sync: auto-sync from DESKTOP-0O8A1RL at 2026-05-11 19:44:15

Author: Mike Swanson
Machine: DESKTOP-0O8A1RL
Timestamp: 2026-05-11 19:44:15

clients/peaceful-spirit/session-logs/2026-05-11-session.md

@@ -594,3 +594,126 @@ CLSID overrides (HKCU) for Documents/Desktop/Pictures: none
 - OneDrive settings path: C:\Users\pst-admin\AppData\Local\Microsoft\OneDrive\settings\Personal\ — ClientPolicy.ini locked by OneDrive process; use FileShare.ReadWrite or robocopy /B if needed
 - RMM result endpoint: GET /api/commands/{cmdId} (not /api/agents/{id}/command/{cmdId})
 - SHGetKnownFolderPath / SHSetKnownFolderPath P/Invoke hangs when called from SYSTEM context — only use in user-context scripts
+
+---
+
+## Update: 19:42 PT — Profile wipe, per-machine OneDrive, Block New Outlook GPO
+
+## User
+- **User:** Mike Swanson (mike)
+- **Machine:** DESKTOP-0O8A1RL
+- **Role:** admin
+- **Session span:** 2026-05-11 evening continuation
+
+## Session Summary
+
+The session began with the execution of `reset_kf_final.ps1` as pst-admin to address the persistent OneDrive KFM error. Despite the corrected `SHSetKnownFolderPath` flags=0 call, the known folder policy-managed state remained unchanged and the same error persisted. A decision was made to wipe the pst-admin user profile entirely. A WMI-based profile deletion was submitted via RMM, successfully removing the profile folder, ProfileList registry entry, and all associated state.
+
+Following the profile wipe, a per-machine OneDrive installation was deployed via RMM using `OneDriveSetup.exe /allusers /silent`. This installs to `C:\Program Files\Microsoft OneDrive` and makes OneDrive available to all users without requiring per-user bootstrap, replacing the prior per-user install that was destroyed with the profile.
+
+A GPO named "Block New Outlook" was created on PST-SERVER and linked to the domain root to prevent the new Outlook experience from appearing across all domain machines. The GPO included a registry preference to disable the toggle in classic Outlook 365, a PowerShell startup script in SYSVOL to remove the `Microsoft.OutlookForWindows` AppX package for all users, and policy-based PowerShell execution settings to ensure the script runs.
+
+## Key Decisions
+
+- **Wipe pst-admin profile entirely rather than continue debugging known folder state**: After `reset_kf_final.ps1` with the corrected `flags=0` still failed to clear the policy-managed state, a full profile reset was the cleanest path. All prior session's registry work had confirmed no policy sources; the residual state was inside the shell's in-process known folder infrastructure with no clean API path to reset it from SYSTEM context.
+- **Deploy per-machine OneDrive (`/allusers`) rather than per-user**: Ensures OneDrive is present at `C:\Program Files\Microsoft OneDrive` for all users without requiring a per-user install to run at first logon. Avoids the bootstrapping problem where pst-admin's fresh profile would have no OneDrive until the per-user installer triggered.
+- **GPO at domain root rather than Workstations OU**: Applied to all domain computers per user request. Server exclusion not required in this environment.
+
+## Problems Encountered
+
+- **reset_kf_final.ps1 (flags=0) did not resolve KFM error**: Ran in pst-admin session context with correct flags; error persisted. Root cause likely that the shell's known folder infrastructure had additional state beyond what `SHSetKnownFolderPath` alone can clear after an extended policy-redirection history. Resolved by full profile wipe.
+
+## Configuration Changes
+
+### GPO created (PST-SERVER / PEACEFULSPIRIT.local)
+- GPO: `Block New Outlook` — GUID {577028AF-0901-4BDF-A283-CD1156F313D9}
+- Linked to: `DC=PEACEFULSPIRIT,DC=local` (all computers, link enabled)
+- Registry: `HKLM\SOFTWARE\Policies\Microsoft\Office\16.0\Outlook\EnableNewOutlook` = 0
+- SYSVOL script: `{577028AF-...}\Machine\Scripts\Startup\Remove-NewOutlook.ps1`
+- SYSVOL ini: `{577028AF-...}\Machine\Scripts\psscripts.ini`
+- Policy: `HKLM\SOFTWARE\Policies\Microsoft\Windows\PowerShell\EnableScripts` = 1, `ExecutionPolicy` = RemoteSigned
+
