azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b7bc3f4d2503cd86ef2d9dc7dc24f18e7b861edd
claudetools/wiki/clients/gonzvar-tax-services.md
Mike Swanson ae0efb87ca wiki: seed guruconnect + fix Gonzvar Syncro, Golden Corral mail/colocation 
- guruconnect: seeded wiki/projects/guruconnect.md (v0.3.0 production; artifact-based
  from guru-connect repo @ origin/main ded99c5 + session logs + project_guruconnect
  memory). [[guruconnect]] backlinks now resolve. Indexed.
- gonzvar-tax-services: found in Syncro via fuzzy `query=` — customer is "Gonzvar Tax
  Service" (singular), id 1830740, break-fix/~$175hr, 6 assets. Billing fields corrected.
- tucson-golden-corral: email platform set to Neptune Exchange (per owner/Mike); IX
  cPanel kept as a caveat to reconcile. TGC-SERVER documented as colocated at ACG main
  office (behind ACG office network, not a naked public box at the restaurant).
2026-06-12 08:21:58 -07:00

128 lines
8.8 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
type: client
name: gonzvar-tax-services
display_name: Gonzvar Tax Services
last_compiled: 2026-06-12
compiled_by: GURU-5070/claude-main
sources:
- clients/gonzvar-tax-services/session-logs/2026-06-06-mike-rmm-onboarding-diagnostic-bug-discovery.md
- clients/gonzvar-tax-services/TASKS.md
- clients/gonzvar-tax-services/DIAGNOSTIC-SUMMARY-2026-06-06.md
- clients/gonzvar-tax-services/GTS-W0-DISK-ANALYSIS.md
- clients/gonzvar-tax-services/onboarding-baselines/GTS-W0-20260606T180736.md
- clients/gonzvar-tax-services/onboarding-baselines/GTS-W1-20260606T180908.md
- clients/gonzvar-tax-services/onboarding-baselines/GTS-W2-20260606T181016.md
- clients/gonzvar-tax-services/onboarding-baselines/GTS-PEDRO-H-20260606T181113.md
- clients/gonzvar-tax-services/onboarding-baselines/GTS-SVR25-20260606T181205.md
- clients/gonzvar-tax-services/onboarding-baselines/SERVER-20260606T181304.md
- session-logs/2026-06-07-mike-gururmm-backup-alert-cleanup.md
backlinks:
- projects/msp-tools/guru-rmm
---
# Gonzvar Tax Services
Tax services firm onboarded as new MSP client in June 2026. Six machines enrolled in GuruRMM across a Windows AD environment (GTS.local). Fleet-wide onboarding diagnostics completed at intake; multiple security findings remain open. Active setup tasks pending (QuickBooks RemoteApp, Tailscale VPN, security hardening).
## Profile
- **Contract type:** Break-fix / per-incident (no prepaid block — Syncro `prepay_hours` = 0). Invoice history is small per-visit charges ($120$300) plus a recurring $240 every Jan 1 (annual agreement/fee — verify what it covers).
- **Key contacts:** Phone on file 520-203-9182 (Syncro contact record has no name/email). Owner inferred as "pgonz" / `GTS\gonzvar` from machine account names — (verify name/email).
