azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sync: auto-sync from HOWARD-HOME at 2026-05-20 17:08:25

Browse Source 
Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-05-20 17:08:25
This commit is contained in:
Howard Enos
2026-05-20 17:08:26 -07:00
parent 6c476066ee
commit bc984d9c78
15 changed files with 638 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.claude/memory/MEMORY.md
View File

@@ -52,6 +52,7 @@
- [Mac gururmm setup pending](project_mac_gururmm_setup_pending.md) — ACTION REQUIRED: run `bash scripts/install-hooks.sh` in gururmm repo on Mikes-MacBook-Air before any RMM work
## Project
- [Cascades Migration Plan](project-cascades-migration-plan.md) — Active multi-day migration. Plan file: `C:\Users\Howard\.claude\plans\wise-discovering-panda.md`. Syncro ticket: #110680053. Resume: "resume the Cascades migration plan".
- [GuruRMM Development Principles](gururmm-development-principles.md) - MANDATORY: every feature needs full stack (backend, API, UI, docs, scalability). Product must work without AI agents (AI features are enhancements). Documented in guru-rmm/docs/DESIGN.md.
- [Sync script bug — untracked files](project_sync_script_bug.md) — Flagged for Mike. `.claude/scripts/sync.sh` line 53 misses untracked-only changes; one-line fix included.
- [MasterBooter Side Project](project_masterbooter.md) — Howard's Rust+Slint Windows deployment toolkit at C:\MasterBooter, separate from client work. Do not log to clients/.

18
.claude/memory/project-cascades-migration-plan.md Normal file
View File

@@ -0,0 +1,18 @@
---
name: project-cascades-migration-plan
description: Cascades of Tucson department migration plan — Syncro ticket, plan file location, resume command
metadata:
type: project
---
Active multi-day migration project for Cascades of Tucson. Department-by-department domain join, folder redirection, and Entra sync rollout.
**Why:** Full migration from workgroup/cloud-only to domain-integrated environment with clean end state (everything works automatically on fresh machine domain join).
**Syncro ticket:** https://computerguru.syncromsp.com/tickets/110680053 — update with notes after each session.
**Plan file:** `C:\Users\Howard\.claude\plans\wise-discovering-panda.md`
**Resume command:** Howard says "resume the Cascades migration plan" → read plan file, check CURRENT SAVE POINT section, pick up at next unchecked item.
**How to apply:** At every Cascades session start, read the plan file CURRENT SAVE POINT before doing any work. Update the save point and run /save at end of session.

37
.claude/temp/check-frd-gpo.ps1 Normal file
View File

@@ -0,0 +1,37 @@
$domain = 'cascades.local'
$gpoName = 'CSC - Folder Redirection'
$gpo = Get-GPO -Name $gpoName -Domain $domain -EA Stop
Write-Output "GPO: $($gpo.DisplayName)"
Write-Output "GUID: {$($gpo.Id.ToString().ToUpper())}"
Write-Output "Status: $($gpo.GpoStatus)"
Write-Output ""
Write-Output "=== Security Filter (who this GPO applies to) ==="
Get-GPPermission -Name $gpoName -Domain $domain -All | ForEach-Object {
Write-Output " $($_.Trustee.Name) [$($_.Trustee.TrusteeType)] — $($_.Permission)"
}
Write-Output ""
Write-Output "=== GPO Links ==="
$report = Get-GPOReport -Name $gpoName -Domain $domain -ReportType Xml
$xml = [xml]$report
$links = $xml.GPO.LinksTo
if ($links) {
foreach ($l in $links) {
Write-Output " $($l.SOMPath) — Enabled: $($l.Enabled) — NoOverride: $($l.NoOverride)"
}
} else {
Write-Output " (no links)"
}
Write-Output ""
Write-Output "=== SYSVOL contents ==="
$srv = 'CS-SERVER'
$sysvol = "\\$srv\SYSVOL\$domain\Policies"
$guid = "{$($gpo.Id.ToString().ToUpper())}"
Get-ChildItem "$sysvol\$guid" -Recurse -EA SilentlyContinue | ForEach-Object {
$rel = $_.FullName.Replace("$sysvol\$guid", '')
$type = if ($_.PSIsContainer) { '[DIR]' } else { "[FILE $($_.Length)b]" }
Write-Output " $type $rel"
}

