Mike Swanson
0210d66b40
Author: Mike Swanson Machine: Mikes-MacBook-Air.local Timestamp: 2026-06-07 12:59:13
16 KiB
Wolkin Law (Robert S. Wolkin, Esq.)
Client Type: Legal Services Service Model: Per-incident / Ad-hoc Primary Contact: Robert Wolkin (robert@rswolkin.com) Remote Assistant: Julie (julie@rswolkin.com) Syncro ID: Not documented GuruRMM Client: Wolkin, Robert / Main Last Compiled: 2026-06-07 Compiled By: Mikes-MacBook-Air/claude-main
Overview
Solo law practice operated by Robert Wolkin with remote administrative assistance from Julie. Practice operates from a physical office location with a primary workstation (FRONT) and requires remote file access for Julie working from a separate location (RSW-Laptop). Infrastructure is minimal but critical for daily operations, focusing on secure remote file sharing and M365 collaboration.
Current State
Active Services
- Remote Access VPN: ZeroTier mesh network (network 17d709436c834c9b) connecting office and remote workstations
- File Sharing: SMB shares from FRONT (Scans, Forms, Pleadings) accessed via persistent network drives on RSW-Laptop
- M365 Mailbox Delegation: Julie has FullAccess permissions to Robert's mailbox with AutoMapping enabled
- GuruRMM Monitoring: 3 Windows 11 agents enrolled (FRONT, RSW-Laptop, DESKTOP-V1JT1SE)
- Software Deployment: Office 365 and Adobe Creative Cloud Desktop being deployed to RSW-Laptop
Service Delivery Model
Per-incident work with no documented prepaid block or recurring monthly agreement. Work is performed on-demand as needs arise.
Recent Activity
- 2026-06-07: ZeroTier VPN deployment, file sharing configuration, M365 mailbox delegation, software installation
Infrastructure
Network Architecture
ZeroTier Mesh VPN
- Network ID:
17d709436c834c9b - Network Type: Private mesh (peer-to-peer)
- Subnet: 10.147.19.0/24
- Purpose: Secure remote file access between office and remote locations
Connected nodes:
- FRONT (office PC): 10.147.19.199, Node ID
0c00b9917a - RSW-Laptop (remote): 10.147.19.54, Node ID
2a497be947
DNS resolution provided via hosts file entries on both machines for FRONT and RSW-Laptop hostnames.
Office Network
- Printer: RICOH network printer at 172.17.110.110 (Standard TCP/IP Port 9100)
- Printer Driver: RICOH PCL6 UniversalDriver V4.33
- Office Subnet: 172.17.0.0/16 (assumed based on printer IP)
The office network is NOT routed through ZeroTier; only the office PC participates in the mesh for file sharing purposes. Printer access from remote locations is not currently configured.
Systems
FRONT (Office Workstation)
- Role: Primary office workstation, file share host
- OS: Windows 11
- ZeroTier IP: 10.147.19.199
- GuruRMM Agent ID:
04765560-3e8a-46e5-a507-c5f5f4ead6eb - Local User: julie (Administrator group)
- Desktop Redirection: OneDrive (owner's account)
SMB Shares:
\\FRONT\Scans→C:\Scans\\FRONT\Forms→C:\Users\Owner\OneDrive\Desktop\Forms\\FRONT\Pleadings→C:\Users\Owner\OneDrive\Desktop\Pleading Forms and Filing\\FRONT\RICOH→ RICOH printer share (access issues unresolved)
Permissions: Local user julie has NTFS FullControl on all shared folders (Scans, Forms, Pleadings).
