Solved

Cannot change the system time

Posted on 2008-10-23
4
563 Views
Last Modified: 2013-12-04
I am running about 20 workstations and 4 servers in a Windows 2003 domain.  For some reason, only the domain controller can modify the system time.  If I double click on the time in the system tray get the following error...
"You do not have the proper privilege to change the system time".
This happens on all the workstations and member servers.  On the workstsions, I can login as the domain administrator and I get the same error.  Same also happens when I log on locally as the local admin.  Under the domain security policy i checked the computer configuration-->windows settings--> security settings-->local policies-->user rights assignments and "change the system time" has administrators, everyone, domain users, and SERVICE.  when i look on the local pc under its local gp settings, SERVICE is the only thing listed and  cannot modify this setting (greyed out).  I ran a gpupdate and no luck.  any advice?
0
Comment
Question by:timbone101
4 Comments
 
LVL 3

Expert Comment

by:din101
ID: 22787083
if the workststion time is different from DC then work station wont be able to login to the DC which is why they dont allow that
0
 
LVL 12

Expert Comment

by:NetAdmin2436
ID: 22787191
You would need to change the time on your domain controller. Then that will populate to all your member servers and workstations. As mentioned, if the times are not synchronized and are off by even a few mins then kerberos will fail and no one will be able to log on to the domain.
0
 
LVL 4

Accepted Solution

by:
ckozloski earned 500 total points
ID: 22787302
Your workstations should pull the system time from your domain controllers. System time in a domain environment has to maintain syncronization in order for domain services to work and be available to those workstations.
Check to see if there is a significant time difference between your domain controller's time and the time on said workstation.
The local policy is greyed out because GPO always takes precedence over local policies if they are defined.
To really check and see what group policies are applied to a machine, go to command line and use the command gpresult.
It will spit out all the policies applied to that workstation.
Also, start checking your event logs on the machines and or the servers for w32time events. That may give you a clue on where to start troubleshooting.
My guess is that you have a GPO that is either stale or misconfigured that is causing this problem.
0
 

Author Closing Comment

by:timbone101
ID: 31509253
For some reason, SERVICE was the only one permitted to change time on the desktops.  I changed the domain security policy setting on the DC, ran a gpupdate /force on the desktops, and that fixed the problem.  Thanks.
0

Featured Post

Free Webinar: AWS Backup & DR

Join our upcoming webinar with experts from AWS, CloudBerry Lab, and the Town of Edgartown IT to discuss best practices for simplifying online backup management and cutting costs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question