I'm attempting to add a Windows Host to Kolide Fleet using Remote Authentication, I'm having troubles figuring out the location and format that is suppose to be used on a Windows Host. I have a working Ubuntu Host without issues reporting to Kolide Fleet. I've been using the docs here: https://osquery.readthedocs.io/en/stable/deployment/remote/
In attempt to figure it all out. I can see the tag commands that are CLI Flags, which would lead me to believe that osquery.flags would be the correct location. Would this be correct? If not could someone point me in the right direction? Also does someone have a "example" of how the config for remote authentication should look?
Now after setting up remote authentication is the Windows Host going to immediately start connecting with Kolide Fleet after a restart if the config is setup? Or are there more steps that I'm missing?
11/16/2019, 6:30 AM
You will use basically the same configuration to connect the Windows host as the Ubuntu host. Do you have a flagfile from the Ubuntu host? It may work on Windows, or may need minor tweaking (typically for filesystem paths). The Windows host will pretty much immediately show up in Fleet when osqueryd is started with the appropriate configuration. If you have further questions please keep them in this thread or in #kolide. Good luck!
11/20/2019, 3:42 PM
Thank you for your response, I got the Windows Host added and reporting correctly. Turns out I was saving the enroll_secret file that is being read wrong, it shows as a ext on Linux, but on Windows it needs to have no extension, which will make it show as File. That did the trick, otherwise the configurations are exactly the same! Way easier than I planned on it being, thank you again!