leventk I've had some difficulty with this one.
The first problem is that even if you have admin rights, you still can't edit the file. By default, the hosts file is set to read-only, hidden, and system. So before you can edit the file, the attributes must be changed by an administrator with the following command:
attrib c:\windows\system32\drivers\etc\hosts -r -s -h
Then, you must elevate the editor you wish to use. In my lab, I can't seem to get notepad.exe to elevate for my test account. Not sure why, and I didn't have a lot of time to troubleshoot. I was, however, able to elevate Notepad++.exe. But this brings us to the next challenge. If you elevate the application, the application is now elevated for editing ANY system files. A partial workaround for this is to add "c:\windows\system32\drivers\etc\hosts" as an argument to the rule, so it looks like this:
But, this doesn't work if you just double-click on the file. You must run from the Run box or command prompt with the following:
Then Notepad++ will launch with admin privileges. However, now the user can still open other system files. So there's really no way to completely avoid that problem.
The problem here is that you want to grant admin privileges to a FILE, not a PROCESS, which isn't what AC is meant for. Ultimately, that's a permission, not a privilege. You'd be better off changing the attributes and granting specific permissions to the file.
Thank you for response. I will try on our test environment