I'm trying to edit the hosts file on Windows Server 2008.
I right clicked on Notepad and Ran as Administrator, then opened the hosts file, but when I try to save it I get the following error message:
Cannot create the C:\Windows\System32\drivers\etc\hosts file.
Make sure that the path and file name are correct.
Next I checked the permissions for Administrators on the hosts file. The following are checked as Allow:
- Full Control
- Modify
- Read & execute
- Read
- Write
When I edit the permissions, all the check boxes are gray and not editable.
Next I check the file Owner of the hosts file. The Current owner is SYSTEM. When I try to edit the Owner I get the following message.
You only have permission to view the current owner on hosts.
The Windows documentation states
Ownership can be taken by:
An administrator. By default, the Administrators group is given the
Take ownership of files or other objects user right.
In the Local Security Policy under the User Rights Assignment section, Take ownership of files or other objects is set to Administrators.
Why wouldn't I be able to change ownership to edit the hosts file?
Best Answer
I have seen antivirus programs do something similar. The AV program can intercept even Administrator file access. Many malware programs modify
hoststo redirect certain sites without mucking around with DNS servers, so AV programs are hyper aware of that one file.