8.3 KiB
8.3 KiB
type, name, display_name, last_compiled, compiled_by, sources
| type | name | display_name | last_compiled | compiled_by | sources | ||||
|---|---|---|---|---|---|---|---|---|---|
| client | michaeljohnson | Michael Johnson (Law Office) | 2026-06-29 | HOWARD-HOME/claude-main |
|
Michael Johnson (Law Office)
Profile
- Business type: Solo legal practice (Tucson, AZ) — inferred from the paralegal
workstation, WordPerfect + "Seabill" legal-billing software, and the recurring
shared-file / Outlook-calendar-sync work between Michael's and Crystal's machines.
Not formally stated in Syncro (no
business_nameon the record). - Syncro Customer ID: 152567 (customer record created 2013-12-04 — long-standing client)
- Billing model: Break-fix / time-and-materials. No prepaid block (
prepay_hours = 0.0, live 2026-06-29). History is overwhelmingly emergency / onsite / remote one-off tickets. - Address: 177 N Church, Tucson, AZ 85701
- GuruRMM onboarded: 2026-06-29 (Howard) — client + site "Main"; both workstations enrolled same day.
- Onboarding grade: DESKTOP-GG4LKSL = AMBER; MJ-PARALEGAL = RED.
Contacts
| Name | Role | Email / Phone | Notes |
|---|---|---|---|
| Michael Johnson | Owner / attorney | michaeljohnson311@gmail.com / 520-622-0065 | Primary Syncro contact; uses DESKTOP-GG4LKSL |
| Crystal (Krystal) | Paralegal / assistant | (no email on file) / 520-906-4672 | Uses MJ-PARALEGAL; most day-to-day tickets are hers |
Email is on Gmail / Google Workspace (consumer/Workspace — not M365). Several past tickets involve Google account storage/payment and Outlook talking to the Google calendar; mail is not hosted or managed by ACG M365 tooling.
Infrastructure
Network
- Topology: Workgroup, peer-to-peer (no on-prem AD, no domain join). Both machines report
PartOfDomain=False/Domain=WORKGROUP. - LAN subnet: 192.168.1.0/24.
- Shared files are served peer-to-peer between the two workstations (consistent with the long history of "can't access shared files" tickets) — exact share host/path not yet mapped.
Workstations (GuruRMM enrolled 2026-06-29, site "Main")
| Hostname | User | Model | CPU | RAM | OS | IP | Agent ID | Grade |
|---|---|---|---|---|---|---|---|---|
| DESKTOP-GG4LKSL | Michael | HP Pavilion Gaming TG01-2xxx | i7-11700F 8c/16t | 31.8 GB | Win 11 Pro 25H2 (build 26200) | 192.168.1.135 (Wi-Fi) | 09c08484-2b51-404b-a294-6e39f498867c | AMBER |
| MJ-PARALEGAL | Crystal | ASUS (desktop, generic board) | i5-10400 6c/12t | 15.8 GB | Win 11 Pro 25H2 (build 26200) | 192.168.1.136 (wired) | 4537ac34-e548-484c-b4e9-fd91e7f97a23 | RED |
Both on Win 11 25H2 (supported until 2027-10-12), OS activated, agent v0.6.75, Defender active & current with Tamper Protection on, SMBv1 disabled, LAPS reg key present. Neither has a backup agent. MJ-PARALEGAL was recently recovered + upgraded to Win11 (Syncro #31768).
RMM site / enrollment
- Client: Michael Johnson · Site: Main · Site code:
BRIGHT-RIVER-8998 - Client ID:
99022a2e-6b8f-472b-9269-6a746ef0970b· Site ID:94b5cb21-3d8e-484a-8ef3-8388b66417d2 - Install page: https://rmm.azcomputerguru.com/install/BRIGHT-RIVER-8998
- Enrollment key vault path:
clients/michaeljohnson/gururmm-site-main.sops.yaml(also stampedsyncro_customer_id: 152567)
Onboarding Findings (2026-06-29 baselines)
MJ-PARALEGAL — RED (2 critical / 4 warning)
- [CRITICAL] Firewall OFF on Private + Public profiles (
Domain=Trueonly). Exposed to inbound / lateral attacks on the local network. Re-enable all profiles. - [CRITICAL] E: drive 0% free (0 GB of 255.6 GB). Risk of failed updates, crashes, corruption. Find what is filling it (likely data / scanned docs) and clean up or expand urgently.
