Skip to content
Rocky Mountain Tech Team Logo Rocky Mountain Tech Team Logo
  • 303-732-3200
  • COMPANY
    • About
    • Team
    • Pricing
    • Blog
  • DENTAL
  • SERVICES
    • Services Overview
    • Dental & Orthodontic
    • Charter Schools
    • Cabling Services
    • Hosted Solutions
    • Brew Team
  • RESOURCES
    • Work From Home
    • New PC Questionnaire
    • Pay an Invoice
    • Tech Portal
  • CONTACT
    • General Inquiries
    • Client IT Requests
  • REMOTE HELP

Routine Maintenance Visit

Routine Maintenance Visit

Brandon Hamilton2021-01-22T15:22:12-07:00February 27th, 2020|Categories: Tech Forms|

"*" indicates required fields

Hidden

We are trying to prevent lost RMVs by making this page public (so that you don't have to log in to WordPress).
Press Next to continue. If you don't see a Next button, start from Control again

RMV Details

In order to improve matching of completed RMV forms to the correct client in Control and to ensure the Last RMV date is correct, please use the RMV Form links in control which will pre-populate Client Name and Tech Name below:

I am*

STOP - you will not be able to submit this form because you didn't initiate it from Control, like noted above. This is now required for 'Create a Project action for me' type stuff to work and link up correctly

Hidden
MM slash DD slash YYYY
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Is this a Network Audit?
Network audits are for when you are checking another tech's work to ensure they didn't miss anything.
Is this a Team Lead Verification?
Team Lead verfications are for when a TL is verifying accuracy of a tech's RMV results
What Type of RMV?*
Quick RMVs are shorter and should be done at whatever frequency is specified in Control. A Full RMV should be done if you are taking over as Lead Tech from another RMTT Tech. A Full RMV will have you verify some things that haven't been checked since the initial cutover. New Client Audit is a sales tool with the intent of gathering information about what a client will need to get 'caught up'. Cutover is when we are taking over a new client the first time. NCA and Cutover is for when they've already signed with us, but a New Client Audit hasn't yet been done, so we still need to provide them with a catch up quote. Full descriptions of RMV types available here
Is this a Lead Tech Transition?
Are you doing this RMV as a result of a Lead Tech Transition? Reminder, it should be a full to make sure nothing is missed.
Should next RMV be a Full?
Previous guidance was 1 out of every 4 RMVs should be a full. We've pulled that back are recommending Full RMVs when a major change has taken place such as a new lead tech, new server, extended amount of time has passed. If this meets any of those criteria, please choose Full on the above question instead. If you plan on having the secondary tech do the next Full, please work with them and dispatch to get that scheduled

Confirm understanding of the goal of this NCA*
You have selected a New Client Audit. An NCA typically happens in the sales process before a customer has committed to work with RMTT. If they've already committed to work with RMTT, you may want to choose an NCA and Cutover instead. The goal of an NCA is to find any red flags in a client's network so that we can come up with a proposal or "catch up quote" of what all needs to be done to get them in good shape. These are 'look but don't touch' questions. Upon completion, you will be emailed a copy of your answers with sales cc'd so that you can work with the sales rep on the "catch up quote". Unless otherwise specified, NCA's should be Zero Billed
Confirm understanding of the goal of this Cutover*
You have selected a cutover. A cutover should only happen after a client has committed to working with RMTT and if they've already had an NCA done as part of the sales process. If an NCA hasn't been done already - you probably want to choose NCA and Cutover instead. The goal of a cutover is to cutover all services to RMTT and remove any prior IT company's tools. You may also be addressing items identified in the NCA, be sure to work with the sales rep to ensure you have an understanding of all things to be addressed. Unless otherwise specified, Cutovers are billable
Confirm understanding of the goal of this NCA and Cutover*
You have selected an NCA and Cutover. An NCA and Cutover should happen after a client has already committed to working with RMTT, but has not had an NCA as part of the sales process. The goal of an NCA and Cutover is to find any red flags in a client's network so that we can come up with a proposal or "catch up quote" for what all needs to be done to get them in good shape. As well as to cutover all services to RMTT and remove any prior IT company's tools. Unless otherwise specified, NCA and Cutovers are billable.
Uncheck to hide sections
If they don't have any of these items, uncheck - it will make the RMV go much quicker. Uncheck on a New Client Audit as well.

Automated RMV

Run RMTT Automated RMV
From the primary domain controller server, download the RMTT Installer, choose "RMV - Client Wide" from the drop down. Follow prompts of any windows that stay open. When script completes, check Control>Alerts for results. If there are multiple servers, run "RMV - Additional Server" on additional servers. No server? run a client wide from a workstation

Primary Contact Check-in

Send Primary Contact an RMV Summary
If you choose yes, you will be presented with a next page of questions to send a 121 point inspection type report you'd get from an auto shop to the primary contact. Pro Tip: In Control>Activity>RMVs - check "Always send client summary" to have this default to Yes.
Get honey-do list of any current issues
Pay attention to any recurring issues and if we need a make any systemic or overhaul changes. IE, printers keep going offline, or Bob's computer keeps rebooting randomly

Document/Verify protocol for reaching client when a server is offline/downtime/etc
Control>Contact>Outage - add how they would like to be contacted if we get alerted of an issues. IE, fine to call 24/7. Only call after 7:00AM. Email only. Email work address as well as 3031234567@vtext.com, Any information that would make the person checking for server outages in the morning have a better chance of getting a hold of the right person at the right time with the right method.

Let client know any cool new features they might appreciate
For example, Teams just added the option to do a poll during a meeting, this client is a heavy teams user and might really appreciate that. Basically - you know this client well, is there anything you can share with them that would help them out?

Get a list of pain points/system wide issues
The goal is to get a list of what you should be on the lookout for as you're working through this list. Overall slowness? Wifi stinks? They don't like their email system? Want to be able to send encrypted emails and can't?

