Solved

Cannot change the system time

Posted on 2008-10-23
4
561 Views
Last Modified: 2013-12-04
I am running about 20 workstations and 4 servers in a Windows 2003 domain.  For some reason, only the domain controller can modify the system time.  If I double click on the time in the system tray get the following error...
"You do not have the proper privilege to change the system time".
This happens on all the workstations and member servers.  On the workstsions, I can login as the domain administrator and I get the same error.  Same also happens when I log on locally as the local admin.  Under the domain security policy i checked the computer configuration-->windows settings--> security settings-->local policies-->user rights assignments and "change the system time" has administrators, everyone, domain users, and SERVICE.  when i look on the local pc under its local gp settings, SERVICE is the only thing listed and  cannot modify this setting (greyed out).  I ran a gpupdate and no luck.  any advice?
0
Comment
Question by:timbone101
4 Comments
 
LVL 3

Expert Comment

by:din101
ID: 22787083
if the workststion time is different from DC then work station wont be able to login to the DC which is why they dont allow that
0
 
LVL 12

Expert Comment

by:NetAdmin2436
ID: 22787191
You would need to change the time on your domain controller. Then that will populate to all your member servers and workstations. As mentioned, if the times are not synchronized and are off by even a few mins then kerberos will fail and no one will be able to log on to the domain.
0
 
LVL 4

Accepted Solution

by:
ckozloski earned 500 total points
ID: 22787302
Your workstations should pull the system time from your domain controllers. System time in a domain environment has to maintain syncronization in order for domain services to work and be available to those workstations.
Check to see if there is a significant time difference between your domain controller's time and the time on said workstation.
The local policy is greyed out because GPO always takes precedence over local policies if they are defined.
To really check and see what group policies are applied to a machine, go to command line and use the command gpresult.
It will spit out all the policies applied to that workstation.
Also, start checking your event logs on the machines and or the servers for w32time events. That may give you a clue on where to start troubleshooting.
My guess is that you have a GPO that is either stale or misconfigured that is causing this problem.
0
 

Author Closing Comment

by:timbone101
ID: 31509253
For some reason, SERVICE was the only one permitted to change time on the desktops.  I changed the domain security policy setting on the DC, ran a gpupdate /force on the desktops, and that fixed the problem.  Thanks.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question