azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sync: auto-sync from HOWARD-HOME at 2026-05-08 19:53:03

Browse Source 
Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-05-08 19:53:03
This commit is contained in:
Howard Enos
2026-05-08 19:53:04 -07:00
parent 2349259999
commit 935b6995e5
6 changed files with 563 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

205
clients/kittle/session-logs/2026-05-08-howard-joshua-onsite-and-gururmm-onboarding.md Normal file
View File

@@ -0,0 +1,205 @@
# Kittle — Joshua Sutherland AD onboarding + GuruRMM site setup
**Date:** 2026-05-08
**Client:** Kittle Design & Construction LLC (Syncro 32460233, Tenant `kittle.lan`)
## User
- **User:** Howard Enos (howard)
- **Machine:** Howard-Home + onsite at Kittle 11:30 AM PT
- **Role:** tech
## Session Summary
Created Active Directory user `joshua.sutherland` at Kittle Design & Construction's domain (`kittle.lan`) for new employee Joshua Sutherland, who is taking over Wrex's existing workstation. Coordinated the onsite via Syncro ticket #32263 with an 11:30 AM PT scheduled appointment. Vaulted the Kittle GuruRMM site enrollment key (the Kittle GuruRMM client + site were created today) to enable agent deployment to Kittle endpoints going forward. Documented the working ScreenConnect command pattern (`#!ps` prefix required for PowerShell context) after Howard hit cmd-vs-PowerShell parsing errors.
## Key Decisions
- Joshua's email field uses the existing M365 domain (`joshua@kittlearizona.com`) — Kittle's M365 cloud identity layer is on `kittlearizona.com` while their on-prem AD is `kittle.lan`. Email field on the AD user reflects M365, not the on-prem domain.
- Initial AD password set to `Sutherland2026!`, then reset onsite to `Kota2020!` per Howard's direction. Force-change-at-logon enabled.
- Local admin rights on Wrex's PC handled separately — `Add-LocalGroupMember` must run on Wrex's actual workstation, not on the DC (which doesn't have a local Administrators group; that command targets the local SAM, not the domain).
- Kittle is now a GuruRMM client. Howard installing agents on SERVER2021 + Wrex's PC during the onsite to begin RMM coverage.
- Saved feedback memory: Syncro appointment owner must be explicitly confirmed when creating tickets — don't auto-default to ticket's assigned tech, don't add additional attendees without explicit user direction.
## Problems Encountered
- ScreenConnect command runner defaulted to `cmd` context, causing PowerShell syntax to fail. Resolved by prefixing scripts with `#!ps` to force PowerShell execution.
- Initial AD user creation had `-AccountPassword $Kota2020!` which PowerShell parsed as variable `$Kota2020` (empty) followed by `!``!` cannot be part of a variable name. Resolved by setting `$Password = ConvertTo-SecureString "Kota2020!" -AsPlainText -Force` first, then referencing `$Password`.
- `Add-LocalGroupMember` on the DC failed with "Group Administrators was not found." — DCs use Builtin\Administrators (domain-wide), not a local SAM group. Resolved by deferring the local-admin step to when Howard is at Wrex's actual workstation.
## Configuration Changes
### Active Directory user created (kittle.lan domain)
```
Name: Joshua Sutherland
SamAccountName: joshua.sutherland
UserPrincipalName: joshua.sutherland@kittle.lan
EmailAddress: joshua@kittlearizona.com
Enabled: true
ChangePasswordAtLogon: true
DistinguishedName: CN=Joshua Sutherland,CN=Users,DC=kittle,DC=lan
Description: Created 2026-05-08 by Howard for use on Wrex's machine
```
Password initially set to `Sutherland2026!`, then reset to `Kota2020!` per Howard's onsite preference (`Set-ADAccountPassword -Identity joshua.sutherland -NewPassword $Pwd -Reset`).
