-1

We have a partner site that must be accessible only if we add the entry for it in the host files of the computers we need to access it.

How can we update the host files or the workstations via powershell remotely ?

I was thinking of doing this in 2 steps: remote renaming the old host file and copying the new one to the destination stations.

Domain credentials will be used for this purpose.

I know how to parse the correct credentials, I just need some insight on how to rename the destination host and copy the new one from the a local server to the destinations. It does not have to be a mass-copy, deployment for each station would suffice.

Alternately, is there a way to directly alter the destination host file, give that it has additional protection from the OS ?

Overmind
  • 3,076
  • 2
  • 16
  • 25
  • 3
    IMHO if you need to modify the hosts file of more than an individual server or workstation you might as well add the record to your internal DNS instead... – HBruijn Apr 14 '17 at 08:55
  • Not a solution. Only a few computers of the total must access that location. – Overmind Apr 14 '17 at 09:13
  • 2
    Ok, but please realise the presence of a `super-secret-servername-at-partnersite` hosts entry is at best *security-by-obscurity* and not a substitute for actual access controls... – HBruijn Apr 14 '17 at 09:28
  • I know; the strict security issues will be handled after the firewall will be updated. Just need it to work like this until then. – Overmind Apr 14 '17 at 09:31

1 Answers1

3

I think the meat of your question is how to you copy the modified file to the remote machine. This can be accomplished over a powershell session, without any other firewall rules of file sharing.

$session = new-pssession computerName
copy-item -source $modifiedHostsFile -dest $hostFiletoReplace -toSession $session.

A more elegent solution is to use the hostsFile module with the Add-HostEntry command.

Eric
  • 554
  • 1
  • 5
  • 15
  • Looks like new remote sessions (new-pssession) don't work. Probably all workstations will need a policy to enable it. – Overmind Apr 18 '17 at 07:06
  • @Overmind I don't think there is anyway around getting powershell remoting working. This could be as simple as running ```enable-psremoting``` on each of the remote computers, or can be accomplished through group policy. You may even need a firewall rule depending on your environment. – Eric Apr 18 '17 at 12:34
  • Firewall is fine, I'll try making a group policy. – Overmind Apr 19 '17 at 05:25