sync: auto-sync from GURU-5070 at 2026-06-23 12:10:19

Author: Mike Swanson
Machine: GURU-5070
Timestamp: 2026-06-23 12:10:19
This commit is contained in:
2026-06-23 12:11:12 -07:00
parent a28b52da9a
commit 0171107d41
2 changed files with 152 additions and 0 deletions

View File

@@ -0,0 +1,78 @@
# Quick ops — VWP-QBS firewall disabled + Country Club CCroom1New UAC re-enabled
## User
- **User:** Mike Swanson (mike)
- **Machine:** GURU-5070
- **Role:** admin
## Session Summary
Two quick remediation ops following the VWP SMB1/Orders work (logged separately in
`clients/valleywide/session-logs/2026-06/2026-06-23-mike-vwp-smb1-orders-xp-g-drive.md`),
both executed via the GuruRMM agent fleet.
1. **VWP-QBS — Windows Firewall disabled.** Per Mike's direction (troubleshooting), disabled all
three firewall profiles (Domain/Private/Public) on VWP-QBS (172.16.9.169, the QuickBooks +
RD Web Access host). Captured the pre-state first (all three enabled) for clean restore. Flagged
the security context (this is the box brute-forced in April, now internal/VPN-only) and that it
should be re-enabled after the test. **The firewall is still OFF — re-enable is pending.**
2. **Country Club CCroom1New — UAC re-enabled.** Mike reported the machine "acting weird." The
GuruRMM agent had just been installed (it didn't appear at first; Mike confirmed install, then it
showed as `CCroom1New`, Win11 26200, site Country Club). Read the UAC registry state and found UAC
**fully disabled** (`EnableLUA=0`, `ConsentPromptBehaviorAdmin=0`, `PromptOnSecureDesktop=0`) — the
classic cause of Win11 "acting weird" (Store/UWP apps won't launch, Start/search misbehave).
Restored standard Win11 UAC (`EnableLUA=1`, `ConsentPromptBehaviorAdmin=5`,
`PromptOnSecureDesktop=1`), rebooted (required for EnableLUA to take effect), and verified
post-reboot (uptime 1 min, EnableLUA=1 active). Recommended an on-site smoke test.
## Key Decisions
- **Captured firewall pre-state before disabling** VWP-QBS (all profiles enabled) so it restores to
the exact prior posture; documented the re-enable command.
- **Restored full UAC defaults, not just EnableLUA** on CCroom1New — set ConsentPromptBehaviorAdmin
and PromptOnSecureDesktop back to Win11 defaults too, since all three had been zeroed.
- **Rebooted CCroom1New to apply** — EnableLUA only takes effect after a restart; verified active
after the box came back.
## Problems Encountered
- **CCROOM1NEW not in RMM initially** — the GuruRMM agent wasn't installed yet (0 hostname matches;
only Country Club's CC1-NEW22 / CC2-NEW22 existed). Mike installed the agent; it then enrolled as
`CCroom1New` and the work proceeded.
- **First post-reboot verify was a false read** — it completed in ~10s showing uptime 108.5 min,
i.e. it ran in the Restart-Computer grace window before the box actually went down. Re-verified
after a short wait: uptime 1 min + EnableLUA=1 confirmed the reboot completed and UAC is active.
## Configuration Changes
- **VWP-QBS (172.16.9.169):** `Set-NetFirewallProfile -All -Enabled False` (Domain/Private/Public
all OFF). Pre-state: all enabled. **Reversal pending:** `Set-NetFirewallProfile -All -Enabled True`.
- **CCroom1New (Country Club, Win11):** `HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System`
`EnableLUA` 0->1, `ConsentPromptBehaviorAdmin` 0->5, `PromptOnSecureDesktop` 0->1; rebooted.
## Credentials & Secrets
- None created or discovered. All actions via GuruRMM agents (SYSTEM context). No interactive creds.
## Infrastructure & Servers
- **VWP-QBS** 172.16.9.169 — Windows Server 2022, QuickBooks + RD Web Access host (physical Dell),
GuruRMM agent `f3386f0a-b3ee-417e-ace9-995cc1d0662b`. Firewall currently DISABLED.
- **CCroom1New** — Windows 11 (build 26200), site Country Club, GuruRMM agent
`aaa4b694-a464-4961-a8ff-096a5698afee`. UAC re-enabled + active post-reboot.
- Country Club site also has CC1-NEW22, CC2-NEW22 (online).
## Commands & Outputs
- Firewall: `Get-NetFirewallProfile | Select Name,Enabled` (before: all True) -> `Set-NetFirewallProfile
-All -Enabled False` -> verify all False.
- UAC: `Set-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -Name
EnableLUA -Value 1 -Type DWord` (+ ConsentPromptBehaviorAdmin=5, PromptOnSecureDesktop=1) ->
`Restart-Computer -Force` -> post-reboot verify uptime_min 1, EnableLUA 1.
- Dispatched via `/rmm` (RMM API http://172.16.3.30:3001), all read+write attributed to mike.
## Pending / Incomplete Tasks
- **RE-ENABLE VWP-QBS firewall** when troubleshooting is done — currently OFF on the QuickBooks/RDWeb
host (defense-in-depth gap). `Set-NetFirewallProfile -All -Enabled True` via RMM (agent f3386f0a).
- **CCroom1New on-site smoke test** — confirm Start menu / Store apps / search behave now that UAC
is active.
## Reference Information
- #dev-alerts posts: VWP-QBS firewall (msg 1519048232435716218), CCroom1New UAC (msg 1519055241763356683).
- RMM agents: VWP-QBS f3386f0a-b3ee-417e-ace9-995cc1d0662b ; CCroom1New aaa4b694-a464-4961-a8ff-096a5698afee.
- Related same-day work: VWP SMB1/Orders (#32448) — see clients/valleywide/session-logs/2026-06/.