Note – With recent changes in osquery this walkthrough has become a bit dated – it will be updated shortly. In the meantime, refer to the new build docs here: https://github.com/osquery/osquery/blob/master/BUILD.md#windows
—–
This procedure will walk you through how to bundle your custom configs with the osquery binary and output a customized MSI.
Pre-Reqs
-Windows 7 x64, 8.1, or 10
-Chocolatey (Not required exactly, but makes the provisioning much cleaner)
https://chocolatey.org/install
-Git
choco install git
Procedure
1) Clone the Repository
Start out by cloning the repository
git clone https://github.com/facebook/osquery.git
If you want to build a specific release, checkout the corresponding release tag:
git checkout tags/2.11.2
2) Provision the Environment
Next we need to setup the development environment.
Confirm that you have admin privileges, and change directories to the source root.
Execute the following script and follow prompts as required:
.\tools\make-win64-dev-env.bat
If you do not have Chocolatey already installed, it will be installed for you… however, after Chocolatey is installed, the script will most likely fail until the session environment variables are refreshed. If needed, re-run the script again.
3) Build the Binaries
Next up is to build the osquery binaries.
Execute the following script and follow prompts as required: (It will take a bit of time)
.\tools\make-win64-binaries.bat
4) Build the Custom MSI
Finally, let’s build the MSI with your custom files.
Execute the following script with parameters as required:
tools/deployment/make_windows_package.ps1
This script has a number of parameters:
-InstallType
Allows you to specify either MSI or Chocolatety for output. Can be aliased with ‘Type’
-ConfigFilePath
Specify the path to find your osquery config file that you would like to include in the build. Can be aliased with ‘ConfigFile’
-FlagFilePath
Specify the path to find your osquery flag file that you would like to include in the build. Can be aliased with ‘FlagFile’
-Extras
Specify this option if you want to bundle any other files in the install package
Use this parameter to bundle your certs and the file that contains your enroll secret. The MSI will drop them in the C:\ProgramData\osquery folder.
5) Deploy MSI
Finally, deploy the MSI. It will install both osqueryi and osqueryd; osqueryd will be setup as a service, run under System. Both will be installed under C:\Program Data\osquery
Defensive Depth 
after installation, I see that osqueryi isn’t assigned as environment variable so you can’t run osqueryi (osquery shell) wherever you want on command prompt, you must run it as C:\programdata\osquery\ > osqueryi
LikeLike
Yes, this is a good point. I will update the post with this info, thanks!
LikeLike
Sorry, newb here – so where in the config do I point the agent to an IP and port? I can’t find anything in any specific config file I’ve looked at. I can auto install the agent quickly but have no idea how to tell it to talk to my Kolide server. Kolide is on a Ubuntu instance and the agent is getting installed on a Win 10 machine.
LikeLike
Hey there Cy! The easiest place to put that is in your flag file. The best place to find help on getting connected up to Kolide Fleet is in the #kolide channel in the osquery Slack – you can join the Slack here: https://osquery-slack.herokuapp.com/
LikeLike