diff --git a/session-logs/2026-05-27-howard-session.md b/session-logs/2026-05-27-howard-session.md index 56a0369..02119d3 100644 --- a/session-logs/2026-05-27-howard-session.md +++ b/session-logs/2026-05-27-howard-session.md @@ -578,3 +578,98 @@ git pull --rebase origin main && git push origin main - Server MSI build: `server/src/api/install.rs:1341` - ARP registry path (64-bit): `HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ProductCode}` - Cleanup tool ARP search: `installer/cleanup/src/main.rs:65` + +--- + +## Update: 17:45 PT — Cascades Megan Hiatt domain join + GuruRMM LHM alert + +## User +- **User:** Howard Enos (howard) +- **Machine:** Howard-Home +- **Role:** tech + +## Session Summary + +Resumed the Cascades of Tucson domain migration for Megan Hiatt (Marketing) after context compaction from earlier in the session. Verified her AD account live via GuruRMM command on CS-SERVER: SAM=Megan.Hiatt, OU=Marketing,OU=Departments,DC=cascades,DC=local, enabled, UPN=Megan.Hiatt@cascadestucson.com. Discovered GuruRMM agent 14ff2427 (hostname "megan", Win11 23H2, v0.6.27) was already online, resolving the blocking condition from 2026-05-23. + +Server-side pre-migration steps completed before touching the machine: D:\Homes\Megan.Hiatt created on CS-SERVER with Desktop/Documents/Downloads/Music/Pictures subfolders via inline New-HomeFolder function (inlined because the function was not loaded as a module in the remote session). Megan.Hiatt added to SG-FolderRedirect. OneDrive check on her machine returned no process and no Business1 registry key — no KFM to disable. + +Howard joined the machine via ScreenConnect and performed ProfWiz domain join: source profile "Megan Hiatt" migrated to CASCADES\Megan.Hiatt, joined to OU=Staff PCs,OU=Workstations,DC=cascades,DC=local. After first domain login, old profile data required manual move to \CS-SERVER\Homes\Megan.Hiatt. Migration complete. Machine hostname remains "megan". + +A critical coord message from Mike was surfaced: LibreHardwareMonitor in the GuruRMM agent violates the No External Binaries founding principle and is flagged by Windows Defender as PUA (kernel driver WinRing0x64.sys triggers behavior-based detection). Howard agreed via coord reply: emergency-patch v0.6.28 removing LHM, ship without Windows temps, implement WMI-based temps in v0.6.29. Violation originated 2026-05-14 when LHM was added as a quick fix for sysinfo not working on Windows. + +## Key Decisions + +- Megan machine hostname "megan" left as-is — no rename performed, not worth disruption mid-session. +- New-HomeFolder executed inline rather than via file drop — function not in module scope on remote PS session; inlined full body via Python json.dumps to handle escaping. +- LHM emergency patch endorsed without debate — external executable with kernel driver in a security product is indefensible; Windows temps are low client value. +- Manual data move accepted — prep-profile-for-redirection.ps1 was prepared and provided but folder redirection did not auto-migrate all data; Howard moved files manually. End state is the same. + +## Problems Encountered + +- New-HomeFolder not in scope on CS-SERVER remote session: function defined in script file, not loaded as module. Resolved by inlining full function body. +- Shell escaping / Python unicode errors in inline PowerShell payloads: multiple attempts with backslash paths caused Python SyntaxError. Resolved by writing all complex payloads to C:\Temp\payload.json via Python heredoc and passing to curl as -d @file. +- GuruRMM /api/sites/:id/agents returns 404: correct endpoint is /api/agents?site_id=. Discovered via debug curl. +- GuruRMM command result at wrong path: /api/agents/:id/command/:id returns 404, correct path is /api/commands/:id. +- LHM coord message not in unread_only list: searched all recent messages by subject keyword, found ID 5b1f36e8, marked read. + +## Configuration Changes + +- C:\Users\Howard\.claude\plans\wise-discovering-panda.md — save point updated: session 7, Megan Hiatt complete +- wiki/clients/cascades-tucson.md — Megan Hiatt migration status updated to COMPLETE 2026-05-27 + +## Credentials & Secrets + +No new credentials created. Used from vault: +- CS-SERVER domain admin: sysadmin / r3tr0gradE99# — vault: clients/cascades-tucson/cs-server.sops.yaml +- GuruRMM API: claude-api@azcomputerguru.com / ClaudeAPI2026!