sync: auto-sync from HOWARD-HOME at 2026-06-10 13:15:14

Author: Howard Enos Machine: HOWARD-HOME Timestamp: 2026-06-10 13:15:14
2026-06-10 13:15:24 -07:00
parent a0f62b4d40
commit bd5e977b6e
6 changed files with 200 additions and 2 deletions
--- a/.claude/memory/MEMORY.md
+++ b/.claude/memory/MEMORY.md
@@ -83,7 +83,7 @@
 - [Dashboard beta-first deploy](feedback_dashboard_beta_first.md) — Dashboard auto-builds to rmm-beta.azcomputerguru.com on push; prod (rmm.azcomputerguru.com) is explicit promote-only via promote-dashboard.sh --confirm. Never hand-rsync prod. One artifact, nginx sub_filter BETA banner. Stood up 2026-06-02.

 ### Cascades
- [Cascades operational rules](feedback_cascades.md) — Two active rules: (1) folder redirection (fdeploy) needs subfolders PRE-CREATED before first logon or it caches a failure forever; recovery via fix-shell-redirect.ps1. (2) ALWAYS ask which security group(s) a new user goes into — never auto-derive from OU.
+- [Cascades operational rules](feedback_cascades.md) — Active rules: (1) folder redirection (fdeploy) needs subfolders PRE-CREATED before first logon or it caches a failure forever; recovery via fix-shell-redirect.ps1. (2) ALWAYS ask which security group(s) a new user goes into — never auto-derive from OU. (3) Do NOT lock down the legacy Main\Company Web Docs\Accounting (Everyone:Full) folder — still in active use.
 - [Cascades FR GPO fix](reference_cascades_fr_gpo_fix.md) — Native Folder Redirection was DOA on every machine: redirect targets were in a misnamed `fdeploy1.ini` (Windows reads `fdeploy.ini`) → empty target path → silent no-op → per-user registry workaround every time. Fixed 2026-06-08 (correct fdeploy.ini + version bump). Also: CS-SERVER live RMM agent is `c39f1de7...` (old `6766e973` stale).

 ## Machine
--- a/.claude/memory/cyndyoffice-physical-hp-lockups.md
+++ b/.claude/memory/cyndyoffice-physical-hp-lockups.md
@@ -36,6 +36,18 @@ Startup fixes, next step = full hardware diagnostic (extended mem + drive/PSU)
 plus backup + clean Windows reinstall; ~1-2 days machine downtime. PSU is the
 prime remaining hardware suspect.

+BILLED 2026-06-10: 1.0h onsite, $175, invoice #67810 (client emailed summary +
+contingency). Universal Minerals is BREAK-FIX - no prepaid block, NOT an RMM/
+monitoring client (prepay_hours 0.0). The GuruRMM agent was installed ONLY to
+diagnose and was REMOVED same-day 2026-06-10 (agent's own `uninstall` via a
+detached one-time scheduled task + sc delete of GuruRMMAgent/GuruRMMWatchdog +
+deleted C:\Program Files\GuruRMM and C:\ProgramData\GuruRMM; server-side record
+DELETE /api/agents/<id> -> 204). So freeze monitoring is now manual/customer-
+reported, not via RMM. Client wiki seeded at wiki/clients/universal-minerals.md
+([[universal-minerals]] slug). To remove a GuruRMM Windows agent generally: it
+has built-in verbs (install/uninstall/start/stop/status) - run `uninstall`
+DETACHED (scheduled task) so it survives killing its own service.
+
 **Why:** future "look at CyndyOffice" requests will assume VM tuning; it's a
 physical box needing a memtest/PSU/BIOS path.
 **How to apply:** treat as physical hardware; resolve UUID live every time.
--- a/.claude/memory/feedback_cascades.md
+++ b/.claude/memory/feedback_cascades.md
@@ -1,6 +1,6 @@
 ---
 name: Cascades-specific operational rules (folder redirect, security groups)
-description: Two active rules for Cascades work — (1) folder redirection (fdeploy) needs subfolders pre-created before first logon or it caches a failure forever; recovery via fix-shell-redirect.ps1; (2) always ASK which security group(s) a new user goes into — never auto-derive from OU. Root-cause / incident detail in project_cascades_history.md.
+description: Active rules for Cascades work — (1) folder redirection (fdeploy) needs subfolders pre-created before first logon or it caches a failure forever; recovery via fix-shell-redirect.ps1; (2) always ASK which security group(s) a new user goes into — never auto-derive from OU; (3) do NOT lock down the legacy Main\Company Web Docs\Accounting (Everyone:Full) folder — still in active use. Root-cause / incident detail in project_cascades_history.md.
 type: feedback
 ---

