sync: auto-sync from DESKTOP-0O8A1RL at 2026-05-11 19:44:15

Author: Mike Swanson Machine: DESKTOP-0O8A1RL Timestamp: 2026-05-11 19:44:15
2026-05-11 19:44:15 -07:00
parent 373531d235
commit 087e7cabc6
2 changed files with 124 additions and 1 deletions
--- a/clients/peaceful-spirit/session-logs/2026-05-11-session.md
+++ b/clients/peaceful-spirit/session-logs/2026-05-11-session.md
@@ -594,3 +594,126 @@ CLSID overrides (HKCU) for Documents/Desktop/Pictures: none
 - OneDrive settings path: C:\Users\pst-admin\AppData\Local\Microsoft\OneDrive\settings\Personal\ — ClientPolicy.ini locked by OneDrive process; use FileShare.ReadWrite or robocopy /B if needed
 - RMM result endpoint: GET /api/commands/{cmdId} (not /api/agents/{id}/command/{cmdId})
 - SHGetKnownFolderPath / SHSetKnownFolderPath P/Invoke hangs when called from SYSTEM context — only use in user-context scripts
 ---
 ## Update: 19:42 PT — Profile wipe, per-machine OneDrive, Block New Outlook GPO
 ## User
 - **User:** Mike Swanson (mike)
 - **Machine:** DESKTOP-0O8A1RL
 - **Role:** admin
 - **Session span:** 2026-05-11 evening continuation
 ## Session Summary
 The session began with the execution of `reset_kf_final.ps1` as pst-admin to address the persistent OneDrive KFM error. Despite the corrected `SHSetKnownFolderPath` flags=0 call, the known folder policy-managed state remained unchanged and the same error persisted. A decision was made to wipe the pst-admin user profile entirely. A WMI-based profile deletion was submitted via RMM, successfully removing the profile folder, ProfileList registry entry, and all associated state.
 Following the profile wipe, a per-machine OneDrive installation was deployed via RMM using `OneDriveSetup.exe /allusers /silent`. This installs to `C:\Program Files\Microsoft OneDrive` and makes OneDrive available to all users without requiring per-user bootstrap, replacing the prior per-user install that was destroyed with the profile.
 A GPO named "Block New Outlook" was created on PST-SERVER and linked to the domain root to prevent the new Outlook experience from appearing across all domain machines. The GPO included a registry preference to disable the toggle in classic Outlook 365, a PowerShell startup script in SYSVOL to remove the `Microsoft.OutlookForWindows` AppX package for all users, and policy-based PowerShell execution settings to ensure the script runs.
 ## Key Decisions
 - **Wipe pst-admin profile entirely rather than continue debugging known folder state**: After `reset_kf_final.ps1` with the corrected `flags=0` still failed to clear the policy-managed state, a full profile reset was the cleanest path. All prior session's registry work had confirmed no policy sources; the residual state was inside the shell's in-process known folder infrastructure with no clean API path to reset it from SYSTEM context.
 - **Deploy per-machine OneDrive (`/allusers`) rather than per-user**: Ensures OneDrive is present at `C:\Program Files\Microsoft OneDrive` for all users without requiring a per-user install to run at first logon. Avoids the bootstrapping problem where pst-admin's fresh profile would have no OneDrive until the per-user installer triggered.
 - **GPO at domain root rather than Workstations OU**: Applied to all domain computers per user request. Server exclusion not required in this environment.
 ## Problems Encountered
 - **reset_kf_final.ps1 (flags=0) did not resolve KFM error**: Ran in pst-admin session context with correct flags; error persisted. Root cause likely that the shell's known folder infrastructure had additional state beyond what `SHSetKnownFolderPath` alone can clear after an extended policy-redirection history. Resolved by full profile wipe.
 ## Configuration Changes
 ### GPO created (PST-SERVER / PEACEFULSPIRIT.local)
 - GPO: `Block New Outlook` — GUID {577028AF-0901-4BDF-A283-CD1156F313D9}
 - Linked to: `DC=PEACEFULSPIRIT,DC=local` (all computers, link enabled)
 - Registry: `HKLM\SOFTWARE\Policies\Microsoft\Office\16.0\Outlook\EnableNewOutlook` = 0
 - SYSVOL script: `{577028AF-...}\Machine\Scripts\Startup\Remove-NewOutlook.ps1`
 - SYSVOL ini: `{577028AF-...}\Machine\Scripts\psscripts.ini`
 - Policy: `HKLM\SOFTWARE\Policies\Microsoft\Windows\PowerShell\EnableScripts` = 1, `ExecutionPolicy` = RemoteSigned
 ### OneDrive installed per-machine (Maras-HP-Laptop)
 - `C:\Program Files\Microsoft OneDrive\OneDrive.exe` version 26.063.0405.0002
 ### pst-admin profile wiped (Maras-HP-Laptop)
 - `C:\Users\pst-admin` — deleted via WMI Win32_UserProfile.Delete()
 - `HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1105246401-3156558273-4088333098-1118` — removed
 ### Scripts written (DESKTOP-0O8A1RL)
 - `C:\Users\guru\AppData\Local\Temp\hp_delete_profile.ps1` — WMI profile delete
 - `C:\Users\guru\AppData\Local\Temp\hp_install_onedrive_allusers.ps1` — per-machine OneDrive deploy
 - `C:\Users\guru\AppData\Local\Temp\pst_create_gpo_no_new_outlook.ps1` — GPO creation
 ## Credentials & Secrets
 No new credentials this segment.
