---
type: client
name: wolkin
display_name: Wolkin Law
last_compiled: 2026-06-11
compiled_by: GURU-5070/claude-main
aliases: [wolkin-law, rswolkin, robert-wolkin, "Wolkin, Robert"]
sources:
  - clients/wolkin/session-logs/2026-06-05-julie-guda-provisioning.md
  - clients/wolkin/session-logs/2026-06-06-mike-gemini-install-rmm-diagnostic-tailscale-planning.md
  - clients/wolkin/session-logs/2026-06-07-mike-zerotier-setup.md
  - clients/wolkin/session-logs/2026-06-07-mike-wolkin-remote-access-printer.md
  - clients/wolkin/session-logs/2026-06-07-mike-wolkin-clientfiles-printshare.md
  - clients/wolkin/session-logs/2026-06-08-mike-wolkin-clientfiles-consolidation.md
  - clients/wolkin/onboarding-baselines/FRONT-20260606T133142.md
backlinks: []
---

# Wolkin Law

> **CANONICAL ARTICLE.** This one client was previously fragmented across four slugs —
> `wolkin`, `wolkin-law`, `rswolkin`, `robert-wolkin` (RMM client name: `Wolkin, Robert`;
> M365 tenant `rswolkin.com`). Consolidated here 2026-06-11; the other client dirs and wiki
> articles are now pointer stubs. Always use slug **`wolkin`**.

## Profile
- **Contract type:** (verify — check Syncro)
- **Key contacts:**
  - Robert (Bob) Wolkin - Owner/Attorney - robert@rswolkin.com
  - Julie - Employee/Assistant (remote worker) - julie@rswolkin.com
- **Billing rate:** (verify — check Syncro)
- **Hours remaining (if prepaid):** (verify — check Syncro)
- **Active ticket:** Syncro #32369 - Remote Work Access Setup (https://computerguru.syncromsp.com/tickets/112000321)

## Infrastructure

### Servers & Services

| System | Role | ZeroTier IP | LAN IP | GuruRMM Status | Notes |
|--------|------|-------------|--------|----------------|-------|
| FRONT | Office PC / print + file server | 10.147.19.199 | 192.168.1.153 | Enrolled | Hosts SMB shares (canonical `C:\Shared Data\CLIENT FILES`), Sharp printer; VSS shadow copies on C: |
| RSW-Laptop | Julie's remote laptop | 10.147.19.54 | N/A | Enrolled | Windows remote worker |
| DESKTOP-V1JT1SE | Bob's personal desktop | (not recorded) | (not recorded) | Enrolled | Owner's workstation |

**Total Assets:** (verify — check Syncro)

### GuruRMM

- **Client name:** `Wolkin, Robert` · **Site:** `Main` · **Site ID:** `2bb05f85-9fc8-4a7e-a5e5-ffe0c46431ac`
- **Enrolled agents** (Windows 11 Home; resolve live — UUIDs change on re-enroll):

| Hostname | Agent ID | Scope |
|---|---|---|
| **front** (office PC / print + file server) | `877d311a-4b24-462c-97b1-d2a0f7730a71` | in scope |
| **RSW-Laptop** (Julie's remote laptop) | `043fd673-35a2-4d3d-8f91-ed73ce70cc1e` | in scope |
| DESKTOP-V1JT1SE (Bob's personal desktop) | `30f6af79-ab19-4ed3-9ebc-71b2bffc2d27` | **out of scope** (personal) |

> [WARNING] The retired `wolkin-law.md` article listed FRONT's agent id as
> `04765560-3e8a-46e5-a507-c5f5f4ead6eb` — that is **Rednour's FrontDeskReception**, a
> cross-client error. FRONT (Wolkin) is `877d311a-…`.

### Email & Identity
- **M365 Tenant:** rswolkin.com (tenant ID `ceb6dbe7-82c8-4d8f-9c6b-49aa26208e9b` — from prior article, verify)
- **Licensed Users:**
  - robert@rswolkin.com (primary)
  - julie@rswolkin.com (assistant - has FullAccess delegation to robert@'s mailbox)
- **Mailbox Delegation:** Julie has FullAccess permissions to Robert's mailbox (configured 2026-06-07)

### Network
- **Office LAN:** 192.168.1.0/24 (corrected 2026-06-07 — the earlier 172.17.110.x was wrong; the 172.17.110.110 "RICOH" port was an orphan with no device)
- **ZeroTier VPN Network:** 17d709436c834c9b (mesh topology, connects remote workers to office)
- **Printer:** Sharp MX-B557F (driver "Sharp Universal v2 XL") at 192.168.1.158, raw TCP 9100. Shared as `\\front\Sharp`. (FRONT was moved from a flaky WSD port to a Standard TCP/IP 9100 port.)

