258 lines
24 KiB
Markdown
258 lines
24 KiB
Markdown
# GPS -> GuruRMM Coverage Audit
|
|
|
|
**Goal:** For every business/client paying for GPS (Guru Protection Service), verify that
|
|
GuruRMM is set up correctly — the org/account exists, the machines they pay for are all
|
|
enrolled and reporting, and the services they pay for (backups, AV, email) are actually
|
|
configured and working. Where the client wiki is missing host/login/provider info, fill
|
|
those gaps as we go (credentials -> SOPS vault via `/vault`).
|
|
|
|
**Source of truth for "should have":** Syncro active recurring schedules (device counts +
|
|
service line items). **Reality:** GuruRMM `/api/agents`, plus backup/AV/email tooling.
|
|
|
|
- Started: 2026-07-03 (Howard)
|
|
- **AV STRATEGY (Howard 2026-07-03):** migrate **Bitdefender -> Datto EDR for ALL clients except Glaztech and Dataforth** (those two keep Bitdefender). Target end-state per machine (non-exempt) = GuruRMM agent + Datto EDR + Bitdefender removed. Bitdefender inventory is now only a discovery source (which machines exist), not a coverage target. See memory `project_av_migration_bitdefender_to_edr`.
|
|
- Scope: 40 **active** GPS clients (4 paused clients excluded: Marcia Ashton, Tucson Mountain Motors, Richard Pittman, Brenda Lopez)
|
|
- GPS device count = sum of GPS workstation + server SKUs (excludes AntiVirus add-on, discounts, setup)
|
|
|
|
## Per-client verification checklist (each client)
|
|
|
|
- [ ] 1. RMM org/account exists and is named correctly
|
|
- [ ] 2. Machine count in RMM matches GPS devices billed (reconcile every host)
|
|
- [ ] 3. Services billed are actually configured + working: Backup / AV / Email / VoIP
|
|
- [ ] 4. Client wiki has: host/provider (email, DNS, web — and whether ACG-managed), admin logins (-> vault), key contacts
|
|
- [ ] 5. Discrepancies logged + remediation started
|
|
|
|
Legend: `MATCH` RMM >= billed · `SHORT (n)` RMM under billed by n · `MISSING` no RMM org ·
|
|
`?` needs investigation. Svc flags from billing: B=Backup A=AV E=Email V=VoIP.
|
|
|
|
---
|
|
|
|
## A. Present in RMM — counts match (verify services + wiki) — 7
|
|
|
|
| done | Client | Syncro CID | GPS billed | RMM machines | Status | Svc | Notes |
|
|
|------|--------|-----------|-----------:|-------------:|--------|-----|-------|
|
|
| [ ] | Dataforth Corp | 578095 | 43 | 51 | MATCH (RMM+8) | B A E | RMM has more than billed — reconcile extras |
|
|
| [ ] | Cascades of Tucson | 20149445 | 29 | 33 | MATCH (RMM+4) | A E V | |
|
|
| [ ] | Valley Wide Plastering | 31694734 | 29 | 28 | MATCH (~) | B | short 1, within reason |
|
|
| [ ] | Len's Auto Brokerage | 3289131 | 8 | 8 | MATCH | E | |
|
|
| [ ] | Arizona Medical Transit | 7088349 | 1 | 2 | MATCH (RMM+1) | B E V | |
|
|
| [ ] | AT Trebesch | 238740 | 1 | 1 | MATCH | - | |
|
|
| [ ] | Russo Law Firm | 23331699 | 3 | 3 | MATCH | A E V | Renamed 2026-07-03 from mislabeled "Russo, Steve" (Steve Russo owner, Shannon Trionfo contact) |
|
|
|
|
### Bucket A findings (discovery 2026-07-03)
|
|
|
|
- **Dataforth Corp** — 51 agents vs 43 billed GPS (**+8**). Possible under-billing / uncounted machines — several look like personal boxes (DESKTOP-*, LAPTOP-RD47E88A, Test01). Reconcile host-by-host with Mike; confirm which are billable. Wiki: `dataforth.md` exists.
