Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Disable access to change date and time

Posted on 2008-10-09
12
Medium Priority
?
5,122 Views
Last Modified: 2010-08-05
I'm a sys. admin and want throgh some policy or something disable the user from being able to change the time/date settings of a computer. I have found a way to make it disappear from the system tray but it is not the ideal solution. any ideas?
0
Comment
Question by:borgb002
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
  • +1
12 Comments
 
LVL 6

Expert Comment

by:MrNiss99
ID: 22682163
As long as the user is not in the local administrators group then they shouldn't be able to change date/ time.
0
 

Author Comment

by:borgb002
ID: 22682210
in fact they are....... any work arounds please?
0
 
LVL 8

Expert Comment

by:Point-In-Cyberspace
ID: 22682222
Normal users cannot change date/time on the machine. If users are power users or administrators you can use a local policy that you can apply to local computers or, if there is a domain, a group policy to do this.

Open policy editor and look for:
  Computer config/Windows settings/User rights/Change system time

Here you can set who will be able to change date and time.

0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:borgb002
ID: 22682299
can't find it.... under "Windows Settings" there are only two options:
Scripts
Security settings
0
 
LVL 8

Expert Comment

by:Point-In-Cyberspace
ID: 22682468
My mistake. I'm using nonenglish windows now.

You have to go to:
Computer config/windows settings/Security settings/Local .../User rights/Change system time


0
 

Author Comment

by:borgb002
ID: 22682565
ok found. But it is asking for a user/group in my domain. I was hoping to find:
Allow change date/time [ENABLE or DISABLE]  but unfortunately wasn't like that.

If I add a user or group, what does that mean that I'm restricting or allowing access?
0
 
LVL 5

Expert Comment

by:micalkin
ID: 22686795
Only the Groups/Users listed in the policy are allowed to change the time.
0
 
LVL 6

Expert Comment

by:MrNiss99
ID: 22686885
If there are too many user/ group entries to add to the policy, then just force a time sync with your DC on logon. Then at least it would be in sync upon logon.

Just a thought.

add this to your logon script:

net time \\ntpserver

0
 

Author Comment

by:borgb002
ID: 22687072
micalkin:
I'm doing this from the server ACTIVE DIRECTORY USERS AND COMPUTERS
in the GROUP POLICY OBJECT EDITOR I'm selecting the feature you've mentioned and added a user that obvious is not my user name. I assumed that I was giving access to this user only and automatically inheritince deny permissions to mine; but unfortunately it didnt work that way.

MrNiss99:
I am already doing that... It works but the user still can change the date and time later on.
0
 
LVL 8

Expert Comment

by:Point-In-Cyberspace
ID: 22694450
Let's talk about group policy:

A policy is applied to an object. You have to apply this policy to the object where is contained the COMPUTERS which are used by the users you need to block, because this policy is a computer settings one.
If, for example, computers are in the OU called machines, then you have to apply this policy to that OU.
If they are in a folder you can't apply the policy so you have to create an OU or you may apply the policy to the entire domain. This will apply the policy to the domain controllers too.

In the policy you have to specify which users or users group WILL BE ABLE to cange the date and time, so, in your config, you have to set it to none because all of your users are administrators.


Hope this helps

0
 
LVL 8

Accepted Solution

by:
Point-In-Cyberspace earned 2000 total points
ID: 22694456
One more thing: to apply a policy you have to go to the compter that you are using for test and in a command prompt write:
   gpupdate /force

to apply group policy. You have to do this after every policy change, because by default policied are refreshed every hour.

Another way is to restart the test computer.

0
 

Author Comment

by:borgb002
ID: 22694478
Thanks Point-In-Cyberspace

your comment has shed some further light. I'll try it out on computers rather than login names. I had created an OU and applied the policy to that OU, then placed login names under it. Obviously it didnt work out.

I'll try your suggestion ..
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows how to use a free utility called 'Parkdale' to easily test the performance and benchmark any Hard Drive(s) installed in your computer. We also look at RAM Disks and their speed comparisons.
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
The viewer will be introduced to the technique of using vectors in C++. The video will cover how to define a vector, store values in the vector and retrieve data from the values stored in the vector.
This video will show you how to get GIT to work in Eclipse.   It will walk you through how to install the EGit plugin in eclipse and how to checkout an existing repository.
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question