Get the following information to enter into Control or to reference later on

Client Overall

For quoting Proactive, etc
For quoting Proactive, etc
For quoting Proactive, etc
For quoting email, etc
For quoting email, etc
Are RMVs getting done according to the interval set in control

Missing Control Info
Which of these items were not filled in correctly?
Any unclear or inaccurate areas in Control
Verify Control profile is fully up to date and accurate
Primary Contact identified, Industry selected, Platform selected, All usernames/passwords, Business Hours, Backup details, Email Service, Proofpoint, VPN details, File Services details, Expected Speed, Dental details, Comcast account number, etc. If I were another tech, I could definitely help this client based on Control info

Verify secondary tech in Control appropriate
Secondary tech should be able to cover for you at this client if you were out for an extended period of time. Secondary tech should not be remote (unless client is too). Is the person listed up for the task? Should you schedule a time to give them a run through? Should they do a Full RMV here to give them a better grasp of the network and check your work? If any tech should be able to walk in here with no problems whatsoever, set secondary tech to Next Tech Up (vs. blank)

Verify there are no weak passwords (RMTT STANDARD)
Use the Control password generator to create complex passwords to replace default or weak passwords. If client does not meet RMTT Standard, note why in Control>Key Info Notes. You can run a KeyInfo Report from the key info 3 bar menu to see non-obfuscated passwords

Address all open Actions in Control - including Next Time items
Verify all items in Control under open actions are addressed and flag is cleared

Hidden
Verify there are no EOL devices?
Win7 EOL was Jan 2020, start warning and coming up with a gameplan now. You can send them a report if they have proactive: reports (top nav)>Devices>Proactive Devices>Client. you can calo buy another year of win7 support: Buy Win7 Extended Support

Resolve any recurring Alerts (backup failures, etc) in Control
Log into Control, under the activity tab, look through all the alerts and make any necessary fixes - when done, click mark as addressed

Proactive Setup

Are you setting up Proactive today?
Do you want a project action to setup Proactive?
Create customer In N-Central
How to create a customer in n-central. This guide includes NO AV exceptions, etc.

Deploy agents
Recommendation is to setup via Group Policy

Enable Active Directory/LDAP integration
This allows resetting passwords, etc via n-central without having to log in to the console, enter passwords, etc. Big time saver. How-To

Ensure AV policies are deployed correctly
Especially with dentals as these require more steps

Backup

Is Acronis already setup?
Are you setting up Acronis today?
Do you want a project action to setup Acronis?
What is the local data offsite backup solution? (RMTT STANDARD)
Acronis is the RMTT Standard. If client does not meet RMTT Standard, note why in Control>Key Info Notes. If there is no local data or need for local backup (for example Sharepoint only), select Intentionally None

Is offsite backup setup as Entire Machines or Files and Folders
If there are multiple offsite backups and any are Files and Folders, choose Files and Folders
Verify client is aware of potential pitfalls with Files/Folders only offsite backups
Occasionally a backup plan is initially setup for just files and folders to save space or to mirror a previous backup solution's dataset. Is that still appropriate? If it won't cost the client too much more, should we make the switch? This could definitely have been the case for SOS customers

When was the last successful offsite backup?
Device
Last 100% complete backup/offsite rotation
 
I did a test restore of a single file from offsite backup (this also helps verify encryption key on file is correct). The file I test restored was:
Even if backup is reporting successful - it's imperative to actually do a test restore to ensure backups are working. Please use C:\program files (x86)\RMTT\TestRestore\TestRestoreFile.txt for the restore file
Device
File Restored
 
What is local data onsite backup solution? (RMTT STANDARD)
Acronis is the RMTT Standard. If client does not meet RMTT Standard, note why in Control>Key Info Notes. If there is no local data or need for backup (for example Sharepoint only), select Intentionally None

Is onsite backup setup as Entire Machines or Files and Folders
If there are multiple onsite backups and any are Files and Folders, choose Files and Folders
Verify client is aware of potential pitfalls with Files/Folders only onsite backups
Occasionally a backup plan is initially setup for just files and folders to save space or to mirror a previous backup solution's dataset. Is that still appropriate? If it won't cost the client too much more, should we make the switch? This could definitely have been the case for SOS customers

What is the onsite backup media

Verify client is aware of potential security issues with backup media
Time to upgrade them to a NAS for backup? Use the RMV summary green/yellow/red to help with this

When was the last successful system state/local backup?
Device
Last 100% complete backup
 
I did a test restore of a single file from the system state/local backup (this also helps verify encryption key on file is correct)., the file I did a test restore with was:
Even if backup is reporting successful - it's imperative to actually do a test restore to ensure backups are working. We have definitely seen success misreported. Please use C:\program files (x86)\RMTT\TestRestore\TestRestoreFile.txt for the restore file
Device
File Restored
 
Hidden
Were files test restored on the documented date of the completed RMV form?
Verify no logins are saved in Chrome and that all passwords are unique
some former RMTT techs had this bad habit, make sure no credentials are saved in Chrome, make sure all passwords are unique (Acronis user, encryption key, NAS password, etc)

Verify accurate dataset selection for Acronis 365/Google
Ideally you want to back up all units (mailboxes/sites/etc) at the parent level so all new units are included. If you manually select units, please review to ensure all desired units are backed up.

I did an Acronis 365/Google test restore (this also helps verify encryption key on file is correct). The item I test restored was:
Even if backup is reporting successful - it's imperative to actually do a test restore to ensure backups are working.
Item
File Restored
 
Hidden
Were files test restored on the documented date of the completed RMV form?
Perform an Entire Machine Test Restore
If Acronis, here's a How to. Datto/WSB/Veeam have other methods

What is the gameplan for getting them migrated to Acronis?
How to setup Acronis

Setup/verify Acronis setup per wiki recommendations (backup plans/active protection)
Acronis wiki. We've changed the recommendation a couple times with regard to how to setup backup plans. Also ensure that Active Protection is in desired state. Be sure to set No Successful backups for specified number of consecutive days setting. This also includes setting up an entire machine backup to a local device (even if you also use WSB)

Update Acronis Agent
client > settings > agents and selecting the agent and click "upgrade agent". Do not do this for Synology/Docker

Remove licenses and/or storage from retired devices
Datasets are more commonly missed. If they replaced a server, make sure to delete the old server's data (if that's what the client wants)

Are WSB backup logs monitored by Control?
There will be scheduled tasks for: RMTT_Backup Success/Failure - run them and verify they are received in the Alerts section of the Activity Tab. You will have to click Showing Open Alerts to toggle and see all. This is the new way to test vs. checking the support@ mailbox

Make sure Veeam config file is set to backup
How-to

Encrypt External Backup Drive
How-to Encrypt a WSB drive

Ensure backup set is fully inclusive
Print out list of dataset or otherwise show to customer and have them verify that it's everything. Protip - do c:\shares and put all shares there, that way new shares would more likely be included in backup set. Don't forget Quickbooks file.