|
|
- **Cascades of Tucson** — 33 agents vs 29 billed (**+4**). `RECEPTIONIST-PC` appears **twice** in RMM — likely a duplicate/stale agent record to clean up. Wiki: `cascades-tucson.md` exists.
|
|
- **Valley Wide Plastering** — 28 agents vs 29 billed (short 1). Effectively reconciled. Wiki: `valleywide.md` exists.
|
|
- **Len's Auto Brokerage** — 8 agents = 8 billed (MATCH). **FLAG: LAB-SVR (production Server 2019) agent offline since 2026-06-18** (~2 wks) — verify box/agent health. Email = 1x M365 Apps for Business; **email host/provider not documented** in wiki (gap). Wiki: `lens-auto-brokerage.md` thorough.
|
|
- **Arizona Medical Transit** — 2 agents (AMT-HYPERV + AMT-PC) vs 1 billed. **No wiki article exists** — create one (host/provider, logins -> vault).
|
|
- **AT Trebesch** — 1 agent = 1 billed (MATCH). Wiki: `attrebesch.md` exists.
|
|
- **Russo Law Firm** — 3 agents = 3 billed (MATCH). Org rename applied today. Sites: Main (has all 3) + empty "Shannon" site — consider moving STRIONFO to the Shannon site. Wiki: `russo-law.md` exists.
|
|
|
|
**Still to verify per client (services + wiki):** backups (none billed for most of A except Dataforth/VWP/AMT), AV coverage vs billed AV seats, email host documented, admin logins in vault.
|
|
|
|
#### Backup layer (B2/MSP360) findings
|
|
- **Dataforth** — `ACG-Dataforth` bucket present w/ data (billed B) [OK dest exists]
|
|
- **Valley Wide** — `VWP-Backup` bucket present w/ data (billed B) [OK dest exists]
|
|
- **Arizona Medical Transit** — **billed Data Backup but NO dedicated B2 bucket** — destination unknown (Datto? shared bucket?). VERIFY where AMT backup lands.
|
|
- **Cascades** — `ACG-Cascades` bucket present w/ data **but no Data Backup line item billed** — possible unbilled backup / revenue leak, or legacy. Confirm w/ Mike.
|
|
- **Len's Auto** — `ACG-Lens` bucket present w/ data **but backup not billed** (Svc=E only) — same question as Cascades.
|
|
- Caveat: bucket file lists are name-ordered, not time-ordered — "backup ran today" freshness must be confirmed in the MSP360 console; bucket presence only proves a destination is configured.
|
|
- Other buckets not tied to a bucket-A client: ACG-BST, ACG-Brett, ACG-GLAZTECH, ACG-IX, ACG-PST, ACG-REDNOUR, ACG-Rohrbach, ACG-TCA, Horseshoe, ACG-Internal, MSPBackups20200311 (stale — 2021, ex-client FSG).
|
|
|
|
#### AV layer findings (AV split across TWO tools — Datto AV is primary for big clients, Bitdefender for smaller)
|
|
- **Dataforth** — billed 43 AV. **Datto EDR: 51 agents** (org 4a2664bf) — covered [OK]. (Bitdefender also has 5 — legacy/partial; Datto is primary.)
|
|
- **Cascades** — billed 29 AV. **Datto EDR: 34 agents** (org 2d5ea96e) — covered [OK]. Bitdefender company exists but 0 endpoints — Cascades AV lives entirely in Datto.
|
|
- **Russo Law Firm** — billed ~5 AV. **Bitdefender: 6 endpoints** (company 60abfa4c) — covered [OK], but STRIONFO listed **twice** in Bitdefender (dedupe stale record). Not the primary in Datto.
|
|
- Lesson for the audit: AV coverage is NOT single-tool — must check BOTH Datto EDR and Bitdefender before declaring an AV gap. Bitdefender company names carry the Syncro CID suffix (`_NNNNN`) which makes mapping exact.
|
|
- Datto "Default RMM Org" (35 agents, 23 sites) is a catch-all — small clients' Datto agents may sit there unsegmented; relevant when we reach buckets B/C.
