azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d0b98f769ea97f103e85d48e3fa3fa42e45f577d
claudetools/clients/cascades-tucson/docs/migration/phase0-safety-net.md
Howard Enos 8d975c1b44 import: ingested 160 files from C:\Users\howar\Clients 
Howard's personal MSP client documentation folder imported into shared
ClaudeTools repo via /import command. Scope:

Clients (structured MSP docs under clients/<name>/docs/):
- anaise       (NEW)  - 13 files
- cascades-tucson     - 47 files merged (existing had only reports/)
- dataforth           - 18 files merged (alongside incident reports)
- instrumental-music-center - 14 files merged
- khalsa       (NEW)  - 22 files, multi-site (camden, river)
- kittle       (NEW)  - 16 files incl. fix-pdf-preview, gpo-intranet-zone
- lens-auto-brokerage (NEW) - 3 files (name matches SOPS vault)
- _client_template    - 13-file scaffold for new clients

MSP tooling (projects/msp-tools/):
- msp-audit-scripts/ - server_audit.ps1, workstation_audit.ps1, README
- utilities/         - clean_printer_ports, win11_upgrade,
                       screenconnect-toolbox-commands

Credential handling:
- Extracted 1 inline password (Anaise DESKTOP-O8GF4SD / david)
  to SOPS vault: clients/anaise/desktop-o8gf4sd.sops.yaml
- Redacted overview.md with vault reference pattern
- Scanned all 160 files for keys/tokens/connection strings -
  no other credentials found

Skipped:
- Cascades/.claude/settings.local.json (per-machine config)
- Source-root CLAUDE.md (personal, claudetools has its own)
- scripts/server_audit.ps1 and workstation_audit.ps1 at source root
  (identical duplicates of msp-audit-scripts versions)

Memory updates:
- reference_client_docs_structure.md (layout, conventions, active list)
- reference_msp_audit_scripts.md (locations, ScreenConnect 80-char rule)

Session log: session-logs/2026-04-16-howard-client-docs-import.md

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-16 19:43:58 -07:00

66 lines
2.5 KiB
Markdown
Raw Blame History

# Step 1: Emergency Backup (~1 hour, remote)
**Must complete before touching anything.** HIPAA §164.308(a)(7) requires backup and disaster recovery for all PHI. No backup = non-compliance. Synology NAS and CS-SERVER both contain PHI.
---
## 1.1 — Set up Synology Active Backup for Business
See `session3-2026-03-07.md` Step 1 for detailed walkthrough.
1. Log into Synology DSM at `https://192.168.0.120:5001`
2. Install "Active Backup for Business" from Package Center (free with Synology)
3. Install ABB agent on CS-SERVER via ScreenConnect (download from DSM → ABB → Physical Server → Add Device)
4. Create backup task:
- Source: CS-SERVER (192.168.2.254), entire machine (C: + D:)
- Destination: Synology Volume 1 (~540 GB free, expect ~300 GB after compression)
- Schedule: Nightly at 2:00 AM
- Retention: 7 daily + 4 weekly
- Compression + transfer encryption enabled
5. Run first backup manually
6. **Verify it completes successfully before proceeding**
**Storage note:** ~592 GB raw data, but ABB compression typically achieves 40-60% reduction. Should fit with room for incrementals. **HIPAA critical:** PHI backup must succeed before any other migration work begins.
## 1.2 — Export pfSense config
1. Open pfSense web UI (192.168.0.1)
2. Diagnostics → Backup & Restore → Download configuration as XML
3. Save to `D:\Shares\IT\Backups\pfSense\` on CS-SERVER
## 1.3 — Export configuration snapshots
Run on CS-SERVER via ScreenConnect:
```powershell
# Script: scripts/phase0-export-configs.ps1
# See script for full commands
```
Exports: AD users/computers/groups, DNS records, NPS/RADIUS config, file share permissions (SMB + NTFS), GPO reports.
All exports saved to `D:\Shares\IT\Backups\`.
## 1.4 — Quick remote health checks
Run `scripts/phase0-remote-checks.ps1` on CS-SERVER via ScreenConnect. Checks:
- Disk SMART health via Dell OpenManage
- Unknown listening ports (5504, 6783, 8019)
- IIS website audit
- DNS forwarder verification
- General server health (memory, disk, uptime)
## Checklist
- [ ] Active Backup for Business installed and first backup completed
- [ ] pfSense XML backup saved
- [ ] AD export CSVs in `D:\Shares\IT\Backups\AD\`
- [ ] DNS export in `D:\Shares\IT\Backups\DNS\`
- [ ] NPS export in `D:\Shares\IT\Backups\NPS\`
- [ ] Permissions exports in `D:\Shares\IT\Backups\Permissions\`
- [ ] Remote health checks completed (disk, ports, IIS, DNS forwarder)
## Rollback
Step 1 is read-only/additive. Nothing to roll back.
Reference in New Issue View Git Blame Copy Permalink