Ensure client is working with a web developer, has a disaster recovery plan for their website and web developer contact info is in Control (Key Info>Vendors Tab)
If they don't have one - see recommendations on RMTT Wiki - Web Development

Check/verify Is the local backup storage in good shape?
Are drives failing or filling up? Should we replace with a Synology?

If we'll be quoting any backup solutions, what is the size of the dataset we should quote based upon?
Enter/verify all backup information in Control

Put 0 if backup is in good shape, otherwise estimate how many hours to quote for backup catch up? Time to encrypt backup drives?
Are there any red flags? Do we need a full revamp? New hardware? New software? Mission critical product like Datto or similar?

Server (General)

Server Brand

Add Server and Service Tag to Control>Key Info>Devices
Since they do not use Proactive, manually add server with service tag to Control>Key Info>Devices. This will still allow us to track warranties and retire dates (and send related emails)

Document/Update recommended server(s) decommission date in Control
In Control>Key Info>Devices>Additional Info>Retire Date. (on each server)

Workgroup or Domain? (RMTT STANDARD)
Domain is RMTT Standard. If client does not meet RMTT Standard, note why in Control>Key Info Notes
Should we upgrade to a domain?
Should Server be replaced?
Is hardware old? Is Server OS end of life?
How many hours should we quote for a full server replacement?
Remove ALL access from previous IT Company
Look for everything, VPN, LogMeIn, Bomgar, TeamViewer, MSP Software, ports in Firewall, Access Points from their Controller. It's embarrassing when the old IT company calls to have the customer remove it because we missed it.

Remove AntiVirus from previous IT Company
Sophos has required manual intervention in the past (and bit us) - make sure all AV is off the server.

Take/update a picture of the server room, upload to Control>Key Info>Setup
you can use your phone via web interface of Control

Confirm/verify server has a battery backup that's big enough for customer's run time expectations
Run a self test if you're unsure of status.

Server (Windows)

Run/verify RMTT Installer
Verify RMTT Installer has been run on Server. Make sure to choose Server from drop down. To verify Server was selected, go to scheduled tasks and check to see if there's a task for sending WSB logs

Register/verify server in Simplehelp

Note Free Space
Server Name
Drive Letter
Used Space
Free Space
 
VSS is installed on the following Servers/Drive Letters. (Should be on all drives unless you use Datto all day long)
Create new row for each server. Details on Datto conflict: Wiki - Datto
Server Name
Drives
 
make sure shrUsers permissions are correct
Make sure shrUsers folders are actually private if that's the client's intent

Check Logs for errors
Using Server Manager can be a good way to do this

Check for failed logins
Check event log to see if there are many failed logon attempts (even if RDP isn't open publicly).

Change/verify administrator username to superman (RMTT STANDARD)
most brute force attempts use administrator for username, changing to superman helps alleviate this issue. If client does not meet RMTT Standard, note why in Control>Key Info Notes

Change administrator/superman password
If cutting over from prior IT provider, always a good idea to change the password. Use password generator in Control

Verify that scheduled tasks can all start (change passwords as appropriate)
If the admin password is changed, any scheduled tasks that are based on that admin account will no longer work - so this check is to verify that all scheduled tasks are still running

Verify that services can all start (change passwords as appropriate)
If the admin password is changed, any services that are based on that admin account will no longer work - so this check is to verify that all services are still running

Review old users in ADUC
Remove/disable any old users/former employee. You can run this command in powershell on a domain controller to create a list:
never logged in users:
Get-ADUser -Filter {(lastlogontimestamp -notlike "*") -and (enabled -eq $true)} | Select Name,DistinguishedName
users not logged in for 90 days:
$date1= (Get-Date).AddDays(-90)
Get-ADUser -Properties LastLogonDate -Filter {LastLogonDate -lt $date1} | ft

Check members of Domain Admins (and other administrative) group
Verify only authorized users are members of Domain Admins group or any other group with admin rights. Check effective permissions on a share that should be locked down and ensure it's correct.

Run DCDIAG to make sure AD is happy

Check for any remnants of old Domain Controllers

Verify DNS Scavenging is enabled and remove old devices from AD
Wiki - DNS Scavenging. FYI, this link is part of the n-central setup doc, but perfectly describes setting up DNS Scavenging.

Verify Reverse DNS is correct
Wiki - Reverse DNS

Enter/verify Mapped Drives noted in Control (RMTT STANDARD)
Key Info>Devices Tab. Category = Mapped Drive. Descriptor = Drive Letter. Name = UNC. (i) has a spot to check if deployed via GPO. NBC should probably be checked so that there's a reminder on new builds to ensure drives are mapped properly. Mapping drives via GPO is the RMTT Standard. If client does not meet RMTT Standard, note why in Control>Key Info Notes

Enable/Verify Auditing File/Folder Access
RMTT Wiki - Enabling Auditing of Files/Folders

Make sure lockout policies are set adequately
Run How to setup Anti Lockout Policies

Setup/Verify printers are installed via GPO (RMTT STANDARD)
How to: Print Management via GPO. RMTT Standard is to deploy printers via GPO. If client does not meet RMTT Standard, note why in Control>Key Info Notes

Setup/Verify printers are installed via GPO (RMTT STANDARD) - TL Verification
How to: Print Management via GPO. RMTT Standard is to deploy printers via GPO. If client does not meet RMTT Standard, note why in Control>Key Info Notes

Configure/Verify IP address for iDRAC, upgrade firmware, configure it to email alerts on errors, and document in control (RMTT STANDARD)
Even if you didn't buy an iDrac, there probably is an iDrac express. Setup with these steps. iDrac Standard (not express) is RMTT Standard. If client does not meet RMTT Standard, note why in Control>Key Info Notes

Test iDRAC/OMSA notification emails to idrac@rmtt.com/omsa@rmtt.com
Wiki - iDRAC/OMSA setup and testing instructions

Verify current firmware levels of server (RMTT STANDARD)
If a Dell, here are the options: How-to upgrade Dell Firmware. If client does not meet RMTT Standard, note why in Control>Key Info Notes

What are RAID levels (RMTT STANDARD)
Is there actually redundancy to the RAID Array, or did some bonehead set it to stripe. If you aren't comfortable with the current RAID configuration, make a gameplan to change it. Reminder, you should be able to pull this info from iDRAC or OMSA on a Dell. RAID 1 or greater is RMTT Standard. If client does not meet RMTT Standard, note why in Control>Key Info Notes
Server
RAID Level
 
Confirm health of drives/RAID array
Are any drives already failed? Throwing SMART errors?

