Business type: Solo legal practice (Tucson, AZ) — inferred from the paralegal
workstation, WordPerfect + "Seabill" legal-billing software, and the recurring
shared-file / Outlook-calendar-sync work between Michael's and Crystal's machines.
Not formally stated in Syncro (no business_name on the record).
Syncro Customer ID: 152567 (record created 2013-12-04 — long-standing client)
Contract type:Break-fix / time-and-materials. No prepaid block
(prepay_hours = 0.0, live 2026-06-29). Invoice history is per-ticket one-offs across
2013–2026.
Billing rate: $175/hr onsite (most recent labor line, #32477 2026-06-29); historical
invoices show mixed remote/onsite labor at standard ACG rates.
Managed devices (Syncro assets): 2.
Address: 177 N Church, Tucson, AZ 85701
GuruRMM onboarded: 2026-06-29 (Howard) — client + site "Main"; both workstations enrolled same day.
Uses MJ-PARALEGAL; most day-to-day tickets are hers. Syncro contact record holds this phone with no name.
Email is on Gmail / Google Workspace (not M365). Several past tickets involve Google account
storage/payment and Outlook talking to the Google calendar; mail is not hosted or managed by ACG
M365 tooling.
Infrastructure
Network
Topology: Workgroup, peer-to-peer (no on-prem AD, no domain join). Both machines report
PartOfDomain=False / Domain=WORKGROUP.
LAN subnet: 192.168.1.0/24.
Shared files are served peer-to-peer between the two workstations (consistent with the long
history of "can't access shared files" tickets). As of 2026-06-29, Michael's machine is on a
static IP and the paralegal machine is configured to reach the share via that static IP.
Workstations (GuruRMM enrolled 2026-06-29, site "Main")
Hostname
User
Model
CPU
RAM
OS
IP
RMM Agent ID
Grade
DESKTOP-GG4LKSL
Michael
HP Pavilion Gaming TG01-2xxx
i7-11700F 8c/16t
31.8 GB
Win 11 Pro 25H2 (build 26200)
192.168.1.135 (Wi-Fi; now static)
09c08484-2b51-404b-a294-6e39f498867c
AMBER
MJ-PARALEGAL
Crystal
ASUS (desktop, generic board)
i5-10400 6c/12t
15.8 GB
Win 11 Pro 25H2 (build 26200)
192.168.1.136 (wired)
4537ac34-e548-484c-b4e9-fd91e7f97a23
RED
Both on Win 11 25H2 (supported until 2027-10-12), OS activated, agent v0.6.75, Defender active &
current with Tamper Protection on, SMBv1 disabled, LAPS reg key present. Neither has a backup agent.
MJ-PARALEGAL was recently recovered + upgraded to Win11 (Syncro #31768).
RMM site / enrollment
Client: Michael Johnson · Site: Main · Site code:BRIGHT-RIVER-8998
Client ID:99022a2e-6b8f-472b-9269-6a746ef0970b · Site ID:94b5cb21-3d8e-484a-8ef3-8388b66417d2
[CRITICAL] Firewall OFF on Private + Public profiles (Domain=True only). Re-enable all profiles.
[CRITICAL] E: drive 0% free (0 GB of 255.6 GB). Find what's filling it and clean up/expand urgently.
[WARNING] BitLocker off on C: · 2 pending Windows updates · 1 unexpected shutdown in last 14 days ·
6 auto-start services stopped (Asus/Lenovo/Google updaters + Intel TPM provisioning — mostly benign;
Lenovo and Asus services on one box suggests image/hardware churn).
DNS server set to 172.16.132.1 on a 192.168.1.x LAN — anomalous (stale/foreign resolver). Correct
to the local gateway / ISP DNS.
Local admins: Administrator, localadmin, Paralegal.
DESKTOP-GG4LKSL — AMBER (0 critical / 5 warning)
[WARNING] BitLocker off on C: · 4 pending Windows updates · D: 14.6% free (68.1 GB of 465.8 GB) ·
1 unexpected shutdown in last 14 days · 3 auto-start services stopped (Google updaters + Intel TPM).