### Kittle GuruRMM site (created today, agents pending)
```
Client: Kittle Design & Construction LLC (id d8b08837-78e0-441e-b824-e0abbf0254ed, code KITTLE)
Site: Main Office (id 851376d1-33be-46ee-9e48-be44767e4a0a, code SILVER-HAWK-7639)
Address: 2539 N Balboa Ave #125, Tucson AZ 85705
API key: grmm_JA9bA45d7IGOf0bEifZnH9JjIBPOMZxq
```
Vaulted at `clients/kittle/gururmm-site-main.sops.yaml` (vault commit `6eb3414`).
### Syncro ticket created
- **#32263** — "Joshua - set up account on Wrex's computer" — Onsite, Scheduled, Howard Enos
- **Appointment** id `5585387825` — 2026-05-08 11:30 AM - 1:00 PM PT
- Customer: Kittle Design & Construction LLC, contact_id null per global rule
### Memory updated
- New: `.claude/memory/feedback_syncro_appointment_owner.md` — confirm appointment owner explicitly when creating tickets, don't add attendees silently.
## Credentials & Secrets
### Joshua Sutherland AD account (kittle.lan)
- Username: `joshua.sutherland`
- UPN: `joshua.sutherland@kittle.lan`
- Email: `joshua@kittlearizona.com`
- **Password (current, after onsite reset): `Kota2020!`**
- Force change at next logon: yes
### Kittle GuruRMM Main Office site enrollment key (NEW today)
- API key: `grmm_JA9bA45d7IGOf0bEifZnH9JjIBPOMZxq`
- Vault: `clients/kittle/gururmm-site-main.sops.yaml`
### Kittle SERVER2021 admin (FROM Syncro customer notes — needs vault migration)
- Username: `administrator`
- Password: `AXman2Z`
- **Source: Syncro customer notes (plaintext exposure)** — flag for vault migration. Same pattern as Horseshoe Management.
### Kittle M365 Outlook accounts (FROM Syncro customer notes — also flagged)
- `kittletucson@outlook.com` / `tick8800`
- `kittletucson2@outlook.com` / `Tick8800`
## Infrastructure & Servers
- **Kittle domain:** `kittle.lan` (NetBIOS: `KITTLE`)
- **DC + file server:** `SERVER2021` (Syncro asset id `10584015`)
- **M365 tenant:** `kittlearizona.com`
- **Other Syncro asset:** `FRONTDESK` (id `11122225`)
- **Wrex's workstation:** hostname unknown — not in Syncro asset inventory. Discovery pending onsite.
- **Office:** 2539 N Balboa Ave #125, Tucson AZ 85705
- **Primary contact:** Kimberly Ross, `admin@kittlearizona.com`
## Commands & Outputs
### Working AD user creation script (run on DC via ScreenConnect with `#!ps` prefix)
```powershell
#!ps
$Domain = Get-ADDomain
Write-Host "Domain: $($Domain.DNSRoot) ($($Domain.NetBIOSName))"
$Password = ConvertTo-SecureString "Sutherland2026!" -AsPlainText -Force
$UPN = "joshua.sutherland@$($Domain.DNSRoot)"
$Path = "CN=Users,$($Domain.DistinguishedName)"
New-ADUser `
-Name "Joshua Sutherland" `
-GivenName "Joshua" -Surname "Sutherland" `
-SamAccountName "joshua.sutherland" `
-UserPrincipalName $UPN `
-EmailAddress "joshua@kittlearizona.com" `
-AccountPassword $Password `
-Enabled $true `
-ChangePasswordAtLogon $true `
-Path $Path `
-Description "Created 2026-05-08 by Howard for use on Wrex's machine"
Get-ADUser -Identity joshua.sutherland -Properties * |
Select-Object SamAccountName, UserPrincipalName, EmailAddress, Enabled, DistinguishedName
```
### Password reset (run on DC, ScreenConnect `#!ps`)
```powershell
#!ps
$NewPassword = ConvertTo-SecureString "Kota2020!" -AsPlainText -Force
Set-ADAccountPassword -Identity "joshua.sutherland" -NewPassword $NewPassword -Reset
Set-ADUser -Identity "joshua.sutherland" -ChangePasswordAtLogon $true
