32 KiB
type, name, display_name, last_compiled, compiled_by, sources
| type | name | display_name | last_compiled | compiled_by | sources | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| client | rednour | Rednour Law Offices | 2026-06-29 | HOWARD-HOME/claude-main |
|
Rednour Law Offices
Profile
- Business type: Law firm (Arizona)
- Syncro Customer ID: 1224246
- Contract type: Break-fix / time-and-materials (prepaid hours: 0)
- Recurring line: ~$59.09/mo (small managed/hosting line)
- Labor rate: (verify — recent labor invoices suggest ~$150-175/hr)
- Managed asset count: 4 (per Syncro)
- Active open tickets: None as of 2026-06-29
- Primary historical ticket: Syncro #32343 (id 111409967) — M365 onboarding + email account changes. Status: Invoiced. URL: https://computerguru.syncromsp.com/tickets/111409967
Contacts
| Name | Role | UPN / Email | Object ID | Notes |
|---|---|---|---|---|
| Carrie Rednour | Owner / attorney; M365 Global Admin | crednour@rednourlaw.com, sysadmin@rednourlaw.com | a0fc8517-1c2a-4d72-b774-c0d5c929167a | sysadmin@ is an alias on the same account; communicates via text with Mike directly |
| Carla Skinner | Legal assistant / employee | carla@rednourlaw.com | 93074d1a-6db2-4794-8f7d-c84a619e4494 | Renamed from Emma on 2026-05-31; emma@ + dgarcia@ + alee@ aliases retained by design (see below) |
| Nick Pafford | Employee | npafford@rednourlaw.com, nick@rednourlaw.com | fe859088-bcbc-49dc-aaea-4c6e68f7d5bb | nick@ added as alias on 2026-05-31; SMB share access set up 2026-06-25 (local nick on REDNOURCARRIEVI -> Documents); on an Apple Silicon Mac (GuruRMM enrollment pending — installer runs but agent does not enroll; fix staged) |
| receptionist | Shared mailbox | receptionist@rednourlaw.com | — | No personal contact; 34 contacts in mailbox as of 2026-06-02 sweep |
System recipient: DiscoverySearchMailbox (Exchange system object — not a user).
Nick's Mac (ScreenConnect name DUXs-Mac-Studio): Apple Mac Studio, Mac13,1, Apple M1 Max (arm64), macOS 26.5.1, serial F6QR2PN2R6. Confirm this is Nick's box before enrolling (name suggests a "Dux" user).
Infrastructure
Network
- Topology: Workgroup (no on-prem AD, no domain join). All three enrolled machines report
PartOfDomain=False. - LAN subnet: 192.168.10.0/24, default gateway 192.168.10.1.
- ZeroTier: Present on REDNOURCARRIEVI (IP: 10.147.17.253 / fcfb:1c63:8659:2d21:d189::1). Not documented on other workstations.
Workstations (GuruRMM enrolled)
All three machines were enrolled by 2026-05-29. Onboarding diagnostic grade: RED across the board (foreign agents, patch gaps — see open items). As of 2026-06-29 the GuruRMM fleet shows them as FrontDeskReception, LegalAsst, rednourcarrievirt (agent display names may differ from Windows hostnames; rednourcarrievirt is the current network/SMB name for Carrie's box, formerly REDNOURCARRIEVI).
