azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
71ada136a8bddebb84bcf8fe8bf62ca5ddb2d2dc
claudetools/clients/kittle/docs/scripts/gpo-intranet-zone.ps1
Howard Enos 8d975c1b44 import: ingested 160 files from C:\Users\howar\Clients 
Howard's personal MSP client documentation folder imported into shared
ClaudeTools repo via /import command. Scope:

Clients (structured MSP docs under clients/<name>/docs/):
- anaise       (NEW)  - 13 files
- cascades-tucson     - 47 files merged (existing had only reports/)
- dataforth           - 18 files merged (alongside incident reports)
- instrumental-music-center - 14 files merged
- khalsa       (NEW)  - 22 files, multi-site (camden, river)
- kittle       (NEW)  - 16 files incl. fix-pdf-preview, gpo-intranet-zone
- lens-auto-brokerage (NEW) - 3 files (name matches SOPS vault)
- _client_template    - 13-file scaffold for new clients

MSP tooling (projects/msp-tools/):
- msp-audit-scripts/ - server_audit.ps1, workstation_audit.ps1, README
- utilities/         - clean_printer_ports, win11_upgrade,
                       screenconnect-toolbox-commands

Credential handling:
- Extracted 1 inline password (Anaise DESKTOP-O8GF4SD / david)
  to SOPS vault: clients/anaise/desktop-o8gf4sd.sops.yaml
- Redacted overview.md with vault reference pattern
- Scanned all 160 files for keys/tokens/connection strings -
  no other credentials found

Skipped:
- Cascades/.claude/settings.local.json (per-machine config)
- Source-root CLAUDE.md (personal, claudetools has its own)
- scripts/server_audit.ps1 and workstation_audit.ps1 at source root
  (identical duplicates of msp-audit-scripts versions)

Memory updates:
- reference_client_docs_structure.md (layout, conventions, active list)
- reference_msp_audit_scripts.md (locations, ScreenConnect 80-char rule)

Session log: session-logs/2026-04-16-howard-client-docs-import.md

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-16 19:43:58 -07:00

69 lines
2.5 KiB
PowerShell
Raw Blame History

#Requires -RunAsAdministrator
<#
.SYNOPSIS
Creates a GPO that adds \\SERVER and \\10.0.0.5 to the Local Intranet zone.
Fixes PDF preview on network shares blocked by Oct 2025 security update.
.DESCRIPTION
Uses the "Site to Zone Assignment List" policy under:
Computer Config > Admin Templates > Windows Components > Internet Explorer >
Internet Control Panel > Security Page
Zone 1 = Local Intranet. Applies to all domain-joined machines.
.NOTES
Run on SERVER (10.0.0.5) as Domain Admin.
Ref: https://support.microsoft.com/en-us/topic/56d55920-6187-4aae-a4f6-102454ef61fb
#>
$ErrorActionPreference = 'Stop'
Import-Module GroupPolicy
$gpoName = 'Intranet Zone - File Server'
$domain = 'kittle.lan'
# Sites to add to Local Intranet (zone 1)
$sites = @(
'file://SERVER'
'file://10.0.0.5'
'\\SERVER'
'\\10.0.0.5'
)
# Registry path for the Site to Zone Assignment List policy
$policyKey = 'HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapKey'
# Check if GPO already exists
$existing = Get-GPO -Name $gpoName -Domain $domain -ErrorAction SilentlyContinue
if ($existing) {
Write-Host "GPO '$gpoName' already exists (ID: $($existing.Id)). Updating..." -ForegroundColor Yellow
} else {
Write-Host "Creating GPO: $gpoName" -ForegroundColor Cyan
New-GPO -Name $gpoName -Domain $domain -Comment 'Adds file server to Local Intranet zone for PDF preview on shares' | Out-Null
}
# Set each site to zone 1 (Local Intranet)
foreach ($site in $sites) {
Set-GPRegistryValue -Name $gpoName -Domain $domain `
-Key $policyKey `
-ValueName $site `
-Type String `
-Value '1' | Out-Null
Write-Host " Added: $site -> Local Intranet" -ForegroundColor Green
}
# Link the GPO to the domain root (applies to all machines)
$linked = (Get-GPInheritance -Target $domain).GpoLinks | Where-Object { $_.DisplayName -eq $gpoName }
if (-not $linked) {
New-GPLink -Name $gpoName -Target "DC=kittle,DC=lan" -LinkEnabled Yes | Out-Null
Write-Host "`nGPO linked to $domain" -ForegroundColor Green
} else {
Write-Host "`nGPO already linked to $domain" -ForegroundColor Yellow
}
# Summary
Write-Host "`n=== Done ===" -ForegroundColor Cyan
Write-Host "GPO '$gpoName' is active. Workstations will pick it up at next GP refresh."
Write-Host "To force now, run on workstations: gpupdate /force" -ForegroundColor Cyan
Write-Host "`nVerify: gpresult /r on a workstation should show '$gpoName' under Computer Settings" -ForegroundColor Cyan
Reference in New Issue View Git Blame Copy Permalink