sync: auto-sync from HOWARD-HOME at 2026-05-14 18:54:09

Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-05-14 18:54:09

clients/cascades-tucson/session-logs/2026-05-14-howard-cascades-phone-verification-closeout.md

@@ -245,3 +245,27 @@ The caregiver phone infrastructure is now correctly wired end-to-end:
 **BAA status:** Docs show both BAAs still open (Microsoft BAA "Not signed", ALIS BAA "Not verified"). Howard believed these may have been done previously — no session log or doc confirms completion. Keeping as open items until verified with Meredith.
 
 **Syncro ticket #32214 updated:** Comment posted (ID 411033290) with full session summary and remaining open items.
+
+---
+
+## Update: ~18:00 PT — BAA verification and doc cleanup
+
+**Microsoft BAA resolved:** Howard opened M365 Admin Center > Settings > Org Settings > Security & privacy — no HIPAA BAA option present. Investigated: the explicit BAA acceptance page only exists for Enterprise Agreement / volume licensing tenants. Cascades is on a Business plan under the Microsoft Customer Agreement (MCA), which automatically includes the HIPAA BAA as part of the Online Service Terms. No separate acceptance is required or available. Gap #13 closed.
+
+Updated in:
+- `docs/security/hipaa.md` — gap #13 marked resolved, quick-wins item struck through
+- `docs/security/hipaa-caregiver-controls.md` — Microsoft BAA line updated
+- `docs/cloud/m365.md` — BAA status and gap #12 updated
+
+**ALIS BAA:** Still open. No session log or document confirms a signed BAA with Medtelligent. Meredith to check if Medtelligent provided a signed copy at contract time; if not, request one from Medtelligent support.
+
+**Final open items before real caregiver rollout:**
+
+| Item | Owner |
+|---|---|
+| ALIS BAA — check with Meredith / Medtelligent | Meredith |
+| Create caregiver AD accounts in OU=Caregivers; add each to SG-Caregivers | Howard |
+| Update ALIS staff-record Email = Entra UPN per caregiver | Meredith / ALIS admin |
+| Reliable Agency per-person accounts (need individual names) | Hold |
+| Ederick Yuzon first-name spelling confirmation | Meredith (email) |
+| Stale vault entries: howard-enos-pilot.sops.yaml, pilot-test-user.sops.yaml | Howard |

clients/stamback-septic/scripts/diag-btr2am3-bde.ps1

@@ -0,0 +1,7 @@
+# BitLocker decrypt progress check - DESKTOP-BTR2AM3
+$ErrorActionPreference = 'SilentlyContinue'
+"===== manage-bde -status ====="
+manage-bde -status | Out-String
+"===== Get-BitLockerVolume ====="
+Get-BitLockerVolume | Select-Object MountPoint, VolumeStatus, EncryptionPercentage, EncryptionMethod, ProtectionStatus, @{n='KeyProtectors';e={$_.KeyProtector.KeyProtectorType -join ', '}} | Format-List | Out-String
+"===== DONE ====="

