sync: auto-sync from HOWARD-HOME at 2026-05-22 15:40:30
Author: Howard Enos Machine: HOWARD-HOME Timestamp: 2026-05-22 15:40:30
This commit is contained in:
@@ -47,6 +47,7 @@
|
||||
- [Syncro estimate hardware product](feedback_syncro_estimate_hardware.md) — All hardware on estimates uses product_id 32252 ("Hardware", $0 base); set name/price_retail per item. Never look up individual hardware product IDs.
|
||||
- [Clear-RecycleBin fails silently as SYSTEM](feedback_clear_recyclebin_system_context.md) — RMM-dispatched cleanup scripts cannot use `Clear-RecycleBin -Force`; the cmdlet uses Shell COM and silently no-ops without an interactive desktop. Enumerate `C:\$Recycle.Bin\<SID>\*` directly. Hit on ASSISTMAN-PC 2026-05-08.
|
||||
- [Cascades — ask security group on user creation](feedback_cascades_user_security_group.md) — When creating any Cascades user, always ask which security group(s) they go in. Deliberate per-user decision; an OU→group auto-mirror was explicitly declined 2026-05-14. OU = sync scope; group = access/CA decision.
|
||||
- [Cascades folder redirect — fdeploy failure/recovery](feedback_cascades_folder_redirect.md) — Must pre-create subfolders before first logon. fdeploy caches failures silently. Recovery: fix-shell-redirect.ps1. Both GUID and legacy name keys required.
|
||||
|
||||
## Machine
|
||||
- [ACG-5070 Workstation Setup](reference_workstation_setup.md) - Windows 11 Pro clean install 2026-03-30, replaced CachyOS. All tools installed.
|
||||
|
||||
26
.claude/memory/feedback_cascades_folder_redirect.md
Normal file
26
.claude/memory/feedback_cascades_folder_redirect.md
Normal file
@@ -0,0 +1,26 @@
|
||||
---
|
||||
name: feedback_cascades_folder_redirect
|
||||
description: Cascades folder redirection — fdeploy failure/retry behavior, correct new-user procedure, recovery script location
|
||||
metadata:
|
||||
type: feedback
|
||||
---
|
||||
|
||||
Folder redirection (fdeploy) caches failures and never retries if subfolders don't exist at first logon. "No changes detected" = stuck forever without manual intervention.
|
||||
|
||||
**Root cause:** fdeploy1.ini had Flags=1211 which includes Grant Exclusive Rights (bit 0x400). The Homes share grants Domain Users=Change which excludes WRITE_DAC. fdeploy fails to set NTFS on new subfolders → logs 502 → caches the failure. Changed to Flags=187 in `{512B43A4-F049-4CE5-BFAC-860AD13E92BE}\User\Documents & Settings\fdeploy1.ini` on CS-SERVER.
|
||||
|
||||
**Prevention — mandatory order for every new user:**
|
||||
1. Create AD user
|
||||
2. Run `New-HomeFolder -Username "<sam>"` on CS-SERVER — now creates root + Desktop/Documents/Downloads/Music/Pictures subfolders with correct ACL
|
||||
3. Add user to SG-FolderRedirect
|
||||
4. THEN first domain logon
|
||||
|
||||
**Recovery (fdeploy already cached a failure):**
|
||||
- Run `clients/cascades-tucson/scripts/fix-shell-redirect.ps1` via GuruRMM on the client while user is logged in
|
||||
- Sets both GUID-based and legacy-name registry keys (Personal, My Music, My Pictures) in HKU\<SID>
|
||||
- Folders must already exist on server — script doesn't create them
|
||||
- User logs off and on to pick up changes
|
||||
|
||||
**Why both GUID and legacy keys matter:** Downloads has no legacy name key → only GUID needed. Documents/Music/Pictures have both `{GUID}` AND `Personal`/`My Music`/`My Pictures`. Windows reads the legacy key for the actual shell folder — GUID alone is insufficient.
|
||||
|
||||
**How to apply:** Any time a new Cascades user gets folder redirection set up.
|
||||
Reference in New Issue
Block a user