Verify there are no software RAIDs
Lots of old Cornerstone whitebox servers have software RAIDs which are not recommended. If you see a software RAID, it's probably time to quote a new server.

Run Dell RAID consistency check from OMSA or iDrac

Was a consistency check run on the documented date of the completed RMV form?

Install/verify PowerChute (or similar) and test battery
Really only works well on bare metal servers, but if they have a battery backup, we should have PowerChute or similar software gracefully shutdown on extended power failures

Manually catch up all Windows Updates, including reboots
babysit these, don't assume a server that is way behind will update smoothly. Reboot/update until fully caught up (the reboot part is usually where bad things happen).

How many Windows Updates are pending?
Server Name
Number of Updates
 
Overall Server Condition/Health
Is DNS correct? Are old domain controllers properly demoted? Is this thing just limping along or actively maintained?

Server (Mac)

Setup/verify there is a general admin user configured
and documented in Control

Change administrator/superman password
If cutting over from prior IT provider, always a good idea to change the password. Use password generator in Control

Run disk utility and repair permissions

Server (Synology)

Change administrator username to superman
most brute force attempts use administrator for username, changing to superman helps alleviate this issue

Does it have enough free space?

What are RAID levels
Is there actually redundancy to the RAID Array, or did some bonehead set it to stripe. If you aren't comfortable with the current RAID configuration, make a gameplan to change it.
Server
RAID Level
 
Document Synology backup strategy in Control
Under Key Info>Setup>Backup Strategy
Document admin credentials and quickconnect in Control
If you decide quickconnect is appropriate How-To

Change admin username to superman, ensure complex password
As a security measure against brute force via quickconnect

Verify it's set send notifications to synology@rmtt.com from clientname@rmtt.com
How-To

Disable Quickconnect if you want super secure
Lots of brute force hacking via QuickConnect - setup OpenVPN or Proactive to allow us remote access for administration as a more secure method. Be sure to update Control with access instructions

Consider Synology High Availability
If Synology data is mission critical, would a high availability setup be a good recommendation? Customer Summary may be a good way to pitch this Synology HA

Enable auto block on failed attempts
In Control Panel>Security>Account>Auto Block, make sure it's set to auto block on X failed attempts

Export .ovpn. Edit file to reference static IP or Synology DDNS address and save .zip to Control
If you use Synology for OpenVPN access, export the settings and upload to Control

Backup the DSS config and save to Control

Perform SMART Test
Main Menu > Storage Manager > HDD/SSD > SMART Test

Disable Enhanced Brower>Skip IP Checking
Login to Control Panel > Security > Check Enhance browser compatibility by skipping IP checking

Automate RAID Scrubbing
Wiki - Synology Data Scrubbing

Check event log/notices
probably only need to do this if you aren't/weren't getting notifications

Enable snapshot replication
How-To. This enables restore previous versions from Windows (if btrfs is used)

Update DSM and all packages

Verify Synology account is documented and serial number is registered
Verify we have credentials for synology account that has device registered (will need this for any warranty work)

Server (final)

Reboot server before you walk out the door and ensure everything comes up smoothly
Don't schedule it, actually reboot it and make sure it comes back up smoothly and no issues after reboot.

Schedule a reboot if cannot be done during business hours
Windows - RMTT Installer creates a scheduled task that you can use

Enter/verify all server information in Control

How many hours should we quote to get server cleaned up and in good shape? Is there DNS cleanup needed?
Any red flags? What else should be considered when putting together a quote for the server situation for this client? Other notes on how long server will last?

Hypervisor

Change administrator/superman/root password
If cutting over from prior IT provider, always a good idea to change the password. Use password generator in Control

Enter/verify Physical Server Service Tag in Control under Key Info>Devices
Even if we don't monitor with Proactive, it's good to have the server service tag in there because Control will still pick up warranty details

Upgrade/verify ESXi to latest version
It's easy to get in the habit of installing ESXi when a server is deployed and never upgrading again. This is bad news from a security and feature perspective. Please upgrade or schedule some time to do so.

Hint, there should be 0 unless you're actively working on something
Verify there is enough free space?

Verify there a free space savior in place?
Wiki - Free space buffer

Verify all vmdk files (including deltas if there are snapshots) are on the correct datastore (and not an external drive or something strange)

Verify that number of virtual cores matches physical hardware
Wiki - ESX, matching cores to hardware

Enter/verify all hypervisor information in Control

Any red flags?

Workstations

Summary of workstations
Take a sample of the various types of workstations to get an overall sense of health. Examples of Type: operatory, admin, power user. at the end of this section you're going to be asked how many hours it will take to get workstations in good shape, this question is to help you get at that answer as best you can
Type
How Many?
RAM OK?
SSD?
WinUpdate OK?
Replace?
 
Remove AntiVirus from previous IT Company
Sophos has required manual intervention in the past (and bit us) - make sure all AV is off the server.

Run RMTT Installer
Run RMTT Installer on ALL workstations. Make sure to choose appropriate OS from drop down

Rename any incorrect or generic computers (Ie, PC, Bob-PC)
When Susan is now using Bob-pc (who was fired 3 years ago) it's very confusing. Also confusing when they ask for a list of computers Proactive is installed on (Bob left 3 years ago, why are we paying for that.... Well it's actually Susan's computer is a bad answer to have to give). You can do this from the command line to speed things up: Wiki

Label 100% of machines with stickers/label maker
If the client had a report of all devices in Proactive - they'd be able to match it with actual machines in the office. If you need stickers, ask Dispatch. If you don't like the stickers, use the label maker you've been provided. Again, If not labeled, they will have a hard time understanding which machine is Susans.

