Solved

Cannot change the system time

Posted on 2008-10-23
4
560 Views
Last Modified: 2013-12-04
I am running about 20 workstations and 4 servers in a Windows 2003 domain.  For some reason, only the domain controller can modify the system time.  If I double click on the time in the system tray get the following error...
"You do not have the proper privilege to change the system time".
This happens on all the workstations and member servers.  On the workstsions, I can login as the domain administrator and I get the same error.  Same also happens when I log on locally as the local admin.  Under the domain security policy i checked the computer configuration-->windows settings--> security settings-->local policies-->user rights assignments and "change the system time" has administrators, everyone, domain users, and SERVICE.  when i look on the local pc under its local gp settings, SERVICE is the only thing listed and  cannot modify this setting (greyed out).  I ran a gpupdate and no luck.  any advice?
0
Comment
Question by:timbone101
4 Comments
 
LVL 3

Expert Comment

by:din101
Comment Utility
if the workststion time is different from DC then work station wont be able to login to the DC which is why they dont allow that
0
 
LVL 12

Expert Comment

by:NetAdmin2436
Comment Utility
You would need to change the time on your domain controller. Then that will populate to all your member servers and workstations. As mentioned, if the times are not synchronized and are off by even a few mins then kerberos will fail and no one will be able to log on to the domain.
0
 
LVL 4

Accepted Solution

by:
ckozloski earned 500 total points
Comment Utility
Your workstations should pull the system time from your domain controllers. System time in a domain environment has to maintain syncronization in order for domain services to work and be available to those workstations.
Check to see if there is a significant time difference between your domain controller's time and the time on said workstation.
The local policy is greyed out because GPO always takes precedence over local policies if they are defined.
To really check and see what group policies are applied to a machine, go to command line and use the command gpresult.
It will spit out all the policies applied to that workstation.
Also, start checking your event logs on the machines and or the servers for w32time events. That may give you a clue on where to start troubleshooting.
My guess is that you have a GPO that is either stale or misconfigured that is causing this problem.
0
 

Author Closing Comment

by:timbone101
Comment Utility
For some reason, SERVICE was the only one permitted to change time on the desktops.  I changed the domain security policy setting on the DC, ran a gpupdate /force on the desktops, and that fixed the problem.  Thanks.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now