19
.claude/temp/find-zachary.ps1 Normal file
View File

@@ -0,0 +1,19 @@
Import-Module ActiveDirectory -EA SilentlyContinue
$u = Get-ADUser -Identity 'zachary.nelson' -Properties DistinguishedName, Department, Title, MemberOf -EA SilentlyContinue
if ($u) {
Write-Output "DN: $($u.DistinguishedName)"
Write-Output "Department: $($u.Department)"
Write-Output "Title: $($u.Title)"
Write-Output "OU: $($u.DistinguishedName -replace '^CN=[^,]+,','')"
Write-Output ""
Write-Output "Groups:"
$u.MemberOf | ForEach-Object { Write-Output " $_" }
} else {
Write-Output "User not found"
}
Write-Output ""
Write-Output "=== All users in OU=Administrative ==="
Get-ADUser -Filter * -SearchBase "OU=Administrative,OU=Departments,DC=cascades,DC=local" -Properties Department,Title -EA SilentlyContinue |
Select-Object SamAccountName, Name, Department, Title |
ForEach-Object { Write-Output " $($_.SamAccountName)$($_.Name)$($_.Department)$($_.Title)" }

42
.claude/temp/frd-link.ps1 Normal file
View File

@@ -0,0 +1,42 @@
$domain = 'cascades.local'
$gpoName = 'CSC - Folder Redirection'
$ouDN = 'OU=Administrative,OU=Departments,DC=cascades,DC=local'
Import-Module GroupPolicy -EA SilentlyContinue
# Link GPO to OU=Administrative
try {
New-GPLink -Name $gpoName -Domain $domain -Target $ouDN -LinkEnabled Yes -EA Stop
Write-Output "[OK] Linked to $ouDN"
} catch {
if ($_.Exception.Message -like '*already*') {
Set-GPLink -Name $gpoName -Domain $domain -Target $ouDN -LinkEnabled Yes -EA SilentlyContinue
Write-Output "[OK] Link already existed — enabled"
} else {
Write-Output "[ERROR] $($_.Exception.Message)"
}
}
Write-Output ""
Write-Output "=== Security Filter ==="
Get-GPPermission -Name $gpoName -Domain $domain -All | ForEach-Object {
Write-Output " $($_.Trustee.Name) [$($_.Trustee.TrusteeType)] — $($_.Permission)"
}
Write-Output ""
Write-Output "=== Links ==="
$report = [xml](Get-GPOReport -Name $gpoName -Domain $domain -ReportType Xml)
$links = $report.GPO.LinksTo
if ($links) {
foreach ($l in $links) {
Write-Output " $($l.SOMPath) — Enabled: $($l.Enabled)"
}
} else {
Write-Output " (none)"
}
Write-Output ""
Write-Output "=== SG-FolderRedirect members ==="
Get-ADGroupMember -Identity 'SG-FolderRedirect' -EA SilentlyContinue | ForEach-Object {
Write-Output " $($_.SamAccountName)"
}