**SMB Shares on FRONT (LAN `\\front\` or ZeroTier `\\10.147.19.199\`):**
- `\\front\ClientFiles` → `C:\Shared Data\CLIENT FILES` (canonical 413-matter repo; corrected 2026-06-08, share ACL Authenticated Users, `front\julie` NTFS Modify)
- `\\front\Forms` → `C:\Users\Owner\OneDrive\Desktop\Forms`
- `\\front\Pleadings` → `C:\Users\Owner\OneDrive\Desktop\Pleading Forms and Filing`
- `\\front\Scans` → `C:\Scans`
- `\\front\Sharp` → Sharp MX-B557F print share

## Access
- **FRONT\julie** (local Windows acct on both FRONT and RSW-Laptop; used for laptop→FRONT SMB/print auth): vault **`clients/wolkin/front-julie.sops.yaml`** (vaulted 2026-06-11).
- **M365 users** (robert@ / julie@ rswolkin.com): vault **`clients/wolkin/m365-users.sops.yaml`** (vaulted 2026-06-11; previously plaintext in the retired wolkin-law.md).
- **RDP/SSH:** None configured. **ScreenConnect:** used for hands-on (the GuruRMM agent cannot set local passwords — see Patterns).
- **VPN:** ZeroTier mesh `17d709436c834c9b` (10.147.19.0/24) — front 10.147.19.199, RSW-Laptop 10.147.19.54. `front` resolves via a hosts entry on the laptop (`10.147.19.199 FRONT`).
- **Vault path:** `clients/wolkin/`

## Patterns & Known Issues
- **macOS Syncro JSON parsing:** Syncro customer lookup from Mac failed due to JSON parsing issues (2026-06-07). Use Windows PC for Syncro API operations or manual web portal lookups.
- **ZeroTier print RPC needs Private profile:** File-and-Printer-Sharing inbound rules (incl. Print Spooler RPC) apply to the Private profile only. The ZeroTier interface was Public on both FRONT and RSW-Laptop, which blocked print/RPC over ZT while file SMB still worked. Fix: set the ZT interface Private on both ends. (Confirmed still Private both ends 2026-06-11.)
- **[MEASUREMENT ARTIFACT — not a real fault] SMB/printer tests via the GuruRMM agent give FALSE error 67 / RPC 1702; the real interactive session works.** The printer to `\\front\Sharp` **works** for Julie when she is logged in (confirmed 2026-06-11 by remoting in). But every SMB test run through the **GuruRMM agent's `user_session` context fails** — `net use \\FRONT\IPC$` (and by IP) → System error 67, `net view` → RPC 1702, `Add-Printer -ConnectionName` → 67 — **even with valid `FRONT\julie` creds.** Cause: still unresolved, but NOT a naive impersonation defect — the agent runs these AS the user correctly (`WTSQueryUserToken`→`DuplicateTokenEx(TokenPrimary)`→`CreateProcessAsUserW`; `whoami` returns `rsw-laptop\julie`), and error 67 persists even with explicit creds (so not an SSO/credential gap). Suspect UAC split-token (`EnableLinkedConnections`) or missing window-station/profile in the spawned context. Tracked in GuruRMM RMM_THOUGHTS. Regardless of cause, RMM is NOT measuring what Julie's real logon sees. The underlying plumbing is genuinely fine (ZeroTier up, 445/139 open, MTU 2800 full DF, FRONT shared + Private + SMB-In, bindings present) — which is why it prints interactively. **Rule: do NOT use RMM `net use`/`net view`/`Add-Printer` to judge SMB/printer health to a remote host — its 67/1702 means "can't tell," not "broken." Verify via the real session (ScreenConnect).** The 2026-06-07 "wall" was this same artifact (Mike's "manual fix" worked only because it was interactive). See [[../../.claude/memory/feedback_rmm_user_session_smb_false_negative]]. Unrelated tip: `Get-NetAdapterBinding -Name "ZeroTier One [..]"` returns empty because `[ ]` are PowerShell wildcards — use `-InterfaceDescription "ZeroTier Virtual Port"`.
- **Canonical data is local, not OneDrive:** the firm's repository is `C:\Shared Data\CLIENT FILES` on FRONT (local). OneDrive copies under `OneDrive\Documents` / `OneDrive\Shared Data` were stale predecessors from a defunct Resilio/ownCloud sync setup — consolidated and removed 2026-06-08. Win11 Home does not surface the Explorer "Previous Versions" tab; VSS restores are admin-side (mount the shadow volume).