How is Office licensed

Create/Update/Verify New Build Checklist
Verify all software that should be installed on a new install is documented in Control>Key Info>Software and that the NBC checklist box is checked. Go to Control>Key Info>(three bars)>New Build Checklist to verify that if someone else had to install a new computer at this office, they'd have all the info they need

Confirm they have an emergency wired kb/mouse (if they use wireless otherwise)?
Many clients (especially dentals) use wireless keyboards, when they shit the bed and they don't have a backup wired keyboard around it can be far more urgent/devastating that you'd think.

Verify Dell Command Update Scheduled Task (via RMTT Installer) is working and Dell drivers are up to date

What is the Mac AntiVirus Solution?

How many hours should we quote for all workstations to cutover to RMTT? Think removing old AV, Windows Updates, Dell Updates, Join domain, Install Proactive, RAM and/or SSD upgrades, etc.
Enter details here about how many should be replaced, upgraded, and any other details that would help with the catch up quote. Should we upgrade Office?

Firewall/Networking Equipment/ISP

Describe equipment storage/mounting
Does Server room/networking equipment have enough air flow
Should we address heat issues with their setup?

Document in Control as well
Document ISP Account number in Control
Key Info>(i) Next to WAN Address>Account Number. Without this we will not be able to call ISP on their behalf and therefore cannot help them when they are down

Document in Control>Key Info>Internet (i)>Expected Speed
Are they satisfied with their ISP?
Are above speeds adequate for company size, cloud use, etc?

Verify that if all users started hosting more remote meetings (Zoom, etc) that there would be enough bandwidth to go around
Zoom requires around ~3.5MB upload per connection, is there enough bandwidth to go around? If not, rope in the sales rep to help get a quote for upgraded service

Are they satisfied with their Phone System?
Do they want our help with a new phone system like Comcast BVE or similar? We need to be careful about recommending VoIP, but probably better to be a part of the conversation than not at all. We can at least provide a list of vendor options

pfSense is RMTT Standard. If client does not meet RMTT Standard, note why in Control>Key Info Notes
Change firewall password
If cutting over from prior IT provider, always a good idea to change the password. Use password generator in Control

Review firewall logic, port forwards, and rules (RMTT STANDARD)
Ensure there aren't any old or lax rules or port forwards. Make sure no DMZ are setup. Make sure RDP isn't open to the world. Make sure they have a real firewall at all and not just an ISP modem. Make recommendations for a new firewall

Store a backup of router/firewall config in Control
Or if you don't want to put in Control (not recommended), note in other field where you put it otherwise

RMTT Standard is latest version of firewall firmware. If client does not meet RMTT Standard, note why in Control>Key Info Notes
Switch details (RMTT STANDARD)
create a new row for each switch. RMTT Standard is Unifi and 1Gb minimum. If client does not meet RMTT Standard, note why in Control>Key Info Notes
Ports in use
Ports available
Speed
POE
 
Unifi is RMTT Standard. If client does not meet RMTT Standard, note why in Control>Key Info Notes
Network device clean-up
is the switch and the firewall and ISP equipment piled on top of one another and on top of the server itself? Can it be mounted on a backboard? Placed on a shelf? Is all equipment labelled?

Email sales/dispatch/cabling (someone for crying out loud) to get cabling crew out to do cleanup quote
This is not usually covered in flat fee, but we should do it

Enter/verify all network information in Control

We should replace/add the following
How many hours should we quote for everything you've recommended fixing in this section?
Any red flags? What shape is the server room in, any recommendations we should make? AC Unit? Improved airflow? Old equipment to remove? How much should we quote for recycling?

Cabling

Data Cabling
Check all that apply
Phone Cabling
Check all that apply
Cabling cleanup?
What shape is the cabling in?

Email sales/dispatch/cabling (someone for crying out loud) to get cabling crew out to do cleanup quote
This is not usually covered in flat fee, but we should do it

Any red flags? Anything else to note specific about cabling?

pfSense

Are you installing a pfSense today?
Do you want a project action to setup a pfSense
Upload/verify current pfSense Config to Control

you can upgrade to the latest pfSense version without a reboot from the CLI: How To. Probably not a good idea to do this remotely just in case it doesn't go well. There have been reported issues with doing a CLI update to 21.05. RMTT Standard is to run latest firmware. If client does not meet RMTT Standard, note why in Control>Key Info Notes
Is pfSense hardware EOL? (RMTT STANDARD)
32bit x86 nanobsd hardware can no longer be updated past 2.3.X, which is no longer getting updates. If that's the case, quote them new hardware. RMTT Standard is non-EOL Hardware. If client does not meet RMTT Standard, note why in Control>Key Info Notes

Setup/verify pfSense Backup task
Updated Jan 2023 - Re-run the RMTT Installer, Under Scheduled Tasks and Notifications (towards the bottom), check PFSense Backup. This will prompt you to enter password for encryption. Any failures will create alerts

Enter/verify VPN configuration details in Control
someone let BH know when this question has done its job and is no longer needed (at least on the Quick RMV)

Setup/Verify OpenVPN uses at least a single certificate (RMTT STANDARD)
Instructions available here

Upload/verify current OpenVPN Config to Control

Setup/verify Proactive Monitoring Check for pfSense
Instructions available here

Enter/verify all pfSense information in Control
any red flags?

Unifi

Are you setting up/migrating Unifi today?
Do you want a project action to setup/migrate to Unifi?
Are all APs showing online in Unifi Controller?

Address any alerts for this network in Unifi Controller
Go to your site, click on the little bell in the lower left to check for alerts. Address

Setup/verify CNAME/A Records for Unifi
how to: Wiki

Enter/verify all Unifi information in Control

any red flags?

Cloudtrax

Is it time to migrate them to Unifi?
We haven't sold Cloudtrax in a long time, hardware is probably close to EOL. Should we flip them to unifi?

