@cchang1119 ah yes, so you need to have the full path to the osqueryd binary. Not sure how you're going about creating the service, but you'll wanna do something like one of the following: 1.)

sc.exe stop osqueryd

2.)

sc.exe delete osqueryd

3.)

sc.exe create osqueryd type= own start= auto error= normal binpath= "C:\ProgramData\osquery\osqueryd\osqueryd.exe --flagfile=\ProgramData\osquery\osquery.flags" displayname= 'osqueryd'

Alternatively, we bundle a helper script you can make use of

manage-osqueryd.ps1

, but I haven't made heavy use of it and I'm not sure how to use it to install the service. Lastly, you can install the service via a chocolatey install with

choco install osquery --params='/InstallService'

hi~ I had try this , osqueryd service start still has problem (Start pending )on win10 ( win8 is ok )