sync: auto-sync from GURU-5070 at 2026-06-29 15:30:34
Author: Mike Swanson Machine: GURU-5070 Timestamp: 2026-06-29 15:30:34
This commit is contained in:
10
errorlog.md
10
errorlog.md
@@ -17,6 +17,16 @@ Categories (the `[type]` tag): _(none)_ = skill/command execution failure ·
|
||||
|
||||
<!-- Append entries below this line -->
|
||||
|
||||
2026-06-29 | GURU-5070 | remediation-tool/graph | [friction] Tenant Admin app 403s on group DELETE (has GroupMember write, not Group.ReadWrite.All); use User Manager app for M365 group deletion [ctx: tenant=birthbiologic op=group-delete]
|
||||
|
||||
2026-06-29 | GURU-5070 | rmm/rsync-cygwin | [friction] cwRsync (cygwin) on AD2 misreads a Windows 'C:path' DESTINATION as a remote host; pulls silently fail. Use /cygdrive/c/... for local src AND dst [ctx: host=AD2 ref=dataforth-dos-sync]
|
||||
|
||||
2026-06-29 | GURU-5070 | graph/sharepoint-upload | BirthBio media upload: all 10 large files failed at chunk 0 (connection closed on send + 503) with 60MB chunks; docs OK [ctx: site=birthbiologic chunk=60MB fix=reduce-to-10MiB+retry]
|
||||
|
||||
2026-06-29 | GURU-5070 | rmm/user-management | [correction] Claimed GuruRMM has no built-in user-password action; it DOES - the per-agent User Manager tab (Users/Groups) manages local + domain (on a DC) + AAD users: reset_password, set_enabled, set_password_never_expires, add/remove_from_group. Used raw Set-ADAccountPassword PowerShell instead (which also leaked the pw into command history). [ctx: endpoint=/api/agents/{id}/users + /users/action component=UserManagerTab.tsx]
|
||||
|
||||
2026-06-29 | GURU-5070 | remediation-tool | [correction] assumed 'AD account' meant Entra/M365 account; user meant ON-PREM AD. 365/email stays disabled; on-prem handled separately (no ADsync - cloud-only user). [ctx: client=VWP user=teresa@valleywideplastering.com]
|
||||
|
||||
2026-06-29 | GURU-5070 | remediation-tool/reset-password.sh | [friction] JIT de-elevation can never succeed: an app-only SP cannot remove its OWN Privileged Authentication Administrator assignment ('no privilege to remove self'). Every admin-account reset leaves standing PAA on the ComputerGuru Tenant Admin SP; requires a human Global Admin to remove. Likely also left PAA on birthbiologic.com (2026-06-08). [ctx: tenant=5c53ae9f-7071-4248-b834-8685b646450f sp=fccda86c-77ca-4248-b876-b0cdba8605d4 role=PrivilegedAuthAdmin fix=PIM-or-second-principal-or-human-GA]
|
||||
|
||||
2026-06-29 | GURU-5070 | remediation-tool | reset-password: failed to remove JIT Privileged Auth Admin role - standing privilege left behind, REMOVE MANUALLY [ctx: tenant=5c53ae9f-7071-4248-b834-8685b646450f assignment=ikzke6-tKk6E1qsmSeCKE2yozfzKd0hCuHawzbqGBdQ-1 http=400]
|
||||
|
||||
Reference in New Issue
Block a user