Know how many hosts, and which hosts, are running unsupported Windows versions

[noahtalerman]

Problem

I'm an engineer managing thousands of Windows hosts and I'm overwhelmed with tracking the following goal:

• Make sure all my hosts are running operating system (Windows) versions that are supported by Microsoft.

This makes is hard to make progress on this goal because I don't know what hosts I need to take action on.

Goals

1. Know how many hosts are running unsupported Windows versions.

• We'll accomplish this by adding the ability to know how many hosts are running specific Windows versions (ex. Windows 10, version 21H2). Also, we'll add the ability to see which Windows versions are no longer supported by linking to https://endoflife.date/windows.

2. Know which hosts are running unsupported Windows versions. This way, I can make sure these hosts are updated myself or inform the team responsible for updating these machines.

• We'll accomplish this by adding the ability to know which hosts are running a specific Windows versions.

Figma

https://www.figma.com/file/hdALBDsrti77QuDNSzLdkx/%F0%9F%9A%A7-Fleet-EE-(dev-ready%2C-scratchpad)?node-id=7646%3A274008

Requirements

• User can see a list of Windows operating system versions.
• This includes the "name" distinction between Windows Pro, Windows Enterprise, and Windows Server.
  • The "name" information, first half of name may be available in either, or both, the name and codename column columns in osquery. Ex. "Windows 10 Pro"
• This includes the "version" distinction between 21H2, 22H1, 20H2, etc.
  • The "version" information, second half of name may be available in the following osquery query:

select data from registry where path = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\DisplayVersion'

• Investigation on the above query happened here in Slack (internal): https://fleetdm.slack.com/archives/C019WG4GH0A/p1656602089105389
• User can see how many hosts are running each Windows operating system version.
• User can see, and navigate to, a list of hosts filtered by Windows operating system version.
• User can see the new name and version information in the Operating system column on the Hosts page and Operating system field on the Host details page.
• User can filter a list of Windows operating system versions by team
• User can see a list of hosts filtered by Windows operating system version and team.

Parent Epic

• Expansion of host vitals #397

How?

Inform engineer which Windows hosts are running Windows versions that are no longer supported by Microsoft. Also, inform the engineer why the hosts is running an unsupported version (pending updates or pending reboots).

Child issues

Frontend

1. Add Windows OS version information to dashboard and hosts page #6499

Backend

1. Add operating systems table and update related endpoints #6475

[noahtalerman]

TODO Noah: What Windows OS's are we going to test for to make sure we always get back the version info? (ex. H121).

[noahtalerman]

@lukeheath heads up, I updated the proposed UI changes to break the name column into separate name and version columns:

This is because, soon we'll want to detect vulnerabilities for operating systems. Like the 3rd party software on the Software page, the operating systems in the "Operating system" table associate a name + version pair with specific vulnerabilities (CVEs).

[noahtalerman]

@lukeheath I updated the dev note in the linked Figma to call out the new name_only and version API properties.

Linking to the dev note here: https://www.figma.com/file/hdALBDsrti77QuDNSzLdkx/%F0%9F%9A%A7-Fleet-EE-(dev-ready%2C-scratchpad)?node-id=7652%3A275853

[noahtalerman]

@lukeheath it looks like I missed specifying these requirements (now added to this issue's description):

• User can filter a list of Windows operating system versions by team
• User can see a list of hosts filtered by Windows operating system version and team.

This means that we might not be accounting for this filter by team behavior in the frontend and backend issues.

[lukeheath]

@noahtalerman Thanks for the heads up. I checked and this functionality is already present in both the operating system card and the manage hosts page, so we should be good as-is. I'll add them to the cards so that Reed knows to QA that feature.