sync: auto-sync from HOWARD-HOME at 2026-06-09 10:33:12

Author: Howard Enos Machine: HOWARD-HOME Timestamp: 2026-06-09 10:33:12
2026-06-09 10:33:22 -07:00
parent 95b89c56a8
commit 2029fa5429
7 changed files with 199 additions and 15 deletions
--- a/.claude/memory/MEMORY.md
+++ b/.claude/memory/MEMORY.md
@@ -83,6 +83,7 @@

 ### Cascades
 - [Cascades operational rules](feedback_cascades.md) — Two active rules: (1) folder redirection (fdeploy) needs subfolders PRE-CREATED before first logon or it caches a failure forever; recovery via fix-shell-redirect.ps1. (2) ALWAYS ask which security group(s) a new user goes into — never auto-derive from OU.
+- [Cascades FR GPO fix](reference_cascades_fr_gpo_fix.md) — Native Folder Redirection was DOA on every machine: redirect targets were in a misnamed `fdeploy1.ini` (Windows reads `fdeploy.ini`) → empty target path → silent no-op → per-user registry workaround every time. Fixed 2026-06-08 (correct fdeploy.ini + version bump). Also: CS-SERVER live RMM agent is `c39f1de7...` (old `6766e973` stale).

 ## Machine
 - [GURU-5070 Workstation Setup](reference_workstation_setup.md) — Mike's primary (owner confirmed 2026-05-26). Windows 11 Pro. Renamed from OC-5070 → ACG-5070/acg-guru-5070 → GURU-5070; all the same box, all Mike's.
--- a/.claude/memory/feedback_cascades.md
+++ b/.claude/memory/feedback_cascades.md
@@ -10,6 +10,8 @@ Current-state context: [[project_cascades]]. Root cause / incident detail: [[pro

 ## 1. Folder redirection — pre-create subfolders BEFORE first logon

+**UPDATE 2026-06-08:** the real reason every machine needed the manual workaround was a **misnamed GPO config file** (`fdeploy1.ini` instead of `fdeploy.ini`) — native FR was DOA tenant-wide. Now fixed; native FR redirects all 5 folders on first logon. Full detail: [[reference_cascades_fr_gpo_fix]]. Still pre-create the home folder before first logon (below). The `fix-shell-redirect.ps1` workaround should no longer be needed for new users — if it ever is again, check that the GPO still has a valid `fdeploy.ini` first.
+
 fdeploy caches failures and never retries if subfolders don't exist at first logon. "No changes detected" = stuck forever without manual intervention.

 **Mandatory order for every new user:**
--- a/.claude/memory/reference_cascades_fr_gpo_fix.md
+++ b/.claude/memory/reference_cascades_fr_gpo_fix.md
@@ -0,0 +1,18 @@
+---
+name: Cascades Folder Redirection GPO — DOA root cause + fix (misnamed fdeploy)
+description: Why native Folder Redirection failed on EVERY Cascades machine (LE + staff) and forced the per-user registry workaround — the GPO's redirect targets were saved in a misnamed fdeploy1.ini; Windows only reads fdeploy.ini. Fixed 2026-06-08. Read when touching Cascades folder redirection or onboarding a new Cascades user.
+metadata:
+  type: reference
+---
+
+**Root cause (found 2026-06-08):** Native Folder Redirection never worked at Cascades — every machine needed `fix-shell-redirect.ps1`. The FR GPO `CSC - Folder Redirection` (`{512B43A4-F049-4CE5-BFAC-860AD13E92BE}`) had its redirect targets in a file named **`fdeploy1.ini`**, but the Windows FR client-side extension reads **`fdeploy.ini`** only. No `fdeploy.ini` existed → the client knew which 5 folders to redirect but got an **empty target path** (FR Operational log event 1006 shows `Path = ""`, and there is NO event 1008 "successfully redirected"). It silently no-op'd. The GPO had been hand-built by editing the wrong filename.
+
+**Fix:** wrote a correct `fdeploy.ini` (5 folders, `Flags=187`, `FullPath=\\CS-SERVER\Homes\%USERNAME%\<Folder>`) into `{512B43A4-...}\User\Documents & Settings\`, then bumped the GPO version 917506→983042 keeping **GPT.INI Version AND the AD `versionNumber` attribute in sync** (FR is a foreground/logon CSE; it only re-applies when the version changes). Canonical artifact: `clients/cascades-tucson/gpo/fdeploy.ini`. Backup of original `\User` tree + GPT.INI: `C:\Windows\Temp\frfix-20260608-161144` on CS-SERVER.
+
+**How to apply / diagnose elsewhere:**
+- Diagnose: on the client, `Get-WinEvent -LogName 'Microsoft-Windows-Folder Redirection/Operational'` — `Path = ""` in event 1006 + no 1008 = the GPO is delivering no target path (missing/empty/misnamed `fdeploy.ini`).
+- The dead `fdeploy1.ini` was LEFT in place (Windows ignores it) — do NOT edit it. Edit redirection via GPMC, or replace `fdeploy.ini` from the repo artifact.
+- The **LE GPO** `CSC - Folder Redirection (LE)` (`{889BE7BE-...}`) is also broken — `\User` tree completely empty. Retire it / move LE users into SG-FolderRedirect, or apply the same fix.
+- After the fix, the per-user registry workaround should no longer be needed; native FR redirects all 5 folders on first logon. Still pre-create the home folder (`New-HomeFolder`) before first logon. See [[feedback_cascades]].
+
+**Also (2026-06-08):** CS-SERVER live GuruRMM agent re-enrolled to `c39f1de7-d5b6-45ae-b132-e06977ab1713` (old `6766e973` is stale) — always resolve the agent live by hostname, never hardcode. Related: [[project_cascades]].