| Hostname | Model | CPU | RAM | OS | IP | Agent ID | Grade |
|---|---|---|---|---|---|---|---|
| FRONTDESKRECEPT | Dell OptiPlex 3080 | i5-10505 6c/12t | 15.8 GB | Win 11 Pro build 26200 | 192.168.10.115 | 04765560-3e8a-46e5-a507-c5f5f4ead6eb | RED |
| LEGALASST | Generic OEM | AMD Ryzen 3 3200G 4c/4t | 5.9 GB | Win 10 Pro build 19045 | 192.168.10.213 | 18825ea7-df58-47bb-b492-822cb16fb5ec | RED |
| REDNOURCARRIEVI (rednourcarrievirt) | Generic OEM | i3-9100 4c/4t | 7.7 GB | Win 10 Pro build 19045 | 192.168.10.194 | 8e4e2221-7e2a-4a6f-9eda-864568539961 | RED |
Common issues across all three at onboarding:
- ScreenConnect (ConnectWise Control) running — prior MSP remote-access agent, not yet removed
- Splashtop Streamer running — prior MSP remote-access agent, not yet removed
- Syncro agent running — prior MSP agent, not yet removed
- No backup agent detected on any workstation
LEGALASST additional:
- Win 10 22H2 (build 19045) — EOL since 2025-10-14; no longer receives security patches
- 43 days uptime at baseline; reboot pending
- Local admins include stale accounts
AleandEmma(pre-rename artifact) - Active local account:
emma; profile:C:\Users\Ale; OneDrive:carla@rednourlaw.com - Leftover
SyncroLive.Agent.Runnerstill running as of 2026-06-29 - AMD GPU driver 31.0.12027.9001 (2023-03-29); 7-Zip 26.02 installed 2026-06-29 at
C:\Program Files\7-Zip\ - Mapped drives (user
emma): X:\\rednourcarrievirt\Time Matters Shared Files, Y:\\rednourcarrievirt\Timeslips, Z:\\rednourcarrievirt\Documents— Status OK as of 2026-06-29 - SFC ran 2026-06-29, repaired corruption (0 unrepairable); repair pending reboot to load
REDNOURCARRIEVI (rednourcarrievirt) additional:
- Win 10 22H2 (build 19045) — EOL since 2025-10-14
- Defender real-time protection OFF + antimalware service not running at baseline (critical)
- Datto RMM running — prior MSP agent, not yet removed
- C: drive at 11.7% free (54.4 GB of 465.1 GB) at baseline
- Last hotfix at baseline: KB5072653 (2025-12-20 — severely behind)
- 151 installed programs, 19 non-MS scheduled tasks — elevated attack surface
- RDP enabled without NLA at baseline
- Time source: local CMOS clock (not NTP) at baseline
FRONTDESKRECEPT additional:
- BitLocker off on OS volume
- 2 pending Windows updates at baseline
- Local admin account
gurupresent (ACG account, expected)
File Shares (workgroup, peer-to-peer)
REDNOURCARRIEVI / rednourcarrievirt (192.168.10.194 LAN / 10.147.17.253 ZeroTier) hosts the firm's shared files as peer-to-peer SMB shares (no server, no AD):
Documents->C:\Users\Carrie\Documents— the primary working share (also exposed redundantly asShareName, same path). Mac/PC clients authenticate with a local Windows account on the box.- Local accounts with access to Documents:
Carrie,emma(legacy local account, actively used — unrelated to the M365 Emma->Carla rename),localadmin, andnick(added 2026-06-25 for Nick Pafford; share Change + NTFS Modify; cred vaulted atclients/rednour/nick-smb-rednourcarrievi.sops.yaml). - Other shares present:
Time Matters Shared Files,Timeslips,Program Files sage,Users,New folder. Security note: several are over-broad (Everyone=FullonProgram Files/Users/Time Matters) — cleanup candidate. - Mac mount string:
smb://192.168.10.194/Documents.
GuruRMM Site
- Site name: Main Office
- Site code: GREEN-FALCON-7214
- Site UUID:
c7f5787c-8e71-45b3-841f-fa52436f7d26 - Client UUID:
85f7cff4-d4db-48a8-b477-b8788122a361 - Enrollment key vault path:
clients/rednour/gururmm-site-main.sops.yaml
Cloud / M365
- Tenant domain: rednourlaw.com
- Tenant ID:
4a4ca18a-f516-478b-99da-2e0722c5dc18 - Onboarded to ComputerGuru MSP suite: 2026-05-31 (bootstrapped by Mike during Emma->Carla rename session)
MSP Service Principals
All five ComputerGuru SPs are fully consented as of 2026-05-31:
| SP Name | App ID | SP Object ID | Role(s) Assigned |
|---|---|---|---|
| Tenant Admin | 709e6eed-0711-4875-9c44-2d3518c47063 | 671a2ace-be9e-440c-a7d6-5ff982e4500c | Conditional Access Administrator |
| Security Investigator | bfbc12a4-f0dd-4e12-b06d-997e7271e10c | 704da463-7f4e-484c-b1da-40e447615d52 | Exchange Administrator |
| Exchange Operator | b43e7342-5b4b-492f-890f-bb5a4f7f40e9 | 59a68ba9-5e1e-4a56-92ae-507a9a669a79 | Exchange Administrator |
| User Manager | 64fac46b-8b44-41ad-93ee-7da03927576c | dc3b79a2-638b-42fe-8ecb-51592db7d40f | User Administrator + Authentication Administrator |
| Defender Add-on | dbf8ad1a-54f4-4bb8-8a9e-ea5b9634635b | 052da8aa-1ca5-4f60-b9c5-7aafcb74264b | None |
[WARNING] No MDE license in this tenant. Defender Add-on is consented but calling Defender ATP endpoints returns AADSTS650052. Skip the defender tier for all remediation work against this tenant.
