# Shared Work Items Tag yourself to claim. Check off when done. Add new items at the bottom of the relevant section. **Syntax:** `- [ ] Description — @mike/@howard/@unassigned | added YYYY-MM-DD` --- ## Active - [ ] Deploy session manager to SAGE-SQL (IIS app, Windows Auth) — files ready at `clients/dataforth/session-manager/` — @mike | added 2026-04-17 - [x] Cascades Synology (cascadesds) — get admin creds, add to vault — @howard | done 2026-04-17 (vault: `clients/cascades-tucson/synology-cascadesds.sops.yaml`) - [ ] Cascades — second Life Enrichment machine: end-to-end folder redirection test (tomorrow). See `clients/cascades-tucson/session-logs/2026-04-17-howard-cascades-onboarding-and-folder-redirection.md` — @howard | added 2026-04-17 - [ ] Cascades GPO — add Desktop/Pictures/Music/Videos/Favorites once 2nd machine validates the pattern, and retire the DLTAGOI Desktop reg hack — @howard | added 2026-04-17 - [ ] Cascades — build matching folder-redirection GPOs for every other department (Nursing, Admin, Maintenance, etc.) once Life Enrichment is proven — @howard | added 2026-04-17 - [ ] Cascades — design OneDrive-to-server migration plan (machines with Documents/Desktop already in OneDrive KFM need data-migration + unlink BEFORE the GPO applies) — @unassigned | added 2026-04-17 - [ ] Cascades HIPAA hardening — `Set-SmbShare -Name homes -EncryptData $true`, enable file-access auditing on D:\Homes, verify BitLocker on CS-SERVER D: — @unassigned | added 2026-04-17 - [ ] GuruRMM bug — agent command executor can wedge after a user-context PS command hangs; doesn't recover on reboot. File + fix. — @mike | added 2026-04-17 - [ ] Howard Gitea account — create via web UI at git.azcomputerguru.com — @mike | added 2026-04-16 - [ ] desertrat.com — add DMARC p=reject + harden SPF on Route 53 (need AWS access) — @unassigned | added 2026-04-17 - [ ] desertrat.com — long-term migration from WebSvr to IX + MailProtector — @unassigned | added 2026-04-17 - [ ] MVAN other domains — only mvaninc.com has DMARC; client has other domains needing protection — @unassigned | added 2026-04-17 - [ ] Glaztech Syncro ticket #32165 — timer entry billed wrong (should be comment+time); fix in Syncro GUI — @mike | added 2026-04-17 - [ ] jparkinsonaz.com certbot — retry autodiscover cert once A record TTL expires — @unassigned | added 2026-04-17 - [ ] Neptune jparkinson password — set to jP$48504850, verify mail working — @unassigned | added 2026-04-17 - [ ] Len's Auto Brokerage — deploy GuruRMM v0.6.1 to 10 Windows endpoints — @mike | added 2026-04-16 - [ ] GuruRMM server migration 5 — sqlx checksum drift blocks new server build — @mike | added 2026-04-16 - [ ] Jupiter Windows VM — Server 2022 build worker for MSI CI — @unassigned | added 2026-04-16 - [ ] Cloudflare SXG — disable via dashboard (API tokens lack scope), auto-removes June 23 — @unassigned | added 2026-04-17 - [ ] GrepAI index — run `grepai watch` to build semantic search index — @unassigned | added 2026-04-16 - [ ] Change LAN subnet for ACG-DC16/NEPTUNE on Dataforth network — current 172.16.x.x collides with ACG network (172.16.x.x/22) — @unassigned | added 2026-04-18 - [ ] Remediation-tool vault gap — 5 tiered Entra apps (investigator, exchange-operator, user-manager, tenant-admin, defender-addon) are referenced by the `remediation-tool` skill but none of the SOPS files exist at `D:/vault/msp-tools/computerguru-*.sops.yaml`. Currently falling back to legacy `claude-msp-access-graph-api` app (broad Graph RW scope). Need Mike to: (1) confirm whether the 5 apps are already registered in Entra — if yes, hand over client IDs + secrets for the vault; (2) if not registered, decide: create the tiered apps or stay on legacy app. Impact: least-privilege model not enforced, bigger blast radius on the one shared secret, and Defender-tier checks unavailable until the MDE add-on app exists. Today's Cascades license audit succeeded on the fallback path — no action required from Howard yet. — @mike | added 2026-04-21 ## Completed _Move items here when done. Keep for 30 days then delete._ --- ## How to use - **Claim:** change `@unassigned` to your name - **Add:** append to Active section with today's date - **Complete:** move to Completed with date: `- [x] Description — @mike | done 2026-04-18` - **Claude:** say "show work items" or "add work item: ..." and Claude reads/updates this file - **Sync:** items sync via `/sync` like everything else