72
.claude/temp/frd-prep.ps1 Normal file
View File

@@ -0,0 +1,72 @@
$domain = 'cascades.local'
$gpoName = 'CSC - Folder Redirection'
$groupName = 'SG-FolderRedirect'
$groupOU = 'OU=Security Groups,OU=Groups,DC=cascades,DC=local'
Import-Module ActiveDirectory -EA SilentlyContinue
# --- Create SG-FolderRedirect if it doesn't exist ---
$grp = Get-ADGroup -Filter "Name -eq '$groupName'" -EA SilentlyContinue
if (-not $grp) {
try {
New-ADGroup -Name $groupName -GroupScope Global -GroupCategory Security `
-Description 'Members receive GPO folder redirection to \\CS-SERVER\homes\%USERNAME%' `
-Path $groupOU -EA Stop
Write-Output "[OK] Created group: $groupName in $groupOU"
} catch {
# Try root of domain if OU doesn't exist
try {
New-ADGroup -Name $groupName -GroupScope Global -GroupCategory Security `
-Description 'Members receive GPO folder redirection to \\CS-SERVER\homes\%USERNAME%' `
-Path "CN=Users,DC=cascades,DC=local" -EA Stop
Write-Output "[OK] Created group: $groupName in CN=Users (fallback)"
} catch {
Write-Output "[ERROR] Create group: $($_.Exception.Message)"
}
}
} else {
Write-Output "[INFO] Group already exists: $($grp.DistinguishedName)"
}
# --- Add zachary.nelson to the group ---
try {
Add-ADGroupMember -Identity $groupName -Members 'Zachary.Nelson' -EA Stop
Write-Output "[OK] Added Zachary.Nelson to $groupName"
} catch {
if ($_.Exception.Message -like '*already a member*') {
Write-Output "[INFO] Zachary.Nelson already in $groupName"
} else {
Write-Output "[ERROR] Add member: $($_.Exception.Message)"
}
}
# --- Remove Authenticated Users from GPO security filter ---
try {
Set-GPPermission -Name $gpoName -Domain $domain `
-PermissionLevel None -TargetName 'Authenticated Users' -TargetType Group -EA Stop
Write-Output "[OK] Removed Authenticated Users from security filter"
} catch {
Write-Output "[WARN] Remove Authenticated Users: $($_.Exception.Message)"
}
# --- Add SG-FolderRedirect with GpoApply ---
try {
Set-GPPermission -Name $gpoName -Domain $domain `
-PermissionLevel GpoApply -TargetName $groupName -TargetType Group -EA Stop
Write-Output "[OK] Added $groupName with GpoApply"
} catch {
Write-Output "[ERROR] Add group to GPO: $($_.Exception.Message)"
}
# --- Confirm final state ---
Write-Output ""
Write-Output "=== GPO Security Filter ==="
Get-GPPermission -Name $gpoName -Domain $domain -All | ForEach-Object {
Write-Output " $($_.Trustee.Name) [$($_.Trustee.TrusteeType)] — $($_.Permission)"
}
Write-Output ""
Write-Output "=== $groupName members ==="
Get-ADGroupMember -Identity $groupName -EA SilentlyContinue | ForEach-Object {
Write-Output " $($_.SamAccountName)"
}

17
.claude/temp/frd-remove-authedusers.ps1 Normal file
View File

@@ -0,0 +1,17 @@
$domain = 'cascades.local'
$gpoName = 'CSC - Folder Redirection'
try {
Set-GPPermission -Name $gpoName -Domain $domain `
-PermissionLevel None -TargetName 'Authenticated Users' -TargetType Group `
-Confirm:$false -EA Stop
Write-Output "[OK] Removed Authenticated Users from security filter"
} catch {
Write-Output "[ERROR] $($_.Exception.Message)"
}
Write-Output ""
Write-Output "=== GPO Security Filter ==="
Get-GPPermission -Name $gpoName -Domain $domain -All | ForEach-Object {
Write-Output " $($_.Trustee.Name) [$($_.Trustee.TrusteeType)] — $($_.Permission)"
}

30
.claude/temp/frd-remove-authedusers2.ps1 Normal file
View File

@@ -0,0 +1,30 @@
$domain = 'cascades.local'
$gpoName = 'CSC - Folder Redirection'
$gpoGuid = '{512B43A4-F049-4CE5-BFAC-860AD13E92BE}'
# Remove Authenticated Users directly from the GPO AD object ACL
$gpoADPath = "AD:CN=$gpoGuid,CN=Policies,CN=System,DC=$($domain.Replace('.',',DC='))"
try {
$acl = Get-Acl $gpoADPath -EA Stop
$au = [System.Security.Principal.NTAccount]'NT AUTHORITY\Authenticated Users'
$removed = 0
$acl.Access | Where-Object { $_.IdentityReference.Value -like '*Authenticated Users*' } | ForEach-Object {
$acl.RemoveAccessRule($_) | Out-Null
$removed++
}
if ($removed -gt 0) {
Set-Acl -Path $gpoADPath -AclObject $acl -EA Stop
Write-Output "[OK] Removed $removed ACE(s) for Authenticated Users from GPO AD object"
} else {
Write-Output "[INFO] Authenticated Users not found in ACL"
}
} catch {
Write-Output "[ERROR] ACL approach: $($_.Exception.Message)"
}
# Verify via Get-GPPermission
Write-Output ""
Write-Output "=== GPO Security Filter (final) ==="
Get-GPPermission -Name $gpoName -Domain $domain -All | ForEach-Object {
Write-Output " $($_.Trustee.Name) [$($_.Trustee.TrusteeType)] — $($_.Permission)"
}