 ## Infrastructure & Servers
 | Component | Value |
 |-----------|-------|
 | Maras-HP-Laptop RMM agent | 13cb3629-5043-4bd6-b977-6968eeccf804 |
 | PST-SERVER RMM agent | 6b6106a7-8515-4b6b-857d-0dc6ede53f35 |
 | PST-SURFACE RMM agent | 4a993b61-59b3-42f4-bdb5-d4362941f7d6 |
 | pst-admin SID | S-1-5-21-1105246401-3156558273-4088333098-1118 |
 | OneDrive version (per-machine) | 26.063.0405.0002 |
 | Block New Outlook GPO GUID | {577028AF-0901-4BDF-A283-CD1156F313D9} |
 ## Commands & Outputs
 ### pst-admin profile delete via WMI (RMM → Maras-HP-Laptop)
 ```
 Found profile: C:\Users\pst-admin  Loaded: False
 Profile deleted via WMI.
 ProfileList key removed — clean.
 C:\Users\pst-admin folder gone.
 ```
 ### OneDrive per-machine install (RMM → Maras-HP-Laptop)
 ```
 Downloaded: 105677672 bytes
 Exit code: 0
 Installed: C:\Program Files\Microsoft OneDrive\OneDrive.exe  version=26.063.0405.0002
 ```
 ### GPO creation (RMM → PST-SERVER)
 ```
 Created GPO: Block New Outlook  GUID={577028AF-0901-4BDF-A283-CD1156F313D9}
 Linked to domain root.
 Set: HKLM\SOFTWARE\Policies\Microsoft\Office\16.0\Outlook\EnableNewOutlook = 0
 Startup script written: ...\Startup\Remove-NewOutlook.ps1
 psscripts.ini written: ...\Machine\Scripts\psscripts.ini
 Link verified: enabled=True
 ```
 ### RMM command_type fix
 ```
 # API now requires command_type field — was missing in prior sessions
 # Valid values: powershell, shell, python, script
 body = {'command_type': 'powershell', 'command': <script>, 'timeout': 120}
 POST /api/agents/{uuid}/command
 ```
 ## Pending / Incomplete Tasks
 | Task | Status | Notes |
 |------|--------|-------|
 | pst-admin login + OneDrive KFM setup | **PENDING** | Fresh profile; per-machine OneDrive installed; sign in with mara.concordia@gmail.com, enable folder backup |
 | Update vault with pst-admin new password | **PENDING** | SpiritWalk26! |
 | Deploy cert + VPN to Maras-HP-Laptop via RMM | **PENDING** | PFX: C:\Users\guru\AppData\Local\Temp\Maras-HP-Laptop.pfx; agent 13cb3629 |
 | Deploy cert + VPN to PST-SURFACE via RMM | **PENDING** | PFX: C:\Users\guru\AppData\Local\Temp\PST-SURFACE.pfx; agent 4a993b61 |
 | Test pre-login VPN at Windows logon screen | **PENDING** | |
 | Browser default (http/https) for pst-admin | **PENDING** | Click "Make Chrome default" in Chrome once after first login |
 | Clean up PST-SERVER temp files | **PENDING** | C:\ProgramData\: gen_certs.ps1, *.inf, *.req, *.cer, *.pfx |
 | Remove TEMP firewall rules on PST-SERVER | **PENDING** | TEMP-CertEnroll-RPC (TCP 135), TEMP-CertEnroll-DCOM (TCP 49152-65535) |
 | Verify Block New Outlook GPO on workstations | **PENDING** | gpupdate /force on HP after pst-admin logs in; reboot to trigger AppX removal script |
 ## Reference Information
 - GuruRMM command submit: `POST /api/agents/{uuid}/command` — body requires `command_type` field (powershell/shell/python/script); was missing in prior sessions, caused 422
 - GuruRMM result poll: `GET /api/commands/{cmd_id}` — output in `.stdout` field
 - Block New Outlook GPO GUID: {577028AF-0901-4BDF-A283-CD1156F313D9}
 - SYSVOL path: `C:\Windows\SYSVOL\sysvol\PEACEFULSPIRIT.local\Policies\{577028AF-0901-4BDF-A283-CD1156F313D9}\`
 - PowerShell startup scripts registered via `psscripts.ini` (Unicode/UTF-16 LE), not `scripts.ini`
 - OneDrive per-machine install: `OneDriveSetup.exe /allusers /silent` → `C:\Program Files\Microsoft OneDrive`
--- a/projects/msp-tools/guru-rmm
+++ b/projects/msp-tools/guru-rmm