RSW-Laptop (Remote Laptop)
- Role: Julie's remote workstation
- OS: Windows 11
- ZeroTier IP: 10.147.19.54
- GuruRMM Agent ID:
043fd673-35a2-4d3d-8f91-ed73ce70cc1e - Local User: julie (Administrator group)
Network Drives (persistent, mapped via net use with credentials):
S:→\\FRONT\ScansF:→\\FRONT\FormsP:→\\FRONT\Pleadings
Desktop Shortcuts (UNC paths for resilience):
Scans.lnk→\\FRONT\ScansForms.lnk→\\FRONT\FormsPleading Forms and Filing.lnk→\\FRONT\Pleadings
Software Installed/Deploying:
- Microsoft 365 (Office Deployment Tool 17830-20162, O365BusinessRetail, 64-bit, silent install in progress)
- Adobe Creative Cloud Desktop 6.0.0.660 (silent install in progress)
DESKTOP-V1JT1SE
- Role: Personal machine (Bob's personal device)
- Status: Out of scope for MSP services
- GuruRMM: Enrolled but not managed
M365 Tenant
Domain: rswolkin.com
Tenant ID: ceb6dbe7-82c8-4d8f-9c6b-49aa26208e9b
Licensed Users:
- robert@rswolkin.com: Primary user (Robert Wolkin)
- Password:
Alissa16$!(for Adobe Creative Cloud sign-in)
- Password:
- julie@rswolkin.com: Remote assistant
- Password:
Jaylen0607! - Mailbox Permissions: FullAccess to robert@rswolkin.com with AutoMapping enabled
- Password:
ComputerGuru MSP Apps: At least Exchange Operator app is consented (used for mailbox delegation). Other ACG apps (Security Investigator, User Manager, Tenant Admin, Defender Add-on) consent status not documented.
Credentials
All credentials are stored in vault at clients/wolkin-law/*.sops.yaml and user profile settings.
Local Accounts
- julie (both FRONT and RSW-Laptop):
Jaylen0607!- Role: Administrator on both machines
- Matches M365 password for convenience
M365 Accounts
- julie@rswolkin.com:
Jaylen0607! - robert@rswolkin.com:
Alissa16$!
ZeroTier
- Network ID:
17d709436c834c9b - Access: Managed via ZeroTier Central web console
Known Issues & Limitations
HIGH: GuruRMM Password Setting Bug
Discovery Date: 2026-06-07
Impact: Critical - affects user account provisioning
Status: Documented in .claude/memory/feedback_rmm_password_limitation.md
All password-setting commands executed via GuruRMM (PowerShell Set-LocalUser, PowerShell net user, CMD net user) return exit code 0 and "The command completed successfully" but fail to actually set the password. Verification with net user <username> shows "Password required: No" and authentication fails.
Workaround: Use ScreenConnect for all password operations. The identical commands work correctly when executed via ScreenConnect, ruling out privilege issues (both run as SYSTEM). The bug is specific to GuruRMM's Windows agent process spawning mechanism.
Investigation Status: Requires inspection of GuruRMM agent command execution code. High priority for platform stability.
MEDIUM: RICOH Printer Access from Remote
Discovery Date: 2026-06-07 Impact: Medium - printer access from remote location not functional Status: Deferred for later investigation
The RICOH network printer (172.17.110.110) is shared from FRONT as \\FRONT\RICOH but the RSW-Laptop receives access denied errors when attempting to connect. The printer is on the office LAN (172.17.0.0/16) which is not routed through ZeroTier.
Decision Point: Two options considered:
- Route entire 172.17.0.0/16 office subnet through ZeroTier (rejected for security/complexity)
- Fix printer sharing permissions over ZeroTier mesh (chosen approach, not yet resolved)
Next Steps: Investigate printer share permissions and credential passthrough behavior over ZeroTier connections.
LOW: Software Installation Verification Pending
Status: In Progress Impact: Low - installations were started and running at session end
Office 365 and Adobe Creative Cloud Desktop installations were initiated on RSW-Laptop via silent installers but were still running in background when the session concluded. Installation completion and software functionality have not been verified.
