sync: auto-sync from HOWARD-HOME at 2026-06-24 13:59:29
Author: Howard Enos Machine: HOWARD-HOME Timestamp: 2026-06-24 13:59:29
This commit is contained in:
@@ -351,8 +351,9 @@ Cascades' line-of-business / reporting SaaS (the systems they pull data OUT of,
|
||||
- **`svc-scan`** = dedicated AD service account (CN=Users, PasswordNeverExpires, CannotChangePassword) for the Brother's SMB auth. Vault: `clients/cascades-tucson/svc-scan.sops.yaml`.
|
||||
- **REUSE `svc-scan` for EVERY future scanner->network-folder setup at Cascades** (Howard, 2026-06-09) -- do NOT create a per-printer/per-folder scan account.
|
||||
- **Brother MFC-L8900CDW "Business Office" printer (10.0.20.220) -- Scan-to-Network profile (working 2026-06-09):** Network Folder Path `\\192.168.2.254\AcctDept\Scans`; **Auth Method NTLMv2** (not Auto/Kerberos -- printer can't KDC across VLAN); Username `cascades\svc-scan`; PDF Multi-Page.
|
||||
- **[NETWORK] CS-SERVER cannot reach the VLAN-20 printers** -- main-LAN `192.168.2.x` -> VLAN 20 `10.0.20.x` is blocked at pfSense. Use a VLAN-20 PC's browser or go onsite. The reverse (printer -> CS-SERVER:445) **is** open.
|
||||
- **[CORRECTED 2026-06-24, live] CS-SERVER CAN reach VLAN 20 -- server-hosted printing to VLAN-20 printers works.** CS-SERVER routes to `10.0.20.0/24` via the default gateway (pfSense `192.168.0.1`) and **pings the VLAN-20 gateway `10.0.20.1` fine**. The VLAN-20 print queues already on the server (Business Office/AcctDept Brother L8900CDW `10.0.20.220`, Memory Care Reception Epson `10.0.20.78`, Life Enrichment Canon `10.0.20.94`) print through it. **Caveat:** the printers often **don't answer ICMP ping when asleep** (and 9100 may show closed while idle) -- that is NOT a firewall block; a real print job wakes them. (Supersedes the earlier "main-LAN -> VLAN 20 blocked at pfSense" note, which was a stale/over-broad reading -- likely the printer being asleep or a since-changed rule. The printer's web-UI config from CS-SERVER may still be hit-or-miss when the device is idle; use a VLAN-20 PC if the GUI won't load.)
|
||||
- **Persistent drive maps to `\\cs-server\AcctDept`:** Chris (DESKTOP-N5G1ROO) Y:, Zachary (ACCT2-PC) Y:, Lauren (DESKTOP-H6QHRR7) X:.
|
||||
- **`\\CS-SERVER\BusinessOffice` (Business Office - Brother L8900CDW, `10.0.20.220`) = the "Accounting Assistant" printer in room 101** -- one physical L8900CDW, already a shared print queue on CS-SERVER. Attached to Chris Knight's PC (DESKTOP-N5G1ROO) 2026-06-24. Do NOT create a duplicate "Accounting Assistant Printer" queue -- it's this one.
|
||||
- **Executive restricted share (built 2026-06-24, ticket #32193):** `D:\Shares\Executive` on CS-SERVER, shared as **`\\cs-server\Executive`**; inheritance broken; SYSTEM / BUILTIN\Administrators = Full; `CASCADES\Ashley.Jensen` + `CASCADES\Meredith.Kuhn` = Modify (no Everyone); share-access limited to the same two + Admins. Mapped persistent `E:` on DESKTOP-U2DHAP0 (Ashley) and ASSISTMAN-PC (Meredith), RW-verified. NOTE: clients reach CS-SERVER SMB at **192.168.2.248** (registered DNS / Ethernet idx16), NOT the .254 Hyper-V vEthernet NIC -- the `phase3-pre-join-verify.ps1` hardcodes .254 and should be updated. RMM dispatch gotcha: build UNC from `[char]92` (heredoc+jq eats `\\`->`\`); surface a remotely-mapped drive in the user's running Explorer with `SHChangeNotify(SHCNE_DRIVEADD)` in their session.
|
||||
|
||||
### Synology NAS (cascadesDS) / Shared File Access
|
||||
|
||||
Reference in New Issue
Block a user