azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sync: auto-sync from HOWARD-HOME at 2026-05-27 20:01:59

Browse Source 
Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-05-27 20:01:59
This commit is contained in:
Howard Enos
2026-05-27 20:02:05 -07:00
parent 531c65e56a
commit d0a140a784
2 changed files with 96 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

95
session-logs/2026-05-27-howard-session.md
View File

@@ -578,3 +578,98 @@ git pull --rebase origin main && git push origin main
- Server MSI build: `server/src/api/install.rs:1341`
- ARP registry path (64-bit): `HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ProductCode}`
- Cleanup tool ARP search: `installer/cleanup/src/main.rs:65`
---
## Update: 17:45 PT — Cascades Megan Hiatt domain join + GuruRMM LHM alert
## User
- **User:** Howard Enos (howard)
- **Machine:** Howard-Home
- **Role:** tech
## Session Summary
Resumed the Cascades of Tucson domain migration for Megan Hiatt (Marketing) after context compaction from earlier in the session. Verified her AD account live via GuruRMM command on CS-SERVER: SAM=Megan.Hiatt, OU=Marketing,OU=Departments,DC=cascades,DC=local, enabled, UPN=Megan.Hiatt@cascadestucson.com. Discovered GuruRMM agent 14ff2427 (hostname "megan", Win11 23H2, v0.6.27) was already online, resolving the blocking condition from 2026-05-23.
Server-side pre-migration steps completed before touching the machine: D:\Homes\Megan.Hiatt created on CS-SERVER with Desktop/Documents/Downloads/Music/Pictures subfolders via inline New-HomeFolder function (inlined because the function was not loaded as a module in the remote session). Megan.Hiatt added to SG-FolderRedirect. OneDrive check on her machine returned no process and no Business1 registry key — no KFM to disable.
Howard joined the machine via ScreenConnect and performed ProfWiz domain join: source profile "Megan Hiatt" migrated to CASCADES\Megan.Hiatt, joined to OU=Staff PCs,OU=Workstations,DC=cascades,DC=local. After first domain login, old profile data required manual move to \CS-SERVER\Homes\Megan.Hiatt. Migration complete. Machine hostname remains "megan".
A critical coord message from Mike was surfaced: LibreHardwareMonitor in the GuruRMM agent violates the No External Binaries founding principle and is flagged by Windows Defender as PUA (kernel driver WinRing0x64.sys triggers behavior-based detection). Howard agreed via coord reply: emergency-patch v0.6.28 removing LHM, ship without Windows temps, implement WMI-based temps in v0.6.29. Violation originated 2026-05-14 when LHM was added as a quick fix for sysinfo not working on Windows.
## Key Decisions
- Megan machine hostname "megan" left as-is — no rename performed, not worth disruption mid-session.
- New-HomeFolder executed inline rather than via file drop — function not in module scope on remote PS session; inlined full body via Python json.dumps to handle escaping.
- LHM emergency patch endorsed without debate — external executable with kernel driver in a security product is indefensible; Windows temps are low client value.
- Manual data move accepted — prep-profile-for-redirection.ps1 was prepared and provided but folder redirection did not auto-migrate all data; Howard moved files manually. End state is the same.
## Problems Encountered
- New-HomeFolder not in scope on CS-SERVER remote session: function defined in script file, not loaded as module. Resolved by inlining full function body.
- Shell escaping / Python unicode errors in inline PowerShell payloads: multiple attempts with backslash paths caused Python SyntaxError. Resolved by writing all complex payloads to C:\Temp\payload.json via Python heredoc and passing to curl as -d @file.
- GuruRMM /api/sites/:id/agents returns 404: correct endpoint is /api/agents?site_id=<uuid>. Discovered via debug curl.
- GuruRMM command result at wrong path: /api/agents/:id/command/:id returns 404, correct path is /api/commands/:id.
