Keystone Integration
All articles
May 10, 202614 min read

The smart-home audit we run when we take over an existing UniFi install

A quarter of our Wasatch Front work is takeovers — existing UniFi installs handed over by builders, previous installers, or previous owners. Here is the 10-step audit checklist we run before touching a setting.

UniFiNetworkingAuditTakeoverSurveillance

Roughly a quarter of the work we do on the Wasatch Front isn’t new installs — it’s takeovers. A homeowner inherits a half-finished UniFi setup from the previous owner. A builder hands over a new construction with the low-voltage subcontractor long gone. A client’s previous installer ghosted, retired, or moved out of state. The cameras mostly work, the Wi-Fi mostly works, and nobody knows the controller password.

Before we touch a single setting, we run an audit. This is the actual checklist we walk through — in order — on every takeover. It takes a half day on a small house and a full day on a big one, and it ends with a written punch list the homeowner gets to keep. The most common takeover comment we hear at the end: “I had no idea any of this was wrong.”

Step 0: get the keys to the house

Before anything else, we have to actually own the system. That means:

  • UniFi SSO ownership. The controller is associated with the previous owner’s Ubiquiti account. We need it transferred or factory-reset-and-reclaimed. If the previous installer used their own admin account and never made the homeowner an owner, this is where we discover it.
  • Local console access. SSH or web console on the gateway with a working credential we control.
  • Camera access. Protect access on a real admin account, not a viewer the previous owner created for the kids.
  • ISP account ownership. If the homeowner doesn’t own the Google Fiber, Xfinity, UTOPIA, or Strata account, the network fundamentally isn’t theirs yet. We make sure that gets sorted in parallel.

Roughly one takeover in five involves a factory reset somewhere — either because the previous account is unreachable or because the device firmware is so far out of date that adopting it cleanly is faster than fighting the existing config.

Step 1: firmware versions on everything

We start with a clean inventory: every gateway, switch, AP, camera, sensor, doorbell, and access device on the controller. Make, model, firmware version, current uptime, last seen.

Two things we look for immediately:

  • Anything more than 9 months behind on firmware. UniFi is not strict about forced updates and plenty of installs run on the firmware they shipped with. CVEs accumulate quickly; we’ve seen takeovers where the gateway hadn’t been touched in three years.
  • Anything end-of-life. The original UAP-AC-Pro, the first-gen Cloud Key, G3-class cameras — some of these are still field-functional but won’t get security updates. The honest conversation with the homeowner is whether to plan a refresh now or accept the risk for one more year.

We schedule firmware updates in a maintenance window, not in the middle of the audit, because a botched update at 11 AM on a Tuesday turns the audit into an emergency.

Step 2: VLAN and network layout review

The single most common landmine on takeovers is a flat network. Everything — trusted laptops, guest phones, cameras, IoT bulbs, the kid’s school Chromebook, the Sonos — on one VLAN with one SSID. We covered the why in why one SSID for the whole house is the wrong default and VLANs explained for homeowners.

What we look at:

  • VLAN count and purpose. Is there actually a separate IoT VLAN, or just a checkbox labeled “guest” that nothing’s on? Are cameras isolated from the trust VLAN?
  • SSID-to-VLAN mapping. Some installers create three SSIDs but tag them all to the same VLAN. That’s cosmetic segmentation, not real segmentation.
  • Firewall rules between VLANs. Default UniFi behavior allows inter-VLAN traffic unless explicitly blocked. We check the actual deny rules — not just the existence of VLANs.
  • DHCP scope hygiene. A /24 with leases for 38 devices and 200 stale entries is fine; a /24 that’s actually approaching exhaustion on a big install is a flag.

Step 3: PoE budget and switch loading

We pull the per-port PoE telemetry on every switch and add it up. The number we’re looking for is actual draw versus the switch’s rated budget with headroom. An 8-port “PoE+” switch with a 60 W budget powering six U6 Pro APs is already at the edge; one cold morning where every AP spins its radios up and the brownout reboot loop begins. We wrote the longer version up in AP rebooting at night and PoE budget math and PoE explained.

Other switch-side items:

  • Per-port utilization — any port pegged at 90%+ for sustained periods (often a misconfigured NVR or a chatty IoT broadcast storm).
  • Port errors and CRC counters — nonzero counts on a port that’s been up 60+ days is a cable, jack, or transceiver issue, not a one- time glitch.
  • Trunk port VLAN allowlists — we’ve seen takeovers where the trunk to a remote closet carries every VLAN ever defined, including five that haven’t been used since 2021.

Step 4: mDNS, multicast, and broadcast hygiene

AirPlay flapping, Sonos disappearing from the app, printers vanishing — nine times out of ten the root cause is multicast misconfiguration across VLANs. We covered the full picture in multicast in a managed home network and the specific Sonos failure mode in why Sonos keeps dropping.

The audit checks:

  • IGMP snooping enabled on the switch.
  • mDNS reflector enabled on the gateway between trust and IoT VLANs.
  • Wi-Fi multicast enhancement settings on the APs — the default-on behavior breaks AirPlay on a lot of older Apple devices.
  • Broadcast storm control on the switch ports facing the IoT VLAN.

Step 5: NVR and Protect retention

If the takeover includes cameras, we check both the physical NVR health and the retention math. Specifically:

  • Disk SMART status on every drive in the NVR. A disk past 30,000 hours that’s been running surveillance 24/7 is on borrowed time.
  • Actual retention window vs. configured retention window. Configured for 60 days but really only holding 18 because the recording bitrate is too high or the disk is too small.
  • Smart-detect vs. motion-only recording schedules. We wrote this up in tuning UniFi Protect smart detection — well-tuned recording can extend retention by 30%+ without buying disk.
  • NVR backup or RAID state. A UNVR4 with one of two drives reporting unhealthy is the single most common ticking bomb we find on takeovers.