+### OneDrive installed per-machine (Maras-HP-Laptop)
+- `C:\Program Files\Microsoft OneDrive\OneDrive.exe` version 26.063.0405.0002
+
+### pst-admin profile wiped (Maras-HP-Laptop)
+- `C:\Users\pst-admin` — deleted via WMI Win32_UserProfile.Delete()
+- `HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1105246401-3156558273-4088333098-1118` — removed
+
+### Scripts written (DESKTOP-0O8A1RL)
+- `C:\Users\guru\AppData\Local\Temp\hp_delete_profile.ps1` — WMI profile delete
+- `C:\Users\guru\AppData\Local\Temp\hp_install_onedrive_allusers.ps1` — per-machine OneDrive deploy
+- `C:\Users\guru\AppData\Local\Temp\pst_create_gpo_no_new_outlook.ps1` — GPO creation
+
+## Credentials & Secrets
+
+No new credentials this segment.
+
+## Infrastructure & Servers
+
+| Component | Value |
+|-----------|-------|
+| Maras-HP-Laptop RMM agent | 13cb3629-5043-4bd6-b977-6968eeccf804 |
+| PST-SERVER RMM agent | 6b6106a7-8515-4b6b-857d-0dc6ede53f35 |
+| PST-SURFACE RMM agent | 4a993b61-59b3-42f4-bdb5-d4362941f7d6 |
+| pst-admin SID | S-1-5-21-1105246401-3156558273-4088333098-1118 |
+| OneDrive version (per-machine) | 26.063.0405.0002 |
+| Block New Outlook GPO GUID | {577028AF-0901-4BDF-A283-CD1156F313D9} |
+
+## Commands & Outputs
+
+### pst-admin profile delete via WMI (RMM → Maras-HP-Laptop)
+```
+Found profile: C:\Users\pst-admin  Loaded: False
+Profile deleted via WMI.
+ProfileList key removed — clean.
+C:\Users\pst-admin folder gone.
+```
+
+### OneDrive per-machine install (RMM → Maras-HP-Laptop)
+```
+Downloaded: 105677672 bytes
+Exit code: 0
+Installed: C:\Program Files\Microsoft OneDrive\OneDrive.exe  version=26.063.0405.0002
+```
+
+### GPO creation (RMM → PST-SERVER)
+```
+Created GPO: Block New Outlook  GUID={577028AF-0901-4BDF-A283-CD1156F313D9}
+Linked to domain root.
+Set: HKLM\SOFTWARE\Policies\Microsoft\Office\16.0\Outlook\EnableNewOutlook = 0
+Startup script written: ...\Startup\Remove-NewOutlook.ps1
+psscripts.ini written: ...\Machine\Scripts\psscripts.ini
+Link verified: enabled=True
+```
+
+### RMM command_type fix
+```
+# API now requires command_type field — was missing in prior sessions
+# Valid values: powershell, shell, python, script
+body = {'command_type': 'powershell', 'command': <script>, 'timeout': 120}
+POST /api/agents/{uuid}/command
+```
+
+## Pending / Incomplete Tasks
+
+| Task | Status | Notes |
+|------|--------|-------|
+| pst-admin login + OneDrive KFM setup | **PENDING** | Fresh profile; per-machine OneDrive installed; sign in with mara.concordia@gmail.com, enable folder backup |
+| Update vault with pst-admin new password | **PENDING** | SpiritWalk26! |
+| Deploy cert + VPN to Maras-HP-Laptop via RMM | **PENDING** | PFX: C:\Users\guru\AppData\Local\Temp\Maras-HP-Laptop.pfx; agent 13cb3629 |
+| Deploy cert + VPN to PST-SURFACE via RMM | **PENDING** | PFX: C:\Users\guru\AppData\Local\Temp\PST-SURFACE.pfx; agent 4a993b61 |
+| Test pre-login VPN at Windows logon screen | **PENDING** | |
+| Browser default (http/https) for pst-admin | **PENDING** | Click "Make Chrome default" in Chrome once after first login |
+| Clean up PST-SERVER temp files | **PENDING** | C:\ProgramData\: gen_certs.ps1, *.inf, *.req, *.cer, *.pfx |
+| Remove TEMP firewall rules on PST-SERVER | **PENDING** | TEMP-CertEnroll-RPC (TCP 135), TEMP-CertEnroll-DCOM (TCP 49152-65535) |
+| Verify Block New Outlook GPO on workstations | **PENDING** | gpupdate /force on HP after pst-admin logs in; reboot to trigger AppX removal script |
+
+## Reference Information
+
+- GuruRMM command submit: `POST /api/agents/{uuid}/command` — body requires `command_type` field (powershell/shell/python/script); was missing in prior sessions, caused 422
+- GuruRMM result poll: `GET /api/commands/{cmd_id}` — output in `.stdout` field
+- Block New Outlook GPO GUID: {577028AF-0901-4BDF-A283-CD1156F313D9}
+- SYSVOL path: `C:\Windows\SYSVOL\sysvol\PEACEFULSPIRIT.local\Policies\{577028AF-0901-4BDF-A283-CD1156F313D9}\`
+- PowerShell startup scripts registered via `psscripts.ini` (Unicode/UTF-16 LE), not `scripts.ini`
+- OneDrive per-machine install: `OneDriveSetup.exe /allusers /silent` → `C:\Program Files\Microsoft OneDrive`