azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2491660b880c73aef26c7d4f886db8a2b74b3fe4
claudetools/wiki/clients/grabb-durando.md
Mike Swanson 32f64a9561 wiki: seed 9 client articles (internal-infra, peaceful-spirit, cryoweave, glaztech, pavon, grabb-durando, stamback-septic, sombra-residential, birth-biologic) 
Notable findings per article:
- internal-infrastructure: Neptune cert expires 2026-05-31, DkimSigner
  disabled (unsigned outbound mail), Cloudflare tunnel on Jupiter
- peaceful-spirit: L2TP/IPsec RRAS VPN; billing/Syncro ID undocumented
- cryoweave: website redesign pending client assets
- glaztech: phishing bypassed MailProtector via secondary MX (fixed);
  no MFA enforcement yet; do not enable Security Defaults yet
- pavon: OwnCloud cron stacking fixed; Nextcloud migration deferred
- grabb-durando: plaintext DB password in README needs vaulting; AI
  demand review app scoped
- stamback-septic: WS2012 EOL server on network
- sombra-residential: Server2013 is actually WS2012 EOL unpatched
- birth-biologic: Datto→SharePoint migration unconfirmed complete

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-24 19:38:50 -07:00

118 lines
8.0 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
type: client
name: grabb-durando
display_name: Grabb & Durando, P.C.
last_compiled: 2026-05-24
compiled_by: DESKTOP-0O8A1RL/claude-main
sources:
- clients/grabb-durando/session-logs/2026-05-04-leap-m365-calendar-fix.md
- clients/grabb-durando/reports/2026-05-04-leap-calendar-permission-investigation.md
- clients/grabb-durando/ai-demand-review/CONTEXT.md
- clients/grabb-durando/PROJECT_STATE.md
- clients/grabb-durando/website-migration/README.md
- clients/grabb-durando/gururmm-diag-GND-SERVER-20260512-155234.txt
backlinks:
- projects/gururmm
---
# Grabb & Durando, P.C.
## Profile
- **Company type:** Plaintiff personal injury law firm (Arizona)
- **Contract type:** Managed (MSP) — includes M365 tenant management
- **Key contacts:**
- Robert Grabb — rgrabb@grabblaw.com (principal — AI demand review project)
- Svetlana Larionova — slarionova@grabblaw.com (end user; Leap calendar support 2026-05-04)
- sysadmin@grabblaw.com — shared admin account (M365 GA operations)
- guru@grabblaw.com — ACG-managed Global Admin account [unverified — referenced in remediation report]
- **Billing rate:** [unverified — not documented in available files]
- **Active ticket:** [unverified — no current open Syncro ticket found in sources]
- **Syncro customer ID:** [unverified — not present in available session logs]
## Infrastructure
### Servers & Services
| Host | IP | Role | OS | Notes |
|---|---|---|---|---|
| GND-SERVER | [unverified] | On-premise server | Windows Server 2019 Standard, AMD64 | GuruRMM agent installed 2026-05-12 via site-specific MSI |
| GoDaddy VPS | 208.109.235.224 | Custom PHP web app (data.grabbanddurando.com) | CloudLinux 9.6, cPanel v126 | 99% disk full as of website migration plan — status post-migration unknown [unverified] |
| ix.azcomputerguru.com (IX) | 72.194.62.5 | ACG shared hosting — migration target | CloudLinux 9.7, cPanel | Migration planned but no session log confirms completion [unverified] |
| WebSvr (ACG) | 162.248.93.81 | Main domain (grabbanddurando.com) DNS/hosting | ACG managed | Nameserver authority for grabbanddurando.com zone |
### Email & Identity
- **M365 tenant:** grabblaw.com (tenant ID `032b383e-96e4-491b-880d-3fd3295672c3`)
- **Licenses:** O365 Business Premium (confirmed on multiple users)
- **MFA status:** [unverified]
- **User-consent policy:** `microsoft-user-default-recommended` + `microsoft-user-default-allow-consent-apps` — high-risk delegated scopes (Mail.ReadWrite, Files.ReadWrite.All) require admin approval
- **Leap (legal case management):** Two service principals registered in tenant:
- LEAP daemon/service app — `5602fc50-4c30-4faa-a595-e5a0f15d2cce` (app-only, tenant-wide consent already granted)
- LEAP user-facing/delegated app — `a7d19842-33e2-457b-a399-d4e6ec010f0a` (per-user or tenant-wide consent; tenant-wide granted 2026-05-04)
- **Inky/GuruProtect:** Installed (confirmed in email headers)
- **GuruRMM Security Investigator app:** Consented in tenant (used for read-only Graph investigation 2026-05-04)
### Network
- **ISP / WAN:** [unverified]
- **Firewall:** [unverified]
- **VPN:** [unverified]
### Web Applications
- **Primary site:** grabbanddurando.com — hosted on WebSvr (ACG)
- **Data app:** data.grabbanddurando.com — custom PHP 7.4 app using mysqli; GoDaddy cPanel account `grabbandurando`, document root `/home/grabbanddurando/public_html/new_gdapp/`, database `grabblaw_gdapp` (31 MB)
- **Case management:** Leap — integrated with M365 calendar/mail via delegated OAuth
