azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7bffbfbb899bee6d58329c6d7a0ee1209134553b
claudetools/clients/valleywide/PROJECT_STATE.md
Mike Swanson 492fbbf4c9 chore: add PROJECT_STATE.md to all active projects and clients 
Establishes inter-session coordination for 29 projects/clients:
- Full lock/component format for active projects (dataforth-dos,
  radio-show, cascades-tucson, valleywide, instrumental-music-center,
  lens-auto-brokerage, msp-audit-scripts)
- Light format for complete/stalled/planning (msp-pricing, pavon,
  wrightstown-*, gururmm-agent, community-forum, glaztech, etc.)
- Onboarding stubs for recently added clients

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-19 18:53:34 -07:00

2.8 KiB
Raw Blame History

Valleywide (VWP) — Project State

READ THIS before starting work on this client. UPDATE THIS when you begin work (claim a lock) and when you finish (release lock + log changes). Last updated: 2026-04-20

Active Session Locks

Session Working On Status Started
(none active)

How to claim a lock: Add a row before starting work. Remove it when done. Locks older than 2 hours with no update are considered stale.

Current State

Status: ACTIVE — POST-INCIDENT MONITORING Last Activity: 2026-04-16

Financial services client, domain vwp.local. RDWeb was exposed to the internet via UDM port forward; distributed brute-force attack discovered 2026-04-13. Port forward removed same day. 30-day audit confirmed no successful external logons — no compromise. RDS deployment reconfigured 2026-04-16 to bypass gateway (direct VPN connect). RDS licensing pointer also fixed. Outstanding: RDS CAL purchase, UPnP audit, scanner account password rotation.

Infrastructure / Access

Server IP Notes
VWP_ADSRVR 192.168.0.25 Windows Server 2019 DC, domain vwp.local. SSH: ssh vwp\guru@192.168.0.25 (ed25519 key)
VWP-QBS 172.16.9.169 Windows Server 2022, QuickBooks + RDS host. Reach via VPN + double-hop: Invoke-Command -ComputerName VWP-QBS
UDM (gateway) Static DNS: vwp-qbs.vwp.us172.16.9.169

Networks: 172.16.9.0/24 (internal), 192.168.0.0/24 (conflicts with IMC — careful when switching VPN contexts). VPN: OpenVPN, pushes DNS=192.168.4.1 (UDM), routes for 172.16.9.0/24, 192.168.0.0/24, 192.168.3.0/24. Credentials: SOPS vault at clients/vwp/ (adsrvr, dc1, udm, xenserver, quickbooks-server-idrac).

Pending / Next Up

  • Purchase Windows Server 2022 RDS Per User CALs for VWP-QBS (sized to active user count — check distinct interactive logons last 30d via licmgr.msc)
  • Confirm UPnP state on UDM (prevent server from re-punching its own port-forward hole)
  • Rotate scanner AD account password (last set 2024-10-17; carried since 2026-04-13)
  • Formally document VPN-only RDWeb access decision

Recent Changes

Date By Change Status
2026-04-16 Mike RDS deployment set to bypass gateway (direct VPN connect); UDM DNS typo fixed; RDS licensing mode set Per User, pointed at VWP-QBS license server DEPLOYED
2026-04-13 Mike RDWeb brute-force incident: UDM port forward removed, lockout policy restored, IIS reset, 30-day audit confirmed no compromise RESOLVED

How to Update

When starting: Add your session to Active Session Locks. When finishing: Remove your lock row, add entries to Recent Changes, update Current State if needed.

Reference in New Issue View Git Blame Copy Permalink