|
|
|
|
#### Email + vault findings
|
|
- **Vault:** all 7 A clients have entries. **Dupes to consolidate:** `russo` + `russo-law`, and `valleywide` + `vwp`. AMT had a vault entry (RMM keys) but no wiki (now created).
|
|
- **Email hosts (from billing — several need the actual mail host documented):**
|
|
- Dataforth — Pax8 M365 (Exchange Online P1 + M365 Business Std): ACG-managed M365 [OK]
|
|
- Cascades — 45 M365 Business Premium **+ 235 "Exchange Hosted Email"**: large hosted-Exchange footprint, **host not documented** [GAP]
|
|
- Len's Auto — only 1 M365 *Apps for Business* (no mailbox license): actual **email host unknown** [GAP]
|
|
- Arizona Medical Transit — 5 "Exchange Hosted Email": **host not documented** [GAP]
|
|
- Russo Law — 5 "Exchange Hosted Email": **host not documented** [GAP]
|
|
- AT Trebesch — no email billed
|
|
- "Exchange Hosted Email" is a recurring unknown across A (and likely B/C) — one host to identify (ACG-hosted Exchange vs a third party). Resolve once, apply everywhere.
|
|
|
|
#### Bucket A verification rollup (2026-07-03)
|
|
- **Machines:** reconciled 7/7 (findings above). **Backups:** mapped 7/7 (3 billing flags held for Winter). **AV:** verified 3/3 AV-billed clients covered (Datto + Bitdefender). **Vault:** present 7/7. **Wiki:** 6 existed + AMT created = 7/7.
|
|
- **Remaining open (documentation, not coverage gaps):** email host for Cascades/Len's/AMT/Russo; Dataforth +8 billing reconcile; Cascades dup agent + Bitdefender dup (STRIONFO); Len's LAB-SVR offline; vault dupe consolidation. All logged; nothing outbound to Winter until the full list is verified.
|
|
|
|
## B. Present in RMM — SHORT (missing agents to deploy) — 8
|
|
|
|
| done | Client | Syncro CID | GPS billed | RMM machines | Gap | Svc | Notes |
|
|
|------|--------|-----------|-----------:|-------------:|----:|-----|-------|
|
|
| [ ] | Glaz-Tech Industries | 143932 | 159 | 5 | 154 | B A E | ANOMALY — 149x GPS basic + 10x GPS Pro Server billed; verify billing is real vs legacy before treating as 154 missing |
|
|
| [ ] | Instrumental Music Center | 7088508 | 20 | 1 | 19 | A E V | |
|
|
| [ ] | Jimmy Company | 18560272 | 12 | 1 | 11 | B A | |
|
|
| [ ] | Horseshoe Management | 625269 | 9 | 1 | 8 | B E | |
|
|
| [ ] | Safesite LLC | 26563106 | 37 | 31 | 6 | A E | |
|
|
| [ ] | Stamback Septic | 11513046 | 8 | 3 | 5 | V | |
|
|
| [ ] | Grabb & Durando Law Office | 14232794 | 12 | 9 | 3 | B A E | |
|
|
| [ ] | Quantum Wealth Management | 7088747 | 3 | 2 | 1 | B E V | |
|
|
|
|
### Bucket B coverage matrix (RMM vs Datto AV vs Bitdefender, 2026-07-03)
|
|
|
|
| Client | GPS billed | RMM | Datto | Bitdef | Read |
|
|
|--------|----------:|----:|------:|-------:|------|
|
|
| Glaz-Tech Industries | 159 | 5 (all servers) | 5 | 242 | **ANOMALY** — RMM+Datto = 5 real infra boxes; Bitdefender 242 is years of stale enrollments; 149 GPS-basic billing not backed by real machines. HUMAN review (Mike). |
|
|
| Instrumental Music Center | 20 | 1 | 0 | 22 | **Real gap** — ~22 workstations exist (Bitdefender AV) but only IMC1 in RMM. Deploy ~19 RMM agents. |
|
|