Mailboxes
| Display Name | UPN | Object ID | Notes |
|---|---|---|---|
| Carla Skinner | carla@rednourlaw.com | 93074d1a-6db2-4794-8f7d-c84a619e4494 | Renamed from Emma on 2026-05-31; aliases: emma@, dgarcia@, alee@, dgarcia@rednourlaw.onmicrosoft.com |
| Carrie Rednour | crednour@rednourlaw.com | a0fc8517-1c2a-4d72-b774-c0d5c929167a | Global Admin; sysadmin@ is also hers |
| Nick Pafford | npafford@rednourlaw.com | fe859088-bcbc-49dc-aaea-4c6e68f7d5bb | nick@ alias added 2026-05-31 |
| receptionist | receptionist@rednourlaw.com | — | 34 contacts in mailbox |
| DiscoverySearchMailbox | (system) | — | Exchange system object |
Carla's retained aliases: The mailbox mailNickname was historically dgarcia (prior employee Garcia -> passed to Emma -> now Carla). Both dgarcia@ and alee@ were kept by operator's explicit choice on 2026-05-31. The emma@ alias was kept so mail to emma@ continues to reach Carla. Revisit only if the firm requests decommissioning of these addresses.
Syncro
- Customer: Rednour Law Offices, id
1224246 - Contract type: Break-fix / T&M; prepaid hours: 0; recurring ~$59.09/mo
- Managed asset count: 4
- Primary ticket: #32343 (id 111409967), Status: Invoiced
- 0.5h remote labor (line item 42654682, $75.00, non-taxable, attributed to Mike user_id 1735) — on the existing invoice
- Comments: 415513323 (hidden/internal), 415514647 (customer-visible), 416427937 (internal — 2026-06-02 follow-up contact fix)
- Additional onsite labor from 2026-06-25 SMB share work deferred by Howard; Syncro supports multiple invoices per ticket
- [WARNING] Plaintext local-account passwords in Syncro customer notes (carrie, ale accounts). These are being vaulted separately — vault migration pending. Do not use Syncro notes as the authoritative credential source.
History
2026-05-29 — GuruRMM enrollment + onboarding baselines
Three workstations enrolled in GuruRMM site "Main Office": FRONTDESKRECEPT, LEGALASST, REDNOURCARRIEVI. Onboarding diagnostic baselines captured (all graded RED). Prior MSP agents (ScreenConnect, Splashtop, Syncro, Datto RMM on Carrie's machine) still present — not yet removed.
2026-05-31 — M365 onboarding + Emma -> Carla rename
Syncro ticket #32343. Operator: Mike Swanson.
Tenant had never been fully onboarded to the ComputerGuru MSP suite — only Tenant Admin was consented, and Exchange Operator lacked Exchange Administrator role. Root cause surfaced as an HTTP 403 when attempting Get-Mailbox during the rename. Resolution: Mike clicked the Tenant Admin admin-consent URL as Global Admin (Carrie's account), then ran onboard-tenant.sh rednourlaw.com to consent the remaining four SPs and assign directory roles.
After Exchange role propagation (~60s), the rename was executed in three calls:
Set-Mailboxvia Exchange REST — updated EmailAddresses (carla@ as primary, emma@/dgarcia@/alee@ as aliases)- Graph
PATCH /users/{id}— updated UPN, displayName, mailNickname, givenName, surname POST /users/{id}/revokeSignInSessions— invalidated active tokens
Nick Pafford already existed as npafford@; smtp:nick@rednourlaw.com was added as an alias on his existing mailbox (no UPN change, no session revoke). Ticket set to Resolved; shared-drive access for Nick deferred.
