azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d0b98f769ea97f103e85d48e3fa3fa42e45f577d
claudetools/clients/cascades-tucson/docs/migration/session3-2026-03-07.md
Howard Enos 8d975c1b44 import: ingested 160 files from C:\Users\howar\Clients 
Howard's personal MSP client documentation folder imported into shared
ClaudeTools repo via /import command. Scope:

Clients (structured MSP docs under clients/<name>/docs/):
- anaise       (NEW)  - 13 files
- cascades-tucson     - 47 files merged (existing had only reports/)
- dataforth           - 18 files merged (alongside incident reports)
- instrumental-music-center - 14 files merged
- khalsa       (NEW)  - 22 files, multi-site (camden, river)
- kittle       (NEW)  - 16 files incl. fix-pdf-preview, gpo-intranet-zone
- lens-auto-brokerage (NEW) - 3 files (name matches SOPS vault)
- _client_template    - 13-file scaffold for new clients

MSP tooling (projects/msp-tools/):
- msp-audit-scripts/ - server_audit.ps1, workstation_audit.ps1, README
- utilities/         - clean_printer_ports, win11_upgrade,
                       screenconnect-toolbox-commands

Credential handling:
- Extracted 1 inline password (Anaise DESKTOP-O8GF4SD / david)
  to SOPS vault: clients/anaise/desktop-o8gf4sd.sops.yaml
- Redacted overview.md with vault reference pattern
- Scanned all 160 files for keys/tokens/connection strings -
  no other credentials found

Skipped:
- Cascades/.claude/settings.local.json (per-machine config)
- Source-root CLAUDE.md (personal, claudetools has its own)
- scripts/server_audit.ps1 and workstation_audit.ps1 at source root
  (identical duplicates of msp-audit-scripts versions)

Memory updates:
- reference_client_docs_structure.md (layout, conventions, active list)
- reference_msp_audit_scripts.md (locations, ScreenConnect 80-char rule)

