Using Hosts file across a network

[bwcc]

I have a Win2K server that handles 30 stations (client-server) and uses Active Directory to push user profiles, etc.

I am looking to use the 'hosts' file on the server to handle some website blocking, and it works great on the server. However, the workstations that connect to it do not use the server's 'hosts' file, therefore, those same pages are not blocked on the workstation.

Do I need to replicate the hosts file from the server to each workstation in order for this to work? If so, can someone walk me through an easy way to do this?

Thanks

[DVNT1]

Some ideas:

You could create an MSI and relating GPO.

You could create a script that copies the HOSTS files at logon.

You could create a script that copies the file whenever you initiate the script.


Script example:

Code:

Dim objFSO
Set objFSO = CreateObject("Scripting.FileSystemObject")
set wshshell = createobject("WScript.Shell")

Const ADS_SCOPE_SUBTREE = 2
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCOmmand.ActiveConnection = objConnection
objCommand.CommandText = _
"Select Name, Location from 'LDAP://DC=DomainName,DC=com' " _
& "where objectClass='computer'" 
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Timeout") = 30 
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 
objCommand.Properties("Cache Results") = False 
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
Do Until objRecordSet.EOF

'********************************************************************************************************************************

wshshell.run "copyfile.bat " & objRecordSet.Fields("Name").Value

'********************************************************************************************************************************
WScript.Sleep 1000

objRecordSet.MoveNext
Loop

copyfile.bat contents:

Code:

pslist \\%1
if errorlevel 1 goto :nochk

If not exist \\%1\admin$\system32\drivers\etc\hosts goto :ENDNG
copy c:\windows\system32\drivers\etc\HOSTS \\%1\admin$\system32\drivers\etc\ /y
goto :ENDNG

:nochk
echo unknown >nocheck\%1.txt
goto :ENDNG

:ENDNG
exit

Note:
* these examples have little error checking (if any) but you can add that in if needed.

* get pslist from http://www.sysinternals.com/ntw2k/fr.../pstools.shtml

* replace DomainName with your actual domain name.

[bwcc]

I like the MSI and GPO solution, since I already use GPO's to manage this domain. I haven't worked with MSI files in the past, but I have read the concept.

Are there any good resources on how to create and distribute MSI files using a GPO?

Thanks for the advice!

[DVNT1]

Quote:

4774 » How do I use a group policy to automatically distribute programs to client computers or users?



NOTE: The text in the following Microsoft Knowledge Base article is provided so that the site search can find this page. Please click the Knowledge Base link to insure that you are reading the most current information.

Microsoft Knowledge Base article Q314934 contains:


IN THIS TASK
SUMMARY
Create a Distribution Point
Create a Group Policy Object
Assign a Package
Publish a Package
Redeploy a Package
Remove a Package
Troubleshooting
REFERENCES


SUMMARY
This step-by-step article describes how to use a group policy to automatically distribute programs to client computers or users.

You can use group policy to distribute computer programs by using the following methods.

Assigning Software
You can assign a program distribution to users or computers. If you assign the program to a user, it is installed when the user logs on to the computer. When the user first runs the program, the installation is finalized.

If you assign the program to a computer, it is installed when the computer starts, and is available to all users that log on to the computer. When a user first runs the program, the installation is finalized.
Publishing Software
You can publish a program distribution to users. When the user logs on to the computer, the published program is displayed in the Add/Remove Programs dialog box, and it can be installed from there.

NOTE : Microsoft Windows 2000 group policy automated-program installation requires client computers that are running Windows 2000 or later.

back to the top
Create a Distribution Point
To publish or assign a computer program, you must create a distribution point on the publishing server:
Log on to the server computer as an administrator.


Create a shared network folder in which to place the Microsoft Software Installer (MSI) package that you want to distribute.


Set permissions on the share to allow access to the distribution package.


Copy or install the MSI package to the distribution point. For example, to distribute Microsoft Office XP, run the administrative installation ( setup.exe /a ) to copy the files to the distribution point.


back to the top
Create a Group Policy Object
To create a Group Policy Object (GPO) with which to distribute the software package:
Start the Active Directory Users and Computers snap-in. To do this, click Start , point to Programs , point to Administrative Tools , and then click Active Directory Users and Computers .


In the console tree, right-click your domain, and then click Properties .


Click the Group Policy tab, and then click New .


Type the name that you want to call this policy (for example, Office XP distribution ), and then press ENTER.


Click Properties , and then click the Security tab.