2026-06-01 — Carla password set (client-directed)
Carla's account password set administratively via Graph User Manager app at client direction (forceChangePasswordNextSignIn: false, no session revocation). Password quality flagged to operator as weak (dictionary word + sequential digits) but applied as directed.
2026-06-02 — Stale pinned contact fix (Carrie's mailbox)
Carrie reported inbound mail from Carla still showed "Emma - Rednour Law". Server-side state was correct; root cause was a leftover pinned contact (IPF.Contact.MOC.QuickContacts) in Carrie's own mailbox mapping emma@rednourlaw.com -> display name "Emma - Rednour Law". Because emma@ is a live proxy alias on Carla's mailbox, Outlook resolved Carla's new mail to this stale pin.
Fix: deleted the pin via EWS (ExchangeImpersonation of crednour@rednourlaw.com using Exchange Operator SP full_access_as_app; DeleteItem with MoveToDeletedItems — recoverable). Graph contacts call (403) confirmed no Contacts.Read scope in any suite app; EWS was the correct path.
All four real-user mailboxes swept — only Carrie was affected:
| Mailbox | Contacts scanned | Stale entries found |
|---|---|---|
| Carrie Rednour | 237 (across 10 folders) | 1 — deleted |
| Nick Pafford | 0 (empty) | none |
| receptionist | 34 (across 10 folders) | none |
| Carla Skinner | 40 (across 9 folders) | none |
No time billed on this follow-up per Mike's standing rule (never log time without explicit minutes + labor type).
2026-06-25 — SMB share access for Nick Pafford + Mac RMM enrollment attempt
Operator: Howard Enos. Resolved the long-deferred shared-drive access for Nick. The "shared drive" turned out to be the Documents SMB share on REDNOURCARRIEVI (C:\Users\Carrie\Documents); identified via Get-SmbShare across all three GuruRMM-enrolled workstations. It was previously reached only through the local emma account.
Created a dedicated standard local account nick on REDNOURCARRIEVI (PasswordNeverExpires), granted share = Change and NTFS = Modify on the Documents folder. Credential vaulted at clients/rednour/nick-smb-rednourcarrievi.sops.yaml. Nick's Mac (Apple Silicon) was confirmed mounting smb://192.168.10.194/Documents (Finder Cmd+K, nick + keychain-saved password) and working onsite.
GuruRMM macOS enrollment FAILED on Nick's Apple Silicon Mac (site Main, GREEN-FALCON-7214). Server serves the agent fine (HTTP 200, 3.96 MB single-arch aarch64). Initial working hypothesis was that the served binary was unsigned (SIGKILL on Apple Silicon). Fix path flagged; deferred for further diagnosis.
Return visit pending: phone + printer setup at Rednour; may require running a new wire or installing a switch.
Operational note: PowerShell Set-Acl ACL propagation down Carrie's large Documents tree exceeded the RMM command timeout (twice), and since stdout is dropped on timeout a randomly-generated password was lost each time. Resolution was to generate the password locally (injected via placeholder) and apply the NTFS ACE with icacls (no /T).
2026-06-26 — Mac RMM enrollment root-cause analysis (offline diagnosis)
Operator: Howard Enos (pre-staging before onsite visit). Nick's Mac was offline in ScreenConnect. All diagnosis done from the repo and the RMM server endpoints.
Disproved the "unsigned binary" hypothesis. Parsed the Mach-O load commands of the served arm64 binary directly: it carries an LC_CODE_SIGNATURE with the adhoc flag set (linker-inserted ad-hoc signature, identifier gururmm_agent-51a9f25b57c13649). An ad-hoc-signed arm64 binary satisfies Apple Silicon's AMFI and runs — the SIGKILL/unsigned theory was wrong. All six linked dylibs are stock system frameworks.
