batch file creation

Posted on 2011-04-29
Last Modified: 2012-05-11

please tell me how to create a batch file according to my requirement. this is for blocking some internet sites to all users in the domain.
we dont have proxy server and we wont use.
we have windows server 2003 domain. we have windows 2000, xp, vista clients.
 i tried to restrict from group policy settings but its not working.

through google, i got one method, according to that,

1. i copy any host file from client location and i add all the web sites which i want to block like, i will copy this file into the server and i will share the file.
2. i want to create a batch file like, if we run this batch file it should replace the host file from server (which is saved in shared location in server)  to client's ( user logged into the system) host file.
3. i have to create a GPO like, the batch file as a script that every time when a user logs into the client this batch file should run.

please give some idea to create this type of solution. because i didn't get any solution through group policy directly. all the internet options i tried. everybody giving how to block entire internet access or referring proxy settings. both are not useful for me.

please help me.

Question by:ramachandraraju
    LVL 30

    Expert Comment

    Take a look here. Might be exactly what you are looking for.
    LVL 7

    Accepted Solution

    Create a batch file let's say Test.Bat. It's contents

    @Echo Off
    copy /Y \\\Netlogon\hosts C:\Windows\System32\drivers\etc\hosts

    Now using the group policy also set/push the permissions on the hosts file so that only domain level administrators have access to change the file. Else if a user has Administrator rights on his/her machine then he/she will be able to make changes to it.

    (This is not like they won't be able to change the permissions but this will have to make them take extra steps. To prevent this create another local account AdminUsers and make this group member of the Administrators group. Now when you need to give Administrative privileges to user add them to AdminUsers group and configure a policy which only allows "Administrator" account take ownership of files and folders. So this will prevent users from taking ownership to any files including hosts file.)
    LVL 4

    Expert Comment

    There is more than one way to skin a cat.
    Rather than scripting this, your workstations should be using your server as a DNS Server.  Just add the modified IP's for the web site to the DNS Server.
    Your solution will be global imediately.  Problem is that if the user is able to change DNS servers they could cercumvent the block but they could do this by modifying the host file anyway.
    LVL 10

    Expert Comment

    You can also create a GPO that will set website access rules. If you choose this option, all I.E. versions must be the same versions.

    Author Comment

    please give me some more information
    LVL 10

    Expert Comment

    Some more info about what proposed solution?

    Author Comment

    i need some more information. please make this question as open
    LVL 10

    Expert Comment

    I am not a moderator so I have no power ove the sate of your question.

    However, I wanted to see if you still needed help.

    Please let me know what have you tried and where you'r at.


    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
    Learn about cloud computing and its benefits for small business owners.
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now