Hosts file

Posted on 2007-10-12
Medium Priority
Last Modified: 2008-01-09
Is there a way that I can edit a hosts file and then push this hosts file over a windows 2003 domain and a windows 2000 domain and after I push it out....can i through group policy prevent people from accessing it to try and make changes to it.
Question by:heydorft
  • 2
LVL 65

Accepted Solution

RobSampson earned 2000 total points
ID: 20069982

In short, yes, and yes.

To push it out, have a file available in your Netlogon share on a Domain Controller, that has read only access to Domain Users.  Then, in a Group Policy Object, define Computer Configuration --> Windows Settings --> Scripts (Startup/Shutdown), and run a VBS file that copies the file from the NetLogon share to the C:\Windows\System32\Drivers\Etc folder.  Being a Computer Configuration StartUp script, it will run under the local System account, which will have access to both that Windows folder, and the NetLogon share.

Then, for step 2, you can define the File Permissions also via Group Policy on a particular folder or file, just as you would via the Security tab directly on the file itself.

The VBS file would be something like this:

Set objFSO = CreateObject("Scripting.FileSystemObject")
objFSO.CopyFile "\\domain.com\SysVol\domain.com\Scripts\hosts", "C:\Windows\System32\Drivers\Etc\", True
Set objFSO = Nothing



Author Comment

ID: 20069991
Could you explain  where at in group policy I would define the file permissions ofr the hosts file? Then the points are yours...ha...t
LVL 12

Expert Comment

ID: 20070052
All  the users if they are not administrators or power users in the local machine they will not be able to make any changes to the host file. They will have only read access.
LVL 65

Expert Comment

ID: 20070072
Chandru is right, the Windows folder, in terms of Write access, is locked down to Administrators only anyway, so as long as your users are not Admins, this will be already enforced.  However, for future reference, or just to make sure, the file permissions can be enforced through Group Policy by adding a file or folder reference to Computer Configuration --> Windows Settings --> Security Settings --> File System.
Your reference to this would be:



Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Over the years I have built up my own little library of code snippets that I refer to when programming or writing a script.  Many of these have come from the web or adaptations from snippets I find on the Web.  Periodically I add to them when I come…
Occasionally you run into the website or two that will not resolve properly using your own DNS servers.  Some people simply set up global forwarders for their DNS server.  I don’t recommend doing this because it can cause problems resolving addresse…
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
Suggested Courses

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question