clients/stamback-septic/scripts/diag-btr2am3-mem.ps1

@@ -0,0 +1,29 @@
+# Focused memory / WHEA confirmation for DESKTOP-BTR2AM3
+$ErrorActionPreference = 'SilentlyContinue'
+function H($t){ "`n===== $t =====" }
+
+H "WINDOWS MEMORY DIAGNOSTIC RESULTS"
+Get-WinEvent -FilterHashtable @{LogName='System'; ProviderName='Microsoft-Windows-MemoryDiagnostics-Results'} -MaxEvents 10 |
+  Select-Object TimeCreated, Id, LevelDisplayName, Message | Format-List | Out-String
+
+H "WHEA EVENT 47 - FULL DETAIL (most recent 5)"
+Get-WinEvent -FilterHashtable @{LogName='System'; ProviderName='Microsoft-Windows-WHEA-Logger'; Id=47} -MaxEvents 5 |
+  ForEach-Object { "--- $($_.TimeCreated) ---"; $_.Message } | Out-String
+
+H "WHEA EVENT 47 - COUNT BY DAY (last 30d)"
+Get-WinEvent -FilterHashtable @{LogName='System'; ProviderName='Microsoft-Windows-WHEA-Logger'; StartTime=(Get-Date).AddDays(-30)} |
+  Group-Object {$_.TimeCreated.Date}, Id | Sort-Object Name | Select-Object Count, Name | Format-Table -Auto | Out-String
+
+H "WHEA ALL IDs SEEN (last 30d)"
+Get-WinEvent -FilterHashtable @{LogName='System'; ProviderName='Microsoft-Windows-WHEA-Logger'; StartTime=(Get-Date).AddDays(-30)} |
+  Group-Object Id, LevelDisplayName | Select-Object Count, Name | Format-Table -Auto | Out-String
+
+H "MEMORY CONFIG"
+Get-CimInstance Win32_OperatingSystem | Select-Object @{n='FreePhysMB';e={[int]($_.FreePhysicalMemory/1KB)}}, @{n='TotalVisibleMB';e={[int]($_.TotalVisibleMemorySize/1KB)}} | Format-List | Out-String
+"Top RAM consumers:"
+Get-Process | Sort-Object WS -Desc | Select-Object -First 8 Name, @{n='WS_MB';e={[int]($_.WS/1MB)}} | Format-Table -Auto | Out-String
+
+H "SCHEDULED MEMORY TEST PENDING?"
+bcdedit /enum '{memdiag}' 2>&1 | Out-String
+
+H "DONE"