Real root cause found in source: The server's enrollment endpoint (server/src/api/enroll.rs, line 29) types EnrollRequest.site_id as uuid::Uuid — it requires a UUID. The macOS install script (/install/GREEN-FALCON-7214/macos) writes the site code string GREEN-FALCON-7214 into /usr/local/etc/gururmm/site.plist as site_id. The agent reads that and POSTs site_id: "GREEN-FALCON-7214" to /api/enroll, which fails UUID deserialization (HTTP 422) — enrollment retries forever, agent never connects. The "file not found" symptom Howard observed is a secondary effect: config.rs::default_config_path() has no macOS branch, so a manual gururmm-agent run with no readable plist falls back to the Linux path /etc/gururmm/config.toml (does not exist on macOS).
Correct site UUID for Rednour Main: c7f5787c-8e71-45b3-841f-fa52436f7d26 (confirmed via RMM API). The .pkg postinstall hardcodes d008c7d4-... which belongs to a different/test site — do not use.
Fix staged: a self-contained Terminal paste-block was delivered to Howard's Discord DMs that installs the agent, writes site.plist with the UUID (not the code), writes the LaunchDaemon, reloads, and verifies. Per Howard's instruction, the wiki, coord todo 6f2d22be, and Mike were NOT updated pending onsite verification.
2026-06-29 — Mac RMM install attempt (still not enrolling)
Operator: Howard Enos (onsite at Rednour). Provided Nick the macOS curl | sudo bash one-liner (/install/GREEN-FALCON-7214/macos). Verified the binary is arm64 Mach-O before handoff. Nick (or someone at the Mac) ran the installer and it reported success. Fleet checks repeated 3x — no macOS agent appeared under Rednour Law Offices. The install script ran the original (unpatched) path and wrote the site CODE (not UUID) to site.plist, so the agent retries enrollment forever without connecting. Howard is no longer onsite and does not have the user's Mac password.
Mike was flagged via Discord DM (message_id 1521264675965374656) that the macOS installer has an enrollment issue; asked whether he has another M1/Apple Silicon Mac to test. Next step: run foreground sudo /usr/local/bin/gururmm-agent on the Mac to capture the connect/enroll error, and overwrite site.plist with the UUID fix.
Install page note: The public install page /install/GREEN-FALCON-7214 shows only Windows and Linux download buttons — no Mac button. The macOS path is the curl | sudo bash one-liner at /install/GREEN-FALCON-7214/macos.
2026-06-29 — LEGALASST (legal assistant / "Emma") explorer hang on .zip + WordPerfect 5 save error; Win11 upgrade planned
Operator: Howard Enos (reported via Carrie). The legal assistant's workstation LEGALASST (Carla Skinner's box; active local account emma, profile C:\Users\Ale, OneDrive carla@rednourlaw.com) repeatedly hung explorer when opening files. Diagnosed live over GuruRMM (agent 18825ea7-df58-47bb-b492-822cb16fb5ec).
- explorer HANGS, not crashes — AppHang Event 1002 (no Event 1000 / faulting module); ~10 in 3h on 2026-06-29, continuing after a 10:52 reboot.
- Root cause: the built-in Windows Compressed Folders handler (explorer's zip-as-folder namespace). Symptom narrowed to opening
.ziponly (Word/PDF/folders fine), and the failing zip is local (desktop) — not OneDrive, not a network share.zipfldr.dllis intact + validly signed, so the hang is environmental, not a corrupt handler DLL. - Ruled out: Adobe shell extensions (blocked/tested via the Microsoft
Shell Extensions\Blockedlist, no change, reverted); AMD Vega driver (only non-MS DLLs in explorer, but zero TDR events); OneDrive (overlay not even loaded, sync healthy); remapped drives X/Y/Z ->\\rednourcarrievirt(Status OK, SMB healthy);.NET Runtime 1022"profiling API attach" (201 events but noCOR_PROFILERset — benign noise). - SFC (run by Howard) found and repaired corruption (0 unrepairable) — repair pending a reboot to load.
- Workaround: Howard installed 7-Zip 26.02 (
C:\Program Files\7-Zip\7zFM.exe); it opens the zips fine (bypasses explorer's zip namespace). Howard to set 7-Zip as default for.zip(and.7z/.rar, currently unassociated)..ziphad no UserChoice; 7-Zip only registered a7-Zip.isoProgId on install. - Second issue (same machine): WordPerfect 5 "not enough free space" on save regardless of save location, despite Howard verifying ample free space. Leading hypothesis: legacy/DOS-era WordPerfect free-space miscalculation on large-capacity volumes (free-space value overflows -> false "disk full"). App-level; the OS upgrade will not fix it. Mitigate via DOSBox or a SUBST'd small-capacity save target. Exact WP version/edition (DOS 5.1 vs Windows) to be confirmed.
