# Cascades of Tucson — Project State > READ THIS before starting work on this client. > UPDATE THIS when you begin work (claim a lock) and when you finish (release lock + log changes). > Last updated: 2026-04-20 --- ## Active Session Locks | Session | Working On | Status | Started | |---------|-----------|--------|---------| | _(none active)_ | | | | **How to claim a lock:** Add a row before starting work. Remove it when done. Locks older than 2 hours with no update are considered stale. --- ## Current State **Status:** ACTIVE **Last Activity:** 2026-04-17 (Howard) Senior living community. Active project: HIPAA-compliant folder redirection GPO rollout across all departments. Folder redirection pattern validated on one user (Sharon Edwards, Life Enrichment) — Documents and Downloads redirecting to `\\CS-SERVER\homes\\`. Next: second LE machine end-to-end, then Desktop and other folders, then matching GPOs for other departments. --- ## Infrastructure / Access | Resource | Address | Vault path | |----------|---------|------------| | pfSense firewall | 192.168.0.1 | `clients/cascades-tucson/pfsense-firewall.sops.yaml` | | Synology NAS (cascadesds) | 192.168.0.120:5000 (DSM) | `clients/cascades-tucson/synology-cascadesds.sops.yaml` | | CS-SERVER (DC + file server) | 192.168.2.254, domain `cascades.local` | `clients/cascades-tucson/cs-server.sops.yaml` | **Syncro ID:** 20149445 **Contact:** Meredith Kuhn — meredith.kuhn@cascadestucson.com — (520) 886-3171 **GuruRMM:** - Client: Cascades of Tucson (`CASC`, id `42e1b0e3-f8b7-4fc5-86bd-06bdbb073b7f`) - Site: CascadesTucson (`GOLD-MOON-4620`, id `c157c399-82d3-4581-979a-b9fad70f4fef`) - Enrolled agents: DESKTOP-DLTAGOI (`0ed72c1c-40c7-4bd4-afed-e0bcb198936f`), CS-SERVER (`6766e973-e703-47c1-be56-76950290f87c`) **Known traps:** - ProfWiz-migrated users may have poisoned `User Shell Folders` — check/clean before testing redirection (`scripts/hive-cleanup-shellfolders.ps1`) - GPMC on Server 2019/2022 writes `fdeploy1.ini` incorrectly when adding + modifying in same session — one folder per save, close/reopen between adds - Explorer sidebar uses KnownFolder GUID form — mirror manually if sidebar doesn't resolve (`scripts/fix-live-shellfolders.ps1`) - Machines with OneDrive KFM must unlink OneDrive before applying GPO **GPO backup on CS-SERVER:** `C:\GPO-Backups\pre-fix-20260417-221701\` (backup ID `9c6ff7c9-0942-4cfb-b4a5-936913a3da87`) --- ## Pending / Next Up - [ ] EncryptData flag on `\\CS-SERVER\homes` share (HIPAA workitem — currently false) - [ ] Second Life Enrichment machine folder redirection end-to-end - [ ] Desktop + other folders redirection GPOs - [ ] Matching GPOs for remaining departments - [ ] Folder redirection GPO verification across all enrolled machines --- ## Recent Changes | Date | By | Change | Status | |------|-----|--------|--------| | 2026-04-17 | Howard | Folder redirection validated on DESKTOP-DLTAGOI (Sharon Edwards); GPO `CSC - Folder Redirection (LE)` active | DEPLOYED | --- ## How to Update **When starting:** Add your session to Active Session Locks. **When finishing:** Remove your lock row, add entries to Recent Changes, update Current State if needed.