Windows - Configuration - Add Host File Entry

What the Hosts File Entry Manager does

This Automox Worklet™ adds entries to the Windows hosts file located at %windir%\System32\drivers\etc\hosts. The hosts file provides local DNS overrides that take precedence over DNS server responses, allowing you to control how specific hostnames resolve on individual endpoints.

The Worklet uses PowerShell's Select-String to check if the hostname already exists in the hosts file before adding it. This prevents duplicate entries that could cause confusion or unexpected behavior. If the entry already exists, the Worklet reports compliance and exits without making changes.

Entries are added with a newline prefix and tab separator following standard hosts file format. You configure both the IP address and hostname through variables in the script, allowing you to customize the Worklet for different name resolution scenarios.

Why manage hosts file entries through Automox

DNS failures, network misconfigurations, or split-brain DNS scenarios can prevent endpoints from reaching critical internal services. When your endpoints cannot resolve internal hostnames to the correct IP addresses, users cannot access file shares, internal web applications, authentication servers, or backup systems. This breaks workflows and generates support tickets that overwhelm your help desk.

Third-party services and cloud applications sometimes require hostfile overrides to bypass DNS caching, enable testing environments, or redirect traffic for security purposes. Content delivery networks and load balancers occasionally need hostfile entries to force traffic through specific paths during maintenance or failover scenarios.

Some legacy applications hardcode DNS names that no longer exist in your current DNS infrastructure or point to retired servers. Rather than modify the application code or reconfigure complex systems, adding hostfile entries provides a quick path to redirect these legacy hostname references to current infrastructure.

Security teams use hostfile entries to block access to known malicious domains by pointing them to 127.0.0.1 or 0.0.0.0. This provides an endpoint-level defense that works even when network-based DNS filtering is bypassed or unavailable.

How hosts file entry management works

1. Evaluation phase: The Worklet uses Select-String to search the hosts file at %windir%\System32\drivers\etc\hosts for the specified hostname pattern. If found, the endpoint is compliant. If not found, the endpoint is flagged for remediation.

2. Remediation phase: The Worklet re-checks for existing entries, then uses Add-Content to append the new entry in the format: newline + IP address + tab + hostname. The -Force parameter writes the entry even if the file is read-only. Success or failure is reported via output and exit code.

Hosts file entry requirements

• Windows workstations or servers

• Administrative privileges (Automox agent runs as SYSTEM)

• Configure $address variable with target IP address (e.g., '127.0.0.1' or '192.168.1.100')

• Configure $hosttoadd variable with hostname to add (e.g., 'internal.example.com')

Expected state after hosts file modification

The specified hostname and IP address are added to the Windows hosts file at C:\Windows\System32\drivers\etc\hosts. The endpoint immediately uses this mapping without requiring a reboot or service restart. DNS lookups for the specified hostname now return the IP address you configured, overriding any DNS server responses.

Applications on the endpoint that need to connect to the specified hostname now resolve to the correct IP address. Users can access internal services that were previously unreachable due to DNS issues. Network requests bypass DNS servers and use the local hostfile entry instead.

The hostfile entry persists across reboots. It remains in place until you manually remove it or run a Worklet to delete the entry. Windows networking respects the hostfile first before querying DNS servers, so the override takes precedence over all DNS configurations.

You can verify the change by running 'ping hostname' or 'nslookup hostname' from the endpoint's command prompt. The responses show the IP address you specified in the Worklet parameters, confirming that the hostfile entry is active and functional.

How to validate add host file entry changes

1. Run this Worklet on a pilot Windows endpoint and review evaluation output for add host file entry.

2. Confirm Automox activity logs show successful completion and exit code 0.

3. Verify endpoint state using checks aligned to evaluation script logic, such as Select-String, Write-Output.

4. Validate remediation effects from script operations such as Select-String, Write-Output, Add-Content, then rerun evaluation for compliance.