- **Billing rate:** ~$175/hr (standard ACG rate; matches recurring labor invoice lines — verify exact rate in Syncro)
- **Hours remaining (if prepaid):** n/a (break-fix, no prepaid block)
- **Managed device count:** 6 (Syncro assets = 6; all enrolled in GuruRMM as of 2026-06-06)
- **Syncro customer ID:** 1830740 (business name **"Gonzvar Tax Service"** — singular; the plural "Services" slug missed it on `name=` search, found via `query=`)
## Infrastructure
### Servers & Services
| Host | IP | Role | OS | Notes |
|---|---|---|---|---|
| GTS-SVR25 | 192.168.0.2 (static) | Primary DC, DNS | Windows Server 2025 Standard (build 26100) | ASUS; i7-12700, 32 GB; Defender RTP off at baseline; firewall enabled |
| SERVER | 192.168.0.5 (static) | Legacy server | Windows Server 2019 Standard (build 17763) | Dell PowerEdge T440; Xeon Bronze 3204, 8 GB; SMBv1 enabled; firewall off; 104-day uptime at baseline |
### Workstations
| Host | IP | OS | Notes |
|---|---|---|---|
| GTS-W0 | 192.168.0.145 (DHCP) | Win11 Pro for Workstations (build 26200) | Lenovo 90SM006QUS; i5-12400, 16 GB; firewall off, RDP without NLA; ZeroTier 10.244.136.41 |
| GTS-W1 | 192.168.0.143 (DHCP) | Win11 Pro for Workstations (build 26200) | Lenovo 90SM006QUS; i5-12400, 16 GB; domain-joined |
| GTS-W2 | 192.168.0.146 (DHCP) | Win11 Pro for Workstations (build 26200) | Lenovo 90SM006QUS; i5-12400, 16 GB; domain-joined |
| GTS-PEDRO-H | 192.168.0.146 (DHCP, WiFi) | Win11 (build 26200) | Lenovo 90SM006QUS; i5-12400, 16 GB; NOT domain-joined (WORKGROUP); personal machine; WiFi only; ZeroTier 10.244.10.231 |
Note: GTS-W2 and GTS-PEDRO-H both resolved to 192.168.0.146 at scan time — probable DHCP address overlap worth checking.
### Email & Identity
- **M365 tenant:** (verify)
- **MX / mail flow:** (verify)
- **MFA status:** (verify)
- **Domain:** GTS.local (AD); GTS-SVR25 is primary DC and NTP source; workstations W0/W1/W2 and SERVER domain-joined; GTS-PEDRO-H in WORKGROUP
- **LAPS:** Present on GTS-W0, GTS-W1, GTS-W2, GTS-SVR25; not detected on SERVER
### Network
- **ISP / WAN:** Cox Communications (inferred from PEDRO-H DNS: 68.105.28.11, 68.105.29.11, 68.105.28.12)
- **Subnet:** 192.168.0.0/24 (DHCP served by GTS-SVR25)
- **Firewall:** (verify — no perimeter device observed in logs)
- **VPN:** ZeroTier present on GTS-W0 and GTS-PEDRO-H; Tailscale planned but not yet deployed
- **DNS:** GTS-SVR25 (192.168.0.2) primary, SERVER (192.168.0.5) secondary (domain-joined machines)
## Access
- **RMM (GuruRMM):** Site code `INNER-BEAR-6727`; enrollment key and site IDs in vault (`clients/gonzvar-tax-services/gururmm-site-main.sops.yaml`); install page: `https://rmm.azcomputerguru.com/install/INNER-BEAR-6727`
- **ScreenConnect:** All machines enrolled; client ID `1912bf3444b41a08`, version 26.1.24.9579
- **Splashtop:** All machines; Streamer 3.8.x running
- **Syncro agent:** All machines; version 1.0.201.18410
- **Datto RMM:** Present on GTS-SVR25 (4.4.11616) as additional ACG tooling
- **Admin accounts:** `pgonz` (local admin on all workstations); `GTS\gonzvar` (domain admin); `sysadmin` (local admin on servers); `GTS\pedro` (domain admin, seen on GTS-W0); `MediaAdmin$` (managed service account on servers)
- **Vault path:** `clients/gonzvar-tax-services/`
## Patterns & Known Issues
**Fleet-wide security configuration gaps (baseline 2026-06-06):**
- Firewalls disabled (all profiles: Domain, Private, Public) on GTS-W0 and SERVER; GTS-SVR25 has all profiles enabled; W1/W2/PEDRO-H status requires re-run after probe fix.
- RDP without NLA on GTS-W0 (pre-auth vulnerability). GTS-SVR25 and SERVER have RDP enabled with NLA — confirm restricted to VPN/internal IPs.
