TODOs

Investigate WSLg Wayland clipboard architecture — how wl-copy/wl-paste bridge WSL2 Linux to Windows clipboard via WSLg’s built-in Weston compositor and RDP channel. Compare wl-copy vs clip.exe path. Why it works without X11 forwarding.

Decrypt project doc: decrypt-file data/d001/projects/downtime-computers.adoc.age

Extract Cerner 724 downtime computer MAC addresses from email/ISE

Identify ISE identity group for downtime computers (if one exists)

Run Query 2 — list all NAS devices, identify WLC IPs and names

Run Query 1 — introspect RADIUS_AUTHENTICATIONS and NETWORK_DEVICES columns

Run Query 3 (Option A, B, or C depending on available identifiers)

Run Query 4 — full audit report showing wired AND wireless access

Export results to JSON and generate violation report

Identify which downtime computers are currently authenticating via wireless

Identify which WLCs they’re connecting through

Identify the ISE policy set and authorization rule allowing wireless access

Draft ISE authorization policy change — deny wireless for downtime computer group

Create Change Request (CR-2026-04-xx-downtime-wired-only)

Lab validate policy in d000 before d001 deployment

Submit to CAB if required

Implement policy change

Verify enforcement — re-run Query 3, confirm zero wireless results

Schedule recurring DataConnect query (weekly) to detect new violations

Consider ISE profiling condition or alarm for downtime computer on wireless

Document monitoring procedure

Generate styled HTML report: build-adoc.sh --variant catppuccin dataconnect-queries.adoc

Generate PDF for stakeholder distribution

Update project status and close