Join Log in
Score:0
avatar Server

Let user in AD set date/time by hand

sm flag
kankamuso

Under a 2012 AD, as usual, users cannot set date/time on their computers as this is managed by organization. For specific purposes, we need to let one of the users set date to past but options are greyed out. Through GPO we have granted permission to change date/time and timezone to that user. Policies are updated and seem correct as rsop.msc for that user shows that directive is correctly enabled... But no luck,still greyed-out option to change time by hand.

Is there any directive I am missing to allow this?

EDIT: Managed to set time through classical control panel but it reverts back to NTP after a moment.

187
1 + 0
Score:2
vidarlo avatar Server
ar flag
vidarlo

For specific purposes, we need to let one of the users set date to past but options are greyed out.

No, you don't need to do this is on an AD joined computer.

AD (Kerberos) relies on the time being synchronized to within a few minutes. If not, things like login, file shares, TLS and a slew of other functions that needs time will stop working.

You should look into a different solution - perhaps a virtual machine that is not AD joined, or even a separate computer - but you should not ever set time on AD joined computers manually.

The impracticality of it aside: I would attempt to change the workflow to not require setting time. Such requirements typically stems from X-Y problems.

+ 2
sm flag
kankamuso
I know, I know. In fact I had increased kerberos time from 5 to 99999 minutes. But your proposed virtual machine solution seems right to me. Thanks a lot!
0
Reply
vidarlo avatar
ar flag
vidarlo
You should probably not increase the kerberos time. There's a reason time is part of the authentication protocol. By removing it you're undermining the security of the protocol.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.