Not able to add the windows node to doorman

[PremaPrems]

I followed the below link for osquery installation on windows. https://holdmybeersecurity.com/2017/08/17/installsetup-doorman-osquery-on-windows-mac-osx-and-linux-deployment/

--host_identifier=uuid --config_plugin=tls --config_tls_endpoint=/config --config_tls_refresh=10 --config_tls_max_attempts=3 --enroll_tls_endpoint=/enroll --enroll_secret_path=C:\ProgramData\osquery\osquery.key --disable_distributed=false --distributed_plugin=tls --distributed_interval=10 --distributed_tls_max_attempts=3 --distributed_tls_read_endpoint=/distributed/read --distributed_tls_write_endpoint=/distributed/write --logger_plugin=tls --logger_tls_endpoint=/log --logger_tls_period=5 --tls_hostname=Doorman IP:5000 --tls_server_certs=C:\ProgramData\osquery\certificate.crt --log_result_events=false --pack_delimiter=/ --utc --verbose

[s-frostick]

@PremaPrems I was running into a similar issue following the same guide but it does work. The issue i believe is caused by https://github.com/facebook/osquery/issues/4548.

$config | Out-File -FilePath C:\Program Data\osquery\osquery.flags

Writing the flags with this caused me the issues. If you just copy the flag settings to notepad and then save (C:\Program Data\osquery\osquery.flags) this resolves the issue.

You can open a powershell as administrator and run

C:\ProgramData\osquery\osqueryd\osqueryd.exe --flagfile C:\ProgramData\osquery\osquery.flags

To actually see whats happening.

[javuto]

Just add -Encoding ASCII to your Out-File powershell and it works, effectively it does the same as opening the file with Notepad and saving it. Your line would be:

$config | Out-File -FilePath C:\Program Data\osquery\osquery.flags -Encoding ASCII