- Plan: upgrade LEGALASST to Windows 11 — expected to resolve the zip-handler hang by rebuilding the shell/system files (also applies the SFC repair). Verify by opening a local
.zipwith the built-in handler post-upgrade. If the hang persists, next lead is Defender archive-scan + cloud (MAPS) lookup stalling the shell.
All diagnostic changes were reverted (Adobe/7-Zip Blocked-list test entries removed; an orphaned RMM diagnostic process killed) — the box was left clean.
2026-06-29 — Carrie's machine Win10 -> Win11 upgrade fails at SAFE_OS / APPLY_IMAGE
Operator: Howard Enos (diagnostic only; no remote action). The in-place Windows 10 -> 11 upgrade on Carrie's machine (REDNOURCARRIEVI / rednourcarrievirt) rolled back with 0x8007000D - 0x2000C — "The installation failed in the SAFE_OS phase with an error during APPLY_IMAGE operation."
Decoded: 0x8007000D = ERROR_INVALID_DATA; 0x2000C = failure in the SAFE_OS (offline WinPE) phase during the APPLY_IMAGE step — Setup choked while laying down the new image. This signature points at corrupt/incomplete setup media or download, a storage/disk issue, or interference from drivers/AV/attached externals — NOT a TPM/hardware-compatibility block (which fails earlier with a different message).
Remediation path provided (prioritized): (1) unplug all non-essential externals + temporarily disable third-party AV; (2) build fresh media via the Media Creation Tool and run setup.exe from a mounted ISO rather than the in-place download/Update Assistant; (3) clear the upgrade cache ($WINDOWS.~BT, $WINDOWS.~WS, SoftwareDistribution\Download) after stopping wuauserv/bits; (4) DISM RestoreHealth + SFC + chkdsk, confirm 20+ GB free; (5) update storage/chipset drivers (Intel RST / AMD RAID is a classic APPLY_IMAGE culprit).
Howard reported driver updates and OS repairs were already done. He will attempt the upgrade manually on-site tonight (2026-06-29) and loop back if it fails. GuruRMM is not working for Rednour, so this cannot be assisted remotely — it is a hands-on effort. If the next attempt fails, the actionable next step is to pull the first error from C:\$WINDOWS.~BT\Sources\Panther\setuperr.log around the APPLY_IMAGE step.
Patterns & Known Issues
- EWS required for personal contact work. No app in the ComputerGuru suite holds
Contacts.ReadorContacts.ReadWriteon Graph. Personal contact folder reads and modifications must go through EWS (full_access_as_appon the Exchange Operator SP withExchangeImpersonation). - Security Investigator EXO token unreliable on this tenant. The
investigatorSP's EXO token (aud=outlook.office365.com) returned 401 on InvokeCommand during the 2026-06-02 session; the Exchange Operator SP token worked. Prefer Exchange Operator for EXO InvokeCommand on rednourlaw.com. - Stale-pin shadowing pattern:
IPF.Contact.MOC.QuickContactsfolder entries override the GAL for display-name resolution in Outlook/Teams. If any user reports a renamed sender still showing the old name, run the EWS contact-folder sweep against that user's mailbox. - emma@ alias is live by design. Mail to emma@rednourlaw.com routes to Carla Skinner. Do not remove unless the firm explicitly requests it.
- No MDE license — skip Defender tier. Defender Add-on is consented but ATP endpoints 650052. Do not attempt Defender-tier calls for this tenant.
- Prior MSP agents still installed. ScreenConnect, Splashtop, and Syncro on all workstations; Datto RMM on REDNOURCARRIEVI. Not yet remediated as of 2026-06-29.
