sync: auto-sync from HOWARD-HOME at 2026-07-04 17:49:31
Author: Howard Enos Machine: HOWARD-HOME Timestamp: 2026-07-04 17:49:31
This commit is contained in:
@@ -207,7 +207,7 @@
|
||||
- [Windows won't-boot / offline DISM repair playbook](windows-offline-dism-repair-gotchas.md) — Automatic Repair loop = boot-critical fault (disk/registry/wedged update), NOT shell/appx store corruption (that's a symptom); `FaultyPackageInProgress` + 100s of Install/Uninstall-Pending packages = wedged CU -> RevertPendingActions or clean install. Offline DISM rejects `wim:` source (0x800f082e) -> MOUNT the wim, source `\Windows`. Ventoy breaks WIM mount (0xc1420134) -> use Rufus. 25H2(26200)=24H2(26100)+enablement, so match 26100 media. First hit: Four Paws AvImark #32447.
|
||||
- [365 app suite — authoritative map + consent-drift fix](reference_365_app_suite.md) — full map in `.claude/skills/remediation-tool/references/app-suite.md`; per-tenant consent is NOT uniform (VWP had the app but no SharePoint role). Run `consent-audit.sh <tenant|--all>` to detect gaps; fix via adminconsent URL or direct appRoleAssignment grant.
|
||||
- [Remediation-tool has full M365 access (incl. SharePoint)](reference_remediation_tool_365_access.md) — the app suite covers Graph/EXO/Defender/SharePoint; don't declare "no access" on an accessDenied. SharePoint app-only needs a CERT (secret = "Unsupported app only token"); use get-token.sh `sharepoint`/`sharepoint-admin` tiers + CSOM admin API (Graph /admin/sharepoint/settings scope not held). Full map: skill references/app-permissions-and-sharepoint.md.
|
||||
- [AV migration: Bitdefender -> Datto EDR](project_av_migration_bitdefender_to_edr.md) — retire Bitdefender fleet-wide except Dataforth; end-state per machine = GuruRMM + Datto EDR
|
||||
- [AV migration: Bitdefender -> Datto EDR](project_av_migration_bitdefender_to_edr.md) — retire Bitdefender fleet-wide, ONLY exception Glaztech (Dataforth migrates); end-state per machine = GuruRMM + Datto EDR
|
||||
- [RMM deploy via ScreenConnect](reference_rmm_deploy_via_screenconnect.md) — push GuruRMM agent to client workstations via SC send-command (SYSTEM), not DC remote-exec (DCOM/schtasks blocked on Win11 clients)
|
||||
- [ScreenConnect custom-property slots](reference_screenconnect_custom_property_slots.md) — CP1=Company CP2=Site CP3=Department CP4=Device Type CP8=Tag (API hides labels; UpdateSessionCustomProperties replaces the whole array)
|
||||
- [ScreenConnect cleanup uses wiki as source](feedback_screenconnect_cleanup_wiki_source.md) — per-client SC/RMM metadata cleanup pulls machine->dept/location from the client wiki; enrich the wiki when missing
|
||||
|
||||
@@ -1,24 +1,32 @@
|
||||
---
|
||||
name: project_av_migration_bitdefender_to_edr
|
||||
description: AV strategy — migrate all clients from Bitdefender to Datto EDR, except Glaztech and Dataforth
|
||||
description: AV strategy — migrate all clients from Bitdefender to Datto EDR; ONLY exception is Glaztech
|
||||
metadata:
|
||||
type: project
|
||||
---
|
||||
|
||||
Standing AV direction (set by Howard 2026-07-03): ACG is moving endpoint AV/security
|
||||
from **Bitdefender GravityZone -> Datto EDR** for **all clients EXCEPT Glaztech Industries
|
||||
and Dataforth Corp** (those two stay on Bitdefender / handled separately).