| Horseshoe Management | 9 | 1 | 6 | 7 | **Real gap** — 6-7 machines exist (Datto+BD), only HSM-NewServer in RMM. Deploy ~5-8 agents. |
|
|
| Safesite LLC | 37 | 31 | 48 | 16 | **Real gap** — 48 in Datto, RMM 31. Machines exist; RMM short ~6+. Dedupe RMM `MSI` (listed twice). |
|
|
| Grabb & Durando | 12 | 9 | 0 | 15 | **Real gap** — 15 in Bitdefender, RMM 9. Deploy ~3-6 agents. |
|
|
| Quantum Wealth Mgmt | 3 | 2 | 0 | 4 | **Small gap** — BD 4, RMM 2. Add ~1-2 agents. |
|
|
| Jimmy Company | 12 | 1 | 0 | 1 | **BILLING FLAG** — only 1 machine managed anywhere (RMM Blaster2 / BD 1). Billed 12 -> either stale billing OR 11 unmanaged+unprotected machines. Investigate. |
|
|
| Stamback Septic | 8 | 3 (2 uniq) | 0 | 2 | **BILLING FLAG** — 2-3 machines managed anywhere, billed 8. Same question as Jimmy. RMM `DESKTOP-BTR2AM3` listed twice (dedupe). |
|
|
|
|
**Split:** Real RMM-deploy gaps -> IMC, Horseshoe, Safesite, Grabb, QWM (~34-52 agents to push where the box already runs Datto/BD AV). Billing/coverage review (for Winter/Mike, document only) -> Glaz-Tech, Jimmy, Stamback. RMM dedupes -> Safesite `MSI` x2, Stamback `DESKTOP-BTR2AM3` x2.
|
|
Bitdefender companies exist for ALL bucket-B (and nearly all bucket-C) clients with the Syncro CID in the name — AV is broadly deployed even where RMM is not.
|
|
|
|
#### IMC deep-dive (template client for the deploy pattern, 2026-07-03)
|
|
- **IMC1 = Primary DC** for domain `IMC.local` (192.168.0.2), already in RMM; Domain Admin cred `IMC\guru` vaulted (`clients/imc/imc1.sops.yaml`). RMM site: **IMCMain / INNER-BRIDGE-8354**.
|
|
- **True active fleet ~22** (AD objects with 2026 logons == Bitdefender's 22). Billed 20 GPS — legit.
|
|
- **RMM has only IMC1** -> **21 active domain machines need the agent.**
|
|
- Deploy vehicle: push GuruRMM site MSI (INNER-BRIDGE-8354) from the DC to domain members using the vaulted Domain Admin cred (Invoke-Command or a software-install GPO). This is the reusable pattern for any **domain** client (DC already in RMM -> AD is the authoritative list -> push from DC).
|
|
- **AD hygiene finding:** ~24 stale computer objects in IMC.local (Windows 7, last logon 2015-2019) never removed — separate cleanup task.
|
|
- Deploy targets (in Bitdefender, active, not IMC1): IMC-M-EDSERVICE, IMC-SVCSTR, IMC-L1-STATION9, IMC-MINI, IMC-LESSONS, IMC-STATION2, IMC-STATION1, PURCHASINGCOMP, IMC-L1-GRAPHICS, LAPTOP-DCHQ3F92, LAPTOP-PNVA9G51, PHIL2021LAPTOP, IMC-LUIS, DESKTOP-GHG12G3, DESKTOP-JQ0D38J, DESKTOP-URV3UGR, C2B, IMC-PRINTSERVER, DESKTOP-44L80C0, DESKTOP-MR3ALTK, REPAIRADMIN (21).
|
|
|
|
#### IMC DEPLOY EXECUTED 2026-07-03 — via ScreenConnect (channel finding: see memory `reference_rmm_deploy_via_screenconnect`)
|
|
- **DC remote-exec is a dead end** on IMC's Win10/11 clients: DCOM firewalled (WMI "RPC unavailable"), schtasks/S rejected by Win11 from the 2016 DC ("request not supported"), WinRM off. SYSTEM on the DC also can't create GPOs; SSH to IMC1 blocked (Tailscale route not accepting 192.168.0.0/24 + no local key).
|
|
- **Working channel = ScreenConnect send-command** (runs as SYSTEM on the guest, no creds, no firewall issue). Every IMC machine has an SC agent.
