diff --git a/clients/cascades-tucson/session-logs/2026-05-14-howard-cascades-phone-verification-closeout.md b/clients/cascades-tucson/session-logs/2026-05-14-howard-cascades-phone-verification-closeout.md index f9988b1..0dfdd21 100644 --- a/clients/cascades-tucson/session-logs/2026-05-14-howard-cascades-phone-verification-closeout.md +++ b/clients/cascades-tucson/session-logs/2026-05-14-howard-cascades-phone-verification-closeout.md @@ -245,3 +245,27 @@ The caregiver phone infrastructure is now correctly wired end-to-end: **BAA status:** Docs show both BAAs still open (Microsoft BAA "Not signed", ALIS BAA "Not verified"). Howard believed these may have been done previously — no session log or doc confirms completion. Keeping as open items until verified with Meredith. **Syncro ticket #32214 updated:** Comment posted (ID 411033290) with full session summary and remaining open items. + +--- + +## Update: ~18:00 PT — BAA verification and doc cleanup + +**Microsoft BAA resolved:** Howard opened M365 Admin Center > Settings > Org Settings > Security & privacy — no HIPAA BAA option present. Investigated: the explicit BAA acceptance page only exists for Enterprise Agreement / volume licensing tenants. Cascades is on a Business plan under the Microsoft Customer Agreement (MCA), which automatically includes the HIPAA BAA as part of the Online Service Terms. No separate acceptance is required or available. Gap #13 closed. + +Updated in: +- `docs/security/hipaa.md` — gap #13 marked resolved, quick-wins item struck through +- `docs/security/hipaa-caregiver-controls.md` — Microsoft BAA line updated +- `docs/cloud/m365.md` — BAA status and gap #12 updated + +**ALIS BAA:** Still open. No session log or document confirms a signed BAA with Medtelligent. Meredith to check if Medtelligent provided a signed copy at contract time; if not, request one from Medtelligent support. + +**Final open items before real caregiver rollout:** + +| Item | Owner | +|---|---| +| ALIS BAA — check with Meredith / Medtelligent | Meredith | +| Create caregiver AD accounts in OU=Caregivers; add each to SG-Caregivers | Howard | +| Update ALIS staff-record Email = Entra UPN per caregiver | Meredith / ALIS admin | +| Reliable Agency per-person accounts (need individual names) | Hold | +| Ederick Yuzon first-name spelling confirmation | Meredith (email) | +| Stale vault entries: howard-enos-pilot.sops.yaml, pilot-test-user.sops.yaml | Howard | diff --git a/clients/stamback-septic/scripts/.diag-result.json b/clients/stamback-septic/scripts/.diag-result.json new file mode 100644 index 0000000..edec853 --- /dev/null +++ b/clients/stamback-septic/scripts/.diag-result.json @@ -0,0 +1 @@ +{"id":"be17be45-d7c8-4b8d-8fbf-0b3ece0657e1","agent_id":"82b38718-a02e-4202-bb10-088d2adc6cfc","command_type":"powershell","command_text":"# Read-only crash diagnostics for DESKTOP-BTR2AM3 (Stamback Septic)\n$ErrorActionPreference = 'SilentlyContinue'\nfunction H($t){ \"`n===== $t =====\" }\n\nH \"SYSTEM / BOOT\"\n$os = Get-CimInstance Win32_OperatingSystem\n\"Caption : $($os.Caption) build $($os.BuildNumber)\"\n\"InstallDate : $($os.InstallDate)\"\n\"LastBootUp : $($os.LastBootUpTime)\"\n\"Uptime : {0:dd}d {0:hh}h {0:mm}m\" -f ((Get-Date) - $os.LastBootUpTime)\n$cs = Get-CimInstance Win32_ComputerSystem\n\"Model : $($cs.Manufacturer) $($cs.Model)\"\n\"TotalRAM GB : {0:N1}\" -f ($cs.TotalPhysicalMemory/1GB)\n\nH \"PHYSICAL MEMORY MODULES\"\nGet-CimInstance Win32_PhysicalMemory | Select-Object @{n='GB';e={$_.Capacity/1GB}}, Speed, Manufacturer, PartNumber, DeviceLocator | Format-Table -Auto | Out-String\n\nH \"UNEXPECTED SHUTDOWNS / KERNEL-POWER (last 14d, ID 41/6008/1074)\"\nGet-WinEvent -FilterHashtable @{LogName='System'; Id=41,6008,1074; StartTime=(Get-Date).AddDays(-14)} -MaxEvents 30 |\n Select-Object TimeCreated, Id, ProviderName, @{n='Msg';e={($_.Message -split \"`n\")[0]}} | Format-Table -Auto | Out-String\n\nH \"BUGCHECK / BSOD EVENTS (last 30d, ID 1001/1018)\"\nGet-WinEvent -FilterHashtable @{LogName='System'; ProviderName='Microsoft-Windows-WER-SystemErrorReporting'; StartTime=(Get-Date).AddDays(-30)} -MaxEvents 20 |\n Select-Object TimeCreated, Id, Message | Format-List | Out-String\nGet-WinEvent -FilterHashtable @{LogName='Application'; ProviderName='Windows Error Reporting'; StartTime=(Get-Date).AddDays(-30)} -MaxEvents 15 |\n Where-Object { $_.Message -match 'BlueScreen|bugcheck|LiveKernel|0x' } |\n Select-Object TimeCreated, @{n='Msg';e={($_.Message -split \"`n\")[0..3] -join ' | '}} | Format-List | Out-String\n\nH \"WHEA HARDWARE ERRORS (last 30d)\"\nGet-WinEvent -FilterHashtable @{LogName='System'; ProviderName='Microsoft-Windows-WHEA-Logger'; StartTime=(Get-Date).AddDays(-30)} -MaxEvents 25 |\n Select-Object TimeCreated, Id, LevelDisplayName, @{n='Msg';e={($_.Message -split \"`n\")[0]}} | Format-Table -Auto | Out-String\n\nH \"CRASH DUMP FILES\"\n$md = \"$env:SystemRoot\\Minidump\"\nif (Test-Path $md) { Get-ChildItem $md -Filter *.dmp | Sort-Object LastWriteTime -Desc | Select-Object LastWriteTime, @{n='KB';e={[int]($_.Length/1KB)}}, Name | Format-Table -Auto | Out-String }\nelse { \"No Minidump folder.\" }\n$mem = \"$env:SystemRoot\\MEMORY.DMP\"\nif (Test-Path $mem) { $f = Get-Item $mem; \"MEMORY.DMP : $($f.LastWriteTime) {0:N0} MB\" -f ($f.Length/1MB) } else { \"No MEMORY.DMP.\" }\n\"CrashControl :\"\nGet-ItemProperty 'HKLM:\\SYSTEM\\CurrentControlSet\\Control\\CrashControl' | Select-Object CrashDumpEnabled, AutoReboot, LogEvent | Format-List | Out-String\n\nH \"TOP SYSTEM-LOG ERRORS/CRITICAL (last 7d, grouped)\"\nGet-WinEvent -FilterHashtable @{LogName='System'; Level=1,2; StartTime=(Get-Date).AddDays(-7)} |\n Group-Object ProviderName, Id | Sort-Object Count -Desc | Select-Object -First 15 Count, Name | Format-Table -Auto | Out-String\n\nH \"TOP APPLICATION-LOG ERRORS/CRITICAL (last 7d, grouped)\"\nGet-WinEvent -FilterHashtable @{LogName='Application'; Level=1,2; StartTime=(Get-Date).AddDays(-7)} |\n Group-Object ProviderName, Id | Sort-Object Count -Desc | Select-Object -First 15 Count, Name | Format-Table -Auto | Out-String\n\nH \"DISK HEALTH (SMART / reliability counters)\"\nGet-PhysicalDisk | Select-Object DeviceId, FriendlyName, MediaType, @{n='SizeGB';e={[int]($_.Size/1GB)}}, HealthStatus, OperationalStatus | Format-Table -Auto | Out-String\nGet-PhysicalDisk | Get-StorageReliabilityCounter | Select-Object DeviceId, Wear, ReadErrorsTotal, WriteErrorsTotal, Temperature, PowerOnHours | Format-Table -Auto | Out-String\nGet-Volume | Where-Object DriveLetter | Select-Object DriveLetter, FileSystemLabel, HealthStatus, @{n='FreeGB';e={[int]($_.SizeRemaining/1GB)}}, @{n='SizeGB';e={[int]($_.Size/1GB)}} | Format-Table -Auto | Out-String\n\nH \"DISK ERROR EVENTS (last 14d, ID 7/11/51/52/98/153)\"\nGet-WinEvent -FilterHashtable @{LogName='System'; Id=7,11,51,52,98,153; StartTime=(Get-Date).AddDays(-14)} -MaxEvents 25 |\n Select-Object TimeCreated, Id, ProviderName, @{n='Msg';e={($_.Message -split \"`n\")[0]}} | Format-Table -Auto | Out-String\n\nH \"PROBLEM DEVICES\"\nGet-CimInstance Win32_PnPEntity | Where-Object { $_.ConfigManagerErrorCode -ne 0 } |\n Select-Object Name, ConfigManagerErrorCode, DeviceID | Format-Table -Auto | Out-String\n\nH \"RECENT WINDOWS UPDATES (last 10)\"\nGet-HotFix | Sort-Object InstalledOn -Desc | Select-Object -First 10 HotFixID, Description, InstalledOn | Format-Table -Auto | Out-String\n\nH \"PAGEFILE\"\nGet-CimInstance Win32_PageFileUsage | Select-Object Name, @{n='AllocMB';e={$_.AllocatedBaseSize}}, @{n='PeakMB';e={$_.PeakUsage}}, @{n='CurrentMB';e={$_.CurrentUsage}} | Format-Table -Auto | Out-String\nGet-CimInstance Win32_ComputerSystem | Select-Object AutomaticManagedPagefile | Format-List | Out-String\n\nH \"BITLOCKER / BOOT\"\nmanage-bde -status C: 2>&1 | Select-String 'Conversion|Protection|Lock' | Out-String\nbcdedit /enum '{current}' 2>&1 | Select-String 'recoveryenabled|bootstatuspolicy|description' | Out-String\n\nH \"DONE\"\n","status":"failed","exit_code":1,"stdout":"Caption : Microsoft Windows 11 Home build 26200\r\nInstallDate : 09/22/2025 00:44:02\r\nLastBootUp : 05/14/2026 11:53:47\r\nUptime : 00d 00h 18m\r\nModel : HP HP ENVY x360 Convertible 15-ds1xxx\r\nTotalRAM GB : 7.4\r\n\r\nGB Speed Manufacturer PartNumber DeviceLocator \r\n-- ----- ------------ ---------- ------------- \r\n 4 3200 Samsung M471A5244CB0-CWE Bottom - Slot 1 (left) \r\n 4 3200 Samsung M471A5244CB0-CWE Bottom - Slot 2 (right)\r\n\r\n\r\n\r\n\r\nTimeCreated Id ProviderName Msg \r\n----------- -- ------------ --- \r\n5/14/2026 11:53:51 AM 41 Microsoft-Windows-Kernel-Power The system has rebooted without cleanly shutting down firs...\r\n5/14/2026 11:53:58 AM 6008 EventLog The previous system shutdown at 11:53:36 AM on ?5/?14/?202...\r\n5/14/2026 11:53:28 AM 41 Microsoft-Windows-Kernel-Power The system has rebooted without cleanly shutting down firs...\r\n5/14/2026 11:53:36 AM 6008 EventLog The previous system shutdown at 11:47:15 AM on ?5/?14/?202...\r\n5/14/2026 11:25:49 AM 1074 User32 The process C:\\WINDOWS\\system32\\winlogon.exe (DESKTOP-BTR2...\r\n5/14/2026 11:25:46 AM 1074 User32 The process BootUefiMem.exe has initiated the restart of c...\r\n5/14/2026 11:13:18 AM 1074 User32 The process C:\\windows\\system32\\shutdown.exe (DESKTOP-BTR2...\r\n5/11/2026 3:06:23 PM 41 Microsoft-Windows-Kernel-Power The system has rebooted without cleanly shutting down firs...\r\n5/11/2026 3:06:32 PM 6008 EventLog The previous system shutdown at 3:03:09 PM on ?5/?11/?2026...\r\n5/11/2026 3:02:24 PM 1074 User32 The process C:\\Windows\\SystemApps\\Microsoft.Windows.StartM...\r\n5/11/2026 3:00:47 PM 41 Microsoft-Windows-Kernel-Power The system has rebooted without cleanly shutting down firs...\r\n5/11/2026 3:00:55 PM 6008 EventLog The previous system shutdown at 2:58:32 PM on ?5/?11/?2026...\r\n5/11/2026 2:57:59 PM 6008 EventLog The previous system shutdown at 7:44:58 PM on ?5/?10/?2026...\r\n\r\n\r\n\r\n\r\n\r\nTimeCreated : 5/14/2026 11:53:57 AM\r\nId : 1001\r\nMessage : The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f7 (0x00000000fc2eaed2, \r\n 0x0000c211f2f5eeeb, 0xffff3dee0d0a1114, 0x0000000000000000). A dump was saved in: \r\n C:\\WINDOWS\\Minidump\\051426-10578-01.dmp. Report Id: 79cc3624-21b6-4906-b0f0-efa629857b7d.\r\n\r\nTimeCreated : 5/14/2026 11:53:35 AM\r\nId : 1001\r\nMessage : The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f7 (0xfffffe8c397e21c0, \r\n 0x0000819d9ae671df, 0xffff7e6265198e20, 0x0000000000000000). A dump was saved in: \r\n C:\\WINDOWS\\Minidump\\051426-11187-01.dmp. Report Id: a6707e4c-b226-4ce2-ad9d-7f1a7ee784ca.\r\n\r\nTimeCreated : 5/11/2026 3:06:31 PM\r\nId : 1001\r\nMessage : The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, \r\n 0xfffff802e30e9df4, 0x0000000000000001, 0x00000000000000ff). A dump was saved in: \r\n C:\\WINDOWS\\Minidump\\051126-11109-01.dmp. Report Id: 6e6a1f97-913c-4683-91d1-0c92419f4603.