azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5b99e4b80b4f7b8d07d505bed41570b6108401f1
claudetools/clients/kittle/docs/servers/server.md
Howard Enos 8d975c1b44 import: ingested 160 files from C:\Users\howar\Clients 
Howard's personal MSP client documentation folder imported into shared
ClaudeTools repo via /import command. Scope:

Clients (structured MSP docs under clients/<name>/docs/):
- anaise       (NEW)  - 13 files
- cascades-tucson     - 47 files merged (existing had only reports/)
- dataforth           - 18 files merged (alongside incident reports)
- instrumental-music-center - 14 files merged
- khalsa       (NEW)  - 22 files, multi-site (camden, river)
- kittle       (NEW)  - 16 files incl. fix-pdf-preview, gpo-intranet-zone
- lens-auto-brokerage (NEW) - 3 files (name matches SOPS vault)
- _client_template    - 13-file scaffold for new clients

MSP tooling (projects/msp-tools/):
- msp-audit-scripts/ - server_audit.ps1, workstation_audit.ps1, README
- utilities/         - clean_printer_ports, win11_upgrade,
                       screenconnect-toolbox-commands

Credential handling:
- Extracted 1 inline password (Anaise DESKTOP-O8GF4SD / david)
  to SOPS vault: clients/anaise/desktop-o8gf4sd.sops.yaml
- Redacted overview.md with vault reference pattern
- Scanned all 160 files for keys/tokens/connection strings -
  no other credentials found

Skipped:
- Cascades/.claude/settings.local.json (per-machine config)
- Source-root CLAUDE.md (personal, claudetools has its own)
- scripts/server_audit.ps1 and workstation_audit.ps1 at source root
  (identical duplicates of msp-audit-scripts versions)

Memory updates:
- reference_client_docs_structure.md (layout, conventions, active list)
- reference_msp_audit_scripts.md (locations, ScreenConnect 80-char rule)

Session log: session-logs/2026-04-16-howard-client-docs-import.md

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-16 19:43:58 -07:00

4.4 KiB
Raw Blame History

Server: SERVER

General Info

  • Hostname: SERVER
  • IP Address: 10.0.0.5
  • Subnet Mask: 255.255.255.0 (/24)
  • Default Gateway: 10.0.0.1
  • DNS Servers: 127.0.0.1 (itself — correct for DC)
  • OS: Microsoft Windows Server 2025 Standard EVALUATION
  • OS Version: Build 26100
  • OS Configuration: Primary Domain Controller
  • Domain: kittle.lan
  • Physical / Virtual: Physical
  • Location: Office

Hardware

  • Make/Model: HPE ProLiant MicroServer Gen11
  • BIOS: HPE 2.22 (5/16/2025)
  • CPU: Intel Xeon E-2414 (4 cores)
  • RAM: 80 GB

Storage

Drive Label Filesystem Size Notes
C: (OS) NTFS ~11 TB Primary volume
(secondary) Server2 2022_03_31 ~2 TB Secondary storage — possibly old server backup or migration data

Network Interfaces

  • 4x Embedded LOM ports (Port 1-4)
  • Only Port 1 is active
  • 3 ports unused

Roles and Services (Installed)

  • Active Directory Domain Services (Primary DC)
  • DNS Server
  • DHCP Server (installed but scopes are empty — DHCP runs on ISP router)
  • File Server (C:\Shares)
  • Print Server
  • Group Policy Management

SMB File Shares

Share Name Path Notes
Home C:\Shares\Home User home folders
QBooks C:\Shares\Home\QBooks QuickBooks data files
NETLOGON (default) AD logon scripts
SYSVOL (default) Group Policy store

Installed Software

Software Version Notes
QuickBooks Pro 2024 34 Should NOT be on a DC — migrate to workstation
ScreenConnect Remote access agent
Microsoft Edge Browser

Listening Ports (Key Services)

Port Protocol Service Notes
53 TCP DNS AD DNS server
88 TCP Kerberos AD authentication
135 TCP RPC Endpoint Mapper
139 TCP NetBIOS Legacy name service
389 TCP LDAP AD directory
445 TCP SMB File shares
464 TCP Kerberos kpasswd Password changes
636 TCP LDAPS LDAP over SSL
3268 TCP Global Catalog AD GC
3269 TCP GC SSL AD GC over SSL
5985 TCP WinRM PowerShell remoting
8019 TCP Unknown Needs identification
9389 TCP AD Web Services AD management

DNS Configuration

  • DNS Forwarders: 10.0.0.1 (ISP router)
  • DNS Zones: kittle.lan, _msdcs.kittle.lan
  • No reverse lookup zone for 10.0.0.x

Group Policy Objects

GPO Name Modified Notes
Default Domain Policy 12/23/2025
Default Domain Controllers Policy 2/9/2026
HomeFolder 2/9/2026 Maps home folders
Intranet Zone - File Server 3/20/2026 Adds \\SERVER + \\10.0.0.5 to Local Intranet zone for PDF preview on shares

Backup

  • NONE — NO BACKUP EXISTS FOR THIS SERVER
  • This server is the ONLY domain controller
  • If this server dies, Active Directory, DNS, file shares, and QuickBooks data are ALL lost

CRITICAL ISSUES

1. EVALUATION LICENSE — Time Bomb

Windows Server 2025 Standard is running as an EVALUATION install. Evaluation licenses expire after 180 days, after which the server will shut down every hour. A full license must be purchased and applied immediately.

2. QuickBooks on the Domain Controller

QuickBooks Pro 2024 is installed directly on the DC. Business applications increase attack surface and resource contention on the DC. Should be migrated to a dedicated workstation.

3. No Backup

No backup solution is configured. Total data loss if the server fails.

4. DHCP Role Installed But Not Used

Windows DHCP role is installed but all scopes are empty. DHCP is handled by the ISP router at 10.0.0.1. The DHCP role could be uninstalled to reduce confusion, or properly configured to take over from the ISP router (recommended).

5. Unknown Port 8019

An unidentified service is listening on port 8019. Needs investigation.

TODO (Priority Order)

  • IMMEDIATE: Activate full Windows Server license — Evaluation will expire
  • IMMEDIATE: Set up backup — No backup exists
  • HIGH: Migrate QuickBooks off the DC — Install on a workstation instead
  • Create reverse DNS zone for 10.0.0.x
  • Investigate port 8019
  • Consider moving DHCP from ISP router to server for better control
  • Identify purpose of "Server2 2022_03_31" secondary volume
Reference in New Issue View Git Blame Copy Permalink