Modifying HOSTS file in Vista…

When you trying to modify the “Windows\system32\drivers\etc\hosts” file to add some local dns mappings in Vista, the system will not allow you to save the file. It’s because of the tighten security in Vista.

to solve this, refering to this KB, run your editor by right-clicking it and “run as Administrator”, then will be able to save the file.

or by referring to Matthew’s post, just grab the ownership of the HOSTS file so that one will be able to edit it without having administrator priviledges.

(by running cmd.exe as administrator…)

takeown /f c:\windows\system32\drivers\etc\hosts
icacls c:\windows\system32\drivers\etc\hosts /grant yourusername:f


Technorati tags: , , , , ,

Comments (4)

  1. James Knowles says:

    I might be being stupid here, but is it not the whole point of the host file not being owned by you the point of the security measure. I.e You run a trojon on your machine under you priviledges then it has no access to the host file. Surely you should just put up with the minor inconvience of having to start you editor as admin then take ownership of the file?

  2. Hi James:

    Of course it’s just like what you said the whole security meanings of that the file’s ownership is not the current user. this is just one of the option of grabbing the ownership to minimize the steps of modifying the hosts file especially if you are a web developer and often need to do lots of local tests. one should consider the risks v.s. the conveniency of doing one of the above actions. the main point of this post is just to notice people how to modify HOSTS file in a Vista environment if one needs to… 🙂


  3. James Knowles says:

    Hi Rex,

    Thanks for the quick response,

    😉 I come from a background of Unix (Long time ago) and it is just bad practice to take ownership of system files under any circumstances especially files like host files that are used by at least one virus known to me and spyware. Developers are really a good part of reason why windows Vista will be insecure in the future we need to stop trying to get around the security aspect of vista and start working on changing our practices with Vista as an OS. Leaving ourselves as users and making sure we work under that environment.. 😉 If you were on a Unix environment you would not do this..(Well hopefully not) Sorry I will stop ranting slightly I don’t mean to but I strongly think this should not be encouraged.  I am web developer and I work 70% of my time in Vista as a developer of websites it is painful experience sometimes to change your habbits and I do find myself shouting at Vista on the odd occasion but I know that it ME who has a problem with the security aspect not Vista. Changing system file permissions was a bad idea 10 years ago, today it is even worse.. developer or no developer role.  

    😉 (Sorry.. I will stop banging my drum 😉


  4. Hi James:

    I totally agree with you on not easily changing system files ownership to prevent opening security holes for viruses or trojons. (People reading this post: DON’T easily changing it if you don’t know what you are doing!! 😉 )

    As windows vista is a client OS, actually the HOSTS file for it is just a local dns mapping function which is not like the hosts file at unix world that has important role on the whole server functions (I am totally Windows backgrounded and only have half year Linux administratoin / development experiences…), so if may not that harmful by changing the ownership of this file but as you said , we should educate people of the right usage of software / OS… 😉

    by the way, as Windows Vista is a client OS, to develop Web server applications it should not that convenient since the environment is not a server environment. I use Vista as my host OS too but when I am developing web applications, I won’t develop it right inside Vista env., instead I’ll just run a Virtual PC / VMWare virtual machine with Windows 2003 / IIS6 server environment, it will be most likely the real running environment of your developing application that should ease the deployment efforts later. Windows Server environment is not like LAMP env. that count on config files to setup all the things but on those installed environment settings (ISAPI filters, etc) so it might be better if you can develop stuffs on a server environment. 🙂

    FYI. and thanks for comments. 🙂