## GuruRMM
- **Site name:** Main Office
- **Client code:** [unverified — not documented in available files; MSI was site-specific]
- **Site ID:** `d526d700-7210-48b1-94a9-40c87a29dc25` (from agent registry, this is the SiteId value baked into the MSI)
### Enrolled Agents
| Agent | Host | OS | Version at install | Agent key (partial) | Notes |
|---|---|---|---|---|---|
| GND-SERVER | GND-SERVER | Windows Server 2019 | 0.6.2 (2026-05-12) | `agk_NEzx7sRA9Jd...` | Installed via MSI `gururmm-agent-grabb-main-office.msi`; running as LocalSystem; [WARNING] binary path issue noted at install time — path in registry did not match actual binary location |
- **GuruRMM agent ID:** [unverified — agent ID not captured in available files; use dashboard to confirm]
- **Agent log:** `C:\ProgramData\GuruRMM\agent.log.2026-05-12` (0 bytes at install time)
- **Network connectivity check (2026-05-12):** External HTTPS to rmm.azcomputerguru.com [OK]; internal API (172.16.3.30:3001) [FAIL — timeout, expected for external client]
## Access
- **M365 admin:** Entra portal via sysadmin@grabblaw.com or guru@grabblaw.com
- **GoDaddy VPS (source):** `ssh -i ~/.ssh/id_ed25519 root@208.109.235.224`
- **IX server (hosting target):** `ssh root@ix.azcomputerguru.com`
- **WebSvr (DNS):** `ssh root@websvr.acghosting.com`
- **Vault path:** `clients/grabb-durando/` [unverified — no confirmed SOPS entries found in session logs; check vault before assuming paths]
- **Database credentials (GoDaddy):** [WARNING] Database password `e8o8glFDZD` appears in plaintext in `clients/grabb-durando/website-migration/README.md` — migrate to vault before any future work on this project
## Patterns & Known Issues
- **Leap OAuth consent pattern:** New hires at Grabb & Durando will NOT automatically have Leap M365 calendar sync enabled. As of 2026-05-04 tenant-wide consent was granted on the LEAP delegated app — new users should now get through the consent flow without admin intervention. Verify this holds for next new hire.
- **Leap identity binding trap:** If an admin signs in to Leap on a user's machine to grant consent, Leap stores the admin's identity token instead of the user's. Symptom: Leap syncs the wrong mailbox and throws "unable to subscribe to notifications." Fix: revoke admin OAuth grant, clear `%LOCALAPPDATA%\Microsoft Corporation\` Leap cache, re-sign in as the correct user.
- **SYSTEM context in GuruRMM commands:** Agent runs as LocalSystem. HKCU probes from GuruRMM commands read the SYSTEM hive, not a logged-in user's. Use `HKU:\<SID>` path for per-user registry work.
- **Website migration (data.grabbanddurando.com):** PHP 7.4 app, 1.8 GB files + 31 MB database. Migration target is IX (ix.azcomputerguru.com). Migration plan is detailed; no session log confirms completion — assume NOT migrated until verified.
## Active Work
- **AI Demand Review System** (scoping/pre-quote as of 2026-05-12): Robert Grabb wants a custom Claude API web application for AI-assisted pre-suit demand package preparation. 11-category document upload UI, structured Claude output (case snapshot, liability, medical chronology, demand letter, etc.), DOCX/PDF export, per-case audit log. Estimated 3248 hrs, $4,000$6,960 flat fee range. Discovery call questions outstanding (user count, Leap API, file server structure). See `clients/grabb-durando/ai-demand-review/CONTEXT.md` for full spec.
- **Website migration** (data.grabbanddurando.com → IX): Status unknown. GoDaddy VPS was 99% full as of project planning. No completion session log found. [WARNING] Verify migration status before any GoDaddy VPS work or billing.
## History Highlights
| Date | Event |
|---|---|
| Pre-2026 | Established MSP client; M365 tenant (grabblaw.com) under ACG management; Leap deployed firm-wide |
| 2025-12-15 | Website migration session logs referenced (in old claude-projects path) — data.grabbanddurando.com migration likely attempted [unverified from available files] |
| 2026-04-20 | PROJECT_STATE.md created noting website migration stalled, no session logs recorded at that time |
| 2026-05-04 | Howard: Leap M365 calendar sync for Svetlana Larionova — OAuth consent investigation + tenant-wide LEAP consent granted by Mike; Leap identity token cleanup; Teams external-share limitation explained; second monitor added |
| 2026-05-12 | GuruRMM agent installed on GND-SERVER via site-specific MSI (v0.6.2). Diagnostic run confirms agent service running. AI demand review project kicked off — Phase Two Package delivered by Robert Grabb, ACG scoping review begun. |
## Backlinks
- [[projects/gururmm]] — GND-SERVER enrolled (site: Main Office)
Reference in New Issue View Git Blame Copy Permalink