My Shavlik Filter (Ivanti)

This is my Shavlik Filter for auto publishing





SCCM DP Installation Notes


CWmi::Connect() failed to connect to \\\root\CIMv2. Error = 0x800706BA
0x800706BA = the RPC server is unavailable.

Failed to install DP files on the remote DP. Error code = 1722

– primary site computer account is in local admin group
– windows firewall disabled on both computers (firewall set service remoteadmin enable, file sharing)
– remote diff compression installed
– IIS installed (ISAPI, Windows Authentication, IIS6 Metabase comp, IIS6 WMI Compatibility)
-mofcomp.exe smsdpprov.mof

Copy the smsdpprov.mof file into Distribution Point installation drive, you can find the smsdpprov.mof file under <drive:>\Program Files\Microsoft Configuration Manager\bin\X64 in your primary site server

SCCM Package for Registry Permissions Change

Orignally I have Powershell script for doing that, but it turns out not so good:

if (!(Test-Path HKCC:))
{New-PSDrive -PSProvider registry -Root HKEY_CURRENT_CONFIG -Name HKCC}
New-Item -Path ”HKCC:\SOFTWARE\” -Name Encompass -Force
$acl = Get-Acl $RegPath
$rule = New-Object System.Security.AccessControl.RegistryAccessRule (“BUILTIN\Users”,”FullControl”,”Allow”)
$rule2 = New-Object System.Security.AccessControl.RegistryAccessRule (“Everyone”,”FullControl”,”Allow”)

Here is the bath file to do the registry permissions change:

reg add “HKCC\SOFTWARE\XXX” /f

Here is the little program can make great registry permission change:




Fix WPAD Vulnerability by Changing Host File with SCCM

It was a bit more diffcult than I thought, originally I was using compliance settings, but then it didn’t work so well. So I go back to the classic application deployment by SCCM.

Here is the detection method:

# WPAD Vulnerability Remediation Discover Script
# Rui Qiu
# v 2.0
# 4/5/2018
# Last edit: 4/11/2018

$i = 0
$results = Select-String -Path $env:SystemRoot\System32\Drivers\etc\hosts -Pattern wpad
foreach($result in $results)

# Write-Host $results
if ($i -eq 2 )
{Write-Host “Installed”}


Because some workstations are still on Powershell 2.0, so I have to use a Hosts Commander to remove and add wpad entries.

Install-Module PsHosts
Remove-HostEntry wpad*

Add-HostEntry -Address -Name wpad
Add-HostEntry -Address -Name wpad.corp.lan

Here is the batch file command:

hosts.exe rem wpad*
hosts.exe add wpad
hosts.exe add wpad.corp.lan

Rapid7 Insight Agent Update Fix Discover Script

# Rapid7 Insight Agent Update Fix Discover Script
# Rui Qiu
# v1.1
# 4/3/2018

$folder = “C:\Program Files\Rapid7\Endpoint Agent”

if (test-path $folder)
$content = (get-content config.json | where { $_ -match “smart_ttl_start” } )
# echo $content
$key = ‘ “smart_ttl_start”: 128,’
# echo $key
if ($content -eq $key)
{$Compliance = “Yes”}
{$Compliance = “No”}

{$Compliance = “Yes”}


Issues Installing Shavlik (Ivanti Patch)

I didn’t realize a simple issue can cause a big issue with Shavlik:

When launching the installer from Shavlik, you have to “Unblock” the file before running the isntaller, otherwise you will get failed to create folder when you are running the Ivanti Patch checker.

And when you launch the SCCM console, you have to right click “Run as Administrator”. otherwise it won’t work as well.



How to Set up SCCM SSRS Email Notification

First go to your SQL Reporting server, and launch “Reporting Services Configuration Manager”:

It is best to use an internal SMTP server. And once you have set it up, you can use this Powershell script to test if your email function is working:

Write-Host “Sending Email”
$smtpServer = “xxx.CORP.LAN”
$msg = new-object Net.Mail.MailMessage
$smtp = new-object Net.Mail.SmtpClient($smtpServer)
$msg.From = “[email protected]
$msg.To.Add(“[email protected]”)
$msg.subject = “SMTP Server Test”
$msg.body = “SMTP Server Configuration is correct”
Write-Host “Email Sent”

Once you can get the test email, now go back to SCCM Server, you can start creating a subscription:

If you need to get the external SMTP working, probably you need a virtual SMTP server:

SCCM WSUS Update Failed with 0x80244022

When I checked the error code, it said HTTP error 503 from WUAHandler.log, it turned out that the Wsuspool was stopped in IIS, and I have to changed the “Private Memory Limit” to 4194304.

How to Uninstall NoMAD

Here is a simple script to uninstall NoMAD:

# /bin/bash
# Rui Qiu
# Remove NoMad and use direct AD Bind

loggedInUser=`/bin/ls -l /dev/console | /usr/bin/awk ‘{ print $3 }’`

pkill “NoMAD”
sudo rm -rf /Applications/
sudo rm -rf “/Library/Managed Preferences/com.trusourcelabs.NoMAD.plist”
sudo rm -rf “/Library/Managed Preferences/$loggedInUser/com.trusourcelabs.NoMAD.plist”
sudo rm -rf “/Users/$loggedInUser/Library/LaunchAgents/com.trusourcelabs.NoMAD.plist”


And you can use this to search files:

mdfind -name “NoMAD”

Force Install macOS Update

Here is a simple command to force install macOS updates in the background:

softwareupdate -i -a

After running that, you can use casper to notify user to reboot 🙂


and here is a useful link to enable update on the Mac: