azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
26dbe2327fae8bcbca4830001c5e1eea2f6ab751
claudetools/clients/dataforth/docs/billing-log.md
Howard Enos 8d975c1b44 import: ingested 160 files from C:\Users\howar\Clients 
Howard's personal MSP client documentation folder imported into shared
ClaudeTools repo via /import command. Scope:

Clients (structured MSP docs under clients/<name>/docs/):
- anaise       (NEW)  - 13 files
- cascades-tucson     - 47 files merged (existing had only reports/)
- dataforth           - 18 files merged (alongside incident reports)
- instrumental-music-center - 14 files merged
- khalsa       (NEW)  - 22 files, multi-site (camden, river)
- kittle       (NEW)  - 16 files incl. fix-pdf-preview, gpo-intranet-zone
- lens-auto-brokerage (NEW) - 3 files (name matches SOPS vault)
- _client_template    - 13-file scaffold for new clients

MSP tooling (projects/msp-tools/):
- msp-audit-scripts/ - server_audit.ps1, workstation_audit.ps1, README
- utilities/         - clean_printer_ports, win11_upgrade,
                       screenconnect-toolbox-commands

Credential handling:
- Extracted 1 inline password (Anaise DESKTOP-O8GF4SD / david)
  to SOPS vault: clients/anaise/desktop-o8gf4sd.sops.yaml
- Redacted overview.md with vault reference pattern
- Scanned all 160 files for keys/tokens/connection strings -
  no other credentials found

Skipped:
- Cascades/.claude/settings.local.json (per-machine config)
- Source-root CLAUDE.md (personal, claudetools has its own)
- scripts/server_audit.ps1 and workstation_audit.ps1 at source root
  (identical duplicates of msp-audit-scripts versions)

Memory updates:
- reference_client_docs_structure.md (layout, conventions, active list)
- reference_msp_audit_scripts.md (locations, ScreenConnect 80-char rule)

Session log: session-logs/2026-04-16-howard-client-docs-import.md

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-16 19:43:58 -07:00

57 lines
3.4 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Dataforth — Work Log / Billing Record
## Session 1 — 2026-04-02 (Remote — Documentation Audit)
**Focus:** Full client documentation buildout from Mike Swanson handoff + post-incident audit
| Time | Task | Details |
|------|------|---------|
| | Client intake & overview | Created overview.md — company info, Dan Center contact (replacing retired Joel Lohr), Mike Swanson as outgoing IT, M365 tenant 7dfa3ce8-c496-4b51-ab8d-bd3dcd78b584, ~21 human users, 6 servers, 2 ESXi + 1 Hyper-V, ~38 workstations, 64 DOS test stations |
| | Network documentation | Built topology.md, dns.md, dhcp.md, firewall.md, vlans.md for flat network (no VLANs, all Windows Firewall profiles disabled on AD2) |
| | Cloud documentation | Built m365.md + azure.md — tenant info, Entra ID Sync from OU=SyncedUsers, MFA enforcement deadline April 4, 19 users still need to register |
| | Security documentation | Built antivirus.md + backup.md |
| | RMM documentation | Documented Datto RMM + GuruRMM (azcomputerguru.com) |
| | Active Directory doc | Built active-directory.md — intranet.dataforth.com forest, Windows Server 2016 level |
| | Per-server docs (6 servers) | AD1, AD2, FILES-D1, SAGE-SQL, 3CX, DF-HYPERV-B, D2TESTNAS |
| | Workstation inventory | Built workstations.md — Engineering (~12), Manufacturing/Assembly (~14), Office/Admin (~12), 3 EOL Windows 7 (LABELPC, LABELPC2, D2-RCVG-003) |
| | Manufacturing doc | Built manufacturing.md — 64 DOS stations running QuickBASIC 4.5 ATE on MS-DOS 6.22, SMB1 via D2TESTNAS Samba proxy, TestDataDB (Node.js + SQLite on AD2:3000, 2.28M test records) |
| | Issue log buildout | Documented 2025 ransomware incident (AD2 wiped/rebuilt), 2026-03-27 DF-JOEL2 phishing compromise (Angel Raya/ScreenConnect social engineering, C2 blocked, IC3 complaint, jlohr reset) |
| | Risk inventory | Critical/High/Medium/Low risk catalog: firewall disabled on AD2, Win7 machines, AD1 at 90% disk, jlohr account overdue for disable, 28 machines not scanned, etc. |
### Billing Summary — Session 1
| Category | Items |
|----------|-------|
| Client onboarding / intake | Full Mike Swanson handoff documented |
| Documentation buildout | 22 files created across overview, network, cloud, security, rmm, servers, workstations, manufacturing, issues |
| Post-incident risk audit | 2025 ransomware + 2026-03-27 phishing compromise fully documented with follow-ups |
**Time:** File timestamps span ~10:04 AM → 12:45 PM (~2.53 hrs)
---
## Outstanding Work — Prioritized
### Critical
- All Windows Firewall profiles disabled on AD2 — re-enable
- 3 Windows 7 machines still on network — retire or isolate
- AD1 C: drive at 90% capacity (C:\Engineering = 787 GB) — expand or clean
- AD1/AD2 on Windows Server 2016 (end of mainstream support) — plan upgrade
### High
- Joel Lohr (jlohr) account — disable post-retirement (**OVERDUE since 2026-03-31**)
- C2 IP blocks on UDM are iptables rules only — make permanent in UniFi UI
- 28 machines offline during incident — rescan when available
- MFA enforcement (April 4) — 19 users still need to register
- No reverse DNS zone for 192.168.0.x
- Website upload mechanism broken (ASP.NET 404s)
### Medium
- D2TESTNAS uses root SSH with password auth
- Stale/conflicting computer account IPs
- ~845K test records pending ForWeb export
### Low
- DVD ISO mounted on AD2 D:
- ClaudeTools-ReadOnly AD account — purpose unclear
- DESKTOP-* BYOD-looking hostnames
Reference in New Issue View Git Blame Copy Permalink