequence, 8 open decisions). Drafted follow-up email for remaining open
items — Howard will edit and send.

Britney Thompson and Polett Pinazavala confirmed still employed (were
absent from the CSV return). Christine Nyanzunda confirmed as one
person with two roles. Usernames locked for new accounts:
Alma.Montt, Kyla.QuickTiffany.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-22 15:09:39 -07:00
Howard Enos
223dc861c2 docs(cascades): track Teams HIPAA rollout as new gap 
Added Teams deployment + HIPAA-appropriate configuration as a tracked
gap (hipaa.md #27) and M365 issue (m365.md #14). Cites transmission
security + BAA requirements and outlines controls needed (retention,
DLP, external sharing lockdown, guest access, meeting consent).
Dependency on Microsoft BAA flagged.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-22 14:16:02 -07:00
Howard Enos
c4fdb5a233 sync: auto-sync from ACG-TECH03L at 2026-04-19 12:50:13 
Author: Howard Enos
Machine: ACG-TECH03L
Timestamp: 2026-04-19 12:50:13
 2026-04-19 12:50:24 -07:00
Howard Enos
d2e375df8a sync: auto-sync from ACG-TECH03L at 2026-04-18 10:17:42 
Author: Howard Enos
Machine: ACG-TECH03L
Timestamp: 2026-04-18 10:17:42
 2026-04-18 10:17:45 -07:00
Howard Enos
8d975c1b44 import: ingested 160 files from C:\Users\howar\Clients 
Howard's personal MSP client documentation folder imported into shared
ClaudeTools repo via /import command. Scope:

Clients (structured MSP docs under clients/<name>/docs/):
- anaise       (NEW)  - 13 files
- cascades-tucson     - 47 files merged (existing had only reports/)
- dataforth           - 18 files merged (alongside incident reports)
- instrumental-music-center - 14 files merged
- khalsa       (NEW)  - 22 files, multi-site (camden, river)
- kittle       (NEW)  - 16 files incl. fix-pdf-preview, gpo-intranet-zone
- lens-auto-brokerage (NEW) - 3 files (name matches SOPS vault)
- _client_template    - 13-file scaffold for new clients

MSP tooling (projects/msp-tools/):
- msp-audit-scripts/ - server_audit.ps1, workstation_audit.ps1, README
- utilities/         - clean_printer_ports, win11_upgrade,
                       screenconnect-toolbox-commands

Credential handling:
- Extracted 1 inline password (Anaise DESKTOP-O8GF4SD / david)
  to SOPS vault: clients/anaise/desktop-o8gf4sd.sops.yaml
- Redacted overview.md with vault reference pattern
- Scanned all 160 files for keys/tokens/connection strings -
  no other credentials found

Skipped:
- Cascades/.claude/settings.local.json (per-machine config)
- Source-root CLAUDE.md (personal, claudetools has its own)
- scripts/server_audit.ps1 and workstation_audit.ps1 at source root
  (identical duplicates of msp-audit-scripts versions)

Memory updates:
- reference_client_docs_structure.md (layout, conventions, active list)
- reference_msp_audit_scripts.md (locations, ScreenConnect 80-char rule)

Session log: session-logs/2026-04-16-howard-client-docs-import.md

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-16 19:43:58 -07:00