|
|
- Pushed `powershell -enc <base64 of: irm '<site>/windows'|iex>` to 20 of 21 targets (2 test + 18 rollout). **IMC-L1-GRAPHICS** has NO SC session (stale 2025 box — handle separately).
|
|
- Result: **RMM IMC agents 1 -> 12 and climbing** (online machines enrolled in ~1-3 min; offline ones queued in SC, install on reconnect). Daily check task tracks to completion.
|
|
- DA-password attempts via RMM were scrubbed (`DELETE /api/commands/:id`, HTTP 204) — no credential persisted. No partial installs from the failed methods.
|
|
|
|
### Bucket B enrollment progress (via ScreenConnect send-command)
|
|
- **IMC** — 1 -> 12 enrolled (site INNER-BRIDGE-8354); ~8 offline queued in SC; IMC-L1-GRAPHICS no SC session.
|
|
- **Horseshoe Management** — 1 -> 4-5 enrolled (site GOLD-OCEAN-4982); pushed to hsm-bill/cathy/frank02/server + desktop-jk4e68n; hsm-cathy + desktop-jk4e68n still installing.
|
|
- **Grabb & Durando** — multi-site (Main LIGHT-PEAK-6399, Bob's House LIGHT-GATE-7086, Jeff's House UPPER-FALCON-8240). **Most BD "gap" machines have NO SC session and are likely stale/duplicate BD records** (real gap ~3, not 6). Only GND-L-3 had an SC session (pushed). HOMEPC flagged — needs house-site assignment. Grabb needs closer per-machine review, not bulk push.
|
|
- **Channel finding:** ScreenConnect coverage VARIES per client — universal on IMC/Horseshoe, sparse on Grabb. Check SC session existence per machine before assuming the channel; where SC is absent, the machine may be stale in Bitdefender or need another channel.
|
|
- **Quantum Wealth** — 2 -> **3 (target met)**. Pushed QUANTUMSERVER + DESKTOP-K89A8CF (site GREEN-CLOUD-1199).
|
|
- **Safesite** — 31 -> **34 and climbing** (20 gap machines pushed, 3 had no SC). NOTE: Safesite has ~48 real machines in Datto vs 37 billed — likely under-billed AND under-deployed. Deployed to the **"Unknown" catch-all site (LIGHT-CLOUD-3585)** because the 3-site split (Bell/Glendale/Unknown) can't be mapped from the asset-tag hostnames — **needs re-siting in the come-back pass.**
|
|
- **Jimmy Company / Stamback Septic** — billing flags: only 1 / ~2 machines exist anywhere (BD/Datto), nothing to enroll. For Winter/Mike billing review.
|
|
|
|
### For the come-back pass (missing machines + issues to fix)
|
|
- Bucket B stragglers: offline machines queued in SC (install on reconnect) — daily check tracks.
|
|
- IMC-L1-GRAPHICS (no SC), Grabb's ~3 real-gap machines (no SC), Safesite's 3 without SC.
|
|
- Safesite: re-site the ~20 machines from "Unknown" to Bell/Glendale; reconcile 48-Datto-vs-37-billed (under-billing?).
|
|
- Grabb HOMEPC: assign Bob's vs Jeff's house site.
|
|
- Billing flags to Winter: Jimmy (12 billed, 1 real), Stamback (8 billed, ~2 real), Glaz-Tech (159 anomaly), + backup mismatches (AMT/Cascades/Len's).
|
|
- Bucket C (25 clients): no RMM org yet — must /rmm onboard (client+site) BEFORE deploying.
