Windows 2008, "Error adjusting system time: A required privilege is not held by the client"

Posted on 2011-09-27
Last Modified: 2012-05-12
We use an application to synchronise the clocks between the servers in our data centre.

As a result of a recent security review we have set "Deny this user permission to logon to Terminal Server" on the domain administrator account and now only use it for installations and running services. Also we have created a 2nd domain administrator account for day to day operation via RDP and we routinely change it's password.

This new arrangement using the 2nd domain admin account works fine on our Windows 2003 servers but we cannot update the system clock on a  Windows 2008 SP2 64bit terminal server as follows:
- clock application GUI error message: "Error adjusting system time: A required privilege is not held by the client"
- TIME command line error message: "A required privilege is not held by the client"

The Windows 2008 server is setup as follows:
- "Domain Admins" were already in the local Administrator group
- "Domain Admins" was added to the following without improvement:
   Local Security Poilicy/ Local Policies/ User Rights Assignment/ Change the system time

The AD is Windows 2008 not R2.
Question by:Edge IT Systems
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2

Author Comment

by:Edge IT Systems
ID: 36708602
I have also noticed that even with "Deny this user permission to logon to Terminal Server" set for the original domain administrator account we can still use that account to RDP onto the Windows 2008 server but not onto the Windows 2003 servers.

This might be connected ?
LVL 42

Accepted Solution

kevinhsieh earned 250 total points
ID: 36710695
Why do you have an application running instead of the native windows time service?

You are possibly being blocked by UAC. What happens if you run the application elevated?

Author Comment

by:Edge IT Systems
ID: 36711121
For historical reasons we use 1st Atomic Clock.

Thank you, UAC was the answer, plus the following to disable the prompts:

- Start/ Run/ secpol.smc
- Local Policies/ Security Options/
  User Access Control: Run all administrators in Admin Approval Mode = disabled
- Local Policies/ Security Options/
  User Access Control: Behaviour of the elevation prompt for administrators in Admin Approval Mode = Elevate without prompting
LVL 42

Expert Comment

ID: 36711841
FWIW, disabling UAC reduces your security posture, and I would flag that as an auditor.

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article explains how to prepare an HTML email signature template file containing dynamic placeholders for users' Azure AD data. Furthermore, it explains how to use this file to remotely set up a department-wide email signature policy in Office …
A recent project that involved parsing Tableau Desktop and Server log files to extract reusable user queries for use in other systems. I chose to use PowerShell to gather the data, and SharePoint to present it...
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question