When running the query `select user account control as value

Question

When running the query `select user account control as value from windows security center ` via osqueryi it returns `Good` but when run from a tls config it consistently returns `Poor` I ve checked these within a few minutes of the query running anyone seen this

zwass · Answer

Possibly osquery running as a different user causes different results

terracatta · Answer

^^ this Unfortunately Microsoft s documentation on this API isn t very detailed on why you might be getting poor That said I would check every user account on the system s UAC settings It s possible one of them is disabled

terracatta · Answer

what I can say confidently is we run this query at Kolide on tons of devices via TLS and seeing a poor is very rare

asparamancer · Answer

Thank you looks like the service setup had changed was running as a different user