@@ -39,3 +39,9 @@ When creating or being asked to create any Cascades user account (AD or M365), a
 OU placement is mechanical (controls Entra Connect sync scope); group membership is an access-control decision and must be made consciously.

 **Caregivers example:** account goes in `OU=Caregivers` (sync scope) AND must be deliberately added to `SG-Caregivers` (CA policy coverage) — two separate, intentional steps; neither auto-derived from the other.
+
+---
+
+## 3. Do NOT lock down the legacy `Main\Company Web Docs\Accounting` folder
+
+The accounting folder under the Synology-Drive-synced tree (`D:\Shares\Main\Company Web Docs\Accounting`, `Everyone:FullControl`) stays as-is — Howard confirmed 2026-06-10 the team is **still actively using it**. Do not scope/tighten its ACL or "clean it up" as a HIPAA hardening step, even though the wide-open Everyone:Full looks like an obvious target. The 2026-06-09 scan-to-folder build deliberately created a *separate* clean share (`\\CS-SERVER\AcctDept` → `D:\Shares\Accounting`) rather than reusing this folder; that is the lockdown story, and the legacy folder is intentionally left untouched.
--- a/clients/universal-minerals/session-logs/2026-06/2026-06-10-howard-cyndyoffice-freeze-diagnosis.md
+++ b/clients/universal-minerals/session-logs/2026-06/2026-06-10-howard-cyndyoffice-freeze-diagnosis.md
@@ -136,3 +136,39 @@ None discovered or created this session. RMM and Syncro auth via existing vault
 - Memory file: .claude/memory/cyndyoffice-physical-hp-lockups.md
 - RMM commands this session: diagnostics + remediation dispatched to agent
  28708e66-342f-4130-b192-e308b582f00b.
+
+## Update: 13:15 PT — Billing, RMM removal, client wiki
+
+Billed and closed out the diagnostic engagement, removed the temporary RMM agent, and
+seeded the client wiki article.
+
+**Billing (Syncro #32397):** 1.0h onsite (product 26118, $175.00). Posted a public
+resolution comment WITH `do_not_email: false` so the client was emailed the work summary
+plus the verbatim contingency note (if freezing recurs -> full hardware diagnostic +
+backup/clean Windows reinstall, ~1-2 days downtime). Line item 42807858; invoice **#67810**
+(id 1650637398), total $175.00. Ticket left **In Progress** (monitoring), not marked
+Invoiced. Invoice PDF email is a Syncro GUI step — no verified API endpoint, did not probe.
+
+**RMM removal (client is break-fix / no-RMM):** Confirmed CyndyOffice belongs to Universal
+Minerals (customer 34844920, prepay 0.0) — the agent was a temporary diagnostic tool. The
+Windows agent exposes built-in verbs (`install/uninstall/start/stop/status/watchdog`).
+Because running `uninstall` through the agent would kill the command mid-execution, wrote a
+removal script to `C:\Windows\Temp\rmm-remove.ps1` and ran it via a **detached one-time
+scheduled task** (`GuruRMM-Removal`, SYSTEM) that fires ~8s after the agent acks: runs
+`gururmm-agent.exe uninstall`, `taskkill /F`, `sc delete GuruRMMWatchdog/GuruRMMAgent`,
+removes `C:\Program Files\GuruRMM` + `C:\ProgramData\GuruRMM`, self-deletes the task. Agent
+went offline immediately (service gone). Server-side record cleaned up:
+`DELETE /api/agents/28708e66-...` -> HTTP 204, confirmed removed from the dashboard.
+Consequence: the freeze monitoring window is now manual / customer-reported, not via RMM.
