Howard Enos
8d975c1b44
Howard's personal MSP client documentation folder imported into shared
ClaudeTools repo via /import command. Scope:
Clients (structured MSP docs under clients/<name>/docs/):
- anaise (NEW) - 13 files
- cascades-tucson - 47 files merged (existing had only reports/)
- dataforth - 18 files merged (alongside incident reports)
- instrumental-music-center - 14 files merged
- khalsa (NEW) - 22 files, multi-site (camden, river)
- kittle (NEW) - 16 files incl. fix-pdf-preview, gpo-intranet-zone
- lens-auto-brokerage (NEW) - 3 files (name matches SOPS vault)
- _client_template - 13-file scaffold for new clients
MSP tooling (projects/msp-tools/):
- msp-audit-scripts/ - server_audit.ps1, workstation_audit.ps1, README
- utilities/ - clean_printer_ports, win11_upgrade,
screenconnect-toolbox-commands
Credential handling:
- Extracted 1 inline password (Anaise DESKTOP-O8GF4SD / david)
to SOPS vault: clients/anaise/desktop-o8gf4sd.sops.yaml
- Redacted overview.md with vault reference pattern
- Scanned all 160 files for keys/tokens/connection strings -
no other credentials found
Skipped:
- Cascades/.claude/settings.local.json (per-machine config)
- Source-root CLAUDE.md (personal, claudetools has its own)
- scripts/server_audit.ps1 and workstation_audit.ps1 at source root
(identical duplicates of msp-audit-scripts versions)
Memory updates:
- reference_client_docs_structure.md (layout, conventions, active list)
- reference_msp_audit_scripts.md (locations, ScreenConnect 80-char rule)
Session log: session-logs/2026-04-16-howard-client-docs-import.md
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2.0 KiB
2.0 KiB
Step 7: Move Server & Printers to INTERNAL (LAST)
This is the final network change. Only after everything is stable on the transitional setup.
7a — Move printers to INTERNAL
For each printer:
- Change switch port from native VLAN to VLAN 20 (INTERNAL) in UniFi
- Set static IP in 10.0.20.x range (or keep LAN IP if reconfiguring server to LAN)
- Update printer IP in CS-SERVER print server
- Update pfSense alias
Printer_IPswith new IPs - Test printing from all machines
Do one printer at a time. Verify printing works before moving the next one.
7b — Move CS-SERVER to INTERNAL (or re-address)
Options (decide closer to the time):
Option A: Change CS-SERVER IP to 10.0.20.254
- Update NIC to 10.0.20.254/24, gateway 10.0.20.1
- Update DNS records (cascades.local zone)
- Update all GPOs referencing \CS-SERVER (drive maps, printers, folder redirection)
- Update pfSense domain overrides
- Update DHCP DNS settings
- Most disruptive, but cleanest result
Option B: Dual-home CS-SERVER
- Add a second NIC on INTERNAL (10.0.20.254)
- Keep existing LAN NIC (192.168.2.254)
- Less disruption, but dual-homed DCs can cause issues
- Need to configure DNS binding order correctly
Option C: Leave as-is
- Server stays on LAN (192.168.2.254) permanently
- Firewall bridging continues to work
- Simplest, no disruption
- Fine if firewall performance is adequate
7c — Clean up firewall rules
After server/printers move (if choosing Option A or B):
- Remove INTERNAL → LAN bridging rules (no longer needed if everything is on INTERNAL)
- Remove NAS_IP alias rule (if Synology is backup-only and on LAN)
- Simplify to standard default-deny with internet access
If choosing Option C, keep the bridging rules as-is.
Rollback
- Revert printer switch ports to native VLAN
- Revert printer static IPs to LAN addresses
- Update print server ports back to LAN IPs
- Revert CS-SERVER NIC configuration (if changed)
- Restore pfSense aliases