## Active Work
- **Ticket #32369** (2026-06-07): Remote work setup for Julie
  - [x] ZeroTier VPN mesh configured (3 machines enrolled)
  - [x] SMB file shares mapped and tested
  - [x] M365 mailbox delegation (Julie → Robert FullAccess)
  - [x] Printer access via ZeroTier (Sharp `\\front\Sharp` over ZT; ZT set Private both ends; FRONT moved to TCP/IP 9100)
  - [x] ClientFiles share repointed to canonical `C:\Shared Data\CLIENT FILES` + data consolidated + VSS enabled (2026-06-08)
- **Open follow-ups:**
  - [x] **RSW-Laptop printer — WORKING (2026-06-11).** Julie's "no printers" report did not reproduce in her real session; Mike remoted in and `\\front\Sharp` prints fine. The RMM-side error 67 was a measurement artifact (see Patterns), not a real fault. Original report was likely transient (pre-reboot / momentary ZT hiccup).
  - [ ] **Rotate `front\julie`** — its password transited the RMM command log during diagnosis; rotate + re-vault `clients/wolkin/front-julie.sops.yaml`.
  - [x] **Migrate `front\julie` + M365 creds to vault** — DONE 2026-06-11 (`clients/wolkin/front-julie.sops.yaml`, `clients/wolkin/m365-users.sops.yaml`).
  - [x] **Consolidate the four Wolkin slugs** — DONE 2026-06-11 (canonical `wolkin`; wolkin-law/rswolkin/robert-wolkin stubbed).
  - [ ] Bob to file the 67 loose docs in `CLIENT FILES\Closed Files\_From OneDrive Documents`.

## History Highlights
- **2026-06-11:** Printer re-reported down (Julie "no printers"). Full re-diagnosis via RMM: confirmed the error-67 SMB wall (see Patterns) — plumbing all clean, needs interactive fix. **Data-hygiene remediation:** consolidated the four fragmented client slugs into canonical `wolkin`; moved all scattered logs/baselines into `clients/wolkin/`; vaulted `front\julie` + the M365 user passwords (which had been sitting plaintext in the wiki / only in session logs); corrected the cross-client FRONT agent-id error; captured the error-67 gotcha as a memory.
- **2026-06-08:** ClientFiles corrected to the real local repo + full consolidation + VSS
  - Repointed `\\front\ClientFiles` to canonical `C:\Shared Data\CLIENT FILES` (413 matters); tightened share ACL; `front\julie` NTFS Modify
  - Added Client Files desktop icons on FRONT (local) and Bob's DESKTOP-V1JT1SE (UNC)
  - Enabled VSS shadow copies on C: (90 GB, baseline + 07:00/12:00 schedule)
  - Consolidated stale OneDrive copies into canonical (deleted superseded copy; merged 687 unique + 13 closed matters; quarantined 67 loose files to `Closed Files\_From OneDrive Documents`); killed defunct Resilio/ownCloud sync cruft
- **2026-06-07:** Client Files share + Sharp print share over ZeroTier
  - Corrected the print path (Sharp MX-B557F @ 192.168.1.158:9100); set ZeroTier Private both ends; office LAN corrected to 192.168.1.0/24
- **2026-06-07:** Initial remote work infrastructure setup
  - Deployed GuruRMM agents to 3 machines (FRONT, RSW-Laptop, DESKTOP-V1JT1SE)
  - Configured ZeroTier mesh VPN (network 17d709436c834c9b)
  - Set up M365 mailbox delegation (Julie → Robert)
  - Created local FRONT\julie account for SMB access

## Backlinks
*(None yet - will populate as other articles reference Wolkin Law)*