none
Update service file (C:\Windows\System32\drivers\etc) using GPO

    Question

  • HI,

    I want to update the client machines Service file located inside (C:\Windows\System32\drivers\etc) using Group policy.

    Pls share any convenient way for performing the activity. As I dont want to replace this file as users may have different entry on this file.

    Best Regards,

    NS

    Saturday, April 11, 2015 3:23 PM

Answers

  • > If you want add lines into services file using GPO, then you can use
    > logon/startup script. Just use BAT script, like: /echo text >>
    > C:\Windows\System32\drivers\etc\services./
     
    Unless you change ACLs, you cannot use logon, but only startup script.
     
    > @echo off
    > echo smtp               25/tcp    mail                   #Simple Mail Transfer Protocol >> C:\Windows\System32\drivers\etc\services
     
    This will add a line at each startup, so you'd better check in the first
    place if your line isn't already added.
     

    Greetings/Grüße, Martin

    Mal ein gutes Buch über GPOs lesen?
    Good or bad GPOs? - my blog…
    And if IT bothers me - coke bottle design refreshment (-:
    Monday, April 13, 2015 9:11 AM
  • > @echo off
    > IF EXIST "%TEMP%\editservice.ok" goto end
    > echo smtp               25/tcp    mail                   #Simple Mail Transfer Protocol >> C:\Windows\System32\drivers\etc\services
    > echo row added >> %TEMP%\editservice.ok
    > :end
    > exit
     
    I'd suggest
     
    set svcs=%windir%\System32\Drivers\etc\services & find /i " 25/tcp "
    <%svcs% || echo smtp 25/tcp mail #smpt >>%svcs%
     
    (one line, of course...)
     
    :)
     

    Greetings/Grüße, Martin

    Mal ein gutes Buch über GPOs lesen?
    Good or bad GPOs? - my blog…
    And if IT bothers me - coke bottle design refreshment (-:
    Monday, April 13, 2015 2:34 PM
  • If you want add lines into services file using GPO, then you can use logon/startup script. Just use BAT script, like: echo text >> C:\Windows\System32\drivers\etc\services.

    Example of BAT file:

    @echo off
    echo smtp               25/tcp    mail                   #Simple Mail Transfer Protocol >> C:\Windows\System32\drivers\etc\services

    If you want to remove lines from file, it's more complicated.

    Hope this helps.

    Regards,

    thennet


    Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable. This helps the community, keeps the forums tidy, and recognises useful contributions. Thank you!


    Saturday, April 11, 2015 6:02 PM
  • Thanks for the warning, you have right, it was raw draft.

    Against constantly adding lines, I modified the script:

    @echo off
    IF EXIST "%TEMP%\editservice.ok" goto end
    echo smtp               25/tcp    mail                   #Simple Mail Transfer Protocol >> C:\Windows\System32\drivers\etc\services
    echo row added >> %TEMP%\editservice.ok
    :end
    exit

    If you run script in startup GPO, then you can use e.g. C:\ instead %TEMP% 

    Best Regards,

    thennet


    Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable. This helps the community, keeps the forums tidy, and recognises useful contributions. Thank you!


    Monday, April 13, 2015 2:28 PM

All replies

  • If you want add lines into services file using GPO, then you can use logon/startup script. Just use BAT script, like: echo text >> C:\Windows\System32\drivers\etc\services.

    Example of BAT file:

    @echo off
    echo smtp               25/tcp    mail                   #Simple Mail Transfer Protocol >> C:\Windows\System32\drivers\etc\services

    If you want to remove lines from file, it's more complicated.

    Hope this helps.

    Regards,

    thennet


    Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable. This helps the community, keeps the forums tidy, and recognises useful contributions. Thank you!


    Saturday, April 11, 2015 6:02 PM
  • > If you want add lines into services file using GPO, then you can use
    > logon/startup script. Just use BAT script, like: /echo text >>
    > C:\Windows\System32\drivers\etc\services./
     
    Unless you change ACLs, you cannot use logon, but only startup script.
     
    > @echo off
    > echo smtp               25/tcp    mail                   #Simple Mail Transfer Protocol >> C:\Windows\System32\drivers\etc\services
     
    This will add a line at each startup, so you'd better check in the first
    place if your line isn't already added.
     

    Greetings/Grüße, Martin

    Mal ein gutes Buch über GPOs lesen?
    Good or bad GPOs? - my blog…
    And if IT bothers me - coke bottle design refreshment (-:
    Monday, April 13, 2015 9:11 AM
  • Thanks for the warning, you have right, it was raw draft.

    Against constantly adding lines, I modified the script:

    @echo off
    IF EXIST "%TEMP%\editservice.ok" goto end
    echo smtp               25/tcp    mail                   #Simple Mail Transfer Protocol >> C:\Windows\System32\drivers\etc\services
    echo row added >> %TEMP%\editservice.ok
    :end
    exit

    If you run script in startup GPO, then you can use e.g. C:\ instead %TEMP% 

    Best Regards,

    thennet


    Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable. This helps the community, keeps the forums tidy, and recognises useful contributions. Thank you!


    Monday, April 13, 2015 2:28 PM
  • > @echo off
    > IF EXIST "%TEMP%\editservice.ok" goto end
    > echo smtp               25/tcp    mail                   #Simple Mail Transfer Protocol >> C:\Windows\System32\drivers\etc\services
    > echo row added >> %TEMP%\editservice.ok
    > :end
    > exit
     
    I'd suggest
     
    set svcs=%windir%\System32\Drivers\etc\services & find /i " 25/tcp "
    <%svcs% || echo smtp 25/tcp mail #smpt >>%svcs%
     
    (one line, of course...)
     
    :)
     

    Greetings/Grüße, Martin

    Mal ein gutes Buch über GPOs lesen?
    Good or bad GPOs? - my blog…
    And if IT bothers me - coke bottle design refreshment (-:
    Monday, April 13, 2015 2:34 PM
  • You have again right, that is better, you are experienced scripter.

    Thanks for new knowledge for me.

    See you soon on another thread :)


    Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable. This helps the community, keeps the forums tidy, and recognises useful contributions. Thank you!



    • Edited by thennet Monday, April 13, 2015 4:02 PM
    Monday, April 13, 2015 3:59 PM
  • Hi,

    I have setup a application and applied policy on VPN Application(Cisco AnyConnect) which runs during system startup and blocks all the network until unless the defined AV Server is reachable which prevents the startup/logon script to be executed as the machine is not reachable to DC until unless the defined security server is reachable. In this condition the policy will not be applied.

    Pls help to resolve.

    Best Regards,

    NS


    Friday, June 19, 2015 1:26 PM