Solved

Stop user from changing system time

Posted on 2008-10-19
7
2,164 Views
Last Modified: 2013-12-04
Is there any software our there that blocks the user from accessing the system time settings so they don't change it. Of course there would have to be an administrator function so someone that needs to change the time could but for the regular user can not. The regular users are administrators on their computer and have to be due to other constraints so group policies won't work. I've searched the internet and did not receive alot of good hits. I need it to be XP and vista compatible.  Any suggestions?
0
Comment
Question by:cobolinx1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 2

Expert Comment

by:mariu-eg
ID: 22752456
Local Security Policy, Change system time, if you remove Administrators from it, they cannot change the time. They can add them self to it though. But thats the downside of let them be administrators.
0
 
LVL 58

Assisted Solution

by:tigermatt
tigermatt earned 200 total points
ID: 22752478

Push the change through the central domain Group Policy, in Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment. It is called 'Change the system time', and you can centrally control it on all the workstations from there. I suggest you just allow the DOMAIN\Domain Admins group the privilege.

The domain-based GPO overrides any settings locally on a workstation, so by setting it centrally, users should not be able to edit it using their local gpedit.msc. And for security, I would suggest you restrict gpedit.msc for non-Domain Admins anyway - it can be restricted in User Config > Admin Templates > Windows Components > Microsoft Management Console > Restricted/Permitted Snap-ins.

-tigermatt
0
 

Author Comment

by:cobolinx1
ID: 22752605
No not force accept I need to test if this solution will work in my scenario.
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 

Author Comment

by:cobolinx1
ID: 22752611
Sorry.. DO not force accept. This may take a week or two.
0
 
LVL 17

Accepted Solution

by:
kadadi_v earned 300 total points
ID: 22759328
Your procedure is like this..................RIght...?
You have to run this procedure on every workstation coz your are working in workgroup with administartor login....
1. Go to start --> run --> key in gpedit.msc
2. Navigate to Computer Configuration --> windows settings --> security settings --> Local policies --> User Rights management
3. Look for Change the system time on right panel.
4. Remove all the users and groups.

But we remove the administrator then who will do...?
Try with this also:-
http://www.petri.co.il/forums/showthread.php?t=11166

Regards,
VIjay kadadi
0
 

Author Comment

by:cobolinx1
ID: 22772953
Thanks kadadi that was a good link. They may not always be connected to network so would group policies still work? That's why I was looking at a third party alternative instead of group policies.
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 22773890

Group Policies are cached on the machine, so when it is disconnected from the network, they will still apply.

-tigermatt
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
A brand new malware strain was recently discovered by security researchers at Palo Alto Networks dubbed “AceDeceiver.” This new strain of iOS malware can successfully infect non-jailbroken devices and jailbroken devices alike.
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

687 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question