- LHM coord message not in unread_only list: searched all recent messages by subject keyword, found ID 5b1f36e8, marked read.
## Configuration Changes
- C:\Users\Howard\.claude\plans\wise-discovering-panda.md — save point updated: session 7, Megan Hiatt complete
- wiki/clients/cascades-tucson.md — Megan Hiatt migration status updated to COMPLETE 2026-05-27
## Credentials & Secrets
No new credentials created. Used from vault:
- CS-SERVER domain admin: sysadmin / r3tr0gradE99# — vault: clients/cascades-tucson/cs-server.sops.yaml
- GuruRMM API: claude-api@azcomputerguru.com / ClaudeAPI2026!@# — vault: infrastructure/gururmm-server.sops.yaml
## Infrastructure & Servers
- CS-SERVER: 192.168.2.254, Windows Server 2019, AD cascades.local, GuruRMM agent 6766e973
- Megan machine: hostname "megan", Windows 11 23H2 build 22631, GuruRMM agent 14ff2427-f376-4aed-859f-37946cf5f679, v0.6.27
- GuruRMM API: http://172.16.3.30:3001, CascadesTucson site c157c399-82d3-4581-979a-b9fad70f4fef
- Coord API: http://172.16.3.30:8001/api/coord
## Commands & Outputs
Get-ADUser result: SamAccountName=Megan.Hiatt, Enabled=True, DN=CN=Megan Hiatt,OU=Marketing,OU=Departments,DC=cascades,DC=local
New-HomeFolder result:
D:\Homes\Megan.Hiatt created with clean ACL
Created: D:\Homes\Megan.Hiatt\Desktop / Documents / Downloads / Music / Pictures
Local users on megan machine:
Administrator (disabled), Localadmin (enabled), Megan Hiatt (enabled), WDAGUtilityAccount (disabled)
Profile path: C:\Users\Megan Hiatt
ProfWiz: source "Megan Hiatt" (local) -> CASCADES\Megan.Hiatt, OU=Staff PCs,OU=Workstations,DC=cascades,DC=local
## Pending / Incomplete Tasks
Cascades:
- Ashley Jensen: verify Desktop/Documents/Downloads point to server
- RECEPTIONIST-PC: verify Q:/W: drives + FrontDesk printer for frontdesk user
- NURSESTATION-PC: auto-lock GPO (HIPAA, ~10 min idle)
- Vault nurses credential: clients/cascades-tucson/nurses-shared.sops.yaml (password: Nurse8863171!)
- Entra Connect: OU=Administrative sync scope + UPN suffix updates for that OU
- M365: relicense 31 users Business Standard (SUSPENDED) -> Business Premium (31 SPB seats free)
- Break-glass accounts: not created, YubiKeys unconfirmed
- Audit retention: approved, not built
- WiFi ticket #32319: room 343 AP move
- Phase 3: DESKTOP-KQSL232, CHEF-PC, SALES4-PC, MDIRECTOR-PC domain joins
GuruRMM:
- LHM emergency patch v0.6.28: remove agent/src/ohw.rs, LHM from WiX, LHM WMI logic from metrics/mod.rs, add ADR-007
- SPEC-010 and SPEC-011 implementation
## Reference Information
- Migration plan: C:\Users\Howard\.claude\plans\wise-discovering-panda.md
- Syncro ticket: #110680053
- Megan GuruRMM agent: 14ff2427-f376-4aed-859f-37946cf5f679
- CascadesTucson site: c157c399-82d3-4581-979a-b9fad70f4fef
- LHM coord message from Mike: 5b1f36e8-a6b7-47ba-853d-9623a2d699c3 (marked read)
- Howard LHM reply: cb6348dc-9571-4522-a72e-f8708acae23c
- SPEC-010: projects/msp-tools/guru-rmm/docs/specs/SPEC-010-agent-ux-improvements.md
- SPEC-011: projects/msp-tools/guru-rmm/docs/specs/SPEC-011-arp-programs-features-registration.md

2
wiki/clients/cascades-tucson.md
View File

@@ -203,7 +203,7 @@ Primary active project as of 2026-05-24: dept-by-dept domain migration (Syncro #
| RECEPTIONIST-PC (frontdesk) | Domain-joined 2026-05-22; loopback Replace mode, no folder redirect by design |
| NURSESTATION-PC | Domain-joined, folder redirect complete |
| Lauren Hasselman | Domain-joined, folder redirect complete 2026-05-23 |
| Megan Hiatt (Marketing) | Pending — GuruRMM agent not yet confirmed online |
| Megan Hiatt (Marketing) | COMPLETE 2026-05-27 — domain joined via ProfWiz, folder redirection live, data on server |
| DESKTOP-KQSL232 (Lois Lane — CareTakers) | Blocked — Lois Lane resistant to change; John Trozzi working with her |
| CHEF-PC, SALES4-PC, MDIRECTOR-PC | Not yet started |