clients/stamback-septic/scripts/diag-btr2am3.ps1

@@ -0,0 +1,74 @@
+# Read-only crash diagnostics for DESKTOP-BTR2AM3 (Stamback Septic)
+$ErrorActionPreference = 'SilentlyContinue'
+function H($t){ "`n===== $t =====" }
+
+H "SYSTEM / BOOT"
+$os = Get-CimInstance Win32_OperatingSystem
+"Caption      : $($os.Caption) build $($os.BuildNumber)"
+"InstallDate  : $($os.InstallDate)"
+"LastBootUp   : $($os.LastBootUpTime)"
+"Uptime       : {0:dd}d {0:hh}h {0:mm}m" -f ((Get-Date) - $os.LastBootUpTime)
+$cs = Get-CimInstance Win32_ComputerSystem
+"Model        : $($cs.Manufacturer) $($cs.Model)"
+"TotalRAM GB  : {0:N1}" -f ($cs.TotalPhysicalMemory/1GB)
+
+H "PHYSICAL MEMORY MODULES"
+Get-CimInstance Win32_PhysicalMemory | Select-Object @{n='GB';e={$_.Capacity/1GB}}, Speed, Manufacturer, PartNumber, DeviceLocator | Format-Table -Auto | Out-String
+
+H "UNEXPECTED SHUTDOWNS / KERNEL-POWER (last 14d, ID 41/6008/1074)"
+Get-WinEvent -FilterHashtable @{LogName='System'; Id=41,6008,1074; StartTime=(Get-Date).AddDays(-14)} -MaxEvents 30 |
+  Select-Object TimeCreated, Id, ProviderName, @{n='Msg';e={($_.Message -split "`n")[0]}} | Format-Table -Auto | Out-String
+
+H "BUGCHECK / BSOD EVENTS (last 30d, ID 1001/1018)"
+Get-WinEvent -FilterHashtable @{LogName='System'; ProviderName='Microsoft-Windows-WER-SystemErrorReporting'; StartTime=(Get-Date).AddDays(-30)} -MaxEvents 20 |
+  Select-Object TimeCreated, Id, Message | Format-List | Out-String
+Get-WinEvent -FilterHashtable @{LogName='Application'; ProviderName='Windows Error Reporting'; StartTime=(Get-Date).AddDays(-30)} -MaxEvents 15 |
+  Where-Object { $_.Message -match 'BlueScreen|bugcheck|LiveKernel|0x' } |
+  Select-Object TimeCreated, @{n='Msg';e={($_.Message -split "`n")[0..3] -join ' | '}} | Format-List | Out-String
+
+H "WHEA HARDWARE ERRORS (last 30d)"
+Get-WinEvent -FilterHashtable @{LogName='System'; ProviderName='Microsoft-Windows-WHEA-Logger'; StartTime=(Get-Date).AddDays(-30)} -MaxEvents 25 |
+  Select-Object TimeCreated, Id, LevelDisplayName, @{n='Msg';e={($_.Message -split "`n")[0]}} | Format-Table -Auto | Out-String
+
+H "CRASH DUMP FILES"
+$md = "$env:SystemRoot\Minidump"
+if (Test-Path $md) { Get-ChildItem $md -Filter *.dmp | Sort-Object LastWriteTime -Desc | Select-Object LastWriteTime, @{n='KB';e={[int]($_.Length/1KB)}}, Name | Format-Table -Auto | Out-String }
+else { "No Minidump folder." }
+$mem = "$env:SystemRoot\MEMORY.DMP"
+if (Test-Path $mem) { $f = Get-Item $mem; "MEMORY.DMP   : $($f.LastWriteTime)  {0:N0} MB" -f ($f.Length/1MB) } else { "No MEMORY.DMP." }
+"CrashControl :"
+Get-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Control\CrashControl' | Select-Object CrashDumpEnabled, AutoReboot, LogEvent | Format-List | Out-String
+
+H "TOP SYSTEM-LOG ERRORS/CRITICAL (last 7d, grouped)"
+Get-WinEvent -FilterHashtable @{LogName='System'; Level=1,2; StartTime=(Get-Date).AddDays(-7)} |
+  Group-Object ProviderName, Id | Sort-Object Count -Desc | Select-Object -First 15 Count, Name | Format-Table -Auto | Out-String
+
+H "TOP APPLICATION-LOG ERRORS/CRITICAL (last 7d, grouped)"
+Get-WinEvent -FilterHashtable @{LogName='Application'; Level=1,2; StartTime=(Get-Date).AddDays(-7)} |
+  Group-Object ProviderName, Id | Sort-Object Count -Desc | Select-Object -First 15 Count, Name | Format-Table -Auto | Out-String
+
+H "DISK HEALTH (SMART / reliability counters)"
+Get-PhysicalDisk | Select-Object DeviceId, FriendlyName, MediaType, @{n='SizeGB';e={[int]($_.Size/1GB)}}, HealthStatus, OperationalStatus | Format-Table -Auto | Out-String
+Get-PhysicalDisk | Get-StorageReliabilityCounter | Select-Object DeviceId, Wear, ReadErrorsTotal, WriteErrorsTotal, Temperature, PowerOnHours | Format-Table -Auto | Out-String
+Get-Volume | Where-Object DriveLetter | Select-Object DriveLetter, FileSystemLabel, HealthStatus, @{n='FreeGB';e={[int]($_.SizeRemaining/1GB)}}, @{n='SizeGB';e={[int]($_.Size/1GB)}} | Format-Table -Auto | Out-String
+
+H "DISK ERROR EVENTS (last 14d, ID 7/11/51/52/98/153)"
+Get-WinEvent -FilterHashtable @{LogName='System'; Id=7,11,51,52,98,153; StartTime=(Get-Date).AddDays(-14)} -MaxEvents 25 |
+  Select-Object TimeCreated, Id, ProviderName, @{n='Msg';e={($_.Message -split "`n")[0]}} | Format-Table -Auto | Out-String
+
+H "PROBLEM DEVICES"
+Get-CimInstance Win32_PnPEntity | Where-Object { $_.ConfigManagerErrorCode -ne 0 } |
+  Select-Object Name, ConfigManagerErrorCode, DeviceID | Format-Table -Auto | Out-String
+
+H "RECENT WINDOWS UPDATES (last 10)"
+Get-HotFix | Sort-Object InstalledOn -Desc | Select-Object -First 10 HotFixID, Description, InstalledOn | Format-Table -Auto | Out-String
+
+H "PAGEFILE"
+Get-CimInstance Win32_PageFileUsage | Select-Object Name, @{n='AllocMB';e={$_.AllocatedBaseSize}}, @{n='PeakMB';e={$_.PeakUsage}}, @{n='CurrentMB';e={$_.CurrentUsage}} | Format-Table -Auto | Out-String
+Get-CimInstance Win32_ComputerSystem | Select-Object AutomaticManagedPagefile | Format-List | Out-String
+
+H "BITLOCKER / BOOT"
+manage-bde -status C: 2>&1 | Select-String 'Conversion|Protection|Lock' | Out-String
+bcdedit /enum '{current}' 2>&1 | Select-String 'recoveryenabled|bootstatuspolicy|description' | Out-String
+
+H "DONE"