\r\n\r\n\r\n\r\n\r\n\r\n\r\nTimeCreated : 5/14/2026 11:58:58 AM\r\nMsg : Fault bucket , type 0 | Event Name: crashpad_log | Response: Not available | Cab Id: 0\r\n\r\nTimeCreated : 5/14/2026 11:58:58 AM\r\nMsg : Fault bucket 1894634726300282002, type 5 | Event Name: crashpad_log | Response: Not available | Cab Id: 0\r\n\r\nTimeCreated : 5/14/2026 11:54:34 AM\r\nMsg : Fault bucket IP_MISALIGNED_AuthenticAMD.sys, type 0 | Event Name: BlueScreen | Response: Not available | \r\n Cab Id: 7915d7f9-28de-4081-859e-63c6d99fa2b5\r\n\r\nTimeCreated : 5/14/2026 11:54:23 AM\r\nMsg : Fault bucket IP_MISALIGNED_AuthenticAMD.sys, type 0 | Event Name: BlueScreen | Response: Not available | \r\n Cab Id: eef007fd-d679-4e54-8d41-cceabcb688d7\r\n\r\nTimeCreated : 5/14/2026 11:54:09 AM\r\nMsg : Fault bucket , type 0 | Event Name: BlueScreen | Response: Not available | Cab Id: 0\r\n\r\nTimeCreated : 5/14/2026 11:54:08 AM\r\nMsg : Fault bucket , type 0 | Event Name: BlueScreen | Response: Not available | Cab Id: 0\r\n\r\nTimeCreated : 5/14/2026 11:30:06 AM\r\nMsg : Fault bucket , type 0 | Event Name: crashpad_log | Response: Not available | Cab Id: 0\r\n\r\nTimeCreated : 5/14/2026 11:30:06 AM\r\nMsg : Fault bucket 1894634726300282002, type 5 | Event Name: crashpad_log | Response: Not available | Cab Id: 0\r\n\r\nTimeCreated : 5/14/2026 11:18:30 AM\r\nMsg : Fault bucket , type 0 | Event Name: crashpad_log | Response: Not available | Cab Id: 0\r\n\r\nTimeCreated : 5/14/2026 11:18:30 AM\r\nMsg : Fault bucket 1894634726300282002, type 5 | Event Name: crashpad_log | Response: Not available | Cab Id: 0\r\n\r\nTimeCreated : 5/14/2026 11:12:24 AM\r\nMsg : Fault bucket , type 0 | Event Name: crashpad_log | Response: Not available | Cab Id: 0\r\n\r\n\r\n\r\n\r\n\r\nTimeCreated Id LevelDisplayName Msg \r\n----------- -- ---------------- --- \r\n5/14/2026 12:11:49 PM 47 Warning A corrected hardware error has occurre...\r\n5/14/2026 12:11:49 PM 47 Warning A corrected hardware error has occurre...\r\n5/14/2026 12:11:49 PM 47 Warning A corrected hardware error has occurre...\r\n5/14/2026 12:11:47 PM 47 Warning A corrected hardware error has occurre...\r\n5/14/2026 12:11:47 PM 47 Warning A corrected hardware error has occurre...\r\n5/14/2026 12:11:45 PM 47 Warning A corrected hardware error has occurre...\r\n5/14/2026 12:11:43 PM 47 Warning A corrected hardware error has occurre...\r\n5/14/2026 12:11:41 PM 47 Warning A corrected hardware error has occurre...\r\n5/14/2026 12:11:41 PM 47 Warning A corrected hardware error has occurre...\r\n5/14/2026 12:11:40 PM 47 Warning A corrected hardware error has occurre...\r\n5/14/2026 12:11:35 PM 47 Warning A corrected hardware error has occurre...\r\n5/14/2026 12:11:33 PM 47 Warning A corrected hardware error has occurre...\r\n5/14/2026 12:11:31 PM 47 Warning A corrected hardware error has occurre...\r\n5/14/2026 12:11:29 PM 47 Warning A corrected hardware error has occurre...\r\n5/14/2026 12:11:29 PM 47 Warning A corrected hardware error has occurre...\r\n5/14/2026 12:10:29 PM 47 Warning A corrected hardware error has occurre...\r\n5/14/2026 12:09:29 PM 47 Warning A corrected hardware error has occurre...\r\n5/14/2026 12:09:29 PM 47 Warning A corrected hardware error has occurre...\r\n5/14/2026 12:09:29 PM 47 Warning A corrected hardware error has occurre...\r\n5/14/2026 12:09:29 PM 47 Warning A corrected hardware error has occurre...\r\n5/14/2026 12:09:28 PM 47 Warning A corrected hardware error has occurre...\r\n5/14/2026 12:09:28 PM 47 Warning A corrected hardware error has occurre...\r\n5/14/2026 12:09:28 PM 47 Warning A corrected hardware error has occurre...