Permissions ?

[David]

I'm trying to utilize my HOSTS file to tighten security for internet use.
What permissions do I need to set so Power Users can't change, or maybe
even view it, but allow Administrator Full Control?

 

[Andrei Ungureanu]

have you tried using NTFS permissions?

 

[David]

Andrei Ungureanu wrote

have you tried using NTFS permissions?

Those are the ones I'm asking about. I want the HOSTS file to affect all
users, but only Administrators (me) to be able to view/edit it. When I look
under Security tab of file's Properties, I'm not sure who (I want minimum)
I should Add beyond Administrators and which of those boxes (assuming Full
Control for Administrators) I should check. All the generic explanations of
Read, Execute, etc. I've read are for geekier people than me. I need
something like "If you want, do this."

The reason I'm asking is I've had a HOSTS file for quite some time with
only Administrators listed under Security (thought that's all I needed to
secure it if no others were Added) and recently found out (to my dismay)
that nothing in it was getting blocked when other User's browsed the Web.

 

[Andrei Ungureanu]

I'm still not understanding what you really want.
If only Administrators group is listed in the security tab then this file
can't be modified or even viewed by normal users. Are you sure that those
users are not part of the Administrators group.

 

[Gary Smith]

Maybe this will help. These are default settings. On my system,
Administrators and SYSTEM have Full Control. I don't know what the effect
of removing SYSTEM might be, but if your system isn't behaving the way you
want, I'd put it back. In addition, Users and Power Users have Read &
Execute permission. Since ordinary users don't have any permissions for
the file on your system, that could be why it does't work for them.

Andrei Ungureanu wrote

 

[David]

Gary Smith wrote

Maybe this will help. These are default settings. On my system,
Administrators and SYSTEM have Full Control. I don't know what the
effect of removing SYSTEM might be, but if your system isn't behaving
the way you want, I'd put it back. In addition, Users and Power Users
have Read & Execute permission. Since ordinary users don't have any
permissions for the file on your system, that could be why it does't
work for them.

Thanks for your input.

I've been using trial and error to do this which "works":
Add(ed) 'Administrators' & gave Full Control
SYSTEM is absent
There are no 'Users', only 'Power Users'.
Add(ed) them by specific account name, leaving default Read & Execute

Your post indicates I could Remove those and just Add 'Power Users'.

I guess my confusion arrises when I ponder how a HOSTS file could be
Execute(d), and whether 'Read' alone would suffice.

Still learning,

 

[David]

Andrei Ungureanu wrote

I'm still not understanding what you really want.
If only Administrators group is listed in the security tab then this
file can't be modified or even viewed by normal users. Are you sure
that those users are not part of the Administrators group.

I've recently discovered:
With only Administrators group listed, then HOSTS file has no effect on the
two 'Power Users' (the only other users set up on these machines and *not*
part of the Administrators group).

I don't want them to have *any* access to the HOSTS file, but still have it
affect them.

I think I've accomplished that (no access) by limiting permissions on the
folder where HOSTS resides to Administrators.

See follow up to Gary Smith for what is currently working "as desired".