azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sync: auto-sync from DESKTOP-0O8A1RL at 2026-05-11 18:22:21

Browse Source 
Author: Mike Swanson
Machine: DESKTOP-0O8A1RL
Timestamp: 2026-05-11 18:22:21
This commit is contained in:
Mike Swanson
2026-05-11 18:22:21 -07:00
parent 0a0054c9ca
commit 6183b1c319
3 changed files with 107 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

106
clients/peaceful-spirit/session-logs/2026-05-11-session.md
View File

@@ -377,3 +377,109 @@ Add-VpnConnection -Name "Peaceful Spirit VPN" -ServerAddress "98.190.129.150" -T
- SCP to/from PST-SERVER: use `/C:/path/to/file` format (not `C:\`)
- gen_certs.ps1 at C:\ProgramData\gen_certs.ps1 on PST-SERVER — reusable for future machines
- Machine template NameFlag GUID reference: ENROLLEE_SUPPLIES_SUBJECT = 0x1, prior value 0x18000000 (DNS_AS_CN | ALT_REQUIRE_DNS)
---
## Update: 18:18 PT — OneDrive KFM shell folder deep fix
## User
- **User:** Mike Swanson (mike)
- **Machine:** DESKTOP-0O8A1RL
- **Role:** admin
- **Session span:** 2026-05-11 afternoon continuation
## Session Summary
Troubleshooting of the OneDrive KFM "Capabilities: 0x101" error for user pst-admin on Maras-HP-Laptop resumed. The user provided a screenshot showing three GUID entries in HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders still pointing to \\PST-SERVER. These GUIDs were not covered by prior fix scripts, which only targeted standard KF GUIDs. A new script, fix_remaining_folders.ps1, was written and deployed to update the three GUIDs to local userprofile paths, clear remaining FolderRedirectionPolicyValue markers, and remove Folder Redirection CSE history from Group Policy\History. The user ran the script, but the error remained.
A full registry diagnostic via GuruRMM API was initiated against the HP, accessing pst-admin's hive via HKU\S-1-5-21-1105246401-3156558273-4088333098-1118. The diagnostic revealed two WSE-specific non-standard GUID entries in User Shell Folders still pointing to the server, and a stale Shell Folders resolved cache that still showed all original \\PST-SERVER paths for every redirected folder. The Shell Folders key is what the shell and OneDrive actually read at runtime; it had not been rebuilt because pst-admin had not logged off/on since the prior fix ran.
A second script, hp_final_fix.ps1, was deployed via RMM running as SYSTEM against the HKU hive. It corrected the two non-standard WSE GUIDs in User Shell Folders and directly updated all 10 server-pointing Shell Folders entries to local C:\Users\pst-admin\... paths. Verification confirmed zero remaining \\PST-SERVER entries in either key. The fix is complete in the registry; pst-admin must log off and back on for the live session to reflect the corrected state.
## Key Decisions
- Targeted WSE non-standard GUIDs after discovering they differ from standard KF GUIDs: WSE wrote its own GUID variants alongside the standard ones; prior scripts only addressed the standard GUIDs.
- Deployed the final fix via RMM as SYSTEM against the HKU hive: allows both User Shell Folders and Shell Folders to be corrected in one pass regardless of what pst-admin was doing.
- Directly updated Shell Folders (the resolved cache) in addition to User Shell Folders: the cache had not been rebuilt at logon because prior fixes ran while pst-admin was still logged in; direct correction ensures the fix is visible immediately after the next logoff/on.
- Used /api/auth/login endpoint instead of raw JWT: raw HS256 JWT generation returned 401 despite correct secret; session token from login endpoint worked.
## Problems Encountered
- **fix_remaining_folders.ps1 did not resolve error**: Script ran and cleared markers/CSE history, but error remained. Root cause: stale Shell Folders resolved cache and two additional WSE-specific GUIDs not targeted by the script.
- **JWT auth returning 401**: Raw HS256 JWT (manually constructed) rejected by RMM API despite correct secret and algorithm. Resolved by using /api/auth/login with admin credentials to obtain session token.
- **Wrong RMM result endpoint**: Initial poll used /api/agents/{id}/command/{cmdId} (404). Correct endpoint: /api/commands/{cmdId}.
- **ConvertTo-Json nesting PS script body**: PowerShell hashtable caused ConvertTo-Json to emit nested map; API expected plain string for `command` field. Resolved by using py to JSON-encode the script file.
- **WSE non-standard GUIDs**: WSE GPO wrote two non-standard GUID variants in User Shell Folders alongside standard KF GUIDs. Standard: {4C5C32FF-BB9D-4518-B176-DEC04FF96F7E} / {BFB9D5E0-C6A9-4D9F-9667-1F64AD761B0C}. WSE variants: {4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4} / {BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}. Both sets had to be fixed.
