none
Need to edit host file on remote machines

    Question

  • Hi,

    I have configured logon group policy using a following batch file:

    @ECHO ON
    COPY \\servername\logon_script\ %windir%\system32\drivers\etc\hosts /y
    EXIT

    The policy is working fine if the remote user has administrative rights on there machines. The policy is not working on the computers where users do not have administrative rights. 

    Is there anyway that i might add domain account in the script ?


    Wednesday, February 17, 2016 4:25 AM

Answers

  • Login scripts run in the security context of the user, so this is by design. Use a computer startup script, or better yet a group policy preference which replaces the file itself.

    BTW, this sounds like a terrible idea. You should use DNS instead. Between conditional forwarders and GNZ zones you can pretty much do whatever you need. If you're using a hosts file to BLOCK something, like access to cnn.com, use a firewall rule instead.


    Mike Crowley | MVP
    My Blog -- Baseline Technologies


    • Edited by Mike CrowleyMVP Wednesday, February 17, 2016 5:25 AM gnz link
    • Proposed as answer by HarryVerge Thursday, February 18, 2016 3:25 PM
    • Marked as answer by Yan Li_Moderator Friday, March 4, 2016 4:32 AM
    Wednesday, February 17, 2016 5:24 AM

All replies

  • Login scripts run in the security context of the user, so this is by design. Use a computer startup script, or better yet a group policy preference which replaces the file itself.

    BTW, this sounds like a terrible idea. You should use DNS instead. Between conditional forwarders and GNZ zones you can pretty much do whatever you need. If you're using a hosts file to BLOCK something, like access to cnn.com, use a firewall rule instead.


    Mike Crowley | MVP
    My Blog -- Baseline Technologies


    • Edited by Mike CrowleyMVP Wednesday, February 17, 2016 5:25 AM gnz link
    • Proposed as answer by HarryVerge Thursday, February 18, 2016 3:25 PM
    • Marked as answer by Yan Li_Moderator Friday, March 4, 2016 4:32 AM
    Wednesday, February 17, 2016 5:24 AM
  • Hi,
    Alternatively, you could use PowerShell script to update a HOSTS file remotely.  Please see more details from:
    Modify HOSTS File Remotely–PowerShell Script
    https://gallery.technet.microsoft.com/scriptcenter/51ea84d2-717f-467a-8153-cf9bd02573ff

    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, February 18, 2016 9:19 AM
    Moderator