Next Steps:
- Verify Office 365 installation completed successfully
- Verify Adobe Creative Cloud Desktop installation completed successfully
- Test application launches and licensing activation
LOW: Mailbox AutoMapping Propagation
Status: Waiting for propagation (5-15 minutes typical) Impact: Low - mailbox access was granted, just waiting for Outlook auto-configuration
Julie was granted FullAccess permissions to Robert's mailbox with AutoMapping enabled. The permission was successfully applied via Exchange Operator app API, but the mailbox won't appear automatically in Julie's Outlook until the AutoMapping propagates.
Next Steps: Verify Robert's mailbox appears in Julie's Outlook client without manual configuration.
Patterns & Decisions
ZeroTier over Tailscale
Decision Date: 2026-06-07
Client specifically requested ZeroTier instead of Tailscale for the VPN solution. Existing Tailscale 1.98.4 installations were removed from both FRONT and RSW-Laptop, and ZeroTier 1.16.2 was deployed in their place.
Rationale: Client preference (specific reason not documented).
Related Pattern: Documented Tailscale client management pattern exists (see wiki/patterns/tailscale-client-management.md) but is not applicable to this client.
Hostname-Based UNC Paths
Decision Date: 2026-06-07
Desktop shortcuts initially used drive letters (S:\, F:\, P:\) but were updated to UNC paths using the FRONT hostname (\\FRONT\Scans, etc.) after the mapped drives disconnected.
Rationale: UNC paths provide better resilience. If mapped drives disconnect or IP addresses change, the shortcuts continue working as long as the hostname resolves. Hosts file entries provide static DNS resolution for the FRONT hostname on the ZeroTier network.
Administrator Access for Remote User
Decision Date: 2026-06-07
Julie's local account on RSW-Laptop was added to the Administrators group instead of standard Users group.
Rationale: Simplifies access and troubleshooting for remote work scenarios. Julie requires software installation capabilities and full system access for her role.
Security Consideration: Acceptable risk for a two-user practice with trusted remote assistant.
SMB File Sharing vs. Cloud Storage
Decision Date: 2026-06-07 (implicit)
File sharing is implemented via SMB over ZeroTier mesh rather than migrating to OneDrive/SharePoint shared folders.
Rationale:
- Owner's desktop is already redirected to OneDrive
- Existing file organization and workflows remain intact
- No user training required for cloud storage paradigm
- Forms and Pleadings folders already stored in OneDrive (but accessed via SMB)
Trade-off: Requires VPN connectivity and FRONT to be online. No offline access to files from RSW-Laptop.
History
2026-06-07: ZeroTier VPN Deployment & Remote Access Configuration
Work Performed By: Mike Swanson
Session Log: clients/wolkin-law/session-logs/2026-06-07-mike-zerotier-setup.md
Deployed ZeroTier mesh VPN to connect office PC (FRONT) with Julie's remote laptop (RSW-Laptop) for secure file sharing. Removed existing Tailscale installations and installed ZeroTier 1.16.2 on both machines, joining network 17d709436c834c9b with IPs 10.147.19.199 (FRONT) and 10.147.19.54 (RSW-Laptop). Added bidirectional hosts file entries for hostname resolution.
Created local julie user accounts on both machines (Administrator group) with matching M365 credentials. Encountered and documented critical GuruRMM bug where password-setting commands complete successfully but fail to actually set passwords; worked around using ScreenConnect.
Configured SMB file sharing for three folders (Scans at C:\Scans, Forms and Pleadings in OneDrive\Desktop). Granted julie NTFS FullControl permissions on all three. Mapped persistent network drives (S:, F:, P:) on RSW-Laptop and created desktop shortcuts using UNC paths (\FRONT...) for resilience.
Granted julie@rswolkin.com FullAccess permissions to robert@rswolkin.com's M365 mailbox using ComputerGuru Exchange Operator app. Enabled AutoMapping for automatic mailbox appearance in Outlook.
