From 7ff9dbc624ea7d1747b06cf7284cd0417ed152e4 Mon Sep 17 00:00:00 2001 From: Howard Enos Date: Fri, 5 Jun 2026 18:27:04 -0700 Subject: [PATCH] sync: auto-sync from HOWARD-HOME at 2026-06-05 18:26:57 Author: Howard Enos Machine: HOWARD-HOME Timestamp: 2026-06-05 18:26:57 --- clients/cascades-tucson/session-logs/2026-06-05-session.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/clients/cascades-tucson/session-logs/2026-06-05-session.md b/clients/cascades-tucson/session-logs/2026-06-05-session.md index fa99fdb..5887f35 100644 --- a/clients/cascades-tucson/session-logs/2026-06-05-session.md +++ b/clients/cascades-tucson/session-logs/2026-06-05-session.md @@ -259,3 +259,10 @@ Dispatching to GuruRMM from HOWARD-HOME broke mid-session: - [ ] Howard: lower ALIS app timeout 20→15 in ALIS admin. - [ ] Investigate curl "Permission denied" on HOWARD-HOME (AV exclusion) + the RMM API 500 on large payloads. - [ ] Go-live (unchanged): swap `CSC - Caregiver Workstation` filter `SG-Caregivers-Test`→`SG-Caregivers`; CA allow-list test group→`SG-Caregivers`; move machines into `OU=Caregiver Devices` + `SG-PC-*` one at a time; ALIS email-match the 38 + medtechs. + +## Update: 18:05 MST — Lockdown GPO DEPLOYED + ticket updated; block resolved + +- **`CSC - Caregiver Device Lockdown` DEPLOYED** — `{E6174988-2721-4D96-ADF5-F5BB44E92769}`, computer-only (UserSettingsDisabled), startup script + psscripts.ini in SYSVOL, Scripts CSE registered (versionNumber 2, AD == GPT.ini), **linked at `OU=Caregiver Devices`**. (Startup scripts run at BOOT — NURSESTATION must **reboot** to run it: sets `InactivityTimeoutSecs=180`, powercfg never-sleep, registers the `CSC Caregiver Idle Logoff` scheduled task.) +- **Block resolved:** the earlier curl "Permission denied" / RMM-dispatch failure was a workstation-side AV/process block that Howard fixed; re-dispatched via curl and it deployed first try. (The prior RMM 500 was during the blocked window; not reproduced.) +- **Syncro ticket #110680053 (Syncro #32303, "Domain setup-entra sync", Cascades) updated** with the 6/4–6/5 work summary as an **internal/hidden note** (do_not_email), **comment id 417580711**. Framed around the caregiver/medtech laptop+desktop setup, the Win Pro + Win11 25H2 upgrades, the Microsoft Intune-provisioning dead-end and the pivot to Hybrid Entra Join + GPO, the test/security groups, validated on the pilot, switching users Monday. +- **Remaining to fully finish the test:** reboot NURSESTATION → verify lock@3min + 90s warning + sign-out@15min + never-sleep; Howard lowers ALIS app timeout 20→15; then Monday cutover (one user/machine at a time).