- No backup agent detected on any machine at baseline. SERVER had an abandoned Nov-2024 MSP360 image plan (needs deletion from MSP360 console).
- Defender RTP and antimalware service both off on GTS-SVR25. No AV agent detected (Server SKU — Security Center does not register; verify a managed AV is active or re-enable Defender).
- BitLocker inconsistent: GTS-W1 encrypted (TPM + recovery key); GTS-W0 unencrypted; servers returned null (verify with `manage-bde -status`).
- Group Policy Client service stopped on GTS-W0 (and possibly other machines). Investigate Group Policy application.
**SERVER legacy risk:**
- Windows Server 2019 (build 17763) with SMBv1 enabled and 5 pending updates at baseline; 104-day uptime. Server 2019 extended support ends 2029-01-09 — plan upgrade path to Server 2025.
- SMBv1 must be disabled: `Set-SmbServerConfiguration -EnableSMB1Protocol $false`.
**Diagnostic probe false positives (GuruRMM onboarding-diagnostic.ps1):**
- Event ID 153 from `Microsoft-Windows-Kernel-Boot` (VBS enabled boot message) is counted the same as Event ID 153 from the `Disk` source (real I/O error). On Windows 11 machines with VBS/HVCI enabled (default on 12th-gen Intel+), every boot logs an Event ID 153 that falsely inflates the disk-error count.
- GTS-W0 initially showed 9 "disk errors" — all were VBS boot messages; drive (Kingston NVMe 1TB) confirmed healthy via SMART.
- GTS-SVR25 showed 83 "disk errors" at baseline — almost certainly the same false positive given 20+ days uptime and similar Win11 base.
- Probe fix required (filter Event ID 153 by `ProviderName != 'Microsoft-Windows-Kernel-Boot'` or query `ProviderName = 'disk'` directly). Re-run baselines after fix to get accurate grades.
**GTS-PEDRO-H is not domain-joined:**
- Personal machine; WORKGROUP only; WiFi connectivity; only `pgonz` is local admin. Treat as bring-your-own device — lower management priority but still enrolled in RMM.
## Active Work
*Syncro not available for this client as of 2026-06-12. Open tasks from coord API (project key: gonzvar):*
| Task | Status | Notes |
|---|---|---|
| QuickBooks RemoteApp setup | Pending | Install QB on server; configure RemoteApp for local + VPN users |
| System cleanup (all machines) | Pending | Disk cleanup, temp files, updates, clear reboots |
| RDP over VPN (Tailscale) | Pending | Install Tailscale on server + workstations; addresses RDP exposure |
| GuruRMM enrollment | Complete | All 6 machines enrolled 2026-06-06 (was deferred, found pre-enrolled) |
| Security hardening (fleet) | Open | Firewall enable, RDP NLA, BitLocker, Defender RTP on SVR25, SMBv1 disable |
## History Highlights
- **2026-06-06** — New MSP client created; GuruRMM client `ae78d033` + site "Main" (`INNER-BEAR-6727`) provisioned; enrollment key vaulted.
- **2026-06-06** — Discovered 6 machines already enrolled in RMM (expected 4; found 3 workstations + 1 personal + 2 servers).
- **2026-06-06** — Fleet-wide onboarding diagnostic baseline run: GTS-W0, GTS-SVR25, SERVER graded RED; GTS-W1, GTS-W2, GTS-PEDRO-H graded AMBER.
- **2026-06-06** — Critical GuruRMM probe bug discovered: Event ID 153 / Kernel-Boot (VBS) counted as disk errors on Win11 machines; GTS-W0 initial "failing drive" alert retracted; drive confirmed healthy.
- **2026-06-07** — SERVER (Gonzvar) flagged during backup alert review; abandoned Nov-2024 MSP360 image plan identified for deletion.
## Backlinks
- [GuruRMM](../projects/msp-tools/guru-rmm.md) — onboarding diagnostic probe; Event ID 153 false-positive bug fix required
Reference in New Issue View Git Blame Copy Permalink