- macOS RMM agent installs but does not enroll (site code vs UUID bug). The macOS install script writes the site enrollment CODE (
GREEN-FALCON-7214) intosite.plistassite_id. The server'sEnrollRequest.site_idis typeduuid::Uuid— posting the code string causes a 422 UUID deserialization error; the agent retries enrollment forever without connecting. Fix: overwritesite.plistwith the site UUIDc7f5787c-8e71-45b3-841f-fa52436f7d26and reload the LaunchDaemon. The paste-block fix was delivered to Howard's Discord DMs (2026-06-26) but has not been applied to Nick's Mac (blocked: no onsite access + no Mac password as of 2026-06-29). Root code fix for Mike: either the install script should stamp the UUID (like the.pkgpostinstall), or/api/enrollshould accept a site code. Secondary: add a macOS branch todefault_config_path()inagent/src/config.rs. Coord todo: 6f2d22be-e653-48c8-9f9b-0155420b315d (project gururmm). - LEGALASST and REDNOURCARRIEVI are on Win 10 22H2 (EOL). No security updates since 2025-10-14. Plan OS upgrade to Win 11.
- GuruRMM is not working for Rednour. As of 2026-06-29 remote management/remediation via GuruRMM is not usable for this client — any assist must be hands-on / on-site. (Scope verify: whether the agents are offline fleet-wide for Rednour or RMM is simply not a viable path for interactive feature-upgrade work. Note this contradicts earlier live-over-RMM diagnostics on LEGALASST — confirm current agent state before relying on RMM here.)
- Win11 in-place upgrade on REDNOURCARRIEVI fails at SAFE_OS / APPLY_IMAGE (
0x8007000D - 0x2000C). ERROR_INVALID_DATA while applying the image in the offline phase — points at media/download corruption, storage/disk, or driver/AV/external-device interference, NOT a hardware-compat block. Fix path: fresh ISO via Media Creation Tool +setup.exefrom mounted ISO, externals unplugged, AV off, upgrade cache cleared, DISM/SFC/chkdsk done. If it recurs, pull the first error fromC:\$WINDOWS.~BT\Sources\Panther\setuperr.logaround APPLY_IMAGE. Drivers + repairs already done by Howard; manual attempt scheduled 2026-06-29 evening. - REDNOURCARRIEVI: Defender was off at onboarding. Confirm it has been re-enabled; it is a critical finding.
- REDNOURCARRIEVI: RDP enabled without NLA at onboarding. Restrict RDP to VPN-only or require NLA.
- LEGALASST: built-in Compressed Folders handler hangs explorer on
.zipopen. Local zips; Word/PDF fine.zipfldr.dllintact (environmental, not a corrupt DLL). AppHang Event 1002, no faulting module. Workaround = 7-Zip as default for.zip. Win11 upgrade planned to resolve. If it persists post-upgrade, suspect Defender archive-scan + cloud (MAPS) lookup stalling the shell. To test-disable any shell extension reversibly, add its CLSID toHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked(delete to restore). - LEGALASST: WordPerfect 5 "not enough free space" on save despite verified free space and regardless of save location. Likely legacy free-space overflow on large-capacity volumes; OS upgrade will not fix it; mitigate via DOSBox / SUBST small-capacity drive. Confirm WP version/edition.
.NET Runtime 1022"profiling API attach" errors are noise unless aCOR_PROFILERenv var is actually set — do not chase them as a hang cause.- Plaintext local-account passwords in Syncro customer notes. Accounts
carrieandaleappear in Syncro notes in plaintext — vault migration pending. Do not rely on Syncro notes as the authoritative credential store for these accounts.