Click to clear the Apply Group Policy check box for the security groups that you want to prevent from having this policy applied. Click to select the Apply Group Policy check box for the groups to which you want to apply this policy. When you are finished, click OK .


back to the top
Assign a Package
To assign a program to computers that are running Windows 2000 or Windows XP Professional, or to users that are logging on to one of these workstations:
Start the Active Directory Users and Computers snap-in. To do this, click Start , point to Programs , point to Administrative Tools , and then click Active Directory Users and Computers .


In the console tree, right-click your domain, and then click Properties .


Click the Group Policy tab, select the group policy object that you want, and then click Edit .


Under Computer Configuration , expand Software Settings .


Right-click Software installation , point to New , and then click Package .


In the Open dialog box, type the full Universal Naming Convention (UNC) path to the shared folder that contains the MSI package that you want. For example, \\ file server \ share \ file name .msi .

IMPORTANT : Do not browse to the location. Ensure that you use the UNC path to the shared folder.


Click Open .


Click Assigned , and then click OK . The package is listed in the right pane of the Group Policy window.


Close the Group Policy snap-in, click OK , and then quit the Active Directory Users and Computers snap-in. When the client computer starts, the managed software package is automatically installed.


back to the top
Publish a Package
To publish a package to computer users, and make it available for installation from the Add/Remove Programs tool in Control Panel:
Start the Active Directory Users and Computers snap-in. To do this, click Start , point to Programs , point to Administrative Tools , and then click Active Directory Users and Computers .


In the console tree, right-click your domain, and then click Properties .


Click the Group Policy tab, select the group policy object that you want, and then click Edit .


Under User Configuration , expand Software Settings .


Right-click Software installation , point to New , and then click Package .


In the Open dialog box, type the full UNC path to the shared folder that contains the MSI package that you want. For example, \\ file server \ share \ file name .msi .

IMPORTANT : Do not browse to the location. Ensure that you use the UNC path to the shared folder.


Click Open .


Click Published , and then click OK . The package is listed in the right pane of the Group Policy window.


Close the Group Policy snap-in, click OK , and then quit the Active Directory Users and Computers snap-in.


Test the package:


Log on to a workstation that is running Windows 2000 Professional or Windows XP Professional by using an account to which you published the package.


Click Start , point to Settings , and then click Control Panel . In Windows XP, click Start , and then click Control Panel .


Double-click Add/Remove Programs or click Add or Remove Programs ), and then click Add New Programs .


In the Add programs from your network list, click the program that you published, and then click Add . The program is installed.


Click OK , and then click Close .


back to the top
Redeploy a Package
In some cases you may want to redeploy a software package. For example, if you upgrade or modify the package. To redeploy a package:
Start the Active Directory Users and Computers snap-in. To do this, click Start , point to Programs , point to Administrative Tools , and then click Active Directory Users and Computers .


In the console tree, right-click your domain, and then click Properties .


Click the Group Policy tab, click the group policy object with which you deployed the package, and then click Edit .


Expand the Software Settings container that contains the Software installation item with which you deployed the package.


Click the Software installation container that contains the package.


In the right pane of the Group Policy window, right-click the program, point to All Tasks , and then click Redeploy application . The following message is displayed:


Redeploying this application will reinstall the application everywhere it is already installed. Do you want to continue?
Click Yes .


Quit the Group Policy snap-in, click OK , and then quit the Active Directory Users and Computers snap-in.


back to the top
Remove a Package
To remove a published or assigned package:
Start the Active Directory Users and Computers snap-in. To do this, click Start , point to Programs , point to Administrative Tools , and then click Active Directory Users and Computers .


In the console tree, right-click your domain, and then click Properties .


Click the Group Policy tab, click the group policy object with which you deployed the package, and then click Edit .


Expand the Software Settings container that contains the Software installation item with which you deployed the package.


Click the Software installation container that contains the package.


In the right pane of the Group Policy window, right-click the program, point to All Tasks , and then click Remove .


Do one of the following:


Click Immediately uninstall the software from users and computers , and then click OK .


Click Allow users to continue to use the software, but prevent new installations , and then click OK .


Quit the Group Policy snap-in, click OK , and then quit the Active Directory Users and Computers snap-in.


back to the top
Troubleshooting
Published Packages Displayed on Client Computer After You Use a Group Policy to Remove Them
This situation can occur when a user has installed the program but has not used it. When the user first starts the published program, the installation is finalized. Group Policy then removes the program.

back to the top
REFERENCES
For additional information about how to use a Group Policy to deploy software, click the article numbers below to view the articles in the Microsoft Knowledge Base:
Q304953 OFFXP: How to Deploy Office over a Network
Q302430 How to Deploy Software to a Specific Group with Group Policies

from http://www.jsiinc.com/SUBJ/tip4700/rh4774.htm

[DVNT1]

One "free" way to create the MSI...

