Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

<b>Windows 2k Pro Security (GPO)</b>

Status
Not open for further replies.
masil

masil

Programmer
Jan 4, 2005
6
CA
I want to allow a few users to be able to change their
system time in windows without giving them the privilage
to install any program on the machine. Some users need to
change the time for programming and testing softwares.

I went to edit the GPO with gpedit.msc (on a Win 2k Pro client Station) and changed the
properties by adding the uesr to be allowed to change the
time:

Computer configuration->windows settings->Security
Settings->Local Policies->User Rights Assignment->Change
system time

But I can only edit the local settings (check-box) but not
the effective settins right next to the local one (also a
check-box). So the property is still not assinged to the
user. I also tried to restart the computer but doesn't
change a thing.

So I went into the GPO editing on the SBS 2000 station (Active Directory Users and Computers -> Right click on domain name for properties -> Edit the GPO values "Change system time" to the assigned user). But when i get back to the client machine, nothing's changed; i even did a refresh with the following command: secedit /refreshpolicy MACHINE_POLICY

Also, when i get back to the client machine and try to add a user, FROM THE DOMAIN, for the "Change System Time" policy, i get the message it cannot connect to the domain. I don't get it because i know i am connected to the domain and that i'm not on a workgroup (ping works, shares work, internet works...).

 
Sort by date Sort by votes
1. Make sure that the GPO is linked to a folder where all of the applicable resources are underneath it, IE if you have users in multiple OUs that you are applying this policy to, the link has to be to a parent OU to all of them. B when you use that command on the machine it attempts to make the local machine policy the effective setting, but if it isn't configured correctly on the server, the domain policy overwrites local policies. Try running gpupdate from the DC also to initiate a push of the gpo changes to the clients. I'm kinda new at running AD DCs/GPOs, so if any of this isn't correct or is unclear, please correct/ask for clarification.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
737
Aquiles Vidal
Aquiles Vidal
DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
618
DTGMI
DTGMI
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
971
suncit
suncit
ADB100
  • Locked
  • Question
Single Windows 7 Ultimate workstation not applying Registry, Drive Map or Printers GPO settings
Replies
1
Views
462
technome
technome
antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
579
antonio_dsanchez
antonio_dsanchez

Part and Inventory Search

Sponsor

Back
Top