Active Work / Open Items
| Priority | Action | Owner | Notes |
|---|---|---|---|
| P1 | Re-enable Defender on REDNOURCARRIEVI | Howard/Mike | Was off at onboarding 2026-05-29; confirm current state |
| P1 | Remove prior MSP agents (ScreenConnect, Splashtop, Syncro, Datto RMM) | Mike/Howard | Present on all 3 machines; Datto RMM on REDNOURCARRIEVI only |
| P1 | Upgrade LEGALASST to Windows 11 | Mike/Howard | Expected to resolve the explorer-on-.zip hang (rebuilds shell/system files) + applies pending SFC repair. Pre-reqs: enable fTPM + Secure Boot (Ryzen 3 3200G is Win11-supported), bump RAM from 5.9 GB, remove leftover Syncro agent. Test a local .zip with the built-in handler post-upgrade |
| P1 | Upgrade REDNOURCARRIEVI (Carrie's machine) to Windows 11 | Howard | Win 10 22H2 (EOL 2025-10-14). In-place upgrade fails at SAFE_OS / APPLY_IMAGE 0x8007000D - 0x2000C (ERROR_INVALID_DATA). Drivers + DISM/SFC/chkdsk already done. Manual attempt scheduled 2026-06-29 evening (fresh ISO, externals unplugged, AV off, cache cleared). RMM not usable for Rednour — hands-on only. If it fails, pull C:\$WINDOWS.~BT\Sources\Panther\setuperr.log around APPLY_IMAGE |
| P1 | Restore/verify GuruRMM functionality for Rednour | Howard/Mike | 2026-06-29: RMM reported not working for this client — confirm scope (agents offline vs not a path for upgrades) and restore remote management |
| P2 | Bill Carrie-machine / reception-upgrade work to Syncro #32368 | Howard/Mike | Ticket id 111999527, "New machine for Carrie as central hub/file share + reception upgrade" (created 2026-06-02, status Customer Reply). Bill when work complete — route through /syncro, do not free-hand |
| P1 | Fix GuruRMM macOS agent enrollment on Nick's Apple Silicon Mac | Howard/Mike | Agent installs but does not enroll. Root cause: install script writes site CODE not UUID; server expects UUID. Fix = overwrite /usr/local/etc/gururmm/site.plist with site_id = c7f5787c-8e71-45b3-841f-fa52436f7d26 and reload LaunchDaemon. Paste-block delivered to Howard's Discord DMs (2026-06-26). Blocked: need onsite access + Mac password. Code fix for Mike: enroll.rs accept site code OR install script stamp UUID. Coord todo 6f2d22be |
| P1 | Vault migration of plaintext local-account passwords in Syncro customer notes | Howard/Mike | Accounts carrie, ale; not yet vaulted |
| P2 | LEGALASST: WordPerfect 5 "not enough free space" on save | Howard | 2026-06-29: error on save regardless of location; ample free space verified. Likely legacy free-space overflow on large volume; OS upgrade will NOT fix. Mitigate via DOSBox / SUBST small-capacity drive; confirm WP version/edition |
| INTERIM | LEGALASST: set 7-Zip as default for .zip/.7z/.rar |
Howard | 2026-06-29: 7-Zip 26.02 installed as workaround for the built-in zip-handler hang; set defaults via 7-Zip GUI (Tools -> Options -> System) |
| P2 | Return visit: phone + printer setup at Rednour | Howard | 2026-06-25: pending; may require running a new wire / installing a switch |
| P2 | Final invoice on Syncro #32343 | Mike | 0.5h remote labor (line item 42654682) sitting on Invoiced ticket; additional onsite labor from 2026-06-25 SMB share work deferred by Howard |
| P2 | Address BitLocker gap on FRONTDESKRECEPT | Mike/Howard | OS volume unencrypted at onboarding |
| P2 | Confirm Nick's Mac is actually DUXs-Mac-Studio |
Howard | ScreenConnect shows this name; "Dux" username may indicate it's not Nick's machine — verify before enrolling |
| P3 | Remove stale local admin accounts (Ale, Emma on LEGALASST) | Howard | Left from prior user assignment |
| P3 | emma@ alias — revisit if firm wants it decommissioned | Mike | Retained by design; currently serves as Carla's legacy address |
| P3 | Security cleanup: over-broad Everyone=Full SMB shares on REDNOURCARRIEVI | Howard | Time Matters Shared Files, Program Files sage, Users shares |
| P3 | Fix REDNOURCARRIEVI RDP: require NLA or restrict to VPN | Howard | RDP open without NLA at onboarding |
| DONE | Shared-drive access for Nick Pafford | Howard | 2026-06-25: created local nick account on REDNOURCARRIEVI; Documents share = Change + NTFS = Modify; cred vaulted clients/rednour/nick-smb-rednourcarrievi.sops.yaml; Nick's Apple Silicon Mac mounts smb://192.168.10.194/Documents |
Backlinks
- projects/gururmm — FRONTDESKRECEPT, LEGALASST, REDNOURCARRIEVI enrolled (site: Main Office); macOS enrollment code-vs-UUID bug (coord todo 6f2d22be)