44
.claude/temp/frd-remove-authedusers3.ps1 Normal file
View File

@@ -0,0 +1,44 @@
$domain = 'cascades.local'
$gpoName = 'CSC - Folder Redirection'
$gpoGuid = '{512B43A4-F049-4CE5-BFAC-860AD13E92BE}'
Import-Module ActiveDirectory -EA SilentlyContinue
Import-Module GroupPolicy -EA SilentlyContinue
# Suppress all ShouldProcess confirmations
$ConfirmPreference = 'None'
# Try Set-GPPermission with ConfirmPreference suppressed
try {
Set-GPPermission -Name $gpoName -Domain $domain `
-PermissionLevel None -TargetName 'Authenticated Users' -TargetType Group -EA Stop
Write-Output "[OK] Removed via Set-GPPermission"
} catch {
Write-Output "[WARN] Set-GPPermission failed: $($_.Exception.Message)"
# Fallback: GPMC COM object
try {
$gpm = New-Object -ComObject GPMgmt.GPM
$constants = $gpm.GetConstants()
$gpmDomain = $gpm.GetDomain($domain, '', $constants.UseAnyDC)
$gpo = $gpmDomain.GetGPO($gpoGuid)
$secInfo = $gpo.GetSecurityInfo()
$newSec = $gpm.CreateSecurityInfo()
for ($i = 0; $i -lt $secInfo.Count; $i++) {
$perm = $secInfo.Item($i)
if ($perm.Trustee.TrusteeName -ne 'Authenticated Users') {
$newSec.Add($perm)
}
}
$gpo.SetSecurityInfo($newSec)
Write-Output "[OK] Removed via GPMC COM"
} catch {
Write-Output "[ERROR] COM approach: $($_.Exception.Message)"
}
}
Write-Output ""
Write-Output "=== GPO Security Filter (final) ==="
Get-GPPermission -Name $gpoName -Domain $domain -All | ForEach-Object {
Write-Output " $($_.Trustee.Name) [$($_.Trustee.TrusteeType)] — $($_.Permission)"
}

56
.claude/temp/frd-scope-zachary.ps1 Normal file
View File

@@ -0,0 +1,56 @@
$domain = 'cascades.local'
$gpoName = 'CSC - Folder Redirection'
# Security filter: remove Authenticated Users, add zachary.nelson
$gpo = Get-GPO -Name $gpoName -Domain $domain
Write-Output "GPO: $($gpo.DisplayName)$($gpo.Id)"
# Remove Authenticated Users from Security Filtering
try {
Set-GPPermission -Name $gpoName -Domain $domain -PermissionLevel None -TargetName 'Authenticated Users' -TargetType Group -EA Stop
Write-Output "[OK] Removed Authenticated Users from security filter"
} catch {
Write-Output "[WARN] Remove Authenticated Users: $($_.Exception.Message)"
}
# Grant zachary.nelson Apply Group Policy permission
try {
Set-GPPermission -Name $gpoName -Domain $domain -PermissionLevel GpoApply -TargetName 'zachary.nelson' -TargetType User -EA Stop
Write-Output "[OK] Added zachary.nelson with GpoApply"
} catch {
Write-Output "[ERROR] Add zachary.nelson: $($_.Exception.Message)"
}
# Also ensure Domain Admins can still read/edit the GPO
try {
Set-GPPermission -Name $gpoName -Domain $domain -PermissionLevel GpoEditDeleteModifySecurity -TargetName 'Domain Admins' -TargetType Group -EA Stop
Write-Output "[OK] Domain Admins GpoEditDeleteModifySecurity confirmed"
} catch {
Write-Output "[WARN] Domain Admins: $($_.Exception.Message)"
}
# Link GPO to OU=Administrative
$ouDN = 'OU=Administrative,OU=Departments,DC=cascades,DC=local'
try {
$link = New-GPLink -Name $gpoName -Domain $domain -Target $ouDN -LinkEnabled Yes -EA Stop
Write-Output "[OK] Linked to $ouDN"
} catch {
if ($_.Exception.Message -like '*already exists*') {
Write-Output "[INFO] Link already exists — enabling it"
Set-GPLink -Name $gpoName -Domain $domain -Target $ouDN -LinkEnabled Yes -EA SilentlyContinue
Write-Output "[OK] Link enabled"
} else {
Write-Output "[ERROR] Link: $($_.Exception.Message)"
}
}
Write-Output ""
Write-Output "=== GPO Scope after changes ==="
Get-GPPermission -Name $gpoName -Domain $domain -All | ForEach-Object {
Write-Output " $($_.Trustee.Name)$($_.Permission)"
}
Write-Output ""
Write-Output "=== GPO Links ==="
(Get-GPO -Name $gpoName -Domain $domain).GpoLinks | ForEach-Object {
Write-Output " $($_.SomName) — Enabled: $($_.Enabled)"
}

