From ed7715424d81fcb359baeaa87a8446bf9d8b1986 Mon Sep 17 00:00:00 2001 From: Howard Enos Date: Wed, 27 May 2026 13:26:51 -0700 Subject: [PATCH] sync: auto-sync from HOWARD-HOME at 2026-05-27 13:26:45 Author: Howard Enos Machine: HOWARD-HOME Timestamp: 2026-05-27 13:26:45 --- session-logs/2026-05-27-howard-session.md | 79 +++++++++++++++++++++++ 1 file changed, 79 insertions(+) diff --git a/session-logs/2026-05-27-howard-session.md b/session-logs/2026-05-27-howard-session.md index 8427c3b..5f2bab8 100644 --- a/session-logs/2026-05-27-howard-session.md +++ b/session-logs/2026-05-27-howard-session.md @@ -259,3 +259,82 @@ None to the codebase. User accounts created in external systems (M365 tenant, ca - Cascades customer: `https://computerguru.syncromsp.com/customers/7502279` - Chris Knight M365 object ID: (recorded in Graph at time of creation) - Cascades SPB subscription: `cbdc14ab-d96c-4c30-b9f4-6ada7cdc1d46` + +--- + +## Update: ~12:00 PT — SIF Laptop localadmin Login + Password + +## User +- **User:** Howard Enos (howard) +- **Machine:** Howard-Home +- **Role:** tech + +### Session Summary + +Two follow-up tasks were completed on SIF-Laptop554 and SIF-Laptop555 to finish the localadmin account setup. + +First, both machines had `localadmin` hidden from the Windows login screen via a `SpecialAccounts\UserList` registry entry set to 0. A PowerShell command was dispatched via GuruRMM to each laptop to remove the hide entry and confirm the account was already enabled. On SIF-Laptop554 (online), the command ran immediately and confirmed removal. On SIF-Laptop555 (offline), the command was queued and will execute on next agent reconnect. + +Second, the localadmin password was set to `r3tr0gradE99#` on both machines using `Set-LocalUser` with `PasswordNeverExpires $true`. 554 completed immediately (exit 0). 555 has the command queued. The full agent UUID lookup was required — the short prefixes from the session log (`ce868d0f`, `acb14901`) are not sufficient for the GuruRMM command API. + +Credentials were vaulted at `clients/sif-oidak/laptops.sops.yaml` covering both the standard user (Sif/SifSif) and localadmin (localadmin/r3tr0gradE99#). Vault entry committed and pushed. + +### Key Decisions + +- **PasswordNeverExpires set to true:** These are unmanaged workgroup machines with no domain policy. A rotating or expiring localadmin password would lock out UAC elevation with no recovery path. +- **Single vault entry for both laptops:** Credentials are identical across 554 and 555 — one entry covering both machines avoids duplication. +- **Dispatched both commands even though 555 was offline:** GuruRMM queues commands for offline agents; they execute on next reconnect. No need to wait or repeat manually. + +### Problems Encountered + +- **Short agent ID prefixes insufficient for GuruRMM command API:** Session log recorded `ce868d0f` and `acb14901` as agent IDs. The command endpoint requires full UUIDs. Required an API lookup of the Sif-oidak site's agents to retrieve the full IDs before dispatching. +- **SOPS encrypt failed when run from claudetools directory:** `sops --encrypt` could not find `.sops.yaml` when invoked from `C:/claudetools`. Fixed by running from `D:/vault` (the vault root) where `.sops.yaml` lives. + +### Configuration Changes + +- `D:/vault/clients/sif-oidak/laptops.sops.yaml` — CREATED: encrypted credentials for Sif-Laptop554 and Sif-Laptop555 (standard user + localadmin). Vault commit `1e2dd3c`. + +### Credentials & Secrets + +- **localadmin (both SIF laptops):** `localadmin` / `r3tr0gradE99#` — vault: `clients/sif-oidak/laptops.sops.yaml` → `credentials.local_admin` +- **Standard user (both SIF laptops):** `Sif` / `SifSif` — vault: `clients/sif-oidak/laptops.sops.yaml` → `credentials.standard_user` + +### Infrastructure & Servers + +- **SIF-Laptop554:** agent `ce868d0f-6381-444d-8fd3-94c563ddc4d9` — online, both commands completed (exit 0) +- **SIF-Laptop555:** agent `acb14901-f659-40eb-a59c-b5954de0ba7f` — offline at time of dispatch, both commands queued + +### Commands & Outputs + +``` +# 554 — remove SpecialAccounts hide entry +BEFORE: Enabled=True +Removed SpecialAccounts hide entry +AFTER: Enabled=True +DONE +# exit_code: 0 + +# 554 — set localadmin password +localadmin: Enabled=True PasswordNeverExpires= +DONE +# exit_code: 0 + +# 555 — both commands: status=pending (queued for offline agent) +``` + +### Pending / Incomplete Tasks + +- **SIF-Laptop555 queued commands:** Remove SpecialAccounts hide entry + set password — run automatically on next agent reconnect. Verify via GuruRMM command history once 555 is back online. +- **UAC test on both laptops:** Log in as Sif (standard user), trigger an admin action, confirm credential prompt (not Close button) now appears and accepts localadmin / r3tr0gradE99#. +- **Make localadmin selectable at Windows login screen** — done for 554, pending 555 reconnect. +- **SIF-Laptop555 hostname:** Record `acb14901` still shows "Sif-Laptop554" — auto-corrects on next heartbeat. +- **New GuruRMM agent binary (51a7e6c):** Needs CI build and deploy; Mike handling. +- **O365BP suspension at Cascades:** Mike needs to check M365 admin center. +- **MAINTENANCE-PC agent:** Still on v0.6.27; LHM fix pending agent binary update. + +### Reference Information + +- SIF-Laptop554 full agent UUID: `ce868d0f-6381-444d-8fd3-94c563ddc4d9` +- SIF-Laptop555 full agent UUID: `acb14901-f659-40eb-a59c-b5954de0ba7f` +- Vault entry: `clients/sif-oidak/laptops.sops.yaml` (vault commit `1e2dd3c`) +- GuruRMM command IDs: 554 hide-fix `9ff6c7a7`, 554 password `10a0042f`, 555 hide-fix queued `TBD`, 555 password queued `ccd1047b`