Enable ability to change system clock on clinet pc, windows 2003 server domain
Im gonna try this agian I have asked this but never could get it to work.
I THOUGHT I wanted to remove the ability to allow users to change the date and time on their cliet PC's. I removed the ability, but since then it has been nothing but issues and we just need to allow them to do this.
I FORGOT WHERE AND HOW I did this.
Server 2003 as a PDC in a domain
Client is XP PRO with SP2
Please list ANY AND ALL places, i.e. Policies on the server and policies on the cliente pc...
That could cause this to be disabled so I can fix it.
Im new to this so you may need to REMIND me how to get to where I need to go.
Thanks
I THOUGHT I wanted to remove the ability to allow users to change the date and time on their cliet PC's. I removed the ability, but since then it has been nothing but issues and we just need to allow them to do this.
I FORGOT WHERE AND HOW I did this.
Server 2003 as a PDC in a domain
Client is XP PRO with SP2
Please list ANY AND ALL places, i.e. Policies on the server and policies on the cliente pc...
That could cause this to be disabled so I can fix it.
Im new to this so you may need to REMIND me how to get to where I need to go.
Thanks
ASKER
They have need to BACK date invoices... only way to do this is is to change the clock on the pc.
ASKER
hmm are you perhaps giving dirctiosn for server 2000?
2003 seems to be somwaht diff
Im in th GPO now.
2003 seems to be somwaht diff
Im in th GPO now.
Check on Domain Policies. Create a temporary domain policy just for that. Enable the hability to change the time, and link and ENFORCE it on root.
That will effectively enable this policy on all the domain .
Now you can relax and use the Group Policy Managment Console to run a Group Policy Modeling or Group Policy Results on a standar user applied on his computer.
Expand it and look for conflicting options on time setting. Your new policy is overrading any other one, so will be the "Winner". Once found, edit the policy, and remove the link to your temporary time policy.
Test.
That will effectively enable this policy on all the domain .
Now you can relax and use the Group Policy Managment Console to run a Group Policy Modeling or Group Policy Results on a standar user applied on his computer.
Expand it and look for conflicting options on time setting. Your new policy is overrading any other one, so will be the "Winner". Once found, edit the policy, and remove the link to your temporary time policy.
Test.
ASKER
I think I had disabled inharnt polocies.. will this still work?
What I posted above is for 2003. I have a 2003 forest, domain and all WS are XP
It may, but only if the setting is on the policies, AND policies are not enforced. Have you done a "Block inheritance"? You may have a blue circle with an "!" inside where are blocked.
Have you tested? Reboot the client first, to refrsh changes (you can also use gpupdate /force and logoff/login)
Have you tested? Reboot the client first, to refrsh changes (you can also use gpupdate /force and logoff/login)
ASKER
Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\
Change system time Would this be the spot?
I have the admin pac so maybe that is why mine looks diff.
I went to change system time and put ADMINS and DOMAN USERS in it.
Logged on teh WS as a domain user and cannot change time.
Is htere a command to FORCE the WS to update the Polocies? Perhaps this is why it didn't work?
Change system time Would this be the spot?
I have the admin pac so maybe that is why mine looks diff.
I went to change system time and put ADMINS and DOMAN USERS in it.
Logged on teh WS as a domain user and cannot change time.
Is htere a command to FORCE the WS to update the Polocies? Perhaps this is why it didn't work?
gpupdate /force, but you have to logoff and login. Rebooting may also help, and waiting a while, if the DC is far away on your topology...
Moving out. See you tomorrow,
BTW, do you have the Group Policy Console installed? Group Policy Modeling or Group Policy Results gives you a lot of information, including were settings are applied or denied. Is not so difficult to use...
Moving out. See you tomorrow,
BTW, do you have the Group Policy Console installed? Group Policy Modeling or Group Policy Results gives you a lot of information, including were settings are applied or denied. Is not so difficult to use...
Yes, if you just changed the group policy, it will have to propogate. By default it is like, 90 minutes. Give the workstation a gpupdate /force. Log off and back on and the policy should be updatedd
ASKER
OK..
If I go to Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\
change system time
And take all the groups out and mark it as UNDEFINED... by defalut this should allow my users to change their time right?
Is there any other setting that could cause this to NOT work?
If I go to Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\
change system time
And take all the groups out and mark it as UNDEFINED... by defalut this should allow my users to change their time right?
Is there any other setting that could cause this to NOT work?
Yes, you are correct unless there is another policy further up the chain that disabled it. Go to a workstation and give it the gpupdate /force and see if it works then.
ASKER
I updated the policy no dice.
Is there any other place? The only one up the chain the the default domain policy... but I have inheret turned off.
Is there any other place? The only one up the chain the the default domain policy... but I have inheret turned off.
You have a PDC doing this?
How about stopping the Windows Time service on the server. Its called W32time, you can access it through the services option - but I would recommend getting the admin pack if you dont already have it.
Also, making sure that Group Policy - Default Domain Policy - Properties - Computer Configuration - Administrative Templates - System - Windows Time Service, and all its subcomponents are set to disabled. Do you have more than one Group Policy? if so, check the same location in all of them. Other than that, mrchaos101 really covered the other area to check for too.
Keene
How about stopping the Windows Time service on the server. Its called W32time, you can access it through the services option - but I would recommend getting the admin pack if you dont already have it.
Also, making sure that Group Policy - Default Domain Policy - Properties - Computer Configuration - Administrative Templates - System - Windows Time Service, and all its subcomponents are set to disabled. Do you have more than one Group Policy? if so, check the same location in all of them. Other than that, mrchaos101 really covered the other area to check for too.
Keene
ASKER
yes one box does it all it is a PDC
ASKER
The problem is...
If I log in under an Admin account on the client I can change system time fine.
If I log in as a domain user It sys I cannot change time do to restrictions on this computer.
I have only ONE policy. I copied the defalt to our OU and made all changes I needed to it.
Is there any other information I can give to get this figured out?
If I log in under an Admin account on the client I can change system time fine.
If I log in as a domain user It sys I cannot change time do to restrictions on this computer.
I have only ONE policy. I copied the defalt to our OU and made all changes I needed to it.
Is there any other information I can give to get this figured out?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you wanted to ensure at each bootup they were synced, you could even add a net time command to the logon script.
OK here are some places to look. You can check on your Domain Policy and your Domain Controller policy as well as any OU Policies you have defined.
If you actually removed the clock from the taskbar, go to User Configurations, Administrative Templates, Start Menu and Taskbar and it is under Remove Clock from the System Notification Area.
Computer Configuration, Windows Settings, System Services, Windows Time, and edit Security in that object.