Mike Swanson
f75405506e
Robert Wolkin use case is RSW-Laptop accessing file shares + a shared printer on front. Add a reusable Windows files/printer section to the pattern (SMB over the tailnet, the 445 firewall-on-Tailscale-interface gotcha scoped to 100.64.0.0/10, local-account auth on Home, MagicDNS FQDN, Point-and-Print via RMM, Taildrive alternative). Record the concrete per-host post-connect config and the printer-type open item in the client doc. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
5.7 KiB
type, name, display_name, last_compiled, compiled_by, sources, backlinks
| type | name | display_name | last_compiled | compiled_by | sources | backlinks | ||
|---|---|---|---|---|---|---|---|---|
| client | robert-wolkin | Robert Wolkin | 2026-06-06 | GURU-5070/claude-main |
|
|
Robert Wolkin
STUB — created 2026-06-06 to track the Tailscale rollout. Most profile fields are not yet captured; fill in from Syncro / first session log. Do not treat
[unverified]fields as fact.
Profile
- Company type: [unverified]
- Contract type: [unverified]
- Key contacts: Robert Wolkin — [contact details unverified]
- Environment: Very small office, non-technical users (enroll/manage everything for
them; no self-service login expected). GuruRMM shows 3 Windows 11 Home agents, but only
two are in the Tailscale scope: RSW-Laptop and front.
DESKTOP-V1JT1SEis Bob's personal machine and is intentionally not part of the Tailscale setup. - Syncro customer ID: [unverified]
- GuruRMM client name:
Wolkin, Robert(Last, First) — note the form differs from this article's display name.
Infrastructure
Tailscale (active rollout)
Per patterns/tailscale-client-management — dedicated client-owned tailnet, ACG holds
Admin. Goal: RSW-Laptop accesses shared files AND a shared printer on front (the
front-desk PC) over the tailnet. Only those two nodes are enrolled; Bob's personal
DESKTOP-V1JT1SE is out of scope.
Files + printer run over plain SMB to front's Tailscale address — no subnet router
needed (both live on a node). See the Windows files/printer section in the pattern.
[CONFIRM] Printer type: is it USB-attached to front (→ Windows print share, SMB) or a
separate network printer on the office LAN that front prints to (→ would need a subnet
router on front advertising that LAN, or install it by IP on the laptop)? This changes the
design — verify before the printer step.
| Field | Value |
|---|---|
| Tailnet identity (IdP / owner account) | [to fill — Robert's M365/Google or dedicated admin account] |
| Plan | [to fill — free tier functional; Starter ~$6/user/mo for commercial footing] |
| ACG admin identity (your seat) | [to fill] |
| Device tag | tag:wolkin (suggested) |
| MagicDNS | [enable] |
| Auth key (reusable, pre-approved, tagged) | store in vault: clients/robert-wolkin/tailscale-authkey.sops.yaml |
| Key rotation due | [to fill — ~90 days from issue] |
| Scope | Hostname | Tailscale 100.x | Notes |
|---|---|---|---|
| In scope | RSW-Laptop | [after enroll] | Robert's laptop — connects out to front |
| In scope | front | [after enroll] | Front-desk PC — the target the laptop reaches |
| Out of scope | DESKTOP-V1JT1SE | — | Bob's personal machine; NOT enrolled in Tailscale |
Enrollment: push patterns/tailscale-client-enroll.ps1
from GuruRMM with the auth key as a masked parameter (RSW-Laptop + front only).
Post-connect config (push via GuruRMM after both nodes are up):
On front (host):
- Firewall — allow SMB only over the tailnet:
New-NetFirewallRule -DisplayName "Tailscale SMB (files+print)" -Direction Inbound -Action Allow -Protocol TCP -LocalPort 445 -RemoteAddress 100.64.0.0/10 - Confirm/create the file share + a local user account for the laptop to authenticate as (Win 11 Home, no domain, insecure guest disabled → real creds required); grant share+NTFS.
- Confirm the printer share (if USB-attached to
front).
On RSW-Laptop (client):
4. Map the share by FQDN/IP: \\front.<tailnet>.ts.net\<Share> (save creds via cmdkey).
5. Add the printer \\front.<tailnet>.ts.net\<PrinterShare> — install the driver via RMM
(SYSTEM) to dodge Point-and-Print admin prompts for the non-technical user.
Servers & Services / Email & Identity / Network
Not yet documented. [unverified]
GuruRMM
- Client name:
Wolkin, Robert - Site name:
Main - Site ID:
2bb05f85-9fc8-4a7e-a5e5-ffe0c46431ac - Enrolled agents (3, all online as of 2026-06-06, Windows 11 Home 25H2 build 26200, agent v0.6.57):
| Hostname | Agent ID | Notes |
|---|---|---|
| DESKTOP-V1JT1SE | 30f6af79-ab19-4ed3-9ebc-71b2bffc2d27 |
Bob's personal machine — NOT in Tailscale scope |
| RSW-Laptop | 043fd673-35a2-4d3d-8f91-ed73ce70cc1e |
Robert's laptop — Tailscale node |
| front | 877d311a-4b24-462c-97b1-d2a0f7730a71 |
Front-desk PC — Tailscale node (laptop connects here) |
- Enrollment key: [unverified — not located in vault during this pass; check
clients/robert-wolkin/or regenerate]
Access
- Vault path:
clients/robert-wolkin/(no entries yet) - Syncro: [unverified]
Active Work
- Tailscale rollout (2026-06-06): Stand up Robert's tailnet, assign ACG as Admin, set
the
tag:wolkinACL + MagicDNS, generate a reusable/pre-approved tagged auth key, and enroll RSW-Laptop + front via the GuruRMM script (agent IDs above), then push the post-connect SMB config so RSW-Laptop can reach files + the shared printer onfront. Do NOT enroll DESKTOP-V1JT1SE (Bob's personal machine). Open item: confirm printer type (USB-attached vs network). Runbook + Windows files/printer gotchas in patterns/tailscale-client-management.
History Highlights
| Date | Event |
|---|---|
| 2026-06-06 | Tailscale client management pattern + enroll script authored; this client stub created to track the rollout. |
| 2026-06-06 | GuruRMM scan: client Wolkin, Robert / site Main has 3 online Windows 11 Home agents (DESKTOP-V1JT1SE, RSW-Laptop, front), agent v0.6.57. Discrepancy flagged: expected 2 machines, found 3. |
Backlinks
- patterns/tailscale-client-management — MSP Tailscale management pattern + enroll script