Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

<b>Windows 2k Pro Security (GPO)</b>

Status
Not open for further replies.
masil

masil

Programmer
Joined
Jan 4, 2005
Messages
6
Location
CA
I want to allow a few users to be able to change their
system time in windows without giving them the privilage
to install any program on the machine. Some users need to
change the time for programming and testing softwares.

I went to edit the GPO with gpedit.msc and changed the
properties by adding the uesr to be allowed to change the
time:

Computer configuration->windows settings->Security
Settings->Local Policies->User Rights Assignment->Change
system time

But I can only edit the local settings (check-box) but not
the effective settins right next to the local one (also a
check-box). So the property is still not assinged to the
user. I also tried to restart the computer but doesn't
change a thing. Any help?

Thanks.

Regards,
Masil
 
Sort by date Sort by votes
I have done the same thing along with some other policies and restrictions on Win2K box. After creating what I wanted I saved it and gave the policy a name. In the policy that you mention the effective policy box was not shown as checked until I saved the changes.
 
Upvote 0 Downvote
Masil - is this machine a member of a domain? (because domain policies will override local ones - you'd need to change it there rather than locally)
 
Upvote 0 Downvote
Ok wolluf. Thank you.
Yes, the machine is a member of the domain. So you mean i have to change the GPO on the local server machine?
 
Upvote 0 Downvote
Well, id go into the GPO editing on the server (Active Directory Users and Computers -> Right click on domain name for properties -> Edit the GPO values "Change system time" to the assigned user). But when i get back to the client machine, nothing's changed; i even did a refresh with the following command: secedit /refreshpolicy MACHINE_POLICY

Also, when i get back to the client machine and try to add a user, FROM THE DOMAIN, for the "Change System Time" policy, i get the message it cannot connect to the domain. I don't get it because i know i am connected to the domain (ping works, shares work, internet works...).

I'm starting to lose my patience with this...anyways, i'd be greatfull if you'd still stick with me on that.

Regards,
Masil
 
Upvote 0 Downvote
masil - my knowledge of 2k (& 2k3) server and Active Directory is limited - you may be better asking the question in forum96 or forum931.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

K
  • Locked
  • Question Question
Recover Data Windows 10
Replies
2
Views
4K
Rick998
Rick998
VicM
  • Locked
  • Question Question
Problem updating Windows Explorer
Replies
1
Views
1K
Nancycaf
Nancycaf
pjw001
  • Locked
  • Question Question
Latest Windows Update - End of Service
Replies
2
Views
3K
pjw001
pjw001
pjw001
  • Locked
  • Question Question
Windows 11 Screen Colours have changed (slightly)
Replies
14
Views
9K
pjw001
pjw001
DTGMI
  • Locked
  • Question Question
WIN 10 Pro PC & Adding back to our Network
Replies
1
Views
1K
pjw001
pjw001

Part and Inventory Search

Sponsor

Back
Top