0

I need to give a non-admin account most admin permissions except for modifying system files. I'd like that admin account to retain all normal admin permissions but not be able to modify the hosts file. I've written a guide on how to do this in Ubuntu, and I'd like to do something similar in Windows 10.

The best solution I've found is to make something like this script start when the user logs in. Source

#Specify the file name
$fileName = "C:\Windows\System32\Drivers\etc\hosts"

#Open the file in read only mode, without sharing (I.e., locked as requested)
$file = [System.io.File]::Open($fileName, 'Open', 'Read', 'Read')

I understand that it won't be bullet proof, but I would like something that makes it sufficiently inconvenient to modify this file.

DanielArnett
  • 101

1 Answers1

0

An admin can access any file on the system. The system hosts file you are referring to handles local name resolution for the machine so it needs to be able to be readable by all users of the system. You could probably remove admin access to "write" to the file but another admin could easily give themselves "write" access back.

Marcus Patman
  • 36