C: is the large/healthy volume (690 GB free of 930 GB); D: is the low one — confirm which volume
holds working data before cleanup.
Windows Time source is time1.aliyun.com (Alibaba NTP) — unusual; reset to a standard pool.
Local admins: Administrator, Localadmin, owner.
Common to both
No BitLocker (workgroup — no AD escrow target; would need manual key storage / vault).
No backup agent on either machine — no backup coverage confirmed. Biggest gap for a law office.
Defender-only AV at baseline; now augmented by Datto EDR/AV. SMBv1 off.
ACG remote tooling present and expected: ScreenConnect on both; Splashtop + Syncro agent additionally
on MJ-PARALEGAL. No competitor/foreign RMM agents detected — and no Bitdefender (verified 2026-06-29).
Patterns & Known Issues
Two-person peer-to-peer office. Everything is workgroup + shared files between Michael's and
Crystal's PCs. Shared-file and calendar-sync breakage is the single most common call — there is no
server, so a machine being down/offline breaks the other's access. (Mitigated 2026-06-29 by moving
Michael's PC to a static IP so the share target stops moving.)
Mail is Google, not M365. Do not reach for the ComputerGuru M365 remediation suite here — Outlook
is configured against a Google account. Google storage/billing has caused outages historically.
Power-outage sensitivity. Multiple "mouse/peripheral dead after a power outage" and "machines went
down" tickets — no UPS protection documented; a UPS on each machine would cut repeat emergency calls.
Backups unverified. No backup agent on either workstation. Top risk to close for a legal practice.
MJ-PARALEGAL E: full + firewall off are the two immediate must-fix items from onboarding.
Active Work
No open tickets in Syncro as of 2026-06-29 (#32477 billed + Invoiced this session). Open remediation items below come from the onboarding baselines.
Priority
Action
Owner
Notes
P1
Re-enable firewall (Private + Public) on MJ-PARALEGAL
Howard
CRITICAL onboarding finding
P1
Clear/expand E: on MJ-PARALEGAL (0% free)
Howard
CRITICAL; identify what's filling 255 GB
P1
Establish/confirm backup coverage for both PCs
Howard/Mike
No backup agent on either; law-office data
P2
Fix anomalous DNS (172.16.132.1) on MJ-PARALEGAL
Howard
Should be local gateway / ISP DNS
P2
Install pending Windows updates (4 on GG4LKSL, 2 on PARALEGAL)
Howard
Next maintenance window
P3
Free space on GG4LKSL D: (14.6%)
Howard
Confirm which volume holds data first
P3
Reset GG4LKSL time source off Alibaba NTP
Howard
Use standard NTP pool
P3
Evaluate UPS for both machines
Mike
Repeat post-outage peripheral failures
P3
Consider BitLocker (with key escrow)
Howard
Both unencrypted; workgroup needs manual key storage
History Highlights
2013-12-04 — Syncro customer record created; long-standing break-fix relationship.
2013–2026 — Recurring break-fix work: printer setup/offline errors, Outlook<->Google calendar sync
between Michael & Crystal, "can't access shared files", peripherals failing after power outages,
WordPerfect/Seabill hangs, multiple new-machine builds.
2026-06-29 — GuruRMM onboarding: client + site "Main" (BRIGHT-RIVER-8998) created; both
workstations enrolled; onboarding diagnostics run (DESKTOP-GG4LKSL AMBER, MJ-PARALEGAL RED).
2026-06-29 — Datto EDR/AV deployed to both endpoints. "Remove Bitdefender" request was a no-op —
RMM-verified that neither machine had Bitdefender (Defender-only). New Datto org + "Main" group + reg
key; both agents registered, online, AV on.
2026-06-29 — #32477 (onsite): set Michael's PC to a static IP and reconfigured the paralegal
machine to reach the share via the new IP. Billed 0.5h onsite ($87.50), invoice #1650843860, Invoiced.