|
|
|
|
## C. MISSING from RMM entirely (no org found) — 25
|
|
|
|
| done | Client | Syncro CID | GPS billed | Svc | Notes / verify not under an alias |
|
|
|------|--------|-----------|-----------:|-----|-------|
|
|
| [ ] | Reliant Well Drilling and Pump | 10736261 | 9 | B V | |
|
|
| [ ] | Zeus Nestora | 1196974 | 8 | - | |
|
|
| [ ] | Little Hearts Little Hands | 1144233 | 8 | E | |
|
|
| [ ] | PUTT Land Surveying | 7180175 | 7 | A E | |
|
|
| [ ] | Curtis Plumbing | 416585 | 6 | B A E | |
|
|
| [ ] | The Prairie Schooner | 3664974 | 5 | B E V | |
|
|
| [ ] | Mineralogical Record | 207770 | 5 | B A V | |
|
|
| [ ] | T & C Sorensen | 344886 | 4 | B E | |
|
|
| [ ] | MVAN Enterprises Inc | 29462761 | 4 | A E | |
|
|
| [ ] | Ridgetop Group | 9413367 | 3 | B | |
|
|
| [ ] | Multicultural Counseling Center | 35483539 | 3 | A E | |
|
|
| [ ] | Brett Interiors | 15726057 | 3 | B | |
|
|
| [ ] | Heieck, Sheila | 12045942 | 3 | E | individual-named account |
|
|
| [ ] | The Marc Group | 869073 | 2 | E | |
|
|
| [ ] | Residential and Renovation Engineering | 7088403 | 2 | A V | |
|
|
| [ ] | Bill Tedards | 487887 | 2 | B E V | |
|
|
| [ ] | Janet Altschuler | 457710 | 2 | B | individual-named account |
|
|
| [ ] | Business Services of Tucson LLC | 29338800 | 2 | B | |
|
|
| [ ] | Andy's Mobile Fuel | 27364453 | 2 | E | |
|
|
| [ ] | Design and Brand Envoys | 26747288 | 2 | B A E | |
|
|
| [ ] | Pro-Tech Services | 23702122 | 2 | A | |
|
|
| [ ] | Inside Track Productions | 3021358 | 1 | - | |
|
|
| [ ] | Gary A Hartman LLC | 29038261 | 1 | B | |
|
|
| [ ] | Robyn Pittman | 17031534 | 1 | - | individual-named account |
|
|
| [ ] | Marty Ryan | 140717 | 1 | A E | individual-named account |
|
|
|
|
---
|
|
|
|
## Daily progress check (automated)
|
|
- Windows scheduled task **GPS-RMM-Progress** runs daily 8:07am (Howard-Home), script `.claude/scripts/gps-rmm-progress-check.sh`, targets `projects/gps-rmm-audit/targets.json`. Compares live RMM agent counts (unique hostnames) to GPS device targets and DMs Howard the remaining gaps; reports COMPLETE when all met (then retire via `schtasks /Delete /TN GPS-RMM-Progress`). Baseline 2026-07-03: **46/189 devices in RMM, 32 clients short.** Glaz-Tech excluded pending billing review.
|
|
|
|
### Bucket C — onboarded + deployed 2026-07-03 (via helper `tools/bucketc-onboard-deploy.sh`)
|
|
16 clients onboarded (RMM client+site created, enrollment key vaulted at `clients/<slug>/gururmm-site-main.sops.yaml`), agent pushed via ScreenConnect to SC-reachable machines:
|
|
|
|
| Client | Site code | Deployed via SC | No-SC (come-back) |
|
|
|--------|-----------|:--:|:--:|
|
|
| Reliant Well Drilling | CALM-HAWK-3954 | 4 | 8 (+ FW*/WILCOX* = other entities, skipped) |
|
|
| Curtis Plumbing | SILVER-WOLF-6785 | 4 | 2 |
|
|
| PUTT Land Surveying | EAST-CASTLE-3313 | 3 | 4 |
|
|
| The Prairie Schooner | UPPER-HARBOR-4168 | 3 | 2 |
|
|
| T & C Sorensen | IRON-FORGE-1700 | 4 | 0 |
|
|
| Zeus Nestora | GREEN-TIGER-6194 | 3 | 0 |
|
|
| Brett Interiors | IRON-EAGLE-4784 | 4 | 0 |
|
|
| Bill Tedards | CALM-PEAK-4628 | 2 (Datto src) | 3 (BD, no SC) |
|
|
| Design and Brand Envoys | SOUTH-STAR-8736 | 3 | 0 |
|
|
| Heieck, Sheila | WILD-MOON-9773 | 0 | 3 (BD, no SC) |
|
|
| Multicultural Counseling | EAST-OCEAN-2818 | 3 | 0 |
|
|
| MVAN Enterprises | LOWER-FORGE-6736 | 1 | 1 |
|
|
| The Marc Group | SILVER-OCEAN-6422 | 2 | 0 |
|
|
| Mineralogical Record | BLUE-MOON-8542 | 5 (BD+Datto) | 1 |
|
|
| Pro-Tech Services | INNER-GATE-4746 | 2 | 0 |
|
|
| Inside Track Productions | CALM-GATE-2273 | 1 | 0 |
|
|
|
|
~44 machines deployed. Discovery source = Bitdefender company (mostly), Datto EDR where BD empty (Bill Tedards, Mineralogical extras).