|
||||
Standing AV direction (Howard 2026-07-03, scope narrowed 2026-07-04): ACG is moving
|
||||
endpoint AV/security from **Bitdefender GravityZone -> Datto EDR** for **all clients
|
||||
EXCEPT Glaz-Tech Industries (glaztech)** — the ONLY client staying on Bitdefender.
|
||||
**Dataforth migrates fully** (originally excepted; Howard removed the exception
|
||||
2026-07-04 — Dataforth already runs 51 EDR agents with only 5 BD endpoints left:
|
||||
D1-ENGI-006, DESKTOP-L2LE31M, DATAFORTH-PC, SURFACEOPS, MING-HP).
|
||||
|
||||
**Why:** consolidate on Datto EDR as the security plane; Bitdefender is being retired
|
||||
fleet-wide (Glaztech + Dataforth are the two exceptions — both have large established
|
||||
Bitdefender footprints: Glaztech ~242 endpoints, Dataforth managed separately).
|
||||
fleet-wide. Glaztech keeps its large established Bitdefender footprint (~242 BD
|
||||
endpoint records, vs 159 GPS-billed — count includes stale ghosts).
|
||||
|
||||
**How to apply:** whenever setting up or reconciling a client's endpoints (e.g. the
|
||||
GPS->GuruRMM coverage audit), the target end-state per machine is: GuruRMM agent +
|
||||
Datto EDR agent, and Bitdefender **removed**. Do NOT deploy new Bitdefender coverage.
|
||||
Use existing Bitdefender inventory only as a discovery source for which machines exist
|
||||
(its company names carry the Syncro CID `_NNNNN`, handy for mapping). Deploy Datto EDR
|
||||
via `[[datto-edr]]` (create-group -> mint-key -> deploy-cmd, pushed through `/rmm`).
|
||||
Datto EDR agent (AV on), and Bitdefender **removed**. Do NOT deploy new Bitdefender
|
||||
coverage. Use existing Bitdefender inventory only as a discovery source for which
|
||||
machines exist (its company names carry the Syncro CID `_NNNNN` suffix — exact join
|
||||
key to Syncro customers). Deploy Datto EDR via `[[datto-edr]]` (create-group ->
|
||||
mint-key -> deploy-cmd, pushed through `/rmm`).
|
||||
|
||||
Related: GPS->RMM audit tracker `projects/gps-rmm-audit/tracker.md`. Exceptions = Glaztech +
|
||||
Dataforth (leave their existing AV alone; do not migrate them to EDR in this effort).
|
||||
Migration scope quantified 2026-07-04 (tracker Phase 4): 27 clients / 141 BD
|
||||
endpoints + Dataforth's 5. Datto EDR "Default RMM Org" holds ~35 unassigned agents
|
||||
that belong to real clients (IMC x7, Russo x2, Len's, Rednour, Reliant, etc.) —
|
||||
attribute them to proper orgs as part of the migration.
|
||||
|
||||
Related: GPS->RMM audit tracker `projects/gps-rmm-audit/tracker.md`.
|
||||
|
||||
@@ -232,3 +232,5 @@ Little Hearts Little Hands(8), Ridgetop Group(3), Residential and Renovation Eng
|
||||
**AV migration scope (task #5, BD->EDR excl Glaztech+Dataforth): 27 clients, 141 BD endpoints.**
|
||||
Note: Glaz-Tech BD = 242 endpoints vs 159 GPS billed (feeds the #4 anomaly discussion).
|
||||
Next Phase-4 chunk: backup verification (B2/MSP360 per client vs billed backup lines), then email.
|
||||
|
||||
**Scope update 2026-07-04 (Howard):** AV migration exception narrowed — **ONLY Glaztech stays on Bitdefender**. Dataforth migrates fully to EDR (already 51 EDR agents; remaining 5 BD endpoints to convert: D1-ENGI-006, DESKTOP-L2LE31M, DATAFORTH-PC, SURFACEOPS, MING-HP).
|
||||
|
||||
Reference in New Issue
Block a user