It was a bit more diffcult than I thought, originally I was using compliance settings, but then it didn’t work so well. So I go back to the classic application deployment by SCCM.
Here is the detection method:
# WPAD Vulnerability Remediation Discover Script
# Rui Qiu
# v 2.0
# 4/5/2018
# Last edit: 4/11/2018$i = 0
$results = Select-String -Path $env:SystemRoot\System32\Drivers\etc\hosts -Pattern wpad
foreach($result in $results)
{$i+=1}# Write-Host $results
if ($i -eq 2 )
{Write-Host “Installed”}
Because some workstations are still on Powershell 2.0, so I have to use a Hosts Commander to remove and add wpad entries.
Install-Module PsHosts
Remove-HostEntry wpad*
Add-HostEntry -Address 255.255.255.255 -Name wpad
Add-HostEntry -Address 255.255.255.255 -Name wpad.corp.lan
https://code.google.com/archive/p/hostscmd/
Here is the batch file command:
hosts.exe rem wpad*
hosts.exe add wpad 255.255.255.255
hosts.exe add wpad.corp.lan 255.255.255.255