|
|
|
|
**Bucket C NOT onboarded — no machines found in Bitdefender OR Datto (come-back: locate machines or confirm unmanaged):** Little Hearts Little Hands, Janet Altschuler, Business Services of Tucson, Andy's Mobile Fuel, Gary A Hartman LLC, Marty Ryan, Residential and Renovation Engineering, Ridgetop Group, Robyn Pittman (9 clients, 1-8 GPS each). These have no BD/Datto footprint — machines may be SC-only, or genuinely unmanaged/decommissioned.
|
|
|
|
**Reliant caveat:** its Bitdefender company mixes Reliant + Farwest (FW*) + Wilcox (WILCOX*) machines — only clearly-Reliant ones (RWD-*, generics) were targeted; FW*/WILCOX* skipped (separate clients).
|
|
|
|
## Rollup
|
|
|
|
- **7** clients match on machine count (still need service + wiki verification).
|
|
- **8** clients present but short — ~50 agents to deploy (excl. Glaz-Tech anomaly).
|
|
- **25** clients with **no RMM org** — ~86 GPS devices billed, zero RMM presence (some may be under an alias / not yet deployed — verify per client).
|
|
- **Biggest single flag:** Glaz-Tech Industries billed 159 GPS but only 5 RMM agents — confirm the billing is current before acting.
|
|
|
|
## Method notes
|
|
- GPS SKUs matched: GPS basic/monthly, GPS pro/monthly, GPS Workstation, GPS Server, GPS Pro Server (+ variants). Excluded: GPS AntiVirus Add-on, GPS addon, GPS Discount, GPS Set-up, GPS trial.
|
|
- RMM counts from `GET /api/agents` grouped by `client_name`, 2026-07-03.
|
|
- "MISSING" = no `client_name` match in RMM; each must be double-checked for an alias (person name / DBA) before onboarding a duplicate.
|
|
|
|
## Phase 4 — AV coverage matrix (2026-07-04, cid-matched BD + EDR vs GPS billing)
|
|
|
|
Method: BD company names carry the Syncro customer id suffix (_<cid>) = hard join vs targets.json; EDR orgs matched by name. GPS qty = billed devices.
|
|
|
|
**NO AV AT ALL (9 clients, 22 paid devices)** — paying for GPS, zero AV visible:
|
|
Little Hearts Little Hands(8), Ridgetop Group(3), Residential and Renovation Engineering(2), Janet Altschuler(2), Business Services of Tucson LLC(2), Andy's Mobile Fuel(2), Gary A Hartman LLC(1), Robyn Pittman(1), Marty Ryan(1)
|
|
|
|
**PARTIAL (7)**: Valley Wide 27/29, IMC 12/20, Jimmy Company 1/12, Stamback 2/8, Zeus Nestora 4/8, Len's Auto 6/8, MVAN 2/4
|
|
|
|
**Already on EDR**: Dataforth 51, Safesite 48, Cascades 34, VWP 27, Horseshoe 6, Glaztech 5, BirthBiologic 5, Mineralogical 4, Tedards 2, Peaceful Spirit 1 (+Default RMM Org holds 35 UNASSIGNED agents - cleanup)
|
|
|
|
**AV migration scope (task #5, BD->EDR excl Glaztech+Dataforth): 27 clients, 141 BD endpoints.**
|
|
Note: Glaz-Tech BD = 242 endpoints vs 159 GPS billed (feeds the #4 anomaly discussion).