\r\n5/14/2026 12:09:28 PM 47 Warning A corrected hardware error has occurre...\r\n5/14/2026 12:09:28 PM 47 Warning A corrected hardware error has occurre...\r\n\r\n\r\n\r\n\r\nLastWriteTime KB Name \r\n------------- -- ---- \r\n5/14/2026 11:53:56 AM 431 051426-10578-01.dmp\r\n5/14/2026 11:53:33 AM 1369 051426-11187-01.dmp\r\n5/11/2026 3:06:29 PM 925 051126-11109-01.dmp\r\n5/11/2026 2:58:29 PM 772 051126-11281-01.dmp\r\n5/2/2026 10:57:43 AM 776 050226-12671-01.dmp\r\n\r\n\r\n\r\nNo MEMORY.DMP.\r\nCrashControl :\r\n\r\n\r\nCrashDumpEnabled : 3\r\nAutoReboot : 1\r\nLogEvent : 1\r\n\r\n\r\n\r\n\r\n\r\nCount Name \r\n----- ---- \r\n 6 Microsoft-Windows-DeviceAssociationService, 3508\r\n 6 Microsoft-Windows-DeviceAssociationService, 3502\r\n 5 Microsoft-Windows-HAL, 21 \r\n 5 Microsoft-Windows-HAL, 20 \r\n 5 EventLog, 6008 \r\n 4 Microsoft-Windows-WindowsUpdateClient, 20 \r\n 4 volmgr, 162 \r\n 4 Microsoft-Windows-Kernel-Power, 41 \r\n 3 Service Control Manager, 7031 \r\n 3 Microsoft-Windows-WER-SystemErrorReporting, 1001\r\n 2 Service Control Manager, 7000 \r\n 2 Microsoft-Windows-DistributedCOM, 10010 \r\n 1 Service Control Manager, 7030 \r\n 1 ACPI, 13 \r\n 1 volmgr, 46 \r\n\r\n\r\n\r\n\r\nCount Name \r\n----- ---- \r\n 32 Universal Print, 1 \r\n 16 Microsoft-Windows-CertificateServicesClient-CertEnroll, 86\r\n 10 Application Error, 1000 \r\n 8 MsiInstaller, 1013 \r\n 8 MsiInstaller, 10005 \r\n 3 VSS, 13 \r\n 2 Application Hang, 1002 \r\n 1 VSS, 8193 \r\n\r\n\r\n\r\n\r\nDeviceId FriendlyName MediaType SizeGB HealthStatus OperationalStatus\r\n-------- ------------ --------- ------ ------------ -----------------\r\n0 KBG40ZNV512G KIOXIA SSD 477 Healthy OK \r\n\r\n\r\n\r\n\r\nDeviceId Wear ReadErrorsTotal WriteErrorsTotal Temperature PowerOnHours\r\n-------- ---- --------------- ---------------- ----------- ------------\r\n0 0 57 \r\n\r\n\r\n\r\n\r\nDriveLetter FileSystemLabel HealthStatus FreeGB SizeGB\r\n----------- --------------- ------------ ------ ------\r\n C Windows Healthy 335 476\r\n\r\n\r\n\r\n\r\nTimeCreated Id ProviderName Msg \r\n----------- -- ------------ --- \r\n5/14/2026 11:53:55 AM 98 Microsoft-Windows-Ntfs Volume \\\\?\\Volume{58d09e48-bc98-4112-82bf-548be31008af} (\\De...\r\n5/14/2026 11:53:50 AM 98 Microsoft-Windows-Ntfs Volume C: (\\Device\\HarddiskVolume3) is healthy. No action i...\r\n5/14/2026 11:53:47 AM 153 Microsoft-Windows-Kernel-Boot Virtualization-based security (policies: 0) is disabled. \r\n5/14/2026 11:53:31 AM 98 Microsoft-Windows-Ntfs Volume \\\\?\\Volume{58d09e48-bc98-4112-82bf-548be31008af} (\\De...\r\n5/14/2026 11:53:28 AM 98 Microsoft-Windows-Ntfs Volume C: (\\Device\\HarddiskVolume3) is healthy. No action i...\r\n5/14/2026 11:53:24 AM 153 Microsoft-Windows-Kernel-Boot Virtualization-based security (policies: 0) is disabled. \r\n5/14/2026 11:26:07 AM 98 Microsoft-Windows-Ntfs Volume \\\\?\\Volume{58d09e48-bc98-4112-82bf-548be31008af} (\\De...\r\n5/14/2026 11:26:05 AM 98 Microsoft-Windows-Ntfs Volume C: (\\Device\\HarddiskVolume3) is healthy. No action i...\r\n5/14/2026 11:26:02 AM 153 Microsoft-Windows-Kernel-Boot Virtualization-based security (policies: 0) is disabled. \r\n5/14/2026 11:13:35 AM 98 Microsoft-Windows-Ntfs Volume \\\\?\\Volume{58d09e48-bc98-4112-82bf-548be31008af} (\\De...\r\n5/14/2026 11:13:33 AM 98 Microsoft-Windows-Ntfs Volume C: (\\Device\\HarddiskVolume3) is healthy. No action i...\r\n5/14/2026 11:13:31 AM 153 Microsoft-Windows-Kernel-Boot Virtualization-based security (policies: 0) is disabled. \r\n5/14/2026 11:12:00 AM 98 Microsoft-Windows-Ntfs Volume Windows (\\Device\\HarddiskVolumeShadowCopy3) is health...