sync: auto-sync from HOWARD-HOME at 2026-05-27 13:26:45
Author: Howard Enos Machine: HOWARD-HOME Timestamp: 2026-05-27 13:26:45
This commit is contained in:
@@ -259,3 +259,82 @@ None to the codebase. User accounts created in external systems (M365 tenant, ca
|
||||
- Cascades customer: `https://computerguru.syncromsp.com/customers/7502279`
|
||||
- Chris Knight M365 object ID: (recorded in Graph at time of creation)
|
||||
- Cascades SPB subscription: `cbdc14ab-d96c-4c30-b9f4-6ada7cdc1d46`
|
||||
|
||||
---
|
||||
|
||||
## Update: ~12:00 PT — SIF Laptop localadmin Login + Password
|
||||
|
||||
## User
|
||||
- **User:** Howard Enos (howard)
|
||||
- **Machine:** Howard-Home
|
||||
- **Role:** tech
|
||||
|
||||
### Session Summary
|
||||
|
||||
Two follow-up tasks were completed on SIF-Laptop554 and SIF-Laptop555 to finish the localadmin account setup.
|
||||
|
||||
First, both machines had `localadmin` hidden from the Windows login screen via a `SpecialAccounts\UserList` registry entry set to 0. A PowerShell command was dispatched via GuruRMM to each laptop to remove the hide entry and confirm the account was already enabled. On SIF-Laptop554 (online), the command ran immediately and confirmed removal. On SIF-Laptop555 (offline), the command was queued and will execute on next agent reconnect.
|
||||
|
||||
Second, the localadmin password was set to `r3tr0gradE99#` on both machines using `Set-LocalUser` with `PasswordNeverExpires $true`. 554 completed immediately (exit 0). 555 has the command queued. The full agent UUID lookup was required — the short prefixes from the session log (`ce868d0f`, `acb14901`) are not sufficient for the GuruRMM command API.
|
||||
|
||||
Credentials were vaulted at `clients/sif-oidak/laptops.sops.yaml` covering both the standard user (Sif/SifSif) and localadmin (localadmin/r3tr0gradE99#). Vault entry committed and pushed.
|
||||
|
||||
### Key Decisions
|
||||
|
||||
- **PasswordNeverExpires set to true:** These are unmanaged workgroup machines with no domain policy. A rotating or expiring localadmin password would lock out UAC elevation with no recovery path.
|
||||
- **Single vault entry for both laptops:** Credentials are identical across 554 and 555 — one entry covering both machines avoids duplication.
|
||||
- **Dispatched both commands even though 555 was offline:** GuruRMM queues commands for offline agents; they execute on next reconnect. No need to wait or repeat manually.
|
||||
|
||||
### Problems Encountered
|
||||
|
||||
- **Short agent ID prefixes insufficient for GuruRMM command API:** Session log recorded `ce868d0f` and `acb14901` as agent IDs. The command endpoint requires full UUIDs. Required an API lookup of the Sif-oidak site's agents to retrieve the full IDs before dispatching.
|
||||
- **SOPS encrypt failed when run from claudetools directory:** `sops --encrypt` could not find `.sops.yaml` when invoked from `C:/claudetools`. Fixed by running from `D:/vault` (the vault root) where `.sops.yaml` lives.
|
||||
|
||||
### Configuration Changes
|
||||
|
||||
- `D:/vault/clients/sif-oidak/laptops.sops.yaml` — CREATED: encrypted credentials for Sif-Laptop554 and Sif-Laptop555 (standard user + localadmin). Vault commit `1e2dd3c`.
|
||||
|
||||
### Credentials & Secrets
|
||||
|
||||
- **localadmin (both SIF laptops):** `localadmin` / `r3tr0gradE99#` — vault: `clients/sif-oidak/laptops.sops.yaml` → `credentials.local_admin`
|
||||
- **Standard user (both SIF laptops):** `Sif` / `SifSif` — vault: `clients/sif-oidak/laptops.sops.yaml` → `credentials.standard_user`
|
||||
|
||||
### Infrastructure & Servers
|
||||
|
||||
- **SIF-Laptop554:** agent `ce868d0f-6381-444d-8fd3-94c563ddc4d9` — online, both commands completed (exit 0)
|
||||
- **SIF-Laptop555:** agent `acb14901-f659-40eb-a59c-b5954de0ba7f` — offline at time of dispatch, both commands queued
|
||||
|
||||
### Commands & Outputs
|
||||
|
||||
```
|
||||
# 554 — remove SpecialAccounts hide entry
|
||||
BEFORE: Enabled=True
|
||||
Removed SpecialAccounts hide entry
|
||||
AFTER: Enabled=True
|
||||
DONE
|
||||
# exit_code: 0
|
||||
|
||||
# 554 — set localadmin password
|
||||
localadmin: Enabled=True PasswordNeverExpires=
|
||||
DONE
|
||||
# exit_code: 0
|
||||
|
||||
# 555 — both commands: status=pending (queued for offline agent)
|
||||
```
|
||||
|
||||
### Pending / Incomplete Tasks
|
||||
|
||||
- **SIF-Laptop555 queued commands:** Remove SpecialAccounts hide entry + set password — run automatically on next agent reconnect. Verify via GuruRMM command history once 555 is back online.
|
||||
- **UAC test on both laptops:** Log in as Sif (standard user), trigger an admin action, confirm credential prompt (not Close button) now appears and accepts localadmin / r3tr0gradE99#.
|
||||
- **Make localadmin selectable at Windows login screen** — done for 554, pending 555 reconnect.
|
||||
- **SIF-Laptop555 hostname:** Record `acb14901` still shows "Sif-Laptop554" — auto-corrects on next heartbeat.
|
||||
- **New GuruRMM agent binary (51a7e6c):** Needs CI build and deploy; Mike handling.
|
||||
- **O365BP suspension at Cascades:** Mike needs to check M365 admin center.
|
||||
- **MAINTENANCE-PC agent:** Still on v0.6.27; LHM fix pending agent binary update.
|
||||
|
||||
### Reference Information
|
||||
|
||||
- SIF-Laptop554 full agent UUID: `ce868d0f-6381-444d-8fd3-94c563ddc4d9`
|
||||
- SIF-Laptop555 full agent UUID: `acb14901-f659-40eb-a59c-b5954de0ba7f`
|
||||
- Vault entry: `clients/sif-oidak/laptops.sops.yaml` (vault commit `1e2dd3c`)
|
||||
- GuruRMM command IDs: 554 hide-fix `9ff6c7a7`, 554 password `10a0042f`, 555 hide-fix queued `TBD`, 555 password queued `ccd1047b`
|
||||
|
||||
Reference in New Issue
Block a user