0
I edited the following security policy setting through secpol.msc:
Local Policies -> User Rights Assigment -> Change the System Time
and removed all users from it, so that nothing, not even LOCAL SERVICE could change the system time.
This seems to work for a while, tested both by rebooting (Windows does not sync the time to Bios as it should), setting Date and Time to autosync to time.windows.com (does not sync), and even issuing commands from powershell. Nothing can alter the date and time anymore.
However, at some point in time, Windows seems to add back the LOCAL SERVICE user to the Security Policy, and as a result, date and time are synced again.
Anyone knows what process is doing this? Any way to stop it definitively? (Windows 10 X64)
resle
Posted 2018-02-10T00:20:46.627
Reputation: 101
1Perhaps this isn't the correct solution. What problem are you trying to solve? – I say Reinstate Monica – 2018-02-10T00:55:37.127
...the problem that Windows seems to add back the LOCAL SERVICE user to the Security Policy – resle – 2018-02-10T06:50:10.760
That's not what I meant. What purpose do you have for preventing the machine from being able to update its time? – I say Reinstate Monica – 2018-02-10T14:18:37.973
I don't want anything to be able to set the system's date and time from any source for any given reason. I have already explored every possible route, and the only one that works is removing user rights through security policies - if only Windows didn't reset the setting now and then. – resle – 2018-02-10T14:33:24.247
That doesn't answer my question. Why do you want to do this? – I say Reinstate Monica – 2018-02-10T14:39:16.710
You asked me why I want to prevent the user policy change: to freeze the date. Now you ask me why I want to freeze the date. We could go on and on. I am not looking for an alternate path in the (rather complex) thing I am doing - I am looking for a solution to this specific roadblock. – resle – 2018-02-10T23:57:30.170
Sorry for not being clear enough. All along I've been asking you why you're trying to prevent the date from being changed. Perhaps there's another angle from which this can be addressed if we know what you're ultimately trying to accomplish. – I say Reinstate Monica – 2018-02-11T00:01:08.353
Thanks, I understand. But at the foundation, the goal itself is to freeze the date. I need to completely freeze the date of a machine (it's actually an hyper-v VM) so that each time it boots, it starts with the same date and time. Long story short - we are working on conversion of a piece of software from 1981 (!!). But the bottom line is, we need to freeze datetime, while Windows keep updating it no matter what. – resle – 2018-02-11T01:46:09.050
What if you ran a script every few minutes that changes these permissions and also sets the date to the desired one? I'm assuming the behavior you're experiencing is caused by the kernel and is not able to be turned off. – I say Reinstate Monica – 2018-02-11T02:33:10.297
Is it possible to set security policies through a powershell script? If so, your proposed solution would probably work for me. Anyway, if Windows really resets security policies from kernel processes, that's quite peculiar ... sort of defeats being able to configure those policies in first place! – resle – 2018-02-11T04:25:00.440