@# — vault: infrastructure/gururmm-server.sops.yaml + +## Infrastructure & Servers + +- CS-SERVER: 192.168.2.254, Windows Server 2019, AD cascades.local, GuruRMM agent 6766e973 +- Megan machine: hostname "megan", Windows 11 23H2 build 22631, GuruRMM agent 14ff2427-f376-4aed-859f-37946cf5f679, v0.6.27 +- GuruRMM API: http://172.16.3.30:3001, CascadesTucson site c157c399-82d3-4581-979a-b9fad70f4fef +- Coord API: http://172.16.3.30:8001/api/coord + +## Commands & Outputs + +Get-ADUser result: SamAccountName=Megan.Hiatt, Enabled=True, DN=CN=Megan Hiatt,OU=Marketing,OU=Departments,DC=cascades,DC=local + +New-HomeFolder result: + D:\Homes\Megan.Hiatt created with clean ACL + Created: D:\Homes\Megan.Hiatt\Desktop / Documents / Downloads / Music / Pictures + +Local users on megan machine: + Administrator (disabled), Localadmin (enabled), Megan Hiatt (enabled), WDAGUtilityAccount (disabled) + Profile path: C:\Users\Megan Hiatt + +ProfWiz: source "Megan Hiatt" (local) -> CASCADES\Megan.Hiatt, OU=Staff PCs,OU=Workstations,DC=cascades,DC=local + +## Pending / Incomplete Tasks + +Cascades: +- Ashley Jensen: verify Desktop/Documents/Downloads point to server +- RECEPTIONIST-PC: verify Q:/W: drives + FrontDesk printer for frontdesk user +- NURSESTATION-PC: auto-lock GPO (HIPAA, ~10 min idle) +- Vault nurses credential: clients/cascades-tucson/nurses-shared.sops.yaml (password: Nurse8863171!) +- Entra Connect: OU=Administrative sync scope + UPN suffix updates for that OU +- M365: relicense 31 users Business Standard (SUSPENDED) -> Business Premium (31 SPB seats free) +- Break-glass accounts: not created, YubiKeys unconfirmed +- Audit retention: approved, not built +- WiFi ticket #32319: room 343 AP move +- Phase 3: DESKTOP-KQSL232, CHEF-PC, SALES4-PC, MDIRECTOR-PC domain joins + +GuruRMM: +- LHM emergency patch v0.6.28: remove agent/src/ohw.rs, LHM from WiX, LHM WMI logic from metrics/mod.rs, add ADR-007 +- SPEC-010 and SPEC-011 implementation + +## Reference Information + +- Migration plan: C:\Users\Howard\.claude\plans\wise-discovering-panda.md +- Syncro ticket: #110680053 +- Megan GuruRMM agent: 14ff2427-f376-4aed-859f-37946cf5f679 +- CascadesTucson site: c157c399-82d3-4581-979a-b9fad70f4fef +- LHM coord message from Mike: 5b1f36e8-a6b7-47ba-853d-9623a2d699c3 (marked read) +- Howard LHM reply: cb6348dc-9571-4522-a72e-f8708acae23c +- SPEC-010: projects/msp-tools/guru-rmm/docs/specs/SPEC-010-agent-ux-improvements.md +- SPEC-011: projects/msp-tools/guru-rmm/docs/specs/SPEC-011-arp-programs-features-registration.md diff --git a/wiki/clients/cascades-tucson.md b/wiki/clients/cascades-tucson.md index 3a8aa2d..874e663 100644 --- a/wiki/clients/cascades-tucson.md +++ b/wiki/clients/cascades-tucson.md @@ -203,7 +203,7 @@ Primary active project as of 2026-05-24: dept-by-dept domain migration (Syncro # | RECEPTIONIST-PC (frontdesk) | Domain-joined 2026-05-22; loopback Replace mode, no folder redirect by design | | NURSESTATION-PC | Domain-joined, folder redirect complete | | Lauren Hasselman | Domain-joined, folder redirect complete 2026-05-23 | -| Megan Hiatt (Marketing) | Pending — GuruRMM agent not yet confirmed online | +| Megan Hiatt (Marketing) | COMPLETE 2026-05-27 — domain joined via ProfWiz, folder redirection live, data on server | | DESKTOP-KQSL232 (Lois Lane — CareTakers) | Blocked — Lois Lane resistant to change; John Trozzi working with her | | CHEF-PC, SALES4-PC, MDIRECTOR-PC | Not yet started |