azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2491660b880c73aef26c7d4f886db8a2b74b3fe4
claudetools/wiki/clients/khalsa.md
Mike Swanson f4fb131529 wiki: seed remaining clients and projects (batch 3) 
Adds 11 client articles and 5 project articles:

Clients: kittle, khalsa, anaise, azcomputerguru.com, bg-builders,
evs, furrier, horseshoe-management, kittle-design, scileppi-law,
western-tire

Projects: discord-bot, radio-show, msp-pricing, wrightstown-smarthome,
wrightstown-solar

Updates wiki/index.md with all new entries, cross-references, and
removes seeded client:birthbiologic from compilation queue.

Critical findings surfaced:
- Kittle: WS2025 EVAL license, no backups, 3 plaintext creds in Syncro
- Western Tire: SSL cert *.westerntire.com expires 2026-05-30
- Kittle Design: active compromise (Ken inbox rule unresolved)
- Horseshoe Mgmt: plaintext creds for 5+ users in Syncro notes

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-24 19:59:40 -07:00

175 lines
6.6 KiB
Markdown
Raw Blame History

---
type: client
name: khalsa
display_name: Khalsa
last_compiled: 2026-05-24
compiled_by: DESKTOP-0O8A1RL/claude-main
sources:
- clients/khalsa/docs/overview.md
- clients/khalsa/docs/cloud/m365.md
- clients/khalsa/docs/cloud/azure.md
- clients/khalsa/docs/rmm/rmm.md
- clients/khalsa/docs/security/antivirus.md
- clients/khalsa/docs/security/backup.md
- clients/khalsa/docs/issues/log.md
- clients/khalsa/docs/apple-domain-join.md
- clients/khalsa/docs/network/README.md
- clients/khalsa/docs/network/camden/topology.md
- clients/khalsa/docs/network/camden/firewall.md
- clients/khalsa/docs/network/camden/dns.md
- clients/khalsa/docs/network/camden/dhcp.md
- clients/khalsa/docs/network/camden/vlans.md
- clients/khalsa/docs/network/river/topology.md
- clients/khalsa/docs/network/river/firewall.md
- clients/khalsa/docs/network/river/dns.md
- clients/khalsa/docs/network/river/dhcp.md
- clients/khalsa/docs/network/river/vlans.md
- clients/khalsa/PROJECT_STATE.md
---
# Khalsa
## Overview
New client in ONBOARDING status as of 2026-04-16. Standard client directory structure applied by Howard. Multi-site environment with two locations: **Camden** and **River**. Onboarding is incomplete — infrastructure details, contacts, and credentials have not yet been captured to the vault.
- **Business type:** *(not documented)*
- **Locations:** 2 (Camden, River)
- **Total users:** *(not documented)*
- **Billing model:** *(not documented)*
- **Billing rate:** *(not documented)*
- **Contract status:** ONBOARDING — terms not yet documented
- **Hours remaining:** *(not documented)*
[WARNING] All template fields in overview.md, m365.md, azure.md, rmm.md, antivirus.md, and backup.md are blank. The only substantive technical content in the entire client directory is `docs/apple-domain-join.md`. Onboarding must be completed before this client can be effectively supported.
---
## Contacts
All contact fields in overview.md are blank. No primary contact, IT contact, names, phones, or emails documented.
- **Primary Contact:** *(not documented)*
- **IT Contact:** *(not documented)*
- **Location (Camden):** *(not documented)*
- **Location (River):** *(not documented)*
---
## Infrastructure
No server or workstation inventory has been captured. The following is known only from `docs/apple-domain-join.md`:
### Known Servers
| Hostname | IP | Role | OS | Notes |
|----------|----|------|----|-------|
| TROUT | 10.11.12.254 | Domain Controller, Primary DNS | *(not documented)* | khalsa.local domain; DNS forwarder at 10.11.12.1 |
| *(unknown)* | 10.11.12.243 | DNS server | *(not documented)* | [WARNING] This is a DNS server but NOT the DC — do not confuse the two |
### Workstations
*(not documented)*
### Active Directory
- **Domain:** `khalsa.local`
- **Domain admin account:** `guru`
- **DC hostname:** TROUT at 10.11.12.254
