Anyone have a query that they use to see which Windows devices in their env are end of life? I am working on one, but wanted to make sure I am not missing anything.

Does windows expose that?

So items we previously checked for this. 1) CPU Generation for Windows 11 support. 2) MOBO Chasis manufacture date I believe this was from WMI. And a whole bunch of other business logic such as types of Disks , Space & Ram but those are operationally specific.

To clarify, when I said

devices

, I meant systems running Windows, and specifically looking for end of life versions of Windows. I probably didnt communicate that well, I hadnt had my first cup of coffee yet lol

Ahh for us EOL = End of serviceable or support periods by hardware manufacturer and due a refresh. This is much simpler as we do a basic select os version then have a rule to pull out non approved versions.

ya no worries, I see EOL used for both hardware & software ie https://docs.microsoft.com/en-us/lifecycle/faq/windows RE:

rule to pull out non-approved versions

--> is that an osquery query?

StreamAlert off of OSquery Data feed.

Inside the Kolide product we do this…. But we do it by ingestion the Microsoft Supported Software excel doc, and extracting the versions and support info. Then it’s “simple” SQL to match the OS against it. But that requires parsing an external data source.

Thanks all!