View Other Properties

Contents

View Other Properties

How to List Operating Systems Across All Mac, Windows, and Linux Devices

Using Kolide, you can easily view and query Operating Systems across your fleet.

Introduction

An operating system (OS) is system software that runs your computer hardware, software programs, and provides core services so that those programs can operate.

Kolide collects details about the operating system such as its version, its architecture and codenames utilized by the OS vendor for the operating system.

A note on multi-OS devices:

Each device in Kolide is associated with a single operating system. If you have multiple operating systems on the same device, Kolide will need to be installed on each to have visibility. For example, if you have a macOS device which has a Windows Bootcamp partition, it would need Kolide to be installed twice (once on each OS) and it would be represented as two distinct device enrollments in Kolide with OS-specific data.

What Operating System Data Can Kolide Collect?

Kolide's endpoint agent bundles in osquery to efficiently collect Operating Systems from Mac, Windows, and Linux devices in your fleet. Once collected, Kolide will parse, clean up, and centrally store this data in Inventory for your team to view, query, or export via API.

Kolide meticulously documents every piece of data returned so you can understand the results.

Operating Systems Schema

Column Type Description
id Primary Key

Unique identifier for the object

device_id Foreign Key

Device associated with the entry

device_name Text

Display name of the device associated with the entry

build Text

Optional build-specific or variant string

display_version Text

The Display Version for Windows. Ex: 20H2. Sometimes referred to as codename

Data only available for:

Note on data collection: This information is sourced from the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DisplayName registry key. This key may not exist in versions of Windows released before October 2020.

major Integer

Major release version

minor Integer

Minor release version

name Text

Distribution or product name

patch Integer

Optional patch release

release_id Integer

The Release ID for Windows

Data only available for:
ubr Integer

Update Build Revision for Windows

Data only available for:
version Text

Pretty, suitable for presentation, OS version

collected_at Timestamp

Time the row of data was first collected in the database

updated_at Timestamp

Time the row of data was last changed in the database

What Can You Do With This Information?

Kolide enables you to write your own queries against the data the agent collects. This allows you to build your own reports and API endpoints. For example, you can:

Get a breakdown of installed macOS version across devices
Kolide SQL
SELECT 
    version, 
    COUNT(*) AS device_count 
FROM device_operating_systems 
WHERE name ILIKE '%mac%' 
GROUP BY version;
Example Results
version device_count
10.13.2 1
10.14.6 1
10.15.6 1
10.15.7 2
11.2.3 1
11.3 1
11.6 1
11.6.1 1
12.0.1 4
12.2 1
Find devices running outdated version of macOS
Kolide SQL
WITH
reference_version (ref_major,ref_minor,ref_patch) AS (
VALUES
  (12,3,1)
),
assemble_data AS (
  SELECT rv.*, version, major, minor, patch, build, device_name 
  FROM reference_version rv,
  device_operating_systems dos
  JOIN devices d ON d.id = dos.device_id
  AND d.type = 'Mac'
)
SELECT version, major, minor, patch, build, device_name
FROM assemble_data WHERE (
    -- Check major versions
            (ref_major > major)
    -- Check minor versions
        OR  (ref_major >= major
        AND ref_minor >  minor)
    -- Check build versions
        OR  (ref_major >= major
        AND ref_minor >= minor
        AND ref_patch >  patch)
  )
Example Results
build major minor patch version device_name
21A559 12 0 1 12.0.1 kneuth
19G73 10 15 6 10.15.6 jans-laptop
21A559 12 0 1 12.0.1 Daves-MacBook-Pro-2
19H524 10 15 7 10.15.7 Ashleys-MacBook-Pro
20D91 11 2 3 11.2.3 lukes-macbook
18G9323 10 14 6 10.14.6 plover
Count the number macOS, Windows, and Linux Devices
Kolide SQL
SELECT
  COUNT(d.*) FILTER (WHERE d.type = 'Mac') AS count_macs,
  COUNT(d.*) FILTER (WHERE d.type = 'LinuxDevice')AS count_linux,
  COUNT(d.*) FILTER (WHERE d.type = 'WindowsDevice') AS count_windows
FROM devices d;
Example Results
count_macs count_linux count_windows
52 14 9

Why Should I Collect Operating Systems?

Collecting information about the operating system of a device is a fundamental necessity of many IT departments. This data is used for a variety of purposes, including but not limited to:

  • Monitoring patch deployment
  • Identifying devices which are running unsupported or end-of-life operating systems
  • Understanding the install-base of various platforms within your organization (eg. Mac vs Linux vs Windows)
  • Identifying devices running non-stable (alpha or beta) releases of operating systems.

End-User Privacy Consideration

Kolide practices Honest Security. We believe that data should be collected from end-user devices transparently and with privacy in mind.

No additional personally identifiable data is collected or transmitted as part of this inventory.

When you use Kolide to list Operating System data from end-user devices, Kolide gives the people using those devices insight into exactly what data is collected, the privacy implications, and who on the IT team can see the data. This all happens in our end-user privacy center which can be accessed by employees through Slack or Google Workspace account.

Share this story:

Related Device Properties:

New
Windows Update Settings
updates, operating-system, security
New
Windows Pending Updates
updates, operating-system, security
New
Mac System Extensions
operating-system, kernel, extensions, stability
View full list of Kolide's Device Properties
Try Kolide Free
Try Kolide Free