Are all APs in cloudtrax showing online?

Are wifi speeds acceptable? saturation OK? Channels OK?
Wiki - Cloudtrax Troubleshooting

PCI Compliance

Document/verify PCI Compliance information is documented in Control
Document scan site username/password in key info, etc.

If regular scans are required, make sure to create a recurring appointment in your calendar if client needs help

Wattbox

Register/verify Wattbox with RMTT OCVR account
Register with RMTT OCVS

Proactive

Verify all servers and workstations listed in Proactive?
Is proactive an accurate number to bill from (if not add details to notes at end)

How are agents installed
Is Deploy Proactive via Group Policy. If not, note why.

Update Proactive GPO script
The Proactive GPO script was updated in January of 2023 - grab a new copy of the script (and verify customer ID and Registration Token) Deploy Proactive via Group Policy. Run GPUPDATE / force on the domain controller. You can verify script works by checking Logs at %RMTT%\Logs\ProactiveInstallViaGPO.log on a client machine after reboot (when the startup script runs) - it may take a little bit to propagate so try a reboot later if it doesn't show up.

Verify probe status (Administration>Probes) is green
If it’s red – generally a service isn’t started (should be alerting under monitoring if this is the case), or the Agent failed to update properly. If service is started, reinstall app using this wiki

Verify recent check ins and Agent Version - reinstall if haven't checked in delete if machine is decommissioned
set filter to no agent checkin in X days and sort by Agent Version... no agent version then it's not actually installed. Manually install if device exists or delete

Check for AV Off
You can expose the filter in your dropdown by going to Configuration > Filters and finding the filter (AV Off), clicking it and then choosing Show in my Drop-Down

Check for obvious signs of ongoing infection
Customer > Configuration > Security Manager > Security Events. Make sure the same file isn't constantly getting quarantined/flagged

Address Issues/Alerts
First- Reset Filters to make sure you aren't hiding anything. Are there any alerts under Active Issues? If a check (ex: warranty) is alerting and doesn’t require attention, Under Monitoring, turn service check off using Toggle. Service Details for the Check, set to Monitoring > Off/Disabled (do not turn monitoring off altogether or turn thresholds off, set to off under Service Details)

Check Discovered Assets
Verify there are no real workstations that were discovered but not yet active (can happen if we run out of licenses)

Verify the following Proactive checks are in place (check all that are running)
Verify customer is signed up from Quarterly Reports if desired
Quarterly reports are a great way to start a conversation with a client about upcomgin hardware replacements. Control>Activity>Blasters - Check "Quarterly Report"

Domain/Email

Verify all domains are entered in Control>Key Info>Domains
Once entered in Control, it will automatically pull expiration date and flag an alert if it's coming up in the next 3 months. if you won't want to do that for some reason, put expiration date in other field. This also helps with matching for Actions.

Setup/verify GoDaddy Pro, check box in Control
Adding to our GoDaddy pro allows us to manage their DNS, etc. without having to track down their passwords every time they change them. How To. Make sure you check the GoDaddy Pro checkbox in Control

Who is email provider
Document in Control>Key Info

Are they happy with their email solution?
Are they on something old school without needed features? Do they need mail encryption?

Do we need to quote them MigrationWiz
If we're going to pitch a migration, should we be pitching MigrationWiz as well

Spam Filter/MX Caching Service?
Do they have a service like Proofpoint

Check/verify WhoIs information is correct
and make sure email addresses are ones that are checked for ICANN verifications

Check/verify MX Records are correct
Make sure there aren't any legacy MX records lingering and the priorities look good

Update Registar Override in Control>Key Info>Domains
Often times the registrar lookup will show TuCows or similar, but the actual registrar where you can login is someone different. Update who the reseller is under the (i) button next to the domain under Key Info>Domains

Enter/verify Registrar information in Control>Key Info
Verify we have accurate logon information documented in Control

Are we migrating them to a new registrar or email provider?
Any red flags? Should we switch email provider? Add backup service to email (like Acronis to Office 365 or G Suite)?

On-site Exchange

Question implies you'll do something if soon
Run Exchange Best Practices Analyzer, correct anything that it catches (Exchange Best Practice Tools)

Verify transaction logs have been committed by WSB or other

Port 25 (inbound) in the firewall is open to:
Implies that it should be locked down, note why if it's not

G Suite/Google Workspace

Setup/verify rmtt@clientdomain.com Super Admin
Wiki - How to setup RMTT Super User and ensure it has 2FA enabled

Lock down/verify Super Admin accounts with 2FA
Ideally enabled 2FA on all accounts, but at very minimum, ensure all Super Admin accounts have 2FA enabled. This can be a good selling point on getting them to buy G Suite through us instead. Once enabled for Super Admin, Control>Key Info>Email (i)>Check Two Factor Admin

Remove previous IT company's Super Admin

Enforce/verify 2SV (2FA) for all users
Best practice is to enforce 2SV on all accounts. Once enforced, Control>Key Info>Email (i)>Check Two Factor Enforced

Turn on Spoofing and Authentication
admin.google.com>Apps>Google Workspace>Gmail>Safety>Spoofing and authentication. Set all to On

Is the customer using Vault?

Talk to the customer about Vault
Vault is an awesome service for compliance, ediscovery, seeing if employees are up to no good, etc. It's included in Workspace Business Plus and up ($18/mailbox/month). If you don't want to talk to the customer, put this on the sales rep's radar.

Setup/Verify Vault is configured properly
Vault is not turned on by default, it must be configured before it will work. How to configure Vault

Do the number of accounts they are paying for match the number of current users? Do they want our help in removing former employee/unneeded mailboxes?
Sometimes customers rely on us to help ensure they are not overpaying for services they don't need. Sometimes they manage these things themselves. Get clarification on this and gameplan accordingly

Can we move this customer over to bill their G Suite through us?
We need to make these happen, makes administration of their accounts so much easier Wiki - Migrate billing to RMTT. If they are not a candidate to bill through us (IE, legacy free, non-profit, managed by corporate, etc), note in Control: How to Document if they are not a candidate for a reseller change

Setup/verify SPF, DKIM and DMARC (RMTT STANDARD)
How to. If client does not meet RMTT Standard, note why in Control>Key Info Notes

Discuss setting up Acronis to backup all of their G Suite info
Pricing and How-to

Microsoft 365

Setup/verify rmtt@clientdomain.com Global Admin (RMTT STANDARD)
Wiki - Setup RMTT Global Admin and ensure it has 2FA enabled. This should be done even if they are in our Partner Center since there are some things we can't do as partners. RMTT Standard is to make sure this is done.

