Files
claudetools/wiki/clients/michaeljohnson.md

164 lines
9.8 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
type: client
name: michaeljohnson
display_name: Michael Johnson (Law Office)
last_compiled: 2026-06-29
compiled_by: HOWARD-HOME/claude-main
sources:
- clients/michaeljohnson/session-logs/2026-06/2026-06-29-howard-rmm-onboard-edr-billing.md
- clients/michaeljohnson/onboarding-baselines/DESKTOP-GG4LKSL-20260629T211835.md
- clients/michaeljohnson/onboarding-baselines/MJ-PARALEGAL-20260629T211845.md
- Syncro customer 152567 (live: profile, tickets, invoices, assets)
- GuruRMM onboarding 2026-06-29 (client + site "Main", BRIGHT-RIVER-8998)
- Datto EDR org "Michael Johnson" (azcomp4587.infocyte.com)
---
# Michael Johnson (Law Office)
## Profile
- **Business type:** Solo legal practice (Tucson, AZ) — *inferred* from the paralegal
workstation, WordPerfect + "Seabill" legal-billing software, and the recurring
shared-file / Outlook-calendar-sync work between Michael's and Crystal's machines.
Not formally stated in Syncro (no `business_name` on the record).
- **Syncro Customer ID:** 152567 (record created 2013-12-04 — long-standing client)
- **Contract type:** **Break-fix** / time-and-materials. No prepaid block
(`prepay_hours = 0.0`, live 2026-06-29). Invoice history is per-ticket one-offs across
20132026.
- **Billing rate:** $175/hr onsite (most recent labor line, #32477 2026-06-29); historical
invoices show mixed remote/onsite labor at standard ACG rates.
- **Managed devices (Syncro assets):** 2.
- **Address:** 177 N Church, Tucson, AZ 85701
- **GuruRMM onboarded:** 2026-06-29 (Howard) — client + site "Main"; both workstations enrolled same day.
- **Onboarding grade:** DESKTOP-GG4LKSL = **AMBER**; MJ-PARALEGAL = **RED**.
- **Endpoint security:** Datto EDR + AV deployed 2026-06-29 (both endpoints, AV active).
## Contacts
| Name | Role | Email / Phone | Notes |
|---|---|---|---|
| Michael Johnson | Owner / attorney | michaeljohnson311@gmail.com / 520-622-0065 | Primary Syncro contact; uses DESKTOP-GG4LKSL |
| Crystal (Krystal) | Paralegal / assistant | (no email on file) / 520-906-4672 | Uses MJ-PARALEGAL; most day-to-day tickets are hers. Syncro contact record holds this phone with no name. |
Email is on **Gmail / Google Workspace** (not M365). Several past tickets involve Google account
storage/payment and Outlook talking to the Google calendar; mail is **not** hosted or managed by ACG
M365 tooling.
## Infrastructure
### Network
- **Topology:** Workgroup, peer-to-peer (no on-prem AD, no domain join). Both machines report
`PartOfDomain=False` / `Domain=WORKGROUP`.
- **LAN subnet:** 192.168.1.0/24.
- Shared files are served peer-to-peer between the two workstations (consistent with the long
history of "can't access shared files" tickets). As of 2026-06-29, Michael's machine is on a
**static IP** and the paralegal machine is configured to reach the share via that static IP.
### Workstations (GuruRMM enrolled 2026-06-29, site "Main")
| Hostname | User | Model | CPU | RAM | OS | IP | RMM Agent ID | Grade |
|---|---|---|---|---|---|---|---|---|
| DESKTOP-GG4LKSL | Michael | HP Pavilion Gaming TG01-2xxx | i7-11700F 8c/16t | 31.8 GB | Win 11 Pro 25H2 (build 26200) | 192.168.1.135 (Wi-Fi; now static) | 09c08484-2b51-404b-a294-6e39f498867c | AMBER |
| MJ-PARALEGAL | Crystal | ASUS (desktop, generic board) | i5-10400 6c/12t | 15.8 GB | Win 11 Pro 25H2 (build 26200) | 192.168.1.136 (wired) | 4537ac34-e548-484c-b4e9-fd91e7f97a23 | RED |
Both on Win 11 25H2 (supported until 2027-10-12), OS activated, agent v0.6.75, Defender active &
current with Tamper Protection on, SMBv1 disabled, LAPS reg key present. Neither has a backup agent.
MJ-PARALEGAL was recently recovered + upgraded to Win11 (Syncro #31768).
### RMM site / enrollment
- **Client:** Michael Johnson · **Site:** Main · **Site code:** `BRIGHT-RIVER-8998`
- **Client ID:** `99022a2e-6b8f-472b-9269-6a746ef0970b` · **Site ID:** `94b5cb21-3d8e-484a-8ef3-8388b66417d2`
- **Install page:** https://rmm.azcomputerguru.com/install/BRIGHT-RIVER-8998
- **Enrollment key vault path:** `clients/michaeljohnson/gururmm-site-main.sops.yaml` (also stamped `syncro_customer_id: 152567`)
### Datto EDR / AV
- **Tenant:** azcomp4587.infocyte.com · **Org:** Michael Johnson `fef82618-de1d-4b5c-b92e-7fd078e2b983`
- **Target group:** Main `3b844ef0-d792-4be9-bc0e-7d4848b99180`
- **Agents:** desktop-gg4lksl `798dadc9-dd72-40fe-bd06-e6b5506ebf73`, mj-paralegal `963178af-23b1-4bee-90e8-f9a6dbac7aec` — both online, AV on, v3.17.1.5552.
- **Reg key vault path:** `clients/michaeljohnson/datto-edr.sops.yaml`
## Onboarding Findings (2026-06-29 baselines)
### MJ-PARALEGAL — RED (2 critical / 4 warning)
- **[CRITICAL] Firewall OFF on Private + Public profiles** (`Domain=True` only). Re-enable all profiles.