- [WARNING] BitLocker off on C: · 2 pending Windows updates · 1 unexpected shutdown in last 14 days · 6 auto-start services stopped (Asus/Lenovo/Google updaters + Intel TPM provisioning — mostly benign, but note Lenovo and Asus services on the same box suggests image/hardware churn).
- DNS server set to 172.16.132.1 on a 192.168.1.x LAN — anomalous (looks like a stale/foreign resolver, possibly a leftover VPN/management DNS). Verify and correct to the local gateway/ISP DNS.
- Local admins:
Administrator,localadmin,Paralegal.
DESKTOP-GG4LKSL — AMBER (0 critical / 5 warning)
- [WARNING] BitLocker off on C: · 4 pending Windows updates · D: 14.6% free (68.1 GB of 465.8 GB) · 1 unexpected shutdown in last 14 days · 3 auto-start services stopped (Google updaters + Intel TPM).
- Note: C: is the large/healthy volume (690 GB free of 930 GB); D: is the low one — confirm which volume holds working data before cleanup.
- Windows Time source is time1.aliyun.com (Alibaba NTP) — unusual; reset to a standard pool
(
time.windows.com/pool.ntp.org). - Local admins:
Administrator,Localadmin,owner.
Common to both
- No BitLocker (workgroup, no escrow target — would need manual key storage / vault).
- No backup agent on either machine — no backup coverage confirmed. For a law office this is the biggest gap; confirm whether anything (cloud sync, manual) protects the working files.
- Defender-only AV, firewall (GG4LKSL all-on / PARALEGAL needs fixing), SMBv1 off — baseline security otherwise reasonable.
- ACG remote tooling present and expected: ScreenConnect on both; Splashtop + Syncro agent additionally on MJ-PARALEGAL. No competitor/foreign RMM agents detected.
Syncro
- Customer: Michael Johnson, id
152567(since 2013-12-04). Break-fix, no prepaid block. - Open ticket: #32477 — Onsite - Check machine connections and printers. (New)
- Recent relevant: #31768 Recovered Paralegal Machine and Win11 Upgrade (Invoiced) — origin of the current MJ-PARALEGAL build; #32329 Calendar issues (Resolved).
- Recurring ticket themes across ~50 tickets: printer setup/offline errors, Outlook<->Google calendar sync between Michael & Crystal, "can't access shared files", mice failing after power outages, WordPerfect/Seabill hangs, new-machine builds.
Patterns & Known Issues
- Two-person peer-to-peer office. Everything is workgroup + shared files between Michael's and Crystal's PCs. Shared-file and calendar-sync breakage is the single most common call — there is no server, so a machine being down/offline breaks the other's access.
- Mail is Google, not M365. Do not reach for the ComputerGuru M365 remediation suite here — Outlook is configured against a Google account. Google storage/billing has caused outages historically.
- Power-outage sensitivity. Multiple "mouse/peripheral dead after a power outage" and "machines went down" tickets — no UPS protection documented; a UPS on each machine would cut repeat emergency calls.
- Backups unverified. No backup agent on either workstation. For a legal practice's working files this is the top risk to close.
- MJ-PARALEGAL E: full + firewall off are the two immediate must-fix items from onboarding.
Active Work / Open Items
| Priority | Action | Owner | Notes |
|---|---|---|---|
| P1 | Re-enable firewall (Private + Public) on MJ-PARALEGAL | Howard | CRITICAL onboarding finding |
| P1 | Clear/expand E: on MJ-PARALEGAL (0% free) | Howard | CRITICAL; identify what's filling 255 GB |
| P1 | Establish/confirm backup coverage for both PCs | Howard/Mike | No backup agent on either; law-office data |
| P2 | Fix anomalous DNS (172.16.132.1) on MJ-PARALEGAL | Howard | Should be local gateway / ISP DNS |
| P2 | Onsite #32477 — check machine connections + printers | Howard | Open Syncro ticket |
| P2 | Install pending Windows updates (4 on GG4LKSL, 2 on PARALEGAL) | Howard | Next maintenance window |
| P3 | Free space on GG4LKSL D: (14.6%) | Howard | Confirm which volume holds data first |
| P3 | Reset GG4LKSL time source off Alibaba NTP | Howard | Use standard NTP pool |
| P3 | Evaluate UPS for both machines | Mike | Repeat post-outage peripheral failures |
| P3 | Consider BitLocker (with key escrow) | Howard | Both unencrypted; workgroup needs manual key storage |
Backlinks
- projects/gururmm — DESKTOP-GG4LKSL + MJ-PARALEGAL enrolled (site: Main / BRIGHT-RIVER-8998)