\r\n5/11/2026 3:06:26 PM 98 Microsoft-Windows-Ntfs Volume \\\\?\\Volume{58d09e48-bc98-4112-82bf-548be31008af} (\\De...\r\n5/11/2026 3:06:23 PM 98 Microsoft-Windows-Ntfs Volume C: (\\Device\\HarddiskVolume3) is healthy. No action i...\r\n5/11/2026 3:06:20 PM 153 Microsoft-Windows-Kernel-Boot Virtualization-based security (policies: 0) is disabled. \r\n5/11/2026 3:03:05 PM 98 Microsoft-Windows-Ntfs Volume \\\\?\\Volume{58d09e48-bc98-4112-82bf-548be31008af} (\\De...\r\n5/11/2026 3:02:59 PM 98 Microsoft-Windows-Ntfs Volume C: (\\Device\\HarddiskVolume3) is healthy. No action i...\r\n5/11/2026 3:02:57 PM 153 Microsoft-Windows-Kernel-Boot Virtualization-based security (policies: 0) is disabled. \r\n5/11/2026 3:00:52 PM 98 Microsoft-Windows-Ntfs Volume \\\\?\\Volume{58d09e48-bc98-4112-82bf-548be31008af} (\\De...\r\n5/11/2026 3:00:46 PM 98 Microsoft-Windows-Ntfs Volume C: (\\Device\\HarddiskVolume3) is healthy. No action i...\r\n5/11/2026 3:00:45 PM 153 Microsoft-Windows-Kernel-Boot Virtualization-based security (policies: 0) is disabled. \r\n5/11/2026 2:57:50 PM 98 Microsoft-Windows-Ntfs Volume C: (\\Device\\HarddiskVolume3) is healthy. No action i...\r\n5/11/2026 2:57:48 PM 153 Microsoft-Windows-Kernel-Boot Virtualization-based security (policies: 0) is disabled. \r\n5/9/2026 5:30:44 PM 98 Microsoft-Windows-Ntfs Volume Windows (\\Device\\HarddiskVolumeShadowCopy6) is health...\r\n\r\n\r\n\r\n\r\n\r\nHotFixID Description InstalledOn \r\n-------- ----------- ----------- \r\nKB5083769 Security Update 4/17/2026 12:00:00 AM\r\nKB5088467 Security Update 4/17/2026 12:00:00 AM\r\nKB5082417 Update 4/17/2026 12:00:00 AM\r\nKB5054156 Update 2/19/2026 12:00:00 AM\r\n\r\n\r\n\r\n\r\nName AllocMB PeakMB CurrentMB\r\n---- ------- ------ ---------\r\nC:\\pagefile.sys 8704 730 330\r\n\r\n\r\n\r\n\r\n\r\nAutomaticManagedPagefile : True\r\n\r\n\r\n\r\n\r\n\r\nBitLocker Drive Encryption: Configuration Tool version 10.0.26100\r\n BitLocker Version: 2.0\r\n Conversion Status: Used Space Only Encrypted\r\n Protection Status: Protection On\r\n Lock Status: Unlocked\r\n\r\n\r\n\r\n\r\ndescription Windows 11\r\nrecoveryenabled Yes\r\n\r\n\r\n\r\n","stderr":"-OutputEncoding : The term '-OutputEncoding' is not recognized as the name of a cmdlet, function, script file, or \r\noperable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try \r\nagain.\r\nAt line:1 char:1\r\n+ -OutputEncoding UTF8 -Command # Read-only crash diagnostics for DESKT ...\r\n+ ~~~~~~~~~~~~~~~\r\n + CategoryInfo : ObjectNotFound: (-OutputEncoding:String) [], CommandNotFoundException\r\n + FullyQualifiedErrorId : CommandNotFoundException\r\n \r\n","created_at":"2026-05-14T19:11:46.983506Z","started_at":"2026-05-14T19:11:47.044427Z","completed_at":"2026-05-14T19:11:54.233738Z","created_by":"4d754f36-0763-4f35-9aa2-0b98bbcdb309","timeout_seconds":180} diff --git a/clients/stamback-septic/scripts/.last-cmd-id b/clients/stamback-septic/scripts/.last-cmd-id new file mode 100644 index 0000000..e69de29 diff --git a/clients/stamback-septic/scripts/diag-btr2am3-bde.ps1 b/clients/stamback-septic/scripts/diag-btr2am3-bde.ps1 new file mode 100644 index 0000000..20845da --- /dev/null +++ b/clients/stamback-septic/scripts/diag-btr2am3-bde.ps1 @@ -0,0 +1,7 @@ +# BitLocker decrypt progress check - DESKTOP-BTR2AM3 +$ErrorActionPreference = 'SilentlyContinue' +"===== manage-bde -status =====" +manage-bde -status | Out-String +"===== Get-BitLockerVolume =====" +Get-BitLockerVolume | Select-Object MountPoint, VolumeStatus, EncryptionPercentage, EncryptionMethod, ProtectionStatus, @{n='KeyProtectors';e={$_.KeyProtector.KeyProtectorType -join ', '}} | Format-List | Out-String +"===== DONE =====" diff --git a/clients/stamback-septic/scripts/diag-btr2am3-mem.ps1 b/clients/stamback-septic/scripts/diag-btr2am3-mem.ps1 new file mode 100644 index 0000000..b8a32ee --- /dev/null +++ b/clients/stamback-septic/scripts/diag-btr2am3-mem.ps1 @@ -0,0 +1,29 @@ +# Focused memory / WHEA confirmation for DESKTOP-BTR2AM3 +$ErrorActionPreference = 'SilentlyContinue' +function H($t){ "`n===== $t =====" } + +H "WINDOWS MEMORY DIAGNOSTIC RESULTS" +Get-WinEvent -FilterHashtable @{LogName='System'; ProviderName='Microsoft-Windows-MemoryDiagnostics-Results'} -MaxEvents 10 | + Select-Object TimeCreated, Id, LevelDisplayName, Message | Format-List | Out-String + +H "WHEA EVENT 47 - FULL DETAIL (most recent 5)" +Get-WinEvent -FilterHashtable @{LogName='System'; ProviderName='Microsoft-Windows-WHEA-Logger'; Id=47} -MaxEvents 5 | + ForEach-Object { "--- $($_.TimeCreated) ---"; $_.Message } | Out-String + +H "WHEA EVENT 47 - COUNT BY DAY (last 30d)" +Get-WinEvent -FilterHashtable @{LogName='System'; ProviderName='Microsoft-Windows-WHEA-Logger'; StartTime=(Get-Date).AddDays(-30)} | + Group-Object {$_.TimeCreated.Date}, Id | Sort-Object Name | Select-Object Count, Name | Format-Table -Auto | Out-String + +H "WHEA ALL IDs SEEN (last 30d)" +Get-WinEvent -FilterHashtable @{LogName='System'; ProviderName='Microsoft-Windows-WHEA-Logger'; StartTime=(Get-Date).AddDays(-30)} | + Group-Object Id, LevelDisplayName | Select-Object Count, Name | Format-Table -Auto | Out-String + +H "MEMORY CONFIG" +Get-CimInstance Win32_OperatingSystem | Select-Object @{n='FreePhysMB';e={[int]($_.FreePhysicalMemory/1KB)}}, @{n='TotalVisibleMB';e={[int]($_.TotalVisibleMemorySize/1KB)}} | Format-List | Out-String +"Top RAM consumers:" +Get-Process | Sort-Object WS -Desc | Select-Object -First 8 Name, @{n='WS_MB';e={[int]($_.WS/1MB)}} | Format-Table -Auto | Out-String + +H "SCHEDULED MEMORY TEST PENDING?" +bcdedit /enum '{memdiag}' 2>&1 | Out-String + +H "DONE" diff --git a/clients/stamback-septic/scripts/diag-btr2am3.ps1 b/clients/stamback-septic/scripts/diag-btr2am3.ps1 new file mode 100644 index 0000000..8526b2e --- /dev/null +++ b/clients/stamback-septic/scripts/diag-btr2am3.ps1 @@ -0,0 +1,74 @@ +# Read-only crash diagnostics for DESKTOP-BTR2AM3 (Stamback Septic) +$ErrorActionPreference = 'SilentlyContinue' +function H($t){ "`n===== $t =====" } + +H "SYSTEM / BOOT" +$os = Get-CimInstance Win32_OperatingSystem +"Caption : $($os.Caption) build $($os.BuildNumber)" +"InstallDate : $($os.InstallDate)" +"LastBootUp : $($os.LastBootUpTime)" +"Uptime : {0:dd}d {0:hh}h {0:mm}m" -f ((Get-Date) - $os.LastBootUpTime) +$cs = Get-CimInstance Win32_ComputerSystem +"Model : $($cs.Manufacturer) $($cs.Model)" +"TotalRAM GB : {0:N1}" -f ($cs.TotalPhysicalMemory/1GB) + +H "PHYSICAL MEMORY MODULES" +Get-CimInstance Win32_PhysicalMemory | Select-Object @{n='GB';e={$_.Capacity/1GB}}, Speed, Manufacturer, PartNumber, DeviceLocator | Format-Table -Auto | Out-String + +H "UNEXPECTED SHUTDOWNS / KERNEL-POWER (last 14d, ID 41/6008/1074)" +Get-WinEvent -FilterHashtable @{LogName='System'; Id=41,6008,1074; StartTime=(Get-Date).AddDays(-14)} -MaxEvents 30 | + Select-Object TimeCreated, Id, ProviderName, @{n='Msg';e={($_.Message -split "`n")[0]}} | Format-Table -Auto | Out-String + +H "BUGCHECK / BSOD EVENTS (last 30d, ID 1001/1018)" +Get-WinEvent -FilterHashtable @{LogName='System'; ProviderName='Microsoft-Windows-WER-SystemErrorReporting'; StartTime=(Get-Date).AddDays(-30)} -MaxEvents 20 | + Select-Object TimeCreated, Id, Message | Format-List | Out-String +Get-WinEvent -FilterHashtable @{LogName='Application'; ProviderName='Windows Error