+
+**Client wiki seeded:** Created `wiki/clients/universal-minerals.md` (break-fix profile,
+CyndyOffice hardware/specs, freeze + QuickBooks patterns, #32397 active work, history) and
+added the client to `wiki/index.md` (Clients table + Cross-Reference). To be expanded as
+more of the environment is learned, per the standard client-wiki pattern.
+
+**Config changes (this update):** updated `.claude/memory/cyndyoffice-physical-hp-lockups.md`
+(billing + RMM-removal + general Windows-agent removal method); created
+`wiki/clients/universal-minerals.md`; edited `wiki/index.md`.
+
+**Reference:** invoice #67810 (id 1650637398); Syncro comments 418397979 (billing, emailed);
+removal command `a25eaab4-...`; removed agent UUID `28708e66-342f-4130-b192-e308b582f00b`.
--- a/wiki/clients/universal-minerals.md
+++ b/wiki/clients/universal-minerals.md
@@ -0,0 +1,142 @@
+---
+type: client
+name: universal-minerals
+display_name: Universal Minerals International Inc
+last_compiled: 2026-06-10
+compiled_by: HOWARD-HOME/claude-main
+sources:
+  - clients/universal-minerals/session-logs/2026-06/2026-06-10-howard-cyndyoffice-freeze-diagnosis.md
+  - Syncro customer 34844920
+  - Syncro ticket #32397 (112445840)
+  - .claude/memory/cyndyoffice-physical-hp-lockups.md
+backlinks: []
+---
+
+# Universal Minerals International Inc
+
+Mineral / commodities business in Tucson, AZ. ACG client on a **per-incident (break-fix)
+basis — NO prepaid block and NOT an RMM / monitoring client.** Work is billed per ticket
+at standard rates. This is a thin seed article (first compiled 2026-06-10 from the
+CyndyOffice freeze diagnosis); expand as more is learned, like the other client articles.
+
+---
+
+## Profile
+
+- **Company type:** Minerals / commodities (domain `umint.com`)
+- **Contract type:** Per-incident / break-fix. **Prepay hours: 0.0** (always re-check
+  `GET /customers/34844920` before billing). No monitoring or RMM contract.
+- **Billing rate:** Onsite $175/hr (Syncro product 26118); standard non-prepaid rates.
+  [verify tax rate is assigned before any hardware/taxable billing]
+- **Syncro customer ID:** `34844920`
+- **Address:** 4620 South Coach Drive, Tucson, AZ 85714
+- **Main phone:** 520-838-0945
+- **Key contacts:**
+  - Amber R. — amberr@umint.com (Syncro primary email on file)
+  - Accounts Payable — accountspayable@umint.com (Syncro contact)
+  - **Cyndy** — primary user of the "CyndyOffice" workstation (the machine in ticket
+    #32397); [verify full name / role]
+- **Active ticket:** #32397 (see Active Work)
+
+---
+
+## Infrastructure
+
+> Sparse — only what surfaced during the 2026-06-10 freeze diagnosis. Expand as more
+> of the environment is documented.
+
+### Workstations
+
+- **CyndyOffice** — Cyndy's primary desktop.
+  - **Hardware:** HP Pavilion Desktop **TP01-2xxx** (AMD, 16 logical CPUs, single 16 GB
+    Kingston DIMM, 1 TB WD SN530 NVMe).
+  - **Identifiers:** Product # (SKU) `318G6AA#ABA`; Serial / Service Tag `2MO21549RB`;
+    motherboard HP 8906; BIOS **F.38** (updated from F.36 on 2026-06-10).
+  - **OS:** Windows 11 Home, build 26200.
+  - **Line-of-business app:** QuickBooks **Enterprise 22.0** (2022 edition — past Intuit
+    support). QuickBooks Tool Hub installed.
+  - **RMM:** A GuruRMM agent was installed **temporarily for diagnosis only** on