51
.claude/temp/gpo-inspect-le.ps1 Normal file
View File

@@ -0,0 +1,51 @@
$domain = 'cascades.local'
$srv = 'CS-SERVER'
$sysvol = "\\$srv\SYSVOL\$domain\Policies"
# Find the LE folder redirection GPO
$gpo = Get-GPO -Name 'CSC - Folder Redirection (LE)' -Domain $domain
Write-Output "GPO: $($gpo.DisplayName)"
Write-Output "GUID: {$($gpo.Id.ToString().ToUpper())}"
$gpoPath = "$sysvol\{$($gpo.Id.ToString().ToUpper())}"
Write-Output "Path: $gpoPath"
Write-Output ""
# List all files in the GPO folder recursively
Write-Output "=== SYSVOL file tree ==="
Get-ChildItem $gpoPath -Recurse -File -EA SilentlyContinue | ForEach-Object {
Write-Output " $($_.FullName.Replace($gpoPath, ''))"
}
Write-Output ""
# Show GPT.INI
Write-Output "=== GPT.INI ==="
[System.IO.File]::ReadAllText("$gpoPath\GPT.INI") | Write-Output
Write-Output ""
# Show any fdeploy.ini or redirection files
$fdeployPath = "$gpoPath\User\Documents & Settings"
if (Test-Path $fdeployPath) {
Write-Output "=== fdeploy.ini ==="
[System.IO.File]::ReadAllText("$fdeployPath\fdeploy.ini") | Write-Output
} else {
Write-Output "No 'Documents & Settings' folder found"
}
# Also check the unlinked CSC - Folder Redirection GPO
Write-Output ""
Write-Output "=== CSC - Folder Redirection (unlinked) ==="
$gpo2 = Get-GPO -Name 'CSC - Folder Redirection' -Domain $domain -EA SilentlyContinue
if ($gpo2) {
Write-Output "GUID: {$($gpo2.Id.ToString().ToUpper())}"
$gpo2Path = "$sysvol\{$($gpo2.Id.ToString().ToUpper())}"
Get-ChildItem $gpo2Path -Recurse -File -EA SilentlyContinue | ForEach-Object {
Write-Output " $($_.FullName.Replace($gpo2Path, ''))"
}
$fd2 = "$gpo2Path\User\Documents & Settings\fdeploy.ini"
if (Test-Path $fd2) {
Write-Output "fdeploy.ini:"
[System.IO.File]::ReadAllText($fd2) | Write-Output
}
} else {
Write-Output "GPO not found"
}

30
.claude/temp/gpo-inspect2.ps1 Normal file
View File

@@ -0,0 +1,30 @@
$domain = 'cascades.local'
$srv = 'CS-SERVER'
$sysvol = "\\$srv\SYSVOL\$domain\Policies"
# Read the unlinked CSC - Folder Redirection Registry.xml
$gpo = Get-GPO -Name 'CSC - Folder Redirection' -Domain $domain
$guid = "{$($gpo.Id.ToString().ToUpper())}"
$xmlPath = "$sysvol\$guid\User\Preferences\Registry\Registry.xml"
Write-Output "=== CSC - Folder Redirection Registry.xml ==="
[System.IO.File]::ReadAllText($xmlPath) | Write-Output
Write-Output ""
Write-Output "=== LE GPO GPC attributes (AD) ==="
$gpoLE = Get-GPO -Name 'CSC - Folder Redirection (LE)' -Domain $domain
$leGuid = "{$($gpoLE.Id.ToString().ToUpper())}"
$gpcObj = Get-ADObject -Filter { Name -eq $leGuid } -Properties 'gPCUserExtensionNames','gPCMachineExtensionNames','versionNumber','gPCFileSysPath' -SearchBase "CN=Policies,CN=System,DC=cascades,DC=local" -EA SilentlyContinue
if ($gpcObj) {
Write-Output " gPCUserExtensionNames: $($gpcObj.gPCUserExtensionNames)"
Write-Output " gPCMachineExtensionNames: $($gpcObj.gPCMachineExtensionNames)"
Write-Output " versionNumber: $($gpcObj.versionNumber)"
Write-Output " gPCFileSysPath: $($gpcObj.gPCFileSysPath)"
} else { Write-Output " GPC object not found" }
Write-Output ""
Write-Output "=== LE GPO full SYSVOL tree (including empty dirs) ==="
Get-ChildItem "\\$srv\SYSVOL\$domain\Policies\$leGuid" -Recurse -EA SilentlyContinue | ForEach-Object {
$rel = $_.FullName.Replace("\\$srv\SYSVOL\$domain\Policies\$leGuid", '')
$type = if ($_.PSIsContainer) { '[DIR]' } else { "[FILE $(($_.Length))]" }
Write-Output " $type $rel"
}