- **Shell Folders not rebuilt at logon**: Cache still contained server paths after User Shell Folders was fixed, because pst-admin had not logged off/on since the prior fix. Resolved by directly updating Shell Folders via RMM.
## Configuration Changes
### Maras-HP-Laptop (pst-admin HKCU, applied via SYSTEM/HKU)
- `HKCU\...\Explorer\User Shell Folders`:
- `{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}` set to `C:\Users\pst-admin\Saved Games` (was \\PST-SERVER\...SavedGames)
- `{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}` set to `C:\Users\pst-admin\Links` (was \\PST-SERVER\...Links)
- fix_remaining_folders.ps1 earlier fixed: {4C5C32FF-BB9D-4518-B176-DEC04FF96F7E}, {56784854-C6CB-462B-8169-88E350ACB882}, {BFB9D5E0-C6A9-4D9F-9667-1F64AD761B0C}
- `HKCU\...\Explorer\Shell Folders`: 10 entries corrected from \\PST-SERVER to C:\Users\pst-admin\... (Desktop, Personal, My Pictures, My Video, My Music, Favorites, {374DE290}/Downloads, {56784854}/Contacts, {BFB9D5E0-404C}/Links, {4C5C32FF-43B0}/SavedGames)
### Scripts written (DESKTOP-0O8A1RL)
- `C:\Users\guru\Desktop\fix_remaining_folders.ps1` — 3 standard GUIDs + CSE cleanup
- `C:\Users\guru\AppData\Local\Temp\hp_reg_diag.ps1` — diagnostic via RMM/HKU
- `C:\Users\guru\AppData\Local\Temp\hp_final_fix.ps1` — 2 WSE GUIDs + Shell Folders
## Credentials & Secrets
| Item | Value |
|------|-------|
| GuruRMM API login | claude-api@azcomputerguru.com / ClaudeAPI2026!@# |
| GuruRMM JWT secret | ZNzGxghru2XUdBVlaf2G2L1YUBVcl5xH0lr/Gpf/QmE= (vault: infrastructure/gururmm-server.sops.yaml) |
| pst-admin password | SpiritWalk26! (update vault) |
## Infrastructure & Servers
| Component | Value |
|-----------|-------|
| GuruRMM API external | https://rmm.azcomputerguru.com |
| GuruRMM API internal | http://172.16.3.30:3001 |
| RMM auth endpoint | POST /api/auth/login |
| RMM command submit | POST /api/agents/{uuid}/command |
| RMM command result | GET /api/commands/{cmdId} |
| HP RMM agent UUID | 13cb3629-5043-4bd6-b977-6968eeccf804 |
| pst-admin SID | S-1-5-21-1105246401-3156558273-4088333098-1118 |
## Commands & Outputs
### RMM auth + command submit (correct pattern)
```powershell
$auth = Invoke-RestMethod -Uri "https://rmm.azcomputerguru.com/api/auth/login" -Method POST -ContentType "application/json" -Body (@{ email = "claude-api@azcomputerguru.com"; password = "ClaudeAPI2026!@#" } | ConvertTo-Json)
$token = $auth.token
$payload = py -c "import json; print(json.dumps({'command_type':'powershell','command':open(r'C:\path\to\script.ps1',encoding='utf-8').read()}))"
$resp = Invoke-RestMethod -Uri "https://rmm.azcomputerguru.com/api/agents/$agent/command" -Method POST -Headers @{ Authorization = "Bearer $token"; "Content-Type" = "application/json" } -Body $payload
# Poll result: GET /api/commands/{cmdId} — output in .stdout field
```
### hp_final_fix.ps1 verification output
```
=== Verification: any remaining server paths? ===
=== Done - pst-admin must log off and back on ===
# (no lines output = zero remaining server paths confirmed)
```
## Pending / Incomplete Tasks
| Task | Status | Notes |
|------|--------|-------|
| Test OneDrive KFM after pst-admin logoff/on | **PENDING** | Registry fully clean; logoff/on required to rebuild live session Shell Folders |
| Update vault with pst-admin new password | **PENDING** | SpiritWalk26! |
| Deploy cert + VPN to Maras-HP-Laptop via RMM | **PENDING** | PFX: C:\Users\guru\AppData\Local\Temp\Maras-HP-Laptop.pfx; agent 13cb3629-5043-4bd6-b977-6968eeccf804 |
| Deploy cert + VPN to PST-SURFACE via RMM | **PENDING** | PFX: C:\Users\guru\AppData\Local\Temp\PST-SURFACE.pfx; agent 4a993b61-59b3-42f4-bdb5-d4362941f7d6 |
| Test pre-login VPN at Windows logon screen | **PENDING** | rasdial confirmed in user session only |
| Browser default (http/https) for pst-admin | **PENDING** | Must click "Make Chrome default" in Chrome once |
| Clean up PST-SERVER temp files | **PENDING** | C:\ProgramData\: gen_certs.ps1, *.inf, *.req, *.cer, *.pfx, misc .ps1s |
| Remove TEMP firewall rules on PST-SERVER | **PENDING** | TEMP-CertEnroll-RPC (TCP 135), TEMP-CertEnroll-DCOM (TCP 49152-65535) |
## Reference Information
- WSE non-standard GUIDs vs standard KF GUIDs:
- SavedGames — WSE: {4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4} | Standard: {4C5C32FF-BB9D-4518-B176-DEC04FF96F7E}
- Links — WSE: {BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968} | Standard: {BFB9D5E0-C6A9-4D9F-9667-1F64AD761B0C}
- Shell Folders (HKCU\...\Explorer\Shell Folders) = resolved runtime cache; User Shell Folders = template. Both must be clean for OneDrive KFM.
- All _FolderRedirectionPolicyValue_* markers: NONE confirmed
- Folder Redirection CSE history ({25537BA6}): NONE confirmed
- OneDrive HKCU/HKLM policies: NONE
- DisablePersonalDirChange: NOT SET