+    2026-06-10 and **fully removed the same day** (services + binary + data dir
+    uninstalled, server-side record deleted). This client does not pay for RMM/monitoring.
+
+### Email & Identity
+
+- Domain `umint.com`. Platform (M365 / Google / on-prem Exchange) **[verify]**.
+
+---
+
+## Access
+
+- **Syncro:** customer `34844920`.
+- **Vault root:** none yet (`clients/universal-minerals/` not created in vault — no
+  credentials captured this engagement).
+
+---
+
+## Patterns & Known Issues
+
+- **CyndyOffice intermittent hard freeze / forced power-off (under investigation,
+  2026-06-10).** The machine locks up solid and must be force-powered-off. Event-log
+  signature: ~20 occurrences over 6 weeks, each a **Kernel-Power 41 with bugcheck code 0
+  and NO crash dump**, paired with a 6008 dirty-shutdown; **no WHEA hardware errors**. With
+  crash dumps confirmed enabled, the absence of any dump means these are **true
+  hardware/firmware freezes, not a Windows BSOD/software crash** — the event log goes
+  silent at each freeze and resumes only at next boot. Ruled out: SSD healthy (0% wear),
+  sleep/wake (no auto-sleep on AC), AV conflict (Defender only), idle thermal (~30C).
+  Fixes applied 2026-06-10: **BIOS F.36 -> F.38, Fast Startup disabled, Windows Memory
+  Diagnostic PASSED**, orphaned `mbamchameleon` (Malwarebytes leftover) service removed.
+  **Prime remaining hardware suspect = PSU** (stock HP Pavilion supply) if it recurs.
+  Diagnostic detail: [[cyndyoffice-physical-hp-lockups]].
+
+- **QuickBooks messaging crash-loop (separate from the freeze).**
+  `QuickBooksMessaging.exe` crash-loops (~15/min) with a .NET
+  `System.ObjectDisposedException` updating its system-tray NotifyIcon. Log noise only,
+  not the freeze cause. Repaired via QuickBooks Tool Hub 2026-06-10 (confirm clear once the
+  company file is in active use). QB Enterprise 22.0 is past Intuit support — a version
+  upgrade is the longer-term fix.
+
+- **Break-fix client — confirm scope/authorization per incident.** No standing
+  monitoring or RMM. Any RMM agent used for diagnosis must be removed afterward (as was
+  done 2026-06-10).
+
+---
+
+## Active Work
+
+- **Ticket #32397 — "Onsite - Computer intermittently freezing and shutting down"
+  (Universal Minerals, In Progress).**
+  - Diagnosis complete; BIOS + Fast Startup fixes applied; RAM passed; boot-error cleanup
+    done. Machine is in a **monitoring window** to confirm the freezing has stopped (freezes
+    had been every 1-3 days). RMM removed, so monitoring is now manual / customer-reported.
+  - **Contingency (documented publicly on the ticket):** if freezing recurs, next step is a
+    full hardware diagnostic (extended memory + drive/power testing) plus a backup and clean
+    Windows reinstall to rule out OS corruption — ~1-2 days of machine downtime.
+  - **Billed:** 1.0h onsite, $175.00, invoice **#67810** (2026-06-10). Client emailed the
+    work summary + contingency note. Invoice PDF send is a GUI step (no verified API
+    endpoint).
+
+---
+
+## History Highlights
+
+| Date | Event |
+|---|---|
+| 2026-06-09 | Ticket #32397 opened — CyndyOffice intermittently freezing and shutting down |
