Windows – Allow users to change their own hosts file via GPO

active-directorygroup-policywindows

We have a bunch of techs on Windows 10 Pro machines that have to change their hosts file every now and again to be able to test things for customers.

C:\Windows\System32\drivers\etc\hosts

All these machines are part of an Active Directory domain(Running on Windows Server 2012R2) and the current 'default' settings don't allow them change this file by themselves, which is by design as far as I'm concerned, however it's too much work to do it for them.

So my question is: Is it possible to allow users in an Operational Unit to change their own hosts file via Group Policy Object for Windows 10? And how do I accomplish this?

Thanks in advance.

Best Answer

You can use Group Policy to add a modify ACL for a group that contains these users to the ...\system32\drivers\etc\hosts file. The GPO Setting for ACLs is: Computer/Policies/Windows Settings/Security Settings/File System. Because this setting lies within the computer configuration branch, it needs to be linked to the OU that contains the computer accounts that these users login to. Do not link it to the OU that contains their user accounts.

Related Solutions

Windows – Useful Command-line Commands on Windows

A little known one is

getmac

It shows the MAC address(es) of your network adapter(s).

Screenshot of running getmac from a Windows commandline window.

Active Directory – Using GPO to Disable Windows Firewall on Workstations

Have you run Resultant Set of Policy tool? At a command prompt or in Run, enter RSOP.msc You will see if there is another polity that turns this back on and overrides the policy you are trying to apply. Tjis can be a bit tricky but the tool really helps. Thre is a command line tool as well that is discussed here GPresults

Best Answer

Related Solutions

Windows – Useful Command-line Commands on Windows

Active Directory – Using GPO to Disable Windows Firewall on Workstations

Related Topic