|
|
Next Phase-4 chunk: backup verification (B2/MSP360 per client vs billed backup lines), then email.
|
|
|
|
**Scope update 2026-07-04 (Howard):** AV migration exception narrowed — **ONLY Glaztech stays on Bitdefender**. Dataforth migrates fully to EDR (already 51 EDR agents; remaining 5 BD endpoints to convert: D1-ENGI-006, DESKTOP-L2LE31M, DATAFORTH-PC, SURFACEOPS, MING-HP).
|
|
|
|
**Dataforth EDR tail — Monday 2026-07-06 list:** DATAFORTH-PC, SURFACEOPS, D1-ENGI-006, MING-HP.
|
|
Path: autoenroll loop pulls them into GuruRMM as they come online -> push EDR THROUGH RMM (visible stdout; RegKey 27lzj6npdb, group "Dataforth - D1" 64144044). SC blind-push attempted on DATAFORTH-PC 7/4 did not land (no output channel - same pattern as CP-QB). DESKTOP-L2LE31M: reinstalled/gone (Howard) - stale BD record deleted. After the 4 land: remove Bitdefender from Dataforth entirely.
|
|
|
|
## Phase 4 update — EDR Default-org attribution DONE (2026-07-04 night)
|
|
|
|
Datto EDR "Default RMM Org" dismantled: its 21 client-named Locations re-parented to per-client Organizations (18 orgs created; Glaztech-ALB -> existing Glaztech org, Arizona Computer Guru loc -> existing ACG org). Mechanics: POST /Organizations + PATCH /Locations/{id} {organizationId} (LoopBack, undocumented but verified with [TEST] articles first; org-list agent/site counts are STALE rollups - trust GET /Locations organizationId). Default RMM Org now holds only OnDemand(0) + Managed(0).
|
|
|
|
Corrected EDR coverage this reveals: IMC 10, Reliant 4 (+Home), PUTT 4, Russo 2, MVAN 2, Andy's Mobile Fuel 2, Key Paul 2, Roharbach 2, BG Builders 2, Rednour 1, Len's 1, JANC 1, Bardach 1.
|
|
|
|
REVISED AV gaps: NO-AV now 8 clients / 20 paid devices (Andy's Mobile Fuel came off the list): Little Hearts Little Hands(8), Ridgetop(3), Residential and Renovation Engineering(2 - EDR org+location exist, 0 agents), Janet Altschuler(2 - own location empty; NOTE org "JANC Excavation and Construction"(1 agent, janc-qb) may be her business - verify), Business Services of Tucson(2), Gary A Hartman(1), Robyn Pittman(1), Marty Ryan(1). PARTIAL improved: MVAN now 4/4 OK, Len's 7/8, IMC 12BD+10EDR (overlap likely; effectively covered).
|
|
|
|
## Phase 4 — NO-AV remediation round 1 (2026-07-04 night)
|
|
|
|
Deployed Datto EDR to the 5 reachable NO-AV machines via RMM push (Install-EDR one-liner, visible stdout):
|
|
- Ridgetop Group (org 3db1059a, group 436d7e55, key ridgetop01): CNX-LAB-00 [OK] RGI-DC [OK after service kick, 1053 on first start] RTG-host01 [OK] - all 3 ACTIVE in EDR
|
|
- Gary A Hartman LLC (org 962e2986, key hartman001): DESKTOP-EVA4H1A [OK] ACTIVE
|
|
- Robyn Pittman (org dc47a7a5, key pittman001): DESKTOP-PL2RCGL install still running at wrap - VERIFY next session
|
|
Note: avInstalled field null right after registration - verify Datto AV component enables per org policy (check Monday).
|
|
|
|
Remaining NO-AV (machines unreachable, need online windows / discovery / onsite): Little Hearts Little Hands (8 - no RMM/SC at all, biggest gap), Residential and Renovation Engineering (2 - EDR org ready, 0 agents), Janet Altschuler (2 - verify if JANC Excavation org/janc-qb is hers), Business Services of Tucson (2), Marty Ryan (1). Path: autoenroll loop -> RMM -> EDR push (same as tonight).
|