# Windows Server 2003/Windows 7 logon script issues



## chriswarren972 (Mar 7, 2013)

Hi Team,

Here's my problem. I set up my company with Windows Server 2003 (because that's all they'd give me), and Windows 7 Enterprise (because they paid for windows intune), and I need to block certain websites for some users. I wrote a batch file that'll take a hosts file that I shared in a read only folder and pull it to their computer so that the sites are blocked and everything is good. I put my personal account which has admin privileges into the specified group and it worked like a charm, my problem is that when REGULAR accounts log in it does not pull for them. 

I'm not sure what I've managed to do wrong here, but I'm agitated because i can't think of it and I'm looking like a complete *** because my boss doesn't understand why I can't figure it out.


----------



## centauricw (Jun 26, 2010)

Having recently needed to change the hosts file on Windows 7, I can say with impunity that only admin accounts are able to modify or overwrite the hosts file. Regular users cannot modify or overwrite the hosts file. This file was secured (probably starting with Vista) since it can be used to hijack web addresses.


----------



## Elvandil (Aug 1, 2003)

Why not use a Startup script instead of a Logon script?


----------



## centauricw (Jun 26, 2010)

That won't work either unless the user had admin rights on the local computer. Even then, UAC would prevent the hosts file from being overwritten unless you run the script with elevated (administrator) privileges.


----------



## chriswarren972 (Mar 7, 2013)

So how do I accomplish this?


----------