The full retention sizing math is in NVR storage sizing and the gateway-vs-UNVR decision in Cloud Gateway vs. UNVR for a 12-camera home.

Step 6: UPS health and runtime

We pull the UPS’s self-test history and battery replacement date. Two things to know:

  • Lead-acid UPS batteries last 3–5 years, period. A UPS installed in 2019 that’s never been serviced will not survive a real outage. We’ve seen the homeowner discover this at 2 AM in a Park City windstorm.
  • Actual runtime under current load. A UPS rated for “30 minutes at 200 W” that’s loaded to 350 W will deliver nine minutes, not thirty. The full math is in UPS sizing for a home rack.

If the UPS is more than four years old and has never had its battery replaced, the punch list always includes either a new battery pack or a new UPS. The cost is small relative to the disaster of having the rack lose power mid-outage.

Step 7: camera placement and aiming spot-check

We don’t reshape every camera placement on a takeover — the homeowner usually doesn’t want a half-day re-aim session. But we do walk the exterior with the camera live views on a tablet and spot-check:

  • Is there a useful identifying angle of every approach to the house? Driveway, front door, side gates, back yard, detached structures.
  • Are any cameras pointing into the sun at their busy hour? A morning driveway camera pointing east is useless from 7–9 AM in Utah summer. The placement and shroud logic is in soffit vs. eave vs. wall mount.
  • Are the cameras the right resolution for the scene? A 4MP camera at 50 feet can’t identify anyone. The math is in the megapixels guide.
  • Is night footage actually usable? The single biggest takeover finding in winter: IR illumination that bounces off snow and washes out the entire frame. See the night footage post.

Step 8: alert routing and notification hygiene

We check the Protect notification settings on every user account associated with the system. The two failure modes:

  • Alert fatigue. Everything on, motion-on-anything, 200 notifications a day, the family stopped looking three months ago. Our tuning recipe is in the smart-detection alerts post.
  • Alert silence. All notifications off — usually because the previous installer couldn’t tune the noise out and just disabled it. Same outcome from a security standpoint as having no cameras.

Step 9: the access-control review (if relevant)

If the takeover includes a UniFi Access install, Schlage Engage, an automated gate, or any keypad/ badge system, we check:

  • Active credentials list. Who has a working key fob, mobile credential, or PIN? On a takeover this list almost always includes names the homeowner doesn’t recognize — contractors, cleaners, the previous owner’s family.
  • Audit log integrity. Is the door actually logging entries? On more than one takeover we’ve found the door logging fine but the gate keypad not integrated to the same log at all.
  • Lockout / fail-safe behavior. What happens when the gateway is offline? On a properly-configured install the readers fall back to a local cache. On a misconfigured one, the door fails to its default and nobody can get in. The broader access conversation is in the access control post.

Step 10: the rack photo and documentation packet

The last step is documentation. Every takeover ends with a packet the homeowner gets to keep, which covers:

  • Labeled photos of the rack, the cable termination panel, and the gateway/switch front and back.
  • A printout (PDF and physical) of the current VLAN map, IP ranges, SSID list, and Wi-Fi passwords. Stored in a way the homeowner can find in two years.
  • Current firmware versions and the warranty/end- of-life dates of every major device.
  • The punch list — what we found, what we recommend, and what each item costs to fix in rough order.

The dashboard reading guide we leave with the homeowner is at reading your UniFi dashboard — it covers the day-to-day metrics they should glance at once a month.

What the punch list usually looks like

After a typical Wasatch Front takeover audit, the most common findings, in rough order of frequency:

  1. Firmware behind by 6+ months across the whole stack.
  2. Single flat VLAN, no real isolation between IoT and trust.
  3. UPS battery past replacement age.
  4. Camera retention window shorter than configured because of disk size, plus one drive in the NVR reporting suspect.
  5. Switch PoE budget within 10% of saturated, no headroom for cold-morning radio spin-up.
  6. One AP plugged into a port that doesn’t actually carry the right VLAN trunk (and so the guest SSID on it is broken).
  7. Smart-detect alerts either silenced or firing 400 times a day.
  8. Two or three orphaned admin accounts on the controller belonging to the previous installer or a previous owner.

Few of these are individually catastrophic. All of them together are why the homeowner called us in the first place: the system feels flaky and they can’t put their finger on why.

Bottom line

A takeover audit is cheaper than a redesign and miles cheaper than a midnight emergency call when the NVR drive fails or the UPS battery gives up during a Park City windstorm. The 8–10 items on this checklist cover 90% of the landmines we’ve pulled out of existing UniFi installs on the Wasatch Front, and the documentation packet at the end is often the first time the homeowner has a complete picture of the system they’ve been living with.

The takeover is also the moment to honestly assess whether the existing tier matches the household. We walked through the tiering logic in mesh, mid-tier, or pro and the broader case against carrying old consumer gear forward in consumer routers aren’t enough in 2026. If the existing install was over-bought and under-configured, the audit usually finds it; if it was right-sized but undermaintained, the audit gets it back on the rails.

Keystone Integration runs takeover audits on existing UniFi installs across Holladay, Park City, Draper, Alpine, Lehi, and the rest of the Wasatch Front — with a written punch list, firmware cleanup, VLAN redesign, and a documentation packet the homeowner gets to keep. See the full service list or get in touch to scope an audit on an inherited system.

Keep reading