# edit hosts file using batch/exe file?



## 1_rob_1 (Sep 19, 2005)

Hi,
Can anyone out there write me a batch file or exe file which will also change permissions in the Windows registry?

What I am trying to do is to block social networking sites - Facebook, Twitter etc.
I normally do this by editing the windows hosts file by looping back all known sites to the local machine.
I then change the permissions to read for all users including admins.
Next I change the file to read only & hide it.


I would like this batch/exe to be easy to change as other social networking sites etc appear.
I would also like this batch/exe to work across Windows platforms XP Vista & 7 
If there was a problem with the location of Windows then assume the operating system is installed on C:


Can this be done? or am I asking the impossible. (or is there an easier way of doing this)

Thanks for any help

Rob


----------



## ehymel (Aug 12, 2007)

Probably easier to do this on your router than on the client machines. For example on my D-Link router I have a section (under Advanced) called 'Website Filter'.


----------



## Ent (Apr 11, 2009)

I agree with ehymel, it is much better to use something else for this job. If you don't have a web filter on your computer you can set one up on the router. Windows Vista and 7 have a web filter as part of their Parental Controls package. Various security suites offer the facility. And there are a few stand alone filters that you can install if you so choose, for example I have Bluecoat K9. I would strongly suggest using one of these options.

If you are determined to use the hosts file then I'm sure something could be programmed to modify the hosts file as you want. File permissions are, as I understand it, stored with the file system and not in the registry, but that is not an issue (batch offers the cacls or icacls command to modify permissions). The thing that doesn't work even in principle is blocking out the administrators. You should not be able to do that, but if you somehow did manage it you couldn't possibly then modify the hosts file again! So your plan of updating it as relevant goes completely out the window.


----------



## 1_rob_1 (Sep 19, 2005)

Hi,
Thanks for your replies.
The router does not support website filtering, it is very basic.
The computers I need to block are company pcs so if a third party program is used for this, It would have to be paid for. (the owners of the company are cheapskates)
The company which I do this for insist that all users have admin rights & no locked out accounts, therefore I have to try to be a bit sneaky in blocking these sites.

I dont actually block out the admins, I just take out the write/full control rights which can easily be changed back in the advanced sharing options. The users are not very computer savvy.

I can write batch files but I dont know anything about the use or compatibility of icacls/calcs across different operating systems.

Rob


----------



## Ent (Apr 11, 2009)

As best I understand it, Icacls is the tool for Windows Vista and Windows 7, whereas Cacls is the tool for Windows XP. Your best choice for learning about it is to open up the command prompt and type Icacls /?

Out of interest how do you propose to deploy this script? Would it be necessary to actually read the hosts file and add in missing entries? Or would it be possible to just copy over a new Hosts file from the master version stored on the same server or disk as the script?


----------



## 1_rob_1 (Sep 19, 2005)

Hi,
Thanks for your reply.

The script would be deployed manually on each pc in turn (hence wanting to use a script to do this)

The script would just write a new hosts file to the pcs initially, then any new entries would be written to the script & the executed script would write a new hosts file again.
The setup of all the pcs is identical apart from the operating systems.

I will have a play with l/calcs over the next few days to see how well it works

Any other input would be appreciated.

Thanks 

Rob


----------



## TheOutcaste (Aug 8, 2007)

Is this a Domain setup, with a Server, or just a workgroup?

Easiest to Deploy the script as a Startup script from a GPO on the Server. Startup scripts run under the System account, so you'll have easy access to the file on Vista and Win 7, and won't havve to change ownership of the file.

If not on a Domain, for Vista and Win 7, you'll have to run the batch file from an Elevated Command Prompt and take ownership of the file (it's normally owned by SYSTEM).

It would be easier to just use the batch file to copy a *Hosts* file from a hidden share on a Server, rather than having it write one line by line. Any Websites that use special characters [any of these: *!%&^<>()* ] in their name could make the batch file fail, as they need special handling in order to be written to a file properly. Can't think of any right now, but easier to just avoid the potential problem
Plus, this lets you store the master copy as *hosts.txt*, making editing a little easier. Also avoids the possibility of inadvertently modifying the batch file code; hit return in the middle of a line of code and you've broken it, so best to keep the data separate from the code.

If running this from a Flash drive, you can put the *hosts.txt* file on the flash drive with the batch file.


----------

