or am I better off making a powershell script I have to depl osquery #general

or am I better off making a powershell script? I h...

szippy

02/05/2019, 4:58 PM

or am I better off making a powershell script? I have to deploy on about 5-10 machines to start, all at different times, where domaining them isn't an option, so I can't just use GPO to push it out with environmental variables/custom reg keys

srozb

02/05/2019, 5:59 PM

I think

enroll_secret

is a cli flag not an config option. I'm not sure if you can provide it in the configuration. I ended up with powershell script and SCCM deployment.

defensivedepth

02/05/2019, 6:10 PM

@szippy This should give some guidance on bundling the files you need , including the enroll secret file. https://defensivedepth.com/2018/04/25/bundling-custom-configs-with-osquery-msi/

defensivedepth

02/05/2019, 6:12 PM

You would specify the enroll secret flag in the flag file, and then use the -extras option to point to the enroll_secret.

defensivedepth

02/05/2019, 6:13 PM

That should generate a MSI that will install all the needed files

szippy

02/05/2019, 7:01 PM

Thank you guys! I got the file enrolled with the -extras flag, but hadn't realized I needed to use the flag file. Thanks! I also realized that launcher has a windows version, so I think I have a windows launcher binary that works (I'm testing now)

srozb

02/06/2019, 8:36 AM

btw: what osquery version did you compiled? 3.3.2 ? I have no luck compiling it on win10 machine.

szippy

02/06/2019, 4:56 PM

I had to use 3.3.1, and I HAD to git pull osquery in a folder on the desktop for some silly reason.

3 Views

Open in Slack

Previous Next