Hosts file

Is there a way that I can edit a hosts file and then push this hosts file over a windows 2003 domain and a windows 2000 domain and after I push it out....can i through group policy prevent people from accessing it to try and make changes to it.
heydorftAsked:
Who is Participating?
 
RobSampsonConnect With a Mentor Commented:
Hi,

In short, yes, and yes.

To push it out, have a file available in your Netlogon share on a Domain Controller, that has read only access to Domain Users.  Then, in a Group Policy Object, define Computer Configuration --> Windows Settings --> Scripts (Startup/Shutdown), and run a VBS file that copies the file from the NetLogon share to the C:\Windows\System32\Drivers\Etc folder.  Being a Computer Configuration StartUp script, it will run under the local System account, which will have access to both that Windows folder, and the NetLogon share.

Then, for step 2, you can define the File Permissions also via Group Policy on a particular folder or file, just as you would via the Security tab directly on the file itself.

The VBS file would be something like this:

Set objFSO = CreateObject("Scripting.FileSystemObject")
objFSO.CopyFile "\\domain.com\SysVol\domain.com\Scripts\hosts", "C:\Windows\System32\Drivers\Etc\", True
Set objFSO = Nothing

Regards,

Rob.
0
 
heydorftAuthor Commented:
Could you explain  where at in group policy I would define the file permissions ofr the hosts file? Then the points are yours...ha...t
0
 
chandru_solCommented:
Hi,
All  the users if they are not administrators or power users in the local machine they will not be able to make any changes to the host file. They will have only read access.
0
 
RobSampsonCommented:
Chandru is right, the Windows folder, in terms of Write access, is locked down to Administrators only anyway, so as long as your users are not Admins, this will be already enforced.  However, for future reference, or just to make sure, the file permissions can be enforced through Group Policy by adding a file or folder reference to Computer Configuration --> Windows Settings --> Security Settings --> File System.
Your reference to this would be:
%SystemRoot%\System32\Drivers\Etc\Hosts

Regards,

Rob.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.