Quote:

How do i create a MSI file from a legacy application?

Top 20 Viewed Articles
1 How can I uninstall the Microsoft Java Virtual Machine (JVM) from Windows XP?
2 What You Need to Know About Windows Update Services
3 How can I uninstall the Microsoft Java Virtual Machine (JVM) from Windows XP?
4 Opening Microsoft's Performance-Tuning Toolbox
5 DNS Lockdown
More Top Viewed Articles

Events Central
• TechNet Webcast: Microsoft Office 2003 and Local Installation Source – Level 200
• TechNet Webcast: Installing and Configuring Project Server 2003 – Level 400
• TechNet Webcast: Planning and Deploying Exchange Server 2003 – Level 300
• TechNet Webcast: Planning the Deployment of Project Server 2003 Clients – Level 300



John Savill
InstantDoc #13917
John Savill's FAQ for Windows





A. The problem at the moment is that not many applications ship with MSI files and so deploying legacy applications via group policies is not possible. Windows 2000 ships with WinINSTALL LE which can be used in the same way as SYSDIFF. You take a snapshot of you system, install the application, take an after snapshot and a discover program runs extracting the different files and registry entries that have been made.

Its important to run WinINSTALL LE on a clean system, by this I mean don’t run it on an installation that has applications installed on as when you install an application it may check if certain runtime’s etc are installed and if so not bother to recopy over, this would mean your distribution package would be missing vital files if applications were already installed.

To install WinINSTALL LE perform the following, however its recommended NOT to install the application on the PC that's going to act as the package creation computer incase the program itself effects the installation of the applications:

Insert the Windows 2000 Server CD
Move to the VALUADD\3RDPARTY\MGMT\WINSTLE folder
Double click the SWIADMLE.MSI file
The installer will begin and a progress bar displayed showing the progress of the installation.
A folder will be created under the Start menus Program folder 'Seagate Software'.

The first stage is to take a snapshot of the blank Windows 2000 Professional installation so any changes made by the application installation will be detected.

Logon to the professional reference installation as an Administrator
Run the Discover wizard from the distribution server (do not map a drive, use the Run dialog or Network Neighborhood), for example
"\\titanic.savilltech.com\d$\Program Files\Seagate Software\Winstall\DiscoZ.exe"
The wizard will start, click Next
Enter a name for the package (the name of the software you are creating a package for) and a path for the .msi file (make sure its on a drive other than one that forms part of the package, and select a new empty directory) and click Next
Click here to view image
Select a drive for the temporary files and click Next
Select the drives that the discover program should scan and click Next
Select the files to exclude from the scan (leave as the default unless you know what you're doing). Click Next

The WinINSTALL Discover program will then start
Once complete it will ask you to click OK which will prompt for a setup program to run, this is the legacy application which you want to create an .MSI file for.
Select the setup program you want to run and click Open
Continue the application setup as per normal
Once you have installed the application and made and configuration changes you need to create the "after" snapshot:

Logon to the professional reference installation as an Administrator again
Run the Discover wizard from the distribution server (again, do not map a drive, use the Run dialog or Network Neighborhood), for example
"\\titanic.savilltech.com\d$\Program Files\Seagate Software\Winstall\DiscoZ.exe"
The wizard will detect that a before snapshot exists and will ask if you want to create the after snapshot. Leave the 'Perform after' and click Next

The check will begin on both the registry and file system
If there are any potential problems they will be displayed. Click OK
A notice saying the after snapshot is complete and the package created
Before running any other package creations remove the application you installed or better yet, reinstall the machine (RIS is useful for this).

Its possible to fine-tune your created package using the 'Seagate Software Console' MMC snap-in. Select Open from the File menu and you can then change and view the files and registry components that will change be changed if installed. Select Save after any changes.


The Seagate console that allows you to edit the MSI files.

Once you have finished you must not only place the .MSI file to the distribution server but all files and subdirectories in the directory chosen for the MSI file.

from http://www.winnetmag.com/Article/Art...917/13917.html

[bwcc]

Wow - now THAT's an answer!

Thanks alot for the time and effort on this - I appreciate it.

Cheers