Session log: session-logs/2026-04-16-howard-client-docs-import.md

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-16 19:43:58 -07:00

281 lines
9.1 KiB
Markdown
Raw Blame History

# Session 3 — 2026-03-07: Backup Setup + Quick Wins
**Focus:** Priority 1 (backup/safety net) + quick remote fixes
---
## Pre-Session Checklist
- [ ] Howard has Synology DSM credentials ready
- [ ] ScreenConnect access to CS-SERVER confirmed
- [ ] pfSense web UI accessible
---
## Step 1: Set Up Synology Active Backup for Business (~30 min)
### 1a. Install Active Backup for Business
1. Log into Synology DSM at `https://192.168.0.120:5001`
2. Open **Package Center** → search "Active Backup for Business"
3. Install (free with Synology, no license key needed)
4. Open Active Backup for Business from main menu
### 1b. Install ABB Agent on CS-SERVER
Via ScreenConnect on CS-SERVER:
1. Open browser on CS-SERVER, go to `https://192.168.0.120:5001`
2. Log into DSM → Active Backup for Business → **Physical Server** tab
3. Click **Add Device** → download the Windows agent installer
4. Run installer on CS-SERVER — it will ask for:
- Synology NAS address: `192.168.0.120`
- DSM admin credentials
5. Once agent connects, CS-SERVER should appear in the device list
### 1c. Create Backup Task
| Setting | Value |
|---------|-------|
| Source | CS-SERVER (entire machine — C: + D:) |
| Destination | Synology Volume 1 |
| Schedule | Daily at 2:00 AM |
| Retention | 7 daily + 4 weekly |
| Compression | Enabled |
| Transfer encryption | Enabled |
### 1d. Storage Check BEFORE Running First Backup
```powershell
# Run on CS-SERVER to get actual data sizes
$cUsed = (Get-PSDrive C).Used / 1GB
$dUsed = (Get-PSDrive D).Used / 1GB
Write-Host "C: drive used: $([math]::Round($cUsed, 1)) GB"
Write-Host "D: drive used: $([math]::Round($dUsed, 1)) GB"
Write-Host "Total data: $([math]::Round($cUsed + $dUsed, 1)) GB"
```
**Storage concern:** Synology has ~540 GB free. CS-SERVER has ~137 GB on C: + ~455 GB on D: = ~592 GB total. First full backup may NOT fit if we include everything.
**Options if space is tight:**
- Exclude pagefile.sys, hiberfil.sys, temp folders (ABB usually does this automatically)
- Exclude `C:\Windows\Temp`, `C:\Users\*\AppData\Local\Temp`
- Back up D: only (has the critical data — shares, Roaming profiles)
- Check if ABB uses dedup/compression (it does — expect 40-60% compression)
### 1e. Run First Backup
1. Click **Back Up Now** in the ABB console
2. Monitor progress — first full backup of ~460 GB over Gigabit LAN should take 1-2 hours
3. Verify backup starts successfully, note estimated completion time
4. Can continue with other steps while backup runs
### 1f. Verify
- [ ] ABB agent installed and connected on CS-SERVER
- [ ] Backup task created with correct schedule/retention
- [ ] First backup started successfully
- [ ] Estimated completion time noted: ____________
---
## Step 2: Export pfSense Config XML (~2 min)
1. Open pfSense web UI → `https://192.168.0.1`
2. Navigate to **Diagnostics → Backup & Restore**
3. Click **Download configuration as XML**
4. Save file locally, then copy to CS-SERVER:
```powershell
# On CS-SERVER, create the directory
New-Item -Path "D:\Shares\IT\Backups\pfSense" -ItemType Directory -Force
```
5. Upload the XML to `D:\Shares\IT\Backups\pfSense\pfsense-config-2026-03-07.xml`
- [ ] pfSense XML saved to CS-SERVER
---
## Step 3: Export AD/DNS/Permissions Snapshots (~10 min)
Run on CS-SERVER via ScreenConnect:
```powershell
# Use the existing script
Set-Location "D:\Shares\IT"
# If script is available on the server:
# .\phase0-export-configs.ps1
# Or run inline:
$BackupRoot = "D:\Shares\IT\Backups"
$Timestamp = Get-Date -Format "yyyy-MM-dd_HHmm"
# Create directories
"AD", "DNS", "Permissions", "GPO" | ForEach-Object {
New-Item -Path "$BackupRoot\$_" -ItemType Directory -Force | Out-Null
}
# AD exports
Import-Module ActiveDirectory
Get-ADUser -Filter * -Properties * | Export-Csv "$BackupRoot\AD\users_$Timestamp.csv" -NoTypeInformation
Get-ADComputer -Filter * -Properties * | Export-Csv "$BackupRoot\AD\computers_$Timestamp.csv" -NoTypeInformation
Get-ADGroup -Filter * -Properties * | Export-Csv "$BackupRoot\AD\groups_$Timestamp.csv" -NoTypeInformation
Get-ADGroupMember -Identity "Domain Admins" | Export-Csv "$BackupRoot\AD\domain-admins_$Timestamp.csv" -NoTypeInformation
# DNS export
Import-Module DnsServer
Get-DnsServerResourceRecord -ZoneName "cascades.local" | Export-Csv "$BackupRoot\DNS\cascades-local-records_$Timestamp.csv" -NoTypeInformation
Get-DnsServerZone | Export-Csv "$BackupRoot\DNS\zones_$Timestamp.csv" -NoTypeInformation
