-1

I need to lockdown the system time on a number of PCs via gpedit.msc and then removing administrators from the group and then adding 'administrator' and 'polling'. Can I do this via a script?

Essentially I have to;

Run gpedit.msc

Computer Configuration

Windows Settings

Security Settings

Local Policies

User Rights Assignment

Double Click Change the system time

Select Administrators > Click Remove

Click Add User or Group

Type Administrator > Click Check Names

Type polling > Click Check Names

OK > Apply > OK

Logoff

I have to do this for a huge number of computers so is there a batch file I could run on each PC to do this? Your help would be very much appreciated.

John Gardeniers
  • 27,458
  • 12
  • 55
  • 109
Chester
  • 1
  • My assumption is that the users in question are in the local Administrators group. Is that correct? If so, then you're fighting a losing battle. Any change you make can be reversed by the user because they're in the local Administrators group. The solution would be to remove them from the local Administrators group. – joeqwerty Nov 29 '12 at 13:41
  • The users in question use a system that is already locked down to an effect. They also would not know how to reverse the changes. All we want to do is stop them double clicking and changing the time/date. – Chester Nov 29 '12 at 14:41

1 Answers1

1

You would use a group policy to apply these settings to all computers involved.

Install and open up the Group Policy Editor for the domain, and create a new policy for the OU that holds all these computers.
Optionally add all computers this should apply to to a separate group, say CompPolNoChangeTime.

Then apply the group policy only to this group of computers via the "Scope" tab.

When each computer restarts, the policy is applied.

adaptr
  • 16,576
  • 23
  • 34
  • Sorry but I am still learning so excuse my ignorance. All we want to do is dial onto each site and run a batch script to do the above. I sort of understand what you are saying but we really just wan to do this for each individual pc via a script. Many Thanks. – Chester Nov 29 '12 at 11:05
  • So I guess that the computers in question are not part of any domain, but instead all stand alone clients? – Sandokan Nov 29 '12 at 12:26
  • Yes thats correct – Chester Nov 29 '12 at 12:44