Ping a Specific Port

Question

SuperFurryToad

Asked: 2010-06-23 01:11:42 +0800 CST2010-06-23 01:11:42 +0800 CST 2010-06-23 01:11:42 +0800 CST

Group policy not applying

772

I am new to group policy, so there might be something simple that I'm missing here.

I've created a policy at the User configuration level which calls a VBScript that pushes out a customized hosts file to all users in a particular Organizational Unit. It works fine with Admin Users, but doesn't work with Non-Admin Users.

I have changed the setting under the User Configuration as opposed to the Computer Configuration because I want users to have access to the customized hosts file on whatever computer they log into. Different departments in the organization use separate hosts files.

User configuration-> Windows Settings-> Scripts (Logon/Logoff) - > Logon ... [Run VBS file]

Note: I can't edit a hosts file manually using notepad when log on as a non-admin user. So I guess what I'm asking is if there is a way to get around this permissions issue with Group Policy.

3 Answers

Voted

Evan Anderson · Answer 1 · 2010-06-23T09:30:21+08:00

Evan Anderson

2010-06-23T09:30:21+08:002010-06-23T09:30:21+08:00

I hate telling you this, because you anything you think you should be using using HOSTS files for should really be done with DNS.

Having said that, a non-Administrator user can't modify the HOSTS file (and you've figured that out already). A logon script runs under the context of the user logging-on, so if the user can't do something a logon script running under their context can't do it either.

A Startup Script, assigned to the computer via a GPO applying to the computer object, runs as LocalSystem and can do anything to the local computer. Run your HOSTS file distribution script there and you'll find that it works fine.

Having said all that, please, please, please, please, please think about using DNS to do what you're trying to do rather than using a HOSTS file. There's no valid reason that anyone can come up with for using a mass-distributed HOSTS file to accomplish anything. It's just The Wrong Way^TM to accomplish anything.

3

Greg Askew · Answer 2 · 2010-06-23T01:17:26+08:00

Greg Askew

2010-06-23T01:17:26+08:002010-06-23T01:17:26+08:00

My first guess would be permissions to update the hosts file. I'm 100% certain our users would not have the required permissions.

0

Phillip R. · Answer 3 · 2012-03-09T08:16:55+08:00

Phillip R.

2012-03-09T08:16:55+08:002012-03-09T08:16:55+08:00

Go into the computer configuration part and run the policy in loop back mode. This will cause the VBscript to run as the user logs on but imitates the computer account which should give permission to copy the file to the location. This will work if you truly want it for the User logon instead of startup.

Computer configuration > Policies > administrative Templates > system > group policy > User Group Policy Loopback Processing mode

I do not recommend this see the post about DNS but it should work.

0

Group policy not applying

Ping a Specific Port

How do I tell Git for Windows where to find my private RSA key?

How do you restart php-fpm?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Resolve host name from IP address

How can I sort du -h output by size

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?