diff --git a/clients/cascades-tucson/session-logs/2026-05-29-session.md b/clients/cascades-tucson/session-logs/2026-05-29-session.md
new file mode 100644
index 0000000..da02536
--- /dev/null
+++ b/clients/cascades-tucson/session-logs/2026-05-29-session.md
@@ -0,0 +1,126 @@
+# Session Log — 2026-05-29
+
+## User
+- **User:** Howard Enos (howard)
+- **Machine:** Howard-Home
+- **Role:** tech
+
+---
+
+## Session Summary
+
+This session focused on preparing Lois Lane's domain account and setting up her new workstation (Health-Services-Director) for domain migration as part of the ongoing Cascades of Tucson department-by-department migration (Syncro #110680053).
+
+First, the AD account for Lois Lane was verified via GuruRMM remote PowerShell on CS-SERVER. The account existed (SAM=Lois.Lane, UPN=Lois.Lane@cascadestucson.com, OU=Care-Assisted Living, enabled) but had no home folder and was not in SG-FolderRedirect. The home folder D:\Homes\Lois.Lane was created with all five subfolders (Desktop/Documents/Downloads/Music/Pictures) and correct CASCADES\Lois.Lane ACL. Lois.Lane was added to SG-FolderRedirect. The domain password was set to Imbirowicz1$ and vaulted at clients/cascades-tucson/lois-lane.sops.yaml.
+
+Howard used Fab's Auto Backup to restore Lois Lane's profile from the old machine (DESKTOP-KQSL232) to Health-Services-Director, then ran ProfWiz to domain-join the machine and migrate her local account (Lois Lane) to CASCADES\Lois.Lane. Lois accidentally logged in before the prep-profile-for-redirection.ps1 script could be run, which caused the GPO folder redirection CSE to fire under SYSTEM context and poison the User Shell Folders registry values with C:\Windows\system32\config\systemprofile\* paths. Desktop was redirected correctly to \\CS-SERVER\homes\lois.lane\Desktop; all other folders were poisoned.
+
+The hive cleanup script (hive-cleanup-shellfolders.ps1) was run against the offline NTUSER.DAT, fixing Personal/My Music/My Pictures/My Video/Favorites/{FDD39AD0}/\{374DE290\} back to %USERPROFILE%\ defaults. However, after Lois logged in, the folders remained local rather than redirecting to the server. An attempt to move data and fix registry via SYSTEM context failed because SYSTEM on Health-Services-Director does not have NTFS access to \\CS-SERVER\homes\Lois.Lane\* — the machine account is not in the ACL. This caused a stray C:\CS-SERVER\ folder to be created locally and the quick access links were broken. Howard manually removed the broken links and moved the data to the correct server locations.
+
+Finally, the shell folder registry values were corrected using user_session context (running as Lois Lane) with UNC paths constructed via [char]92 to work around a confirmed encoding issue: double backslashes in PowerShell scripts dispatched via RMM user_session context are consistently halved to single backslashes when using string literals. The [char]92 workaround produced correct \\CS-SERVER paths. Explorer was restarted and the shell folders now point correctly to the server. Lois needs to re-pin the sidebar shortcuts manually (right-click folder → Pin to Quick Access) since the broken ones were removed.
+
+---
+
+## Key Decisions
+
+- Used [char]92 to build UNC paths in RMM user_session scripts rather than string literals — confirmed that "\\CS-SERVER" literals are halved to "\CS-SERVER" in user_session context, producing local paths instead of UNC. System context does not exhibit this behavior.
+- Ran hive cleanup (offline NTUSER.DAT) after accidental first login poisoned shell folder paths — this was the correct recovery path per the established Cascades folder redirection runbook.
+- Data movement from local to server must run as the domain user (user_session context), not as SYSTEM — SYSTEM on a domain-joined workstation authenticates as the machine account to the network, which has no NTFS rights on user home folders.
+- The new machine name Health-Services-Director reflects Lois Lane's actual role; the old blocked machine DESKTOP-KQSL232 is now superseded for her migration entry.
+- Domain join credential: sysadmin / r3tr0gradE99# (same as local Localadmin account on the new machine).
+
+---
+
+## Problems Encountered
+
+- **Accidental first login before prep script**: Lois logged in as domain user before prep-profile-for-redirection.ps1 could run. GPO CSE fired under SYSTEM, poisoned shell folder paths. Fixed via hive-cleanup-shellfolders.ps1 on offline NTUSER.DAT.
+- **SYSTEM context cannot access UNC home folders**: Move-Item and Test-Path against \\CS-SERVER\homes\Lois.Lane\* silently routed to a local C:\CS-SERVER\ path when run as SYSTEM. Files appeared to move but went to a stray local folder. Root cause: machine account not in home folder NTFS ACL. Fixed by using user_session context for all file operations touching the Homes share.
+- **UNC path encoding in user_session scripts**: `$base = "\\CS-SERVER\..."` produced `\CS-SERVER` (single backslash) in user_session context. Workaround: `$bs = [char]92; $base = "${bs}${bs}CS-SERVER\homes\Lois.Lane"`. Saved as feedback memory feedback-rmm-unc-path-encoding.md.
