azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0a264ee3fabfdfded7e2bb64dc86ece16c31d99e
claudetools/clients/cascades-tucson/docs/migration/phase5-hardening.md
Howard Enos 8d975c1b44 import: ingested 160 files from C:\Users\howar\Clients 
Howard's personal MSP client documentation folder imported into shared
ClaudeTools repo via /import command. Scope:

Clients (structured MSP docs under clients/<name>/docs/):
- anaise       (NEW)  - 13 files
- cascades-tucson     - 47 files merged (existing had only reports/)
- dataforth           - 18 files merged (alongside incident reports)
- instrumental-music-center - 14 files merged
- khalsa       (NEW)  - 22 files, multi-site (camden, river)
- kittle       (NEW)  - 16 files incl. fix-pdf-preview, gpo-intranet-zone
- lens-auto-brokerage (NEW) - 3 files (name matches SOPS vault)
- _client_template    - 13-file scaffold for new clients

MSP tooling (projects/msp-tools/):
- msp-audit-scripts/ - server_audit.ps1, workstation_audit.ps1, README
- utilities/         - clean_printer_ports, win11_upgrade,
                       screenconnect-toolbox-commands

Credential handling:
- Extracted 1 inline password (Anaise DESKTOP-O8GF4SD / david)
  to SOPS vault: clients/anaise/desktop-o8gf4sd.sops.yaml
- Redacted overview.md with vault reference pattern
- Scanned all 160 files for keys/tokens/connection strings -
  no other credentials found

Skipped:
- Cascades/.claude/settings.local.json (per-machine config)
- Source-root CLAUDE.md (personal, claudetools has its own)
- scripts/server_audit.ps1 and workstation_audit.ps1 at source root
  (identical duplicates of msp-audit-scripts versions)

Memory updates:
- reference_client_docs_structure.md (layout, conventions, active list)
- reference_msp_audit_scripts.md (locations, ScreenConnect 80-char rule)

Session log: session-logs/2026-04-16-howard-client-docs-import.md

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-16 19:43:58 -07:00

3.6 KiB
Raw Blame History

Step 8: Hardening & Cleanup (~3-4 hours, remote)

8.1 — Deploy endpoint security

Via SyncroRMM, deploy to all endpoints:

  • SentinelOne — EDR agent
  • Huntress — threat detection

Then uninstall Datto EDR from all machines.

Verify on each machine:

Get-Service SentinelAgent, HuntressAgent -ErrorAction SilentlyContinue | Select-Object Name, Status

8.2 — Delete Synology Sync VM

On CS-SERVER:

  1. Open Hyper-V Manager
  2. Shut down the Synology Sync VM (if running)
  3. Delete the VM and its virtual hard disks
  4. Reclaim disk space
# Check for VMs
Get-VM | Select-Object Name, State, Path
# Stop and remove (adjust name as needed)
# Stop-VM -Name "SynologySync" -Force
# Remove-VM -Name "SynologySync" -Force
# Then manually delete the VHD files from the VM path

8.3 — Address shared accounts

Replace these shared/generic AD accounts with individual user accounts:

  • Culinary → JD.Martin, Ramon.Castaneda, Alyssa.Brooks already in SG-Culinary-RW
  • Receptionist → Cathy.Kingston, Shontiel.Nunn, Ray.Rai, Sebastian.Leon, Michelle.Shestko already in SG-Receptionist-RW
  • saleshare → Megan.Hiatt, Crystal.Rodriguez, Tamra.Matthews already in SG-Sales-RW
  • directoryshare → Cathy.Kingston, Shontiel.Nunn, Christina.DuPras already in SG-Directory-RW

Steps:

  1. Verify individual users can access their shares via security group membership
  2. Have users log in with their own accounts, confirm access works
  3. Disable shared accounts (don't delete immediately)
  4. Delete shared accounts after 30 days

Clean up old shares/folders

  • D:\Roaming — old roaming profiles attempt, never completed. Remove SMB share and delete folder.
  • D:\Shares\SaleShare — old/duplicate sales folder. Verify no unique data, then remove SMB share.
# Remove old Roaming share
Remove-SmbShare -Name "Roaming" -Force
# Remove old SaleShare (verify empty/duplicate first)
# Remove-SmbShare -Name "SaleShare" -Force

8.4 — RDS decision

Check if anyone uses Remote Desktop Services:

# Check active RDS sessions
quser /server:CS-SERVER

# Check RDS configuration
Get-RDServer -ErrorAction SilentlyContinue
Get-RDSessionCollection -ErrorAction SilentlyContinue

If RDS is used: Purchase proper CALs (grace period expired ~17 months ago). If RDS is not used: Remove the RDS role:

Remove-WindowsFeature -Name RDS-RD-Server -Restart

8.5 — Update documentation

Update Cascades knowledge base at C:\Users\howar\Clients\Cascades\:

  • network/firewall.md — new rules, Guest VLAN, aliases
  • network/vlans.md — add VLAN 50 (Guest)
  • network/dns.md — cleaned records, scavenging, reverse zones
  • network/wifi.md — Guest SSID on VLAN 50
  • network/dhcp.md — reservations
  • servers/active-directory.md — new OUs, security groups, GPOs, all PCs joined
  • servers/cs-server.md — print server role, GPOs
  • security/backup.md — Synology ABB + offsite
  • security/antivirus.md — SentinelOne + Huntress deployed
  • printers.md — centralized print server, share names
  • issues/log.md — close resolved issues

8.6 — Re-ingest knowledge base

cd C:\Users\howar\Clients\MSP-AI
msp-ingest.bat Cascades --clear

8.7 — Close resolved issues

Update issues/log.md to mark these as resolved:

  • Floating rule #4
  • Guest WiFi on server LAN
  • No GPOs
  • 4 PCs not domain-joined
  • No backup
  • Shared accounts
  • Stale DNS records
  • Room 218 DHCP
  • Timezone mismatch
  • RDS licensing
  • Room 130 dead rule
  • VLAN 10 mismatch
  • Stale disabled AD accounts
  • Synology Sync VM
Reference in New Issue View Git Blame Copy Permalink