Do the number of accounts they are paying for match the number of current users? Do they want our help in removing former employee/unneeded mailboxes?
Sometimes customers rely on us to help ensure they are not overpaying for services they don't need. Sometimes they manage these things themselves. Get clarification on this and gameplan accordingly

Lock down/verify all Global Admins with 2FA
Ideally setup 2FA on all accounts, but on Global Admins at the very least. This can be a good selling point on getting them to buy 365 through us instead. Once enabled for Global Admin, Control>Key Info>Email (i)>Check Two Factor Admin

Remove previous IT company's Super Admin

Hidden
Verify/have discussion with client on enabling Security Defaults
This will disable POP, IMAP, Basic Auth, and required MFA. Depending on when the 365 tenant was provisioned, security defaults may or may not be enabled. Unless you know of and have documented in Control a reason not to, make sure Security Defaults are enabled: Enabling Security Defaults

Can we move this customer over to bill their O365 through us?
Most clients should be able to bill their 365 licenses through RMTT: How to migrate billing to RMTT. Some clients (IE non-profits, managed by corporate, etc) are not: How to Document if they are not a candidate for a reseller change

Add/verify us as Partner of Record, Add/verify their tenant to our Partner Center dashboard, Make sure old IT company is removed from all places
Wiki - Office 365 Partner Center . This allows us to scan for email forwards on a regular basis with one script.

Setup/verify Audit Log Searching?
How-to

Hidden
Check for unauthorized forwards
How-to. If they are in our Partner Center, we do this globally

Setup/verify SPF, DKIM and DMARC (RMTT STANDARD)
How To. RMTT Standard is to have all of these in place

Run ORCA advanced threat protection settings
ORCA How-to Take recommendations as appropriate for a customer. IE, you may not want to disable whitelisting

Discuss whether they want to be able to send encrypted email?
Pricing and How To

Discuss whether they want Acronis to backup all of their O365 info
Pricing and Install How To. Or kick this over to the sales rep if appropriate

Dental

Operatory monitors

Operatory video runs

What Practice Management Software do they run
Make sure Control is updated as well

Do they have an active support contract for PMS?

And update in Control
Do they have an active support contract for Imaging?

Is Dental Software on current version?

Do they have a 3D cone beam?

What brand of sensors do they have?

Verify all dental installers are default and documented in Control
Instructions available here

Add/verify all dental devices (Pano's, Cone Beams, Xray, etc.) to Key Info>Devices
Make sure to include manufacturer, model and serial number as that’s quite important for calling in for support.

Document/verify Dentrix Database Password in Control
If they have G6 or greater, we need their database password before we can do any upgrades, etc. Make sure we have it before it becomes an emergency

Verify Dental Software's install path is standard and included in AV exceptions in Proactive
If you need help adding an exclusion path to Proactive, ask CS

Run SoftDent Maintenance Utilities
SoftDent Maintenance Utilities

Set dental software to auto-start on reboot
Mostly needed for Care Stream products, but verify all Dental software starts up automatically on startup

Verify we have a BAA on file
Control>(contact record)>Activity>Signatures>BAA. If it doesn't say signed, send one out

Make sure Primary Contact knows we are a resource for PCI/HIPAA/Ransomware insuruance
Connect with sales rep if they do. Point isn't to hardsell, but to make sure they know we are available if they want it

After installing Proactive, verify all sensors and integrations still work

Primary Contact Check-out

Update/confirm Key Info>Vendors with client
Key Info>Vendors is where to document contact information for any of the client's other vendors. IE, if you need to contact web developer for DNS changes; phone vendor for vlan/switch changes; industry software account number and vendor's support number. You can export the list of vendors by clicking the 3 bars under key info>Overview, check vendors, export selected to give the primary contact a list to verify

Add/review/clean up Read This Alerts, Client Notes, Key Info notes
Do all support requests need to be approved by Bob? For existing customers we redefined what should go in each of these places. Read This alerts shouldn't have key info and client notes - those go elsewhere. Check examples in Control

Create/review hardware replacement plan with Primary Contact
Does any equipment need to be replaced soon? What's the timeline for a new server? What workstations are on their way out? Keep the client up to date on what upcoming costs they should plan for. Create a timeline for the next 3 pieces of equipment that need to be replaced. Keep EOL dates in mind when reviewing. Signing up for quarterly report (for Proactive clients) is a great way to start this conversation

Review all the lists you created throughout this form
Throughout this RMV there was a few places where you could have created a list to share with the primary contact at checkout. This question is a reminder to share those lists to ensure they are pruned down correctly
Show how to use Proactive for remote access

Discuss with primary contact all that have changed with the cutover
You just make a ton of changes, tell them there can be over 300 things to check/change on an RMV. Have a discussion with the primary contact/owner/anyone that will listen about this. Let them know to expect to have some hiccups as we get them in better shape for the long run.

Schedule to be there first thing in the AM next business day?
9 times out of 10, when we do a cutover - there's something that doesn't go 100% correct. It's highly recommend you plan to be onsite the next day to clear up any issues. Even if you just hang out and take other remote things from their office. Makes us look like heros.

Verify/Get waiver signed if they don't have recommended services
If they don't have recommended backup, firewall, AV, etc. Go to Control>Activity>Signatures>Declined Services. Check which services they are declining and send. If you've already asked them about this multiple times, create an action for the sales rep to follow up

Remind customer to leave workstations turned on every night (no sleep) for patch management and AV (OK to turn monitor off)

Let customer know Proactive's maintenance windows
So they can know when to expect reboots to have happened. Device > settings > Maintenance Windows. By default all servers should apply updates/reboot on Tuesday mornings around 3AM and all workstations should be doing the same on Wed around 3AM

Did you check out with primary contact and ask if there was anything else you could help with before moving on?