# DNS forwarder check (also verifies item G)
Get-DnsServerForwarder | Out-File "$BackupRoot\DNS\forwarders_$Timestamp.txt"
Write-Host "--- DNS Forwarder Check (should show 192.168.0.1) ---"
Get-DnsServerForwarder | Format-List
# File share permissions
Get-SmbShare | Export-Csv "$BackupRoot\Permissions\smb-shares_$Timestamp.csv" -NoTypeInformation
Get-SmbShare | Where-Object { $_.Path -like "D:\*" } | ForEach-Object {
Get-SmbShareAccess -Name $_.Name | Out-File "$BackupRoot\Permissions\$($_.Name)-access_$Timestamp.txt"
}
# GPO report
Get-GPO -All | Export-Csv "$BackupRoot\AD\gpos_$Timestamp.csv" -NoTypeInformation
Write-Host "`nAll exports saved to $BackupRoot" -ForegroundColor Green
```
- [ ] AD exports completed
- [ ] DNS exports completed (including forwarder check)
- [ ] Permissions exports completed
- [ ] GPO report exported
- [ ] DNS forwarder confirmed as 192.168.0.1 (item G): ____________
---
## Step 4: Quick Remote Checks (~5 min)
Run on CS-SERVER while backup is in progress:
```powershell
# === DISK HEALTH CHECK ===
# Try Dell OpenManage CLI
$omreport = "C:\Program Files\Dell\SysMgt\oma\bin\omreport.exe"
if (Test-Path $omreport) {
Write-Host "=== DISK HEALTH (OpenManage) ===" -ForegroundColor Cyan
& $omreport storage pdisk controller=0
} else {
Write-Host "[WARN] Dell OpenManage CLI not found at expected path" -ForegroundColor Yellow
Write-Host "Try OpenManage web UI at https://192.168.2.254:1311"
}
# === UNKNOWN LISTENING PORTS ===
Write-Host "`n=== UNKNOWN PORT IDENTIFICATION ===" -ForegroundColor Cyan
@(5504, 6783, 8019) | ForEach-Object {
$port = $_
$conn = Get-NetTCPConnection -LocalPort $port -ErrorAction SilentlyContinue
if ($conn) {
$proc = Get-Process -Id $conn.OwningProcess -ErrorAction SilentlyContinue
Write-Host "Port $port -> PID $($conn.OwningProcess) -> $($proc.ProcessName) ($($proc.Path))" -ForegroundColor Green
} else {
Write-Host "Port $port -> No active listener" -ForegroundColor Yellow
}
}
# === IIS CHECK ===
Write-Host "`n=== IIS WEBSITES ===" -ForegroundColor Cyan
try {
Import-Module WebAdministration -ErrorAction Stop
Get-Website | Format-Table Name, State, PhysicalPath, @{N='Bindings';E={$_.bindings.Collection.bindingInformation}} -AutoSize
} catch {
Write-Host "[WARN] WebAdministration module not available: $_" -ForegroundColor Yellow
}
# === SERVER UPTIME & GENERAL HEALTH ===
Write-Host "`n=== SERVER HEALTH ===" -ForegroundColor Cyan
$os = Get-CimInstance Win32_OperatingSystem
Write-Host "Uptime: $((Get-Date) - $os.LastBootUpTime)"
Write-Host "Memory: $([math]::Round(($os.TotalVisibleMemorySize - $os.FreePhysicalMemory) / 1MB, 1)) GB used / $([math]::Round($os.TotalVisibleMemorySize / 1MB, 1)) GB total"
Get-PSDrive C, D | ForEach-Object {
Write-Host "$($_.Name): $([math]::Round($_.Used/1GB,1)) GB used / $([math]::Round(($_.Used+$_.Free)/1GB,1)) GB total ($([math]::Round($_.Free/1GB,1)) GB free)"
}
```
Record results:
- [ ] Disk health status: ____________
- [ ] Port 5504 is: ____________
- [ ] Port 6783 is: ____________
- [ ] Port 8019 is: ____________
- [ ] IIS serving: ____________
---
## Step 5: Quick Fixes (if time permits, ~10 min)
### 5a. Fix Room 218 DHCP (Item H)
pfSense UI → Services → DHCP Server → Room218
- Change **Range End** from `10.2.18.2` to `10.2.18.14`
- Save → Apply Changes
- [ ] Room 218 DHCP range fixed
### 5b. Delete Room 130 Firewall Rule (Item I)
pfSense UI → Firewall → Rules → Room130
- Delete the disabled TCP PASS rule
- Apply Changes
- [ ] Room 130 dead rule deleted
### 5c. Set CS-SERVER Timezone (Item K)
```powershell
# Check current timezone
Get-TimeZone
# Set to Arizona (UTC-07:00, no DST — matches pfSense)
Set-TimeZone -Id "US Mountain Standard Time"
# Verify
Get-TimeZone
# Should show: (UTC-07:00) Arizona
```
- [ ] CS-SERVER timezone set to Arizona
---
## Post-Session Summary
### Completed This Session
- [ ] Synology Active Backup for Business installed and first backup running
- [ ] pfSense config XML exported
- [ ] AD/DNS/Permissions snapshots exported
- [ ] DNS forwarder verified (item G)
- [ ] Disk health checked
- [ ] Unknown ports identified
- [ ] IIS purpose documented
- [ ] Room 218 DHCP fixed (item H)
- [ ] Room 130 rule deleted (item I)
- [ ] CS-SERVER timezone fixed (item K)
### Next Session Plan
1. Create firewall aliases (item D) — ~15 min
2. Replace INTERNAL firewall rules (item E)
3. Disable floating rule #4 + add room internet rule (item F)
4. Delete VLAN 10 from UniFi (item J)
### Information Gathered
| Item | Finding |
|------|---------|
| DNS Forwarder | |
| Disk Health | |
| Port 5504 | |
| Port 6783 | |
| Port 8019 | |
| IIS Purpose | |
| Backup Status | |
| Storage Remaining | |
Reference in New Issue View Git Blame Copy Permalink