azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0e2629ad0eca574128144b2cdf7d66a508a5dadc
claudetools/wiki/clients/lonestar-electrical.md
Mike Swanson 4c6c554faf wiki: seed Lone Star Electrical Systems (client:lonestar-electrical) 
Seeded from March MDM session logs + Syncro (customer 33809612) + vault.
Google Workspace shop with ManageEngine MDM (Zoho); documents the
dual-EMM self-enrollment trap resolved 2026-03-24.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-26 16:30:51 -07:00

6.3 KiB
Raw Blame History

type, name, display_name, last_compiled, compiled_by, sources, backlinks
type name display_name last_compiled compiled_by sources backlinks
client lonestar-electrical Lone Star Electrical Systems LLC 2026-05-26 GURU-5070/claude-main
session-logs/2026-03-23-session.md
session-logs/2026-03-24-session.md
credentials.md
clients/lonestar-electrical/google-workspace.sops.yaml (vault)
temp/lonestar-russ-setup.py
temp/lonestar-kyla-reset.py
temp/lonestar-kyla-2fa-fix.py

Lone Star Electrical Systems LLC

Electrical contractor in Tucson, AZ. ACG-managed client. Distinctive in the fleet for being a Google Workspace shop (not Microsoft 365) with mobile devices managed by ManageEngine MDM (Zoho), not Intune. Field-heavy: techs use phones/tablets on job sites.

Profile

  • Company type: Electrical contractor (field service)
  • Contract type: Prepaid hour block
  • Hours remaining: 17.25 hrs as of 2026-05-26 (Syncro live). Always live-check GET /customers/33809612 before billing.
  • Billing rate: (verify — check recent Syncro invoices; not captured in available sources)
  • Syncro customer ID: 33809612 (Lone Star Electrical Systems LLC)
  • Address: 3774 North Warren Avenue, Tucson, AZ
  • Managed assets (Syncro): 1 asset on record
  • Key contacts:
  • Active ticket: None open in Syncro as of 2026-05-26 (see Active Work)

Infrastructure

Email & Identity

  • Platform: Google Workspace (domain lonestarelectrical.net). NOT Microsoft 365 — the M365 remediation tool does not apply here.
  • GWS admin: sysadmin@lonestarelectrical.net
  • GWS mobile management: set to Basic (no Google-native MDM push) — device management is delegated to ManageEngine.
  • ACG management plane: Google Workspace API access via the ACG-MSP-Access (Google Workspace) service account (vault: MSP Tools). lonestarelectrical.net is an onboarded tenant. Service-account key: temp/acg-msp-access-8f72339997e5.json.

Mobile Device Management (MDM)

  • Platform: ManageEngine MDM (Zoho) — https://mdm.manageengine.com/webclient
  • MDM admin: mike@azcomputerguru.com (Zoho account, Super Admin)
  • Enrolled devices: 2 company tablets (named Zach and JOSE), enrolled 2025-12-04 via QR code, fully managed. These are direct enrollments and are unaffected by the Google third-party-EMM integration.

Workstations

  • LS-1, LS-2 — Windows workstations; both upgraded to Win11 on 2026-05-04 (Syncro #32244). [Further inventory not documented]

Access

Patterns & Known Issues

  • ManageEngine + Google Workspace dual-EMM trap (resolved 2026-03-24). A personal phone repeatedly prompted for MDM enrollment when the user added their Lonestar Google account. Root cause was two independent triggers: (1) ManageEngine MDM self-enrollment was enabled for all directory groups, AND (2) ManageEngine was configured as a third-party EMM provider inside Google Workspace (Devices > Mobile & endpoints > Settings > Third-party integrations). The Google integration enforces enrollment on any device that adds a Lonestar account — independent of ManageEngine's own self-enrollment setting. Fix required both: disable ManageEngine self-enrollment (Enrollment > Self Enrollment > Disable) AND remove ManageEngine as the third-party EMM in the GWS Admin Console. Disabling only one leaves the prompt in place. Company tablets enrolled directly via QR code are unaffected by either change.
  • Google Workspace, not M365. Reach for GWS Admin Console + the ACG-MSP-Access service account for identity work. The M365 remediation-tool app suite does not apply to this client.
  • Field/mobile-first. Most tickets are phone/tablet/field-device oriented (iPhone field setup, tablet PDF editing). Expect mobile, not desktop, as the primary support surface.

Active Work

No open Syncro tickets as of 2026-05-26. Two tickets in "Customer Reply" status (awaiting client):

  • #32251 — iPhone: set up cell phone for use in the field (2026-05-05)
  • #32215 — QuickBooks issues (2026-04-25)

History Highlights

Date Event
2025-12-04 Two company tablets (Zach, JOSE) enrolled in ManageEngine MDM via QR code, fully managed
2026-03-10 Emergency: James's account hacked (Syncro #32010, resolved)
2026-03-11 Tablet unable to edit PDFs (#32015)
2026-03-23 Lonestar MDM issue investigated — identified ManageEngine self-enrollment as the cause of joser's personal-phone prompt; fix initially blocked by a broken Zoho portal page
2026-03-24 MDM issue RESOLVED — disabled ManageEngine self-enrollment AND removed ManageEngine as GWS third-party EMM. joser's phone stopped prompting immediately
2026-05-04 Win11 upgrades on LS-1 and LS-2 (#32244)
2026-05-05 iPhone field setup (#32251)

Compilation Notes

  • Seeded 2026-05-26 from two March session logs + credentials.md + vault entry + temp provisioning scripts, enriched with live Syncro data (customer 33809612).
  • Vault slug is lonestar-electrical (matches clients/lonestar-electrical/ in the vault), though session logs and temp scripts use the un-hyphenated lonestar.
  • No dedicated project folder — Lonestar work lives in root session logs and temp/ scripts; there is no clients/lonestar*/ working directory or projects/ entry in the ClaudeTools repo (only the vault folder exists).
  • Flagged [verify]: billing rate; exact roles/names for James, Kyla, Russ; full workstation inventory.

Backlinks

(none yet)

Reference in New Issue View Git Blame Copy Permalink