- **[CRITICAL] E: drive 0% free** (0 GB of 255.6 GB). Find what's filling it and clean up/expand urgently.
- [WARNING] BitLocker off on C: · 2 pending Windows updates · 1 unexpected shutdown in last 14 days ·
6 auto-start services stopped (Asus/Lenovo/Google updaters + Intel TPM provisioning — mostly benign;
Lenovo *and* Asus services on one box suggests image/hardware churn).
- DNS server set to **172.16.132.1** on a 192.168.1.x LAN — anomalous (stale/foreign resolver). Correct
to the local gateway / ISP DNS.
- Local admins: `Administrator`, `localadmin`, `Paralegal`.
### DESKTOP-GG4LKSL — AMBER (0 critical / 5 warning)
- [WARNING] BitLocker off on C: · 4 pending Windows updates · D: 14.6% free (68.1 GB of 465.8 GB) ·
1 unexpected shutdown in last 14 days · 3 auto-start services stopped (Google updaters + Intel TPM).
- C: is the large/healthy volume (690 GB free of 930 GB); **D: is the low one** — confirm which volume
holds working data before cleanup.
- Windows Time source is **time1.aliyun.com** (Alibaba NTP) — unusual; reset to a standard pool.
- Local admins: `Administrator`, `Localadmin`, `owner`.
### Common to both
- No BitLocker (workgroup — no AD escrow target; would need manual key storage / vault).
- No backup agent on either machine — **no backup coverage confirmed.** Biggest gap for a law office.
- Defender-only AV at baseline; now augmented by Datto EDR/AV. SMBv1 off.
- ACG remote tooling present and expected: ScreenConnect on both; Splashtop + Syncro agent additionally
on MJ-PARALEGAL. No competitor/foreign RMM agents detected — and **no Bitdefender** (verified 2026-06-29).
## Patterns & Known Issues
- **Two-person peer-to-peer office.** Everything is workgroup + shared files between Michael's and
Crystal's PCs. Shared-file and calendar-sync breakage is the single most common call — there is no
server, so a machine being down/offline breaks the other's access. (Mitigated 2026-06-29 by moving
Michael's PC to a static IP so the share target stops moving.)
- **Mail is Google, not M365.** Do not reach for the ComputerGuru M365 remediation suite here — Outlook
is configured against a Google account. Google storage/billing has caused outages historically.
- **Power-outage sensitivity.** Multiple "mouse/peripheral dead after a power outage" and "machines went
down" tickets — no UPS protection documented; a UPS on each machine would cut repeat emergency calls.
- **Backups unverified.** No backup agent on either workstation. Top risk to close for a legal practice.
- **MJ-PARALEGAL E: full + firewall off** are the two immediate must-fix items from onboarding.
## Active Work
*No open tickets in Syncro as of 2026-06-29 (#32477 billed + Invoiced this session). Open remediation items below come from the onboarding baselines.*
| Priority | Action | Owner | Notes |
|---|---|---|---|
| P1 | Re-enable firewall (Private + Public) on MJ-PARALEGAL | Howard | CRITICAL onboarding finding |
| P1 | Clear/expand E: on MJ-PARALEGAL (0% free) | Howard | CRITICAL; identify what's filling 255 GB |
| P1 | Establish/confirm backup coverage for both PCs | Howard/Mike | No backup agent on either; law-office data |
| P2 | Fix anomalous DNS (172.16.132.1) on MJ-PARALEGAL | Howard | Should be local gateway / ISP DNS |
| P2 | Install pending Windows updates (4 on GG4LKSL, 2 on PARALEGAL) | Howard | Next maintenance window |
| P3 | Free space on GG4LKSL D: (14.6%) | Howard | Confirm which volume holds data first |
| P3 | Reset GG4LKSL time source off Alibaba NTP | Howard | Use standard NTP pool |
| P3 | Evaluate UPS for both machines | Mike | Repeat post-outage peripheral failures |
| P3 | Consider BitLocker (with key escrow) | Howard | Both unencrypted; workgroup needs manual key storage |
## History Highlights
- **2013-12-04** — Syncro customer record created; long-standing break-fix relationship.
- **20132026** — Recurring break-fix work: printer setup/offline errors, Outlook<->Google calendar sync
between Michael & Crystal, "can't access shared files", peripherals failing after power outages,
WordPerfect/Seabill hangs, multiple new-machine builds.
- **2026-06-29** — GuruRMM onboarding: client + site "Main" (`BRIGHT-RIVER-8998`) created; both
workstations enrolled; onboarding diagnostics run (DESKTOP-GG4LKSL AMBER, MJ-PARALEGAL RED).
- **2026-06-29** — Datto EDR/AV deployed to both endpoints. "Remove Bitdefender" request was a no-op —
RMM-verified that neither machine had Bitdefender (Defender-only). New Datto org + "Main" group + reg
key; both agents registered, online, AV on.
- **2026-06-29** — #32477 (onsite): set Michael's PC to a static IP and reconfigured the paralegal
machine to reach the share via the new IP. Billed 0.5h onsite ($87.50), invoice #1650843860, Invoiced.
## Access
- GuruRMM enrollment key: vault `clients/michaeljohnson/gururmm-site-main.sops.yaml`.
- Datto EDR registration key + org/group IDs: vault `clients/michaeljohnson/datto-edr.sops.yaml`.
- No workstation local-account credentials vaulted yet (verify if needed for future remote work).
## Backlinks
- [[projects/gururmm]] — DESKTOP-GG4LKSL + MJ-PARALEGAL enrolled (site: Main / BRIGHT-RIVER-8998)