3.8 KiB
Dataforth — Share Plan Context Recovery
User
- User: Howard Enos (howard)
- Machine: Howard-Home
- Role: tech
Session Summary
Context-recovery session. The operator asked to bring back up the Dataforth shared-drives /
permissions plan that had been worked in a prior window. Located the project at
clients/dataforth/docs/projects/shares-permissions/ and read the working state to brief
the operator on where things stand.
The two files touched most recently (2026-06-22 18:55, captured by the 18:54 auto-sync commit
86c789a) are the active deliverables: target-structure-draft-2026-06-22.md (internal Phase 2
strawman) and Dataforth-Shared-Drives-Plan.html (simplified client-facing render). Confirmed
nothing is uncommitted in clients/dataforth/.
Summarized the project for the operator: it moves Dataforth from "every share open to every employee" (Everyone/Domain Users, Full on 4 of 8 shares — payroll/OSHA/POs/financials exposed, post-2025 ransomware) to a least-privilege department-based AD security-group model with a restricted branch, ABE on, excluding the DOS/datasheet/Sage infra shares. Phase 0 (discovery) done; Phase 1 (client input) is the blocking gate; Phase 2 target design is drafted (today's strawman) pending the client matrix. No file changes were made this session — read/brief only.
Key Decisions
- No edits made — session was scoped to recovering and reporting state, not advancing the plan.
- Identified the three candidate next steps to offer the operator: polish the client-facing HTML, finalize/send the discovery email to unblock Phase 1, or refine the internal strawman.
Problems Encountered
- None.
Configuration Changes
- None. (This session log is the only file written.)
Credentials & Secrets
- None surfaced or created.
Infrastructure & Servers
Referenced from the plan (not modified): AD1, AD2, FILES-D1, SAGE-SQL file servers. Eight
business shares (c-drive/Q, sage/S, e-drive/T, sales/W, archive/Y, Engineering/B, plus itsvc,
webshare/X, test). App/infra shares excluded from the dept model: test (DOS/SMB1 guest),
webshare (preserve svc_testdatadb), ITSvc, Sage app paths, NETLOGON/SYSVOL.
Commands & Outputs
git log --oneline -- clients/dataforth/docs/projects/shares-permissions/→ last commit86c789a(auto-sync 2026-06-22 18:54:25); prior72e0e0a(2026-06-10).git status --short clients/dataforth/→ clean.
Pending / Incomplete Tasks
Phase 1 (client input) is BLOCKING. Still needed from Dataforth before Phase 2 sign-off:
- Confirm the inferred department list.
- Department -> share access matrix (RW/RO/none per area).
- Sensitive-data named access (Payroll, OSHA, Purchase Orders, Accounting/Sage).
- Department rosters (to populate AD groups).
- Legacy-cleanup approval (person-named / "Do not use" folders archive vs delete).
- Engineering destination volume — AD1 C: ~90% full, blocks any ENGR restructure.
Email logistics not locked: discovery-email-draft.md exists but recipients/sender unset
(Dan Center primary; CC Kevin Wackerly?; Mike or Howard sending?).
Next-step options offered to operator: (a) polish client-facing HTML, (b) finalize + send discovery email to unblock Phase 1, (c) refine internal strawman.
Reference Information
- Project dir:
clients/dataforth/docs/projects/shares-permissions/ - Active strawman:
target-structure-draft-2026-06-22.md - Client deliverable (HTML):
Dataforth-Shared-Drives-Plan.html(3 sections: folder layout, who gets access, what we need from you) - Older docx deliverable:
Dataforth-Shared-Drives-Reorganization-Plan.docx(2026-06-18) - Roadmap:
roadmap.md(Phase 0 done; Phase 1 pending) - Baseline:
current-state-2026-06-10.md,acl-audit-detail-2026-06-10.md - Client contact: Dan Center (primary IT). Owner: ACG (Howard).
- Last commit before this session:
86c789a.