- **DNS primary:** 10.11.12.254 (DC/TROUT)
- **DNS secondary:** 10.11.12.1
- Kerberos (port 88), LDAP (port 389), SMB (port 445) required to reach DC
---
## Network
Two sites: Camden and River. All network template files (topology, firewall, DNS, DHCP, VLANs) are blank placeholders for both sites — no subnets, IPs, hardware, ISPs, or VPN details are recorded.
### Camden
- **Topology:** *(not documented — template only)*
- **Firewall:** *(not documented — template only)*
- **DNS:** *(not documented — template only)*
- **DHCP:** *(not documented — template only)*
- **VLANs:** Template defines VLAN IDs 1, 10, 20, 30, 40, 50, 60, 100 (standard schema: Management, Servers, Workstations, VoIP, WiFi-Corp, WiFi-Guest, Security) — but no subnets or IPs filled in.
### River
- **Topology:** *(not documented — template only)*
- **Firewall:** *(not documented — template only)*
- **DNS:** *(not documented — template only)*
- **DHCP:** *(not documented — template only)*
- **VLANs:** Same VLAN ID schema as Camden — no subnets or IPs filled in.
### Site-to-Site Connectivity
*(not documented)* — firewall.md VPN sections are blank for both sites.
### Confirmed Network Info (from apple-domain-join.md)
- DC/DNS: TROUT at 10.11.12.254 (implies /24 range starting with 10.11.12.x)
- Secondary DNS: 10.11.12.1 [unverified — likely a firewall or router]
- 10.11.12.243 is a DNS server (role unknown, not the DC)
- Site assignment of these IPs (Camden vs River) is unknown
---
## Cloud / M365
All M365 and Azure template fields are blank. No tenant name, tenant ID, domain, licenses, Exchange settings, SharePoint, Teams, Entra, or Defender details are documented.
- **M365 tenant:** *(not documented)*
- **Azure subscription:** *(not documented)*
- **Other cloud services:** *(not documented)*
---
## GuruRMM
All RMM template fields are blank.
- **Client ID:** *(not documented)*
- **Site IDs:** *(not documented)*
- **Enrolled agents:** *(not documented)*
- **Monitoring policies:** Template placeholders only (Disk Space, CPU, Service Monitor, Backup Monitor, Offline Alert — no client-specific values)
- **Patch policy:** *(not documented)*
---
## Active Projects / Open Items
- [ ] Complete onboarding — capture infrastructure details, contacts, credentials to vault
- [ ] Populate all `docs/` templates with real data (network, servers, M365, backup, AV, RMM)
- [ ] Document both Camden and River site specifics (topology, firewall rules, VLANs, IPs)
- [ ] Capture contacts to overview.md
- [ ] Store credentials in SOPS vault under `clients/khalsa/`
---
## Key Events / History
| Date | Event |
|------|-------|
| 2026-04-16 | Client directory created by Howard. Standard template applied. ONBOARDING status set. |
No issue log entries. No session logs exist for this client.
---
## Anti-Patterns / Warnings
- [WARNING] 10.11.12.243 is a DNS server but NOT the domain controller. Do not treat it as the DC. The DC is TROUT at 10.11.12.254.
- [WARNING] Onboarding is incomplete. Do not assume any template placeholder values are real — all fields other than the apple-domain-join.md content are empty.
- [WARNING] Do NOT run `dsconfigad` commands via ScreenConnect — the domain join step requires a password prompt that ScreenConnect cannot handle. Must use direct Terminal access.
- When joining a Mac that was previously joined and has a broken trust: force-remove first (`dsconfigad -remove -username guru -force`), then re-join. Skipping this causes error 2100.
- After applying `DefaultDomain` setting for login window, a reboot is required for the domain prefix to drop from login.
- No credentials are in this wiki. Retrieve from vault under `clients/khalsa/` once captured.
---
## Backlinks
- [[wiki/index]] — client index
- [[wiki/patterns/apple-domain-join]] — if a general Apple domain join pattern article exists or is created
Reference in New Issue View Git Blame Copy Permalink