Reporting'; StartTime=(Get-Date).AddDays(-30)} -MaxEvents 15 | + Where-Object { $_.Message -match 'BlueScreen|bugcheck|LiveKernel|0x' } | + Select-Object TimeCreated, @{n='Msg';e={($_.Message -split "`n")[0..3] -join ' | '}} | Format-List | Out-String + +H "WHEA HARDWARE ERRORS (last 30d)" +Get-WinEvent -FilterHashtable @{LogName='System'; ProviderName='Microsoft-Windows-WHEA-Logger'; StartTime=(Get-Date).AddDays(-30)} -MaxEvents 25 | + Select-Object TimeCreated, Id, LevelDisplayName, @{n='Msg';e={($_.Message -split "`n")[0]}} | Format-Table -Auto | Out-String + +H "CRASH DUMP FILES" +$md = "$env:SystemRoot\Minidump" +if (Test-Path $md) { Get-ChildItem $md -Filter *.dmp | Sort-Object LastWriteTime -Desc | Select-Object LastWriteTime, @{n='KB';e={[int]($_.Length/1KB)}}, Name | Format-Table -Auto | Out-String } +else { "No Minidump folder." } +$mem = "$env:SystemRoot\MEMORY.DMP" +if (Test-Path $mem) { $f = Get-Item $mem; "MEMORY.DMP : $($f.LastWriteTime) {0:N0} MB" -f ($f.Length/1MB) } else { "No MEMORY.DMP." } +"CrashControl :" +Get-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Control\CrashControl' | Select-Object CrashDumpEnabled, AutoReboot, LogEvent | Format-List | Out-String + +H "TOP SYSTEM-LOG ERRORS/CRITICAL (last 7d, grouped)" +Get-WinEvent -FilterHashtable @{LogName='System'; Level=1,2; StartTime=(Get-Date).AddDays(-7)} | + Group-Object ProviderName, Id | Sort-Object Count -Desc | Select-Object -First 15 Count, Name | Format-Table -Auto | Out-String + +H "TOP APPLICATION-LOG ERRORS/CRITICAL (last 7d, grouped)" +Get-WinEvent -FilterHashtable @{LogName='Application'; Level=1,2; StartTime=(Get-Date).AddDays(-7)} | + Group-Object ProviderName, Id | Sort-Object Count -Desc | Select-Object -First 15 Count, Name | Format-Table -Auto | Out-String + +H "DISK HEALTH (SMART / reliability counters)" +Get-PhysicalDisk | Select-Object DeviceId, FriendlyName, MediaType, @{n='SizeGB';e={[int]($_.Size/1GB)}}, HealthStatus, OperationalStatus | Format-Table -Auto | Out-String +Get-PhysicalDisk | Get-StorageReliabilityCounter | Select-Object DeviceId, Wear, ReadErrorsTotal, WriteErrorsTotal, Temperature, PowerOnHours | Format-Table -Auto | Out-String +Get-Volume | Where-Object DriveLetter | Select-Object DriveLetter, FileSystemLabel, HealthStatus, @{n='FreeGB';e={[int]($_.SizeRemaining/1GB)}}, @{n='SizeGB';e={[int]($_.Size/1GB)}} | Format-Table -Auto | Out-String + +H "DISK ERROR EVENTS (last 14d, ID 7/11/51/52/98/153)" +Get-WinEvent -FilterHashtable @{LogName='System'; Id=7,11,51,52,98,153; StartTime=(Get-Date).AddDays(-14)} -MaxEvents 25 | + Select-Object TimeCreated, Id, ProviderName, @{n='Msg';e={($_.Message -split "`n")[0]}} | Format-Table -Auto | Out-String + +H "PROBLEM DEVICES" +Get-CimInstance Win32_PnPEntity | Where-Object { $_.ConfigManagerErrorCode -ne 0 } | + Select-Object Name, ConfigManagerErrorCode, DeviceID | Format-Table -Auto | Out-String + +H "RECENT WINDOWS UPDATES (last 10)" +Get-HotFix | Sort-Object InstalledOn -Desc | Select-Object -First 10 HotFixID, Description, InstalledOn | Format-Table -Auto | Out-String + +H "PAGEFILE" +Get-CimInstance Win32_PageFileUsage | Select-Object Name, @{n='AllocMB';e={$_.AllocatedBaseSize}}, @{n='PeakMB';e={$_.PeakUsage}}, @{n='CurrentMB';e={$_.CurrentUsage}} | Format-Table -Auto | Out-String +Get-CimInstance Win32_ComputerSystem | Select-Object AutomaticManagedPagefile | Format-List | Out-String + +H "BITLOCKER / BOOT" +manage-bde -status C: 2>&1 | Select-String 'Conversion|Protection|Lock' | Out-String +bcdedit /enum '{current}' 2>&1 | Select-String 'recoveryenabled|bootstatuspolicy|description' | Out-String + +H "DONE"