Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

any documentation on what permissions osquery needs to run?

working a strange case where osqueryi.exe on Windows 10 dies with exit code -1073741511 (0xC0000139), and no other message.   Execution is being handled by an RMM, but it is running under LocalSystem/SYSTEM.

That message might be relative to the fact that’s not finding a dll it needs to run.
That been said, osquery can also run as a normal user, you won’t have access to everything in the tables, but it shouldn’t be unable to run, especially not throw an exception

wish I knew which DLL it was talking about then

if I move osqueryi.exe directly into `%windir%\System32`, it works.  Might be something quirky with environment &amp; .NET, I'll have to go digging there later.   At least it works now.

That’s strange/unexpected, but anyway osquery doesn’t use .NET it’s a “classic” C/C++ application.