Let customer know they can give us feedback that you won't see at feedback@rmtt.com or 303.217.8301 or calling Eric or Brandon
They can leave us feedback either of these ways or call Eric or Brandon directly

Let customer know how to reach us at 303.732.3200
Feel free to give the customer your direct dial and email address, but let them know that the best way to get a hold of us is through the main number

Summary and Notes

If this client cleaned up all or most of the things you've noted, how many hours per month would you think they'd need if they went flat fee? Do not share number with client yet - this is just to start a conversation between you and sales.
this is automatically calculated from all the time you noted in sections above. Make note below if this seems way off. Do not share number with client yet - this is just to start a conversation between you and sales.
What services should we recommend?
So that we have this all in one summary here at the end... What services do they not have now, that they need? Follow up with a quote
If this were my family business, I'd be happy walking out of here
Is the client in good shape overall? If not, make recommendations, document in control, leave a paper trail to CYA

What is not standard about this clients and document in Control
What is going on at this client that is different than RMTT Standards. Document in Control

What else needs to be addressed? What are future plans?
What else do we need to know about this customer to provide a good overview of what needs to be done to get them caught up? Are total hours added up above correct? What can go wrong when we take over? Are they way behind on versions and getting caught up make not go smoothly?

This Form

How complete is this form?

Trying to gauge how long to schedule for RMVs/Cutovers. This data will help
Do you have feedback on this form?
Do you have feedback on the new automated RMV process?
Thoughts on other questions that can be automated? things that aren't clear what's happening or what to do about alert?
If you don't enter at least one character here, BH won't know you added feedback. Did you make notes in the 'other' section along the way (just type in see notes above)? Were there any questions on this form that you don't think were appropriate to be asked based on your selections? Automated RMV Feedback? Goal is to keep improving the RMV so it's most efficient
I'm done with this form and didn't just accidentally hit enter. I'm also certifying that I've answered this form truthfully and honestly.*
If you didn't have time to do something and did not get it done, mark as so. Do not mark items incorrectly.
You are seeing this page because you answered yes to 'Send Primary Contact an RMV Summary' on the previous page. Your answer to the questions below will generate an email to the primary contact (it will cc you as well) with the results. The goal is that this is similar to an inspection report you'd get from an auto shop. Some of these are prefilled based on previous answers, here is your chance to make any changes
This is how it will address the email... Dear {primary contact name}
cannot be blank, enter your own email address if you want to send to yourself first and forward later
cannot be blank, leave as your own email address if there are no additional addresses to send to
remove email address and put in your own if you don't want the sales rep to be cc'd for some reason
Hidden
Hidden
Should we include a question on the RMV Summary to ask the client their preferred protocol for reaching client when a server is offline/downtime/etc
Rather than sending a separate email for the RMV question about this, you can check yes here and in the summary email it will add this question: "
Password Complexity*
Recommendation Examples: change default passwords, enable two factor. Feel free to reference local accounts or email here, or later on in email question
Any existing issues that need to be addressed*
Onsite Backup*
Note Examples: Files/Folders, Entire Machine Recommendation Examples: Switch to Entire Machine, get Acronis, Get Datto
Offsite Backup*
Note Examples: Files/Folders, Entire Machine Recommendation Examples: Switch to Entire Machine, get Acronis, Get Datto
Server(s)*
Issue Examples: Age, Decommission Date, DCDiag issues, DNS Issues, RAID Level, Updates, Event Log issues, Disk Space Recommendation Examples: Replace in next 3 months, Get More RAM, Get SSDs
Workstations*
Recommendation Examples: upgrade to SSDs. Replacement for Win11 preparedness
Battery Backup*
Recommendation Examples: It should be replaced in the next 6 months to prevent unexpected downtime
Firewall*
Issue Examples: Firmware, pfSense vs. other, port forwards Recommendation Examples: Replace with pfSense, Sign up for Duo, Configure VPN
Wifi*
Issue Examples: Insecure passwords, slow, still cloudtrax Recommendation Examples: Replace with unifi
Cabling*
Recommendation Examples: do a cabling cleanup, label drops, put in a patch panel
Email*
Recommendation Examples: Switch to 365/Google, Move to RMTT reseller so we can manage easier
Antivirus*
Recommendation Examples: move to RMTT Proactive so monitored
Remote Access*
Recommendation Examples: move to RMTT Proactive, get Duo, ditch logmein
This is for anything else not covered by any of the very general areas above. This is where you'd add things like Dental (Example: Recommend upgrading to latest version of Dentrix)
For example, lists of domain admins, accounts that need MFA, etc
Drop files here or
Max. file size: 2 GB.
    Please click Submit, then you're done! (there just has to be something on this page)
    Home » Forms » Tech Forms » Routine Maintenance Visit

    Contact Us

    "*" indicates required fields

    Name*
    This field is for validation purposes and should be left unchanged.

    Tags

    Active Directory AV Exclusions Azure AD Connect Centennial Charter Schools Community Shares Dell Dentrix Denver Denver Tech Center deprecate DisplayPort DNS Dolphin Duo Eaglesoft EDR Google Workspace iDRAC Lafayette Lakewood ldap Microsoft Office n-central NAS Office365 OpenVPN Outlook PFSense PlanMeca Printing Proactive quickbooks Romexis Softdent Spam Stanley Marketplace Synology Tech Wiki Two Factor Westminster Windows Windows Server Windows Server Backup Work From Home

    Title

    Status Checks

    • Internet Speed

    • IP Address

    • DNS & Email

    • Office365

    • Google Workspace

    • iCloud

    • Dell Warranty

    • Apple Warranty

    • Snowboard & Ski Conditions

    Rocky Mountain Tech Team

    Since 2002, we’ve provided full service computer help, network support and IT consulting to hundreds of small businesses across Colorado.

    Today, we have locations in Denver, Boulder and Fort Collins with best-in-class tools to remotely support clients everywhere. Contact us for more about the Rocky Mountain Tech Team advantage!

    Denver // 303.732.3200

    Boulder // 303.815.1900

    Fort Collins // 970.294.0000

    Copyright 2012 – 2021 | Rocky Mountain Tech Team | All Rights Reserved

    Page load link
    Go to Top