+- **RMM server offline at session start**: GuruRMM server had been rebuilt (Mike deployed 0.3.36 at 18:51 UTC). Re-authenticated after server came back up.
+- **jq escaping failure on inline SCRIPT variable**: Multi-line PowerShell scripts with backslashes failed when passed through jq --arg. Resolved by writing scripts to temp files and using jq -Rs to encode.
+
+---
+
+## Configuration Changes
+
+- `clients/cascades-tucson/session-logs/2026-05-29-session.md` — created (this file)
+- `.claude/memory/feedback-rmm-unc-path-encoding.md` — created (RMM user_session UNC path encoding rule)
+- `.claude/memory/MEMORY.md` — updated (added new feedback memory entry)
+- `C:\Users\Howard\.claude\plans\wise-discovering-panda.md` — updated CURRENT SAVE POINT, added Lois Lane completed entry, updated next actions to include Health-Services-Director domain join
+
+---
+
+## Credentials & Secrets
+
+- **Lois Lane domain account**
+  - SAMAccountName: Lois.Lane
+  - UPN: Lois.Lane@cascadestucson.com
+  - Domain password: Imbirowicz1$
+  - Local account on Health-Services-Director: Lois Lane (no password)
+  - Vault: clients/cascades-tucson/lois-lane.sops.yaml
+- **Health-Services-Director local admin**: Localadmin / r3tr0gradE99#
+- **Domain join credential**: sysadmin / r3tr0gradE99#
+
+---
+
+## Infrastructure & Servers
+
+- CS-SERVER: Dell R610, Windows Server 2019, DC for cascades.local, GuruRMM agent c39f1de7-d5b6-45ae-b132-e06977ab1713
+- Health-Services-Director: new workstation for Lois Lane, GuruRMM agent 3d6a6fed-500b-41d4-a785-6032e3d5297f, Windows 11, domain-joined cascades.local, OU=Staff PCs,OU=Workstations
+- Homes share: \\CS-SERVER\homes → D:\Homes on CS-SERVER
+- Lois Lane home folder: D:\Homes\Lois.Lane (Desktop/Documents/Downloads/Music/Pictures created, CASCADES\Lois.Lane FullControl)
+
+---
+
+## Commands & Outputs
+
+**Verify AD account (CS-SERVER):**
+```
+Name: Lois Lane | SAM: Lois.Lane | UPN: Lois.Lane@cascadestucson.com
+OU: CN=Lois Lane,OU=Care-Assisted Living,OU=Departments,DC=cascades,DC=local
+Enabled: True | HomeDirectory: (none) | MemberOf: (none)
+```
+
+**New-HomeFolder result:**
+```
+D:\Homes\Lois.Lane created with clean ACL
+  Created: Desktop, Documents, Downloads, Music, Pictures
+```
+
+**Hive cleanup result:**
+```
+[FIXED] Personal, My Music, My Pictures, My Video, Favorites, {374DE290} — all poisoned -> %USERPROFILE%\*
+[KEEP]  Desktop = \\CS-SERVER\homes\lois.lane\Desktop (already correct)
+```
+
+**Shell folder fix (user_session, [char]92 workaround):**
+```
+Documents : \\CS-SERVER\homes\Lois.Lane\Documents
+Music     : \\CS-SERVER\homes\Lois.Lane\Music
+Pictures  : \\CS-SERVER\homes\Lois.Lane\Pictures
+Downloads : \\CS-SERVER\homes\Lois.Lane\Downloads
+Explorer restarted.
+```
+
+---
+
+## Pending / Incomplete Tasks
+
+- Lois Lane needs to re-pin Quick Access sidebar links (Documents, Music, Pictures, Downloads) — removed when broken, now point correctly to server
+- Verify folder redirection is fully working after next login (gpresult /r on Health-Services-Director, or have Lois confirm folders open correctly)
+- Check for stray C:\CS-SERVER\ folder on Health-Services-Director — should be cleaned up
+- Migration plan next actions: Ashley Jensen verification, RECEPTIONIST-PC verification, NURSESTATION-PC auto-lock GPO, Phase 3 remaining joins (CHEF-PC, SALES4-PC, MDIRECTOR-PC)
+- M365 relicensing: 31 users still on suspended Business Standard → Business Premium (31 SPB seats free, time-sensitive)
+- Vault nurses credential: clients/cascades-tucson/nurses-shared.sops.yaml
+
+---
+
+## Reference Information
+
+- Syncro ticket: #110680053 (department migration)
+- Migration plan: C:\Users\Howard\.claude\plans\wise-discovering-panda.md
+- GuruRMM server: http://172.16.3.30:3001 (rebuilt to v0.3.36 / commit 9b34393 at 18:51 UTC today)
+- Lois Lane domain SID: S-1-5-21-388235164-2207693853-3666415804-1113
+- prep-profile-for-redirection.ps1: clients/cascades-tucson/scripts/prep-profile-for-redirection.ps1
+- hive-cleanup-shellfolders.ps1: clients/cascades-tucson/scripts/hive-cleanup-shellfolders.ps1
+- fix-live-shellfolders.ps1: clients/cascades-tucson/scripts/fix-live-shellfolders.ps1