This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 81%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERR%3C/text%3E%3C/svg%3E)
Hello
In folder windows/system32/drivers/etc there is a hosts file. You can put there list of websites to be blocked. How to protect file hosts from editing? How to disable editing it? Softwares which block files and folders don't work with system folders like /etc.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 50%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
Hello,
Here are some methods you can use to help restrict editing:
───────────────────────────────
• Open an elevated Command Prompt (Run as Administrator).
• Enter the following command:
attrib +r C:\Windows\System32\drivers\etc\hosts
• This marks the file as read‑only.
Note: This is a basic protection that many programs can bypass if they change the file attributes.
───────────────────────────────
• Navigate to C:\Windows\System32\drivers\etc and locate the hosts file.
• Right‑click on the hosts file and select Properties.
• Go to the Security tab.
• Click the “Edit…” button to change permissions.
• For each entry (Users, Authenticated Users, etc.), you can remove the Write and Modify permissions.
For example:
– Select “Users” and uncheck “Modify” and “Write”.
– If you need more granular control, click “Advanced”, then modify the permission entries there.
• Click Apply and OK to save the changes.
───────────────────────────────
Running commands as an administrator, you can use icacls to deny write permission to certain user groups. For example:
icacls "C:\Windows\System32\drivers\etc\hosts" /deny Users:(W)
This command denies write access to the “Users” group. You can replace "Users" with other groups or specific accounts as needed. To restore permissions later, note down changes before applying them.
───────────────────────────────
If you’re in a managed environment the Group Policy Editor (gpedit.msc) can be used to enforce certain file system restrictions. However, for a standalone desktop, Group Policy might be more complex to set up for a single file. Still, you might consider software restriction policies that prevent unauthorized executables from launching, especially if you are trying to block malicious programs from modifying your files.
───────────────────────────────
Important Considerations
• Any method that restricts editing works only if the user doesn’t have full administrative rights. An administrator or malware with elevated privileges can always re‑take ownership or modify permissions.
• Always back up the hosts file before making changes.
• Remember that if you lock it down too restrictively, legitimate system or software updates might have trouble modifying or using it.
If the Answer is helpful, please click "Accept Answer" and upvote it.