Title
#general
s

Sal

09/16/2018, 11:59 PM
Hello, Has anybody figured out a solution for this issue: Also: https://github.com/facebook/osquery/issues/4729 and : https://github.com/facebook/osquery/issues/4854 My specs: OS: Windows Server 2008 I'll also attach the C:\ProgramData\chocolatey\logs\chocolatey.log here Thanks!
s

Shad0wSix

09/17/2018, 4:39 AM
@Sal I'm running an instance of osquery 3.3.0 on Windows 7 x65 that's configured to check-in to Kolide Fleet. I've had this same exact issue to no avail for me. Instead I just create a PS script that calls the following command: Start-Process -WindowStyle Hidden -FilePath C:\ProgramData\osquery\osqueryd\osqueryd.exe --flagfile="C:\ProgramData\osquery\osquery.flags"
6:25 AM
On the 'Security' tab of the osqueryd directory to include the 'Advanced' option / 'Permissions' I gave SYSTEM 'Full Control' in each of those places and the osqueryd service starts correctly. Caution: This is done in a home lab where I accept the risk and have control of level of exposure. I'm sure there's probably a safer more efficient way of handling this. I'm just unaware. I tried the 'Set-SafePermissions' within the chocolatey / osquery / tools, but that didn't work out for me.
s

Sal

09/17/2018, 1:23 PM
Firstly, Thanks @Shad0wSix for the answer.I really appreciate it. Secondly, I circumvented this problem like so: If I use the msi installer here: https://pkg.osquery.io/windows/osquery-3.3.0.msi it works fine. I have the osqueryd running fine.
s

Shad0wSix

09/17/2018, 1:57 PM
@Sal..anything I can do to help. Thanks for the posting the link and information. I will definitely use it for Windows 7 x64. Learning is occurring, much appreciated, thank you. 😉