Initiated Office 365 and Adobe Creative Cloud Desktop installations on RSW-Laptop (silent installs running at session end). Investigated printer sharing for RICOH network printer but encountered access denied errors; deferred for later investigation.
Key Deliverables:
- Functional remote file access via ZeroTier VPN
- Three SMB shares accessible from remote location
- M365 mailbox delegation configured
- Software deployment in progress
- GuruRMM password bug documented for platform team
Deferred Items:
- RICOH printer access from remote
- Office/Adobe installation verification
- File share access testing from Julie's actual user session (all testing was SYSTEM context)
Compliance & Security Considerations
Data Protection
- Attorney-Client Privileged Material: All file shares contain legal documents and case files subject to attorney-client privilege
- Encryption: ZeroTier provides encrypted mesh networking (AES-256)
- Access Control: SMB shares require authentication; only
julielocal account has permissions - Physical Security: FRONT is at office location; RSW-Laptop location not documented
M365 Security Posture
- MFA Status: Not documented
- Conditional Access: Not documented
- Mailbox Delegation Audit: Julie has FullAccess to Robert's mailbox (appropriate for assistant role)
- Data Loss Prevention: Not documented
Recommendation: Enable MFA for both M365 accounts (robert@rswolkin.com and julie@rswolkin.com) to protect against credential compromise, especially given the sensitive nature of legal communications.
Network Security
- VPN Type: ZeroTier mesh (peer-to-peer, not hub-and-spoke)
- Office Firewall: Not documented
- Endpoint Protection: Not documented
- Patch Management: GuruRMM monitoring in place but update policies not documented
Service Delivery Notes
Communication Patterns
- Primary contact via Robert Wolkin (robert@rswolkin.com)
- No documented SLA or response time expectations
- Per-incident service model (user initiates contact when issues arise)
Billing Model
Not documented. No prepaid block or monthly recurring charge noted.
Session Logs
All work sessions stored in clients/wolkin-law/session-logs/ subdirectory.
Related Documentation
Wiki Articles
- Tailscale Client Management Pattern - Not applicable (client uses ZeroTier)
- GuruRMM Project - Platform documentation including known issues
Session Logs
Memory Items
.claude/memory/feedback_rmm_password_limitation.md- GuruRMM password bug documentation
Vault Entries
clients/wolkin-law/*.sops.yaml- Client credentials (exact structure not documented)
Quick Reference
File Share Access (from Remote)
S: → \\FRONT\Scans
F: → \\FRONT\Forms
P: → \\FRONT\Pleadings
Remap Drives (if disconnected)
net use S: \\FRONT\Scans /user:FRONT\julie Jaylen0607! /persistent:yes
net use F: \\FRONT\Forms /user:FRONT\julie Jaylen0607! /persistent:yes
net use P: \\FRONT\Pleadings /user:FRONT\julie Jaylen0607! /persistent:yes
ZeroTier Management
# View network status
"C:\Program Files (x86)\ZeroTier\One\zerotier-cli.bat" listnetworks
# View node info
"C:\Program Files (x86)\ZeroTier\One\zerotier-cli.bat" info
GuruRMM Agent IDs
- FRONT:
04765560-3e8a-46e5-a507-c5f5f4ead6eb - RSW-Laptop:
043fd673-35a2-4d3d-8f91-ed73ce70cc1e - DESKTOP-V1JT1SE: Not documented (out of scope)
Sources
This article was compiled from:
- Session log:
clients/wolkin-law/session-logs/2026-06-07-mike-zerotier-setup.md - GuruRMM platform data (agent enrollment, client structure)
- M365 tenant configuration via remediation tool
- Direct observation during VPN deployment and file sharing configuration
Compilation Methodology: Full initial compilation from first comprehensive work session. No prior wiki article existed; previous wiki index entry was a stub referencing "Robert Wolkin" as a separate entry.
Last Updated: 2026-06-07 Next Review: After completion of pending items (printer access, software installation verification, file share user testing)