+| 2026-06-10 | Diagnosed via temporary GuruRMM agent: confirmed hardware/firmware hard-freeze signature (Kernel-Power 41, bugcheck 0, no dump/WHEA). Applied BIOS F.38, disabled Fast Startup, ran memory test (passed), removed orphaned mbamchameleon service. Repaired QuickBooks messaging crash-loop (Tool Hub) |
+| 2026-06-10 | Billed 1.0h onsite ($175, invoice #67810); client emailed summary + 1-2 day reinstall/HW-test contingency |
+| 2026-06-10 | GuruRMM agent removed from CyndyOffice (uninstalled on endpoint + server record deleted) — client does not pay for RMM |
+
+---
+
+## Compilation Notes
+
+- Seeded 2026-06-10 (HOWARD-HOME/claude-main) from the CyndyOffice freeze-diagnosis
+  session log, Syncro customer 34844920, and ticket #32397. First article for this client.
+- **Break-fix / no-RMM client** — the GuruRMM agent on CyndyOffice was a temporary
+  diagnostic tool, removed same-day.
+- Flagged `[verify]`: Cyndy's full name/role; email platform for umint.com; Syncro tax-rate
+  assignment; the rest of the on-site environment (server? other workstations? network?).
+
+## Backlinks
+
+*(none yet)*
--- a/wiki/index.md
+++ b/wiki/index.md
@@ -52,6 +52,7 @@ Run `/wiki-lint` to check for stale entries and broken backlinks.
 | [Universal Cryogenics](clients/ucryo.md) | New client onboarded 2026-06-02; ucryo.local DC (UC2-SERVER), 8 agents, 2019 TrickBot remediated, Backblaze TLS backup fix | 2026-06-02 |
 | [Sif-oidak District - Tohono O'odham Nation](clients/sif-oidak.md) | Tribal government; SifOidak.local AD domain; SIF-SERVER (primary DC) + SIF-SERVER2 + 2 laptops GuruRMM enrolled; M365 sifoidak.onmicrosoft.com onboarded 2026-06-03 (all 4 ACG MSP apps; 11/11 seats); not yet in CIPP; Syncro 7694718 | 2026-06-03 |
 | [Starr Pass Realty](clients/starr-pass.md) | Real estate; Syncro 153298; flat-rate ~$92.93/mo; starrpass.com M365 tenant (222450dd) onboarded 2026-06-10; sole M365 user sysadmin@starrpass.com (Brian Shinn); DNS on ACG IX; legacy Neptune mailbox cansley@devconllc.com; 2 Syncro assets | 2026-06-10 |
+| [Universal Minerals International](clients/universal-minerals.md) | Minerals/commodities, Tucson AZ; Syncro 34844920; **break-fix, no prepaid/RMM**; CyndyOffice (HP Pavilion TP01, Win11 Home, QuickBooks Enterprise 22.0) intermittent hard-freeze (Kernel-Power 41, no dump = hardware/firmware) — BIOS F.38 + Fast Startup off + memtest passed 2026-06-10, PSU prime remaining suspect; QB messaging crash-loop repaired; ticket #32397 monitoring; temporary diagnostic RMM agent removed same-day | 2026-06-10 |

 ## Projects

@@ -119,6 +120,7 @@ Run `/wiki-lint` to check for stale entries and broken backlinks.
 | Scileppi Law | Sylvias-Mini (M2 Mac mini) | GuruRMM (enrollment pending) |
 | Universal Cryogenics | UC2-SERVER (172.29.0.5, DC, guest VM); WIN-709JUVCJ2DQ (172.29.0.4, Hyper-V/Veeam, Dell PowerEdge 2950); 6 workstations (ucryo.local, 172.29.0.x) | GuruRMM (8 agents, site LIGHT-WOLF-2305) |
 | Wolkin Law | FRONT (10.147.19.199 ZeroTier, office PC, SMB share host); RSW-Laptop (10.147.19.54 ZeroTier, remote); DESKTOP-V1JT1SE (out of scope); RICOH printer (172.17.110.110); M365 rswolkin.com | GuruRMM (3 Win11 agents, client Wolkin, Robert/Main); ZeroTier mesh VPN 17d709436c834c9b |
+| Universal Minerals International | CyndyOffice (HP Pavilion TP01-2xxx, Win11 Home, S/N 2MO21549RB) — break-fix; no managed infra documented | — (RMM agent was temporary, removed 2026-06-10) |

 ---