Hello everyone 🙂 I am trying to obtain the hash of a file that resides on a shared drive, but for some reason when I run my query it does not return any results. Are there any limitations with using the hash table against files on a shared drive? I am able to list all of the files in the directory and I know the query is good. Oddly when I attempt to hash all of the files in the directory it only successfully hashes one of the files (out of 5), but not the one I need. Any insight?

Possibly a permissions issue? Osquery has permission to list the directory but not read the contents of the file for hashing?

Typically, osquery on Windows runs as

NT_SYSTEM

which won’t have permissions to any networked drives

Ah okay that makes sense