Get-ADUser -Identity "joshua.sutherland" -Properties * |
Select-Object SamAccountName, Enabled, PasswordLastSet, ChangePasswordAtLogon
```
### Local admin add (run on Wrex's PC, NOT the DC)
```powershell
#!ps
$DomainNetBIOS = "KITTLE"
$User = "$DomainNetBIOS\joshua.sutherland"
Add-LocalGroupMember -Group "Administrators" -Member $User
Get-LocalGroupMember -Group "Administrators" | Format-Table Name, ObjectClass, PrincipalSource
```
### GuruRMM agent deployment (working command)
```powershell
#!ps
$u='https://rmm-api.azcomputerguru.com/downloads/gururmm-agent-windows-amd64-latest.exe';
$d='C:\Windows\Temp\gururmm-agent.exe';
Invoke-WebRequest $u -UseBasicParsing -OutFile $d;
& $d install --server-url 'wss://rmm-api.azcomputerguru.com/ws' --api-key 'grmm_JA9bA45d7IGOf0bEifZnH9JjIBPOMZxq'
```
The `#!ps` prefix is required when running via ScreenConnect Commands tab — without it, ScreenConnect runs in cmd context and `Invoke-WebRequest` fails. URL itself returns HTTP 200 (verified, 3.95 MB exe).
## Pending / Incomplete Tasks
### Onsite (in progress 11:30 AM PT)
- [ ] Add `KITTLE\joshua.sutherland` to local Administrators group on Wrex's workstation (script ready — run on Wrex's PC)
- [ ] Install GuruRMM agent on SERVER2021 (PowerShell command ready)
- [ ] Install GuruRMM agent on Wrex's workstation (same command)
- [ ] Optionally: roll out GuruRMM agent to FRONTDESK and any other Kittle endpoints
- [ ] Bill the Syncro ticket (#32263) at end of onsite
### Vault hygiene
- [ ] Migrate Kittle SERVER2021 admin password (`administrator / AXman2Z`) from Syncro plaintext customer notes to SOPS vault (`clients/kittle/server2021.sops.yaml`)
- [ ] Migrate the two Kittle Outlook accounts (`kittletucson@outlook.com` / `kittletucson2@outlook.com`) from Syncro notes to vault
- [ ] Strip those plaintext credentials from Syncro after vaulting (same exposure pattern as Horseshoe Management — flagged on 2026-05-06)
### Joshua workstation tasks (onsite)
- [ ] Confirm Joshua has signed in successfully on Wrex's PC and changed his password at first logon
- [ ] Verify joshua.sutherland is a local admin on Wrex's PC (`whoami /priv`, or test elevated UAC prompt)
- [ ] Email setup if needed (M365 mailbox provisioning is separate from AD creation — Joshua may need a Kittle M365 license assigned)
## Reference Information
### Vault paths
- `clients/kittle/gururmm-site-main.sops.yaml` — GuruRMM site enrollment key (NEW today, vault commit `6eb3414`)
- `clients/kittle/m365-michael-sanchez.sops.yaml` — existing M365 entry for Michael Sanchez
### Syncro
- Customer ID: `32460233`
- Customer name: Kittle Design & Construction LLC
- Ticket: **#32263** (today's onsite)
- Direct link: https://computerguru.syncromsp.com/tickets/110024484
### GuruRMM
- API: `https://rmm-api.azcomputerguru.com`
- Dashboard: `https://rmm.azcomputerguru.com`
- Kittle Main Office: site code `SILVER-HAWK-7639`, id `851376d1-33be-46ee-9e48-be44767e4a0a`
### Memory
- `.claude/memory/feedback_syncro_appointment_owner.md` — new today
### Related work
- Cascades-of-Tucson session log for the same day: `clients/cascades-tucson/session-logs/2026-05-08-howard-cascades-sdm-token-success-and-alis-sso.md`
---
**Onsite scheduled:** 2026-05-08 11:30 AM - 1:00 PM PT (Syncro #32263, appointment id `5585387825`)
**Resume:** Confirm onsite tasks (local admin, GuruRMM agents) completed; bill the ticket; vault migration follow-up.