When running the query `select user_account_contro...
# windows
When running the query
select user_account_control as value from windows_security_center;
via osqueryi it returns
, but when run from a tls config it consistently returns
I've checked these within a few minutes of the query running, anyone seen this?
Possibly osquery running as a different user causes different results?
^^ this. Unfortunately Microsoft's documentation on this API isn't very detailed on why you might be getting "poor". That said, I would check every user account on the system's UAC settings. It's possible one of them is disabled.
what I can say confidently is we run this query at Kolide on tons of devices via TLS and seeing a "poor" is very rare
Thank you, looks like the service setup had changed was running as a different user