batch file creation

Posted on 2011-04-29
Medium Priority
Last Modified: 2012-05-11

please tell me how to create a batch file according to my requirement. this is for blocking some internet sites to all users in the domain.
we dont have proxy server and we wont use.
we have windows server 2003 domain. we have windows 2000, xp, vista clients.
 i tried to restrict from group policy settings but its not working.

through google, i got one method, according to that,

1. i copy any host file from client location and i add all the web sites which i want to block like, www.facebook.com i will copy this file into the server and i will share the file.
2. i want to create a batch file like, if we run this batch file it should replace the host file from server (which is saved in shared location in server)  to client's ( user logged into the system) host file.
3. i have to create a GPO like, the batch file as a script that every time when a user logs into the client this batch file should run.

please give some idea to create this type of solution. because i didn't get any solution through group policy directly. all the internet options i tried. everybody giving how to block entire internet access or referring proxy settings. both are not useful for me.

please help me.

Question by:ramachandraraju
LVL 30

Expert Comment

ID: 35490446
Take a look here. Might be exactly what you are looking for.


Accepted Solution

ashutoshsapre earned 500 total points
ID: 35490477
Create a batch file let's say Test.Bat. It's contents

@Echo Off
copy /Y \\Domainname.com\Netlogon\hosts C:\Windows\System32\drivers\etc\hosts

Now using the group policy also set/push the permissions on the hosts file so that only domain level administrators have access to change the file. Else if a user has Administrator rights on his/her machine then he/she will be able to make changes to it.

(This is not like they won't be able to change the permissions but this will have to make them take extra steps. To prevent this create another local account AdminUsers and make this group member of the Administrators group. Now when you need to give Administrative privileges to user add them to AdminUsers group and configure a policy which only allows "Administrator" account take ownership of files and folders. So this will prevent users from taking ownership to any files including hosts file.)

Expert Comment

ID: 35491071
There is more than one way to skin a cat.
Rather than scripting this, your workstations should be using your server as a DNS Server.  Just add the modified IP's for the web site to the DNS Server.
Your solution will be global imediately.  Problem is that if the user is able to change DNS servers they could cercumvent the block but they could do this by modifying the host file anyway.

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

LVL 10

Expert Comment

ID: 35500811
You can also create a GPO that will set website access rules. If you choose this option, all I.E. versions must be the same versions.

Author Comment

ID: 35795569
please give me some more information
LVL 10

Expert Comment

ID: 35795747
Some more info about what proposed solution?

Author Comment

ID: 35938013
i need some more information. please make this question as open
LVL 10

Expert Comment

ID: 35939276
I am not a moderator so I have no power ove the sate of your question.

However, I wanted to see if you still needed help.

Please let me know what have you tried and where you'r at.


Featured Post

Granular recovery for Microsoft Exchange

With Veeam Explorer for Microsoft Exchange you can choose the Exchange Servers and restore points you’re interested in, and Veeam Explorer will present the contents of those mailbox stores for browsing, searching and exporting.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question