azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d0b98f769ea97f103e85d48e3fa3fa42e45f577d
claudetools/clients/cascades-tucson/docs/migration/phase5-hardening.md
Howard Enos 8d975c1b44 import: ingested 160 files from C:\Users\howar\Clients 
Howard's personal MSP client documentation folder imported into shared
ClaudeTools repo via /import command. Scope:

Clients (structured MSP docs under clients/<name>/docs/):
- anaise       (NEW)  - 13 files
- cascades-tucson     - 47 files merged (existing had only reports/)
- dataforth           - 18 files merged (alongside incident reports)
- instrumental-music-center - 14 files merged
- khalsa       (NEW)  - 22 files, multi-site (camden, river)
- kittle       (NEW)  - 16 files incl. fix-pdf-preview, gpo-intranet-zone
- lens-auto-brokerage (NEW) - 3 files (name matches SOPS vault)
- _client_template    - 13-file scaffold for new clients

MSP tooling (projects/msp-tools/):
- msp-audit-scripts/ - server_audit.ps1, workstation_audit.ps1, README
- utilities/         - clean_printer_ports, win11_upgrade,
                       screenconnect-toolbox-commands

Credential handling:
- Extracted 1 inline password (Anaise DESKTOP-O8GF4SD / david)
  to SOPS vault: clients/anaise/desktop-o8gf4sd.sops.yaml
- Redacted overview.md with vault reference pattern
- Scanned all 160 files for keys/tokens/connection strings -
  no other credentials found

Skipped:
- Cascades/.claude/settings.local.json (per-machine config)
- Source-root CLAUDE.md (personal, claudetools has its own)
- scripts/server_audit.ps1 and workstation_audit.ps1 at source root
  (identical duplicates of msp-audit-scripts versions)

Memory updates:
- reference_client_docs_structure.md (layout, conventions, active list)
- reference_msp_audit_scripts.md (locations, ScreenConnect 80-char rule)

Session log: session-logs/2026-04-16-howard-client-docs-import.md

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-16 19:43:58 -07:00

130 lines
3.6 KiB
Markdown
Raw Blame History

# Step 8: Hardening & Cleanup (~3-4 hours, remote)
---
## 8.1 — Deploy endpoint security
Via SyncroRMM, deploy to all endpoints:
- **SentinelOne** — EDR agent
- **Huntress** — threat detection
Then uninstall Datto EDR from all machines.
Verify on each machine:
```powershell
Get-Service SentinelAgent, HuntressAgent -ErrorAction SilentlyContinue | Select-Object Name, Status
```
---
## 8.2 — Delete Synology Sync VM
On CS-SERVER:
1. Open Hyper-V Manager
2. Shut down the Synology Sync VM (if running)
3. Delete the VM and its virtual hard disks
4. Reclaim disk space
```powershell
# Check for VMs
Get-VM | Select-Object Name, State, Path
# Stop and remove (adjust name as needed)
# Stop-VM -Name "SynologySync" -Force
# Remove-VM -Name "SynologySync" -Force
# Then manually delete the VHD files from the VM path
```
---
## 8.3 — Address shared accounts
Replace these shared/generic AD accounts with individual user accounts:
- **Culinary** → JD.Martin, Ramon.Castaneda, Alyssa.Brooks already in SG-Culinary-RW
- **Receptionist** → Cathy.Kingston, Shontiel.Nunn, Ray.Rai, Sebastian.Leon, Michelle.Shestko already in SG-Receptionist-RW
- **saleshare** → Megan.Hiatt, Crystal.Rodriguez, Tamra.Matthews already in SG-Sales-RW
- **directoryshare** → Cathy.Kingston, Shontiel.Nunn, Christina.DuPras already in SG-Directory-RW
Steps:
1. Verify individual users can access their shares via security group membership
2. Have users log in with their own accounts, confirm access works
3. Disable shared accounts (don't delete immediately)
4. Delete shared accounts after 30 days
### Clean up old shares/folders
- **D:\Roaming** — old roaming profiles attempt, never completed. Remove SMB share and delete folder.
- **D:\Shares\SaleShare** — old/duplicate sales folder. Verify no unique data, then remove SMB share.
```powershell
# Remove old Roaming share
Remove-SmbShare -Name "Roaming" -Force
# Remove old SaleShare (verify empty/duplicate first)
# Remove-SmbShare -Name "SaleShare" -Force
```
---
## 8.4 — RDS decision
Check if anyone uses Remote Desktop Services:
```powershell
# Check active RDS sessions
quser /server:CS-SERVER
# Check RDS configuration
Get-RDServer -ErrorAction SilentlyContinue
Get-RDSessionCollection -ErrorAction SilentlyContinue
```
**If RDS is used:** Purchase proper CALs (grace period expired ~17 months ago).
**If RDS is not used:** Remove the RDS role:
```powershell
Remove-WindowsFeature -Name RDS-RD-Server -Restart
```
---
## 8.5 — Update documentation
Update Cascades knowledge base at `C:\Users\howar\Clients\Cascades\`:
- [ ] `network/firewall.md` — new rules, Guest VLAN, aliases
- [ ] `network/vlans.md` — add VLAN 50 (Guest)
- [ ] `network/dns.md` — cleaned records, scavenging, reverse zones
- [ ] `network/wifi.md` — Guest SSID on VLAN 50
- [ ] `network/dhcp.md` — reservations
- [ ] `servers/active-directory.md` — new OUs, security groups, GPOs, all PCs joined
- [ ] `servers/cs-server.md` — print server role, GPOs
- [ ] `security/backup.md` — Synology ABB + offsite
- [ ] `security/antivirus.md` — SentinelOne + Huntress deployed
- [ ] `printers.md` — centralized print server, share names
- [ ] `issues/log.md` — close resolved issues
---
## 8.6 — Re-ingest knowledge base
```cmd
cd C:\Users\howar\Clients\MSP-AI
msp-ingest.bat Cascades --clear
```
---
## 8.7 — Close resolved issues
Update `issues/log.md` to mark these as resolved:
- Floating rule #4
- Guest WiFi on server LAN
- No GPOs
- 4 PCs not domain-joined
- No backup
- Shared accounts
- Stale DNS records
- Room 218 DHCP
- Timezone mismatch
- RDS licensing
- Room 130 dead rule
- VLAN 10 mismatch
- Stale disabled AD accounts
- Synology Sync VM
Reference in New Issue View Git Blame Copy Permalink