40
.claude/temp/kfm-check.ps1 Normal file
View File

@@ -0,0 +1,40 @@
$ErrorActionPreference = 'Continue'
Write-Output "=== KFM Check: $env:COMPUTERNAME ==="
Write-Output ""
Write-Output "--- Logged on users ---"
query user 2>&1 | ForEach-Object { Write-Output $_ }
Write-Output ""
Write-Output "--- OneDrive.exe processes ---"
$odProcs = Get-CimInstance Win32_Process -Filter "Name='OneDrive.exe'" -EA SilentlyContinue
if ($odProcs) {
foreach ($p in $odProcs) {
$o = $p.GetOwner()
Write-Output " Running as: $($o.Domain)\$($o.User)"
}
} else { Write-Output " Not running" }
Write-Output ""
Write-Output "--- User profile OneDrive folders ---"
Get-ChildItem C:\Users -Directory -EA SilentlyContinue |
Where-Object { $_.Name -notin @('Public','Default','Default User','All Users') } |
ForEach-Object {
$od = Get-ChildItem $_.FullName -Directory -Filter 'OneDrive*' -EA SilentlyContinue
Write-Output " $($_.Name): $(if ($od) { $od.Name -join ', ' } else { 'no OneDrive folder' })"
}
Write-Output ""
Write-Output "--- Loaded HKU shell folders ---"
Get-ChildItem 'Registry::HKEY_USERS' -EA SilentlyContinue |
Where-Object { $_.Name -match 'S-1-5-21' -and $_.Name -notmatch '_Classes' } |
ForEach-Object {
$sid = $_.PSChildName
try { $un = ([System.Security.Principal.SecurityIdentifier]$sid).Translate([System.Security.Principal.NTAccount]).Value } catch { $un = $sid }
Write-Output " User: $un"
$sf = Get-ItemProperty "Registry::HKEY_USERS\$sid\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" -EA SilentlyContinue
if ($sf) {
$d = $sf.Personal
$dt = $sf.Desktop
$dl = $sf.'{374DE290-123F-4565-9164-39C4925E467B}'
Write-Output " Documents: $d$(if ($d -like '*OneDrive*') { ' [KFM ACTIVE]' })"
Write-Output " Desktop: $dt$(if ($dt -like '*OneDrive*') { ' [KFM ACTIVE]' })"
Write-Output " Downloads: $dl$(if ($dl -like '*OneDrive*') { ' [KFM ACTIVE]' })"
} else { Write-Output " Shell Folders key not present (user not logged in or hive not loaded)" }
}

21
.claude/temp/read-regxml.ps1 Normal file
View File

@@ -0,0 +1,21 @@
$domain = 'cascades.local'
$srv = 'CS-SERVER'
$sysvol = "\\$srv\SYSVOL\$domain\Policies"
$gpo = Get-GPO -Name 'CSC - Folder Redirection' -Domain $domain
$guid = "{$($gpo.Id.ToString().ToUpper())}"
$xmlPath = "$sysvol\$guid\User\Preferences\Registry\Registry.xml"
$bytes = [System.IO.File]::ReadAllBytes($xmlPath)
Write-Output "REGXML_B64_START"
Write-Output ([Convert]::ToBase64String($bytes))
Write-Output "REGXML_B64_END"
# Also get LE GPO GPC attributes from AD
Import-Module ActiveDirectory -EA SilentlyContinue
$leGpo = Get-GPO -Name 'CSC - Folder Redirection (LE)' -Domain $domain
$leGuid = $leGpo.Id.ToString().ToUpper()
$gpcObj = Get-ADObject -Filter "Name -eq '{$leGuid}'" `
-SearchBase "CN=Policies,CN=System,DC=cascades,DC=local" `
-Properties gPCUserExtensionNames,gPCMachineExtensionNames,versionNumber -EA SilentlyContinue
Write-Output "LEGPO_EXT: $($gpcObj.gPCUserExtensionNames)"