@Sal I'm running an instance of osquery 3.3.0 on Windows 7 x65 that's configured to check-in to Kolide Fleet. I've had this same exact issue to no avail for me. Instead I just create a PS script that calls the following command: Start-Process -WindowStyle Hidden -FilePath C:\ProgramData\osquery\osqueryd\osqueryd.exe --flagfile="C:\ProgramData\osquery\osquery.flags"
On the 'Security' tab of the osqueryd directory to include the 'Advanced' option / 'Permissions' I gave SYSTEM 'Full Control' in each of those places and the osqueryd service starts correctly.Caution: This is done in a home lab where I accept the risk and have control of level of exposure. I'm sure there's probably a safer more efficient way of handling this. I'm just unaware.I tried the 'Set-SafePermissions' within the chocolatey / osquery / tools, but that didn't work out for me.
09/17/2018, 1:23 PM
Firstly,Thanks @Shad0wSix for the answer.I really appreciate it.Secondly, I circumvented this problem like so:If I use the msi installer here: https://pkg.osquery.io/windows/osquery-3.3.0.msi it works fine. I have the osqueryd running fine.
09/17/2018, 1:57 PM
@Sal..anything I can do to help. Thanks for the posting the link and information. I will definitely use it for Windows 7 x64.Learning is occurring, much appreciated, thank you. 😉