From 21b198f1eea13f947f61dfe0cfaefe775570bd05 Mon Sep 17 00:00:00 2001 From: Howard Enos Date: Sat, 4 Jul 2026 17:49:58 -0700 Subject: [PATCH] sync: auto-sync from HOWARD-HOME at 2026-07-04 17:49:31 Author: Howard Enos Machine: HOWARD-HOME Timestamp: 2026-07-04 17:49:31 --- .claude/memory/MEMORY.md | 2 +- ...project_av_migration_bitdefender_to_edr.md | 32 ++++++++++++------- projects/gps-rmm-audit/tracker.md | 2 ++ 3 files changed, 23 insertions(+), 13 deletions(-) diff --git a/.claude/memory/MEMORY.md b/.claude/memory/MEMORY.md index 964aa487..48a25059 100644 --- a/.claude/memory/MEMORY.md +++ b/.claude/memory/MEMORY.md @@ -207,7 +207,7 @@ - [Windows won't-boot / offline DISM repair playbook](windows-offline-dism-repair-gotchas.md) — Automatic Repair loop = boot-critical fault (disk/registry/wedged update), NOT shell/appx store corruption (that's a symptom); `FaultyPackageInProgress` + 100s of Install/Uninstall-Pending packages = wedged CU -> RevertPendingActions or clean install. Offline DISM rejects `wim:` source (0x800f082e) -> MOUNT the wim, source `\Windows`. Ventoy breaks WIM mount (0xc1420134) -> use Rufus. 25H2(26200)=24H2(26100)+enablement, so match 26100 media. First hit: Four Paws AvImark #32447. - [365 app suite — authoritative map + consent-drift fix](reference_365_app_suite.md) — full map in `.claude/skills/remediation-tool/references/app-suite.md`; per-tenant consent is NOT uniform (VWP had the app but no SharePoint role). Run `consent-audit.sh ` to detect gaps; fix via adminconsent URL or direct appRoleAssignment grant. - [Remediation-tool has full M365 access (incl. SharePoint)](reference_remediation_tool_365_access.md) — the app suite covers Graph/EXO/Defender/SharePoint; don't declare "no access" on an accessDenied. SharePoint app-only needs a CERT (secret = "Unsupported app only token"); use get-token.sh `sharepoint`/`sharepoint-admin` tiers + CSOM admin API (Graph /admin/sharepoint/settings scope not held). Full map: skill references/app-permissions-and-sharepoint.md. -- [AV migration: Bitdefender -> Datto EDR](project_av_migration_bitdefender_to_edr.md) — retire Bitdefender fleet-wide except Dataforth; end-state per machine = GuruRMM + Datto EDR +- [AV migration: Bitdefender -> Datto EDR](project_av_migration_bitdefender_to_edr.md) — retire Bitdefender fleet-wide, ONLY exception Glaztech (Dataforth migrates); end-state per machine = GuruRMM + Datto EDR - [RMM deploy via ScreenConnect](reference_rmm_deploy_via_screenconnect.md) — push GuruRMM agent to client workstations via SC send-command (SYSTEM), not DC remote-exec (DCOM/schtasks blocked on Win11 clients) - [ScreenConnect custom-property slots](reference_screenconnect_custom_property_slots.md) — CP1=Company CP2=Site CP3=Department CP4=Device Type CP8=Tag (API hides labels; UpdateSessionCustomProperties replaces the whole array) - [ScreenConnect cleanup uses wiki as source](feedback_screenconnect_cleanup_wiki_source.md) — per-client SC/RMM metadata cleanup pulls machine->dept/location from the client wiki; enrich the wiki when missing diff --git a/.claude/memory/project_av_migration_bitdefender_to_edr.md b/.claude/memory/project_av_migration_bitdefender_to_edr.md index c7b917fe..644d73b0 100644 --- a/.claude/memory/project_av_migration_bitdefender_to_edr.md +++ b/.claude/memory/project_av_migration_bitdefender_to_edr.md @@ -1,24 +1,32 @@ --- name: project_av_migration_bitdefender_to_edr -description: AV strategy — migrate all clients from Bitdefender to Datto EDR, except Glaztech and Dataforth +description: AV strategy — migrate all clients from Bitdefender to Datto EDR; ONLY exception is Glaztech metadata: type: project --- -Standing AV direction (set by Howard 2026-07-03): ACG is moving endpoint AV/security -from **Bitdefender GravityZone -> Datto EDR** for **all clients EXCEPT Glaztech Industries -and Dataforth Corp** (those two stay on Bitdefender / handled separately). +Standing AV direction (Howard 2026-07-03, scope narrowed 2026-07-04): ACG is moving +endpoint AV/security from **Bitdefender GravityZone -> Datto EDR** for **all clients +EXCEPT Glaz-Tech Industries (glaztech)** — the ONLY client staying on Bitdefender. +**Dataforth migrates fully** (originally excepted; Howard removed the exception +2026-07-04 — Dataforth already runs 51 EDR agents with only 5 BD endpoints left: +D1-ENGI-006, DESKTOP-L2LE31M, DATAFORTH-PC, SURFACEOPS, MING-HP). **Why:** consolidate on Datto EDR as the security plane; Bitdefender is being retired -fleet-wide (Glaztech + Dataforth are the two exceptions — both have large established -Bitdefender footprints: Glaztech ~242 endpoints, Dataforth managed separately). +fleet-wide. Glaztech keeps its large established Bitdefender footprint (~242 BD +endpoint records, vs 159 GPS-billed — count includes stale ghosts). **How to apply:** whenever setting up or reconciling a client's endpoints (e.g. the GPS->GuruRMM coverage audit), the target end-state per machine is: GuruRMM agent + -Datto EDR agent, and Bitdefender **removed**. Do NOT deploy new Bitdefender coverage. -Use existing Bitdefender inventory only as a discovery source for which machines exist -(its company names carry the Syncro CID `_NNNNN`, handy for mapping). Deploy Datto EDR -via `[[datto-edr]]` (create-group -> mint-key -> deploy-cmd, pushed through `/rmm`). +Datto EDR agent (AV on), and Bitdefender **removed**. Do NOT deploy new Bitdefender +coverage. Use existing Bitdefender inventory only as a discovery source for which +machines exist (its company names carry the Syncro CID `_NNNNN` suffix — exact join +key to Syncro customers). Deploy Datto EDR via `[[datto-edr]]` (create-group -> +mint-key -> deploy-cmd, pushed through `/rmm`). -Related: GPS->RMM audit tracker `projects/gps-rmm-audit/tracker.md`. Exceptions = Glaztech + -Dataforth (leave their existing AV alone; do not migrate them to EDR in this effort). +Migration scope quantified 2026-07-04 (tracker Phase 4): 27 clients / 141 BD +endpoints + Dataforth's 5. Datto EDR "Default RMM Org" holds ~35 unassigned agents +that belong to real clients (IMC x7, Russo x2, Len's, Rednour, Reliant, etc.) — +attribute them to proper orgs as part of the migration. + +Related: GPS->RMM audit tracker `projects/gps-rmm-audit/tracker.md`. diff --git a/projects/gps-rmm-audit/tracker.md b/projects/gps-rmm-audit/tracker.md index 05949d08..6e586347 100644 --- a/projects/gps-rmm-audit/tracker.md +++ b/projects/gps-rmm-audit/tracker.md @@ -232,3 +232,5 @@ Little Hearts Little Hands(8), Ridgetop Group(3), Residential and Renovation Eng **AV migration scope (task #5, BD->EDR excl Glaztech+Dataforth): 27 clients, 141 BD endpoints.** Note: Glaz-Tech BD = 242 endpoints vs 159 GPS billed (feeds the #4 anomaly discussion). Next Phase-4 chunk: backup verification (B2/MSP360 per client vs billed backup lines), then email. + +**Scope update 2026-07-04 (Howard):** AV migration exception narrowed — **ONLY Glaztech stays on Bitdefender**. Dataforth migrates fully to EDR (already 51 EDR agents; remaining 5 BD endpoints to convert: D1-ENGI-006, DESKTOP-L2LE31M, DATAFORTH-PC, SURFACEOPS, MING-HP).