Hosts file

Posted on 2007-10-12
Last Modified: 2008-01-09
Is there a way that I can edit a hosts file and then push this hosts file over a windows 2003 domain and a windows 2000 domain and after I push it out....can i through group policy prevent people from accessing it to try and make changes to it.
Question by:heydorft
    LVL 65

    Accepted Solution


    In short, yes, and yes.

    To push it out, have a file available in your Netlogon share on a Domain Controller, that has read only access to Domain Users.  Then, in a Group Policy Object, define Computer Configuration --> Windows Settings --> Scripts (Startup/Shutdown), and run a VBS file that copies the file from the NetLogon share to the C:\Windows\System32\Drivers\Etc folder.  Being a Computer Configuration StartUp script, it will run under the local System account, which will have access to both that Windows folder, and the NetLogon share.

    Then, for step 2, you can define the File Permissions also via Group Policy on a particular folder or file, just as you would via the Security tab directly on the file itself.

    The VBS file would be something like this:

    Set objFSO = CreateObject("Scripting.FileSystemObject")
    objFSO.CopyFile "\\\SysVol\\Scripts\hosts", "C:\Windows\System32\Drivers\Etc\", True
    Set objFSO = Nothing



    Author Comment

    Could you explain  where at in group policy I would define the file permissions ofr the hosts file? Then the points are yours...ha...t
    LVL 12

    Expert Comment

    All  the users if they are not administrators or power users in the local machine they will not be able to make any changes to the host file. They will have only read access.
    LVL 65

    Expert Comment

    Chandru is right, the Windows folder, in terms of Write access, is locked down to Administrators only anyway, so as long as your users are not Admins, this will be already enforced.  However, for future reference, or just to make sure, the file permissions can be enforced through Group Policy by adding a file or folder reference to Computer Configuration --> Windows Settings --> Security Settings --> File System.
    Your reference to this would be:



    Featured Post

    How to improve team productivity

    Quip adds documents, spreadsheets, and tasklists to your Slack experience
    - Elevate ideas to Quip docs
    - Share Quip docs in Slack
    - Get notified of changes to your docs
    - Available on iOS/Android/Desktop/Web
    - Online/Offline

    Join & Write a Comment

    Suggested Solutions

    This article was inspired by a question here at Experts Exchange ( The requirements stated in that question are (1) reduce the file size of a large number of…
    If you need to start windows update installation remotely or as a scheduled task you will find this very helpful.
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    This video discusses moving either the default database or any database to a new volume.

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now