0

So I've read a few questions regarding setting the system time on Windows 10 and the requirement to either have the process elevated or disabling the UAC on the machine. The issue I face is that I am not able to do either.

So to give clarity, I'm have a WinForms application that has to run as a standard user as the machine is an unattended terminal that automatically logs in and executes the application using the Startup folder to execute the application. Once the application is open it performs some operations of which one is retrieving a DateTime value from the server (a RESTful API) and needs to persist this value to the system. I know that this is sort of "reinventing the wheel", but this is what the customer wants as they don't wish to use SNTP and disabling the UAC is out of the question as it creates security holes and the network/system admin will not allow this to be done.

So now I've gone ahead and updated the Group Policy for "Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment > Change the system time" to include "Everyone", yet I'm still receiving an Error 1314 when I call public static extern bool SetSystemTime(ref SYSTEMTIME st) from the imported DLL [DllImport("kernel32.dll", SetLastError = true)].

An idea was to set the system time using a Windows Service that is installed with admin privileges that would be able to update the system time no problem, yet the OnCustomCommand only allows for the passing of a single integer value per command type and won't allow for extra parameters without writing some inter-process communication or pipeline for changing the system time to the provided value.

Am I missing something or is there no simple, easy, clean and safe way to perform this action or would it be best that the client just put aside preferences and use SNTP?

Thank you in advance.

Loathing
  • 5,109
  • 3
  • 24
  • 35
Joandre Tait
  • 23
  • 1
  • 8
  • Did the client say _why_ they don't want to use the normal approach? This all seems very convoluted. And there's a danger of the clock becoming out of sync again over time. – ADyson Sep 14 '20 at 13:49
  • P.S. If you really have to do this, you could pass data to the background service simply by writing it to a file, and telling the service to look in that file for the data. Or...just don't use a winforms app at all. Basically you could write your service to be something that's installed on every machine that needs it, runs in the background constantly, gets the data from the API on a regular basis and updates the system time. So basically an alternative to SNTP (albeit probably lower-quality overall, but does a similar job). – ADyson Sep 14 '20 at 13:49
  • @ADyson The file system solution that you're giving is quite a good one and I don't know why I did not think of it before (I guess like you say it is not a very good/clean solution to the issue). The big idea behind it all is to do a time sync just before other operations run so that the server and client have the same time before "OP_X" occurs. Although the customer has an issue with SNTP as they don't want "extra" internet operations running on the system. Also I guess they had the things configured wrong in the past and now "had bad experience using it" – Joandre Tait Sep 14 '20 at 13:56
  • "they don't want "extra" internet operations running on the system"...lol never heard that one before. It's so trivial that it's really not going to hurt their bandwidth. And having accurate time is certainly a price worth paying, especially if, as you described, they have some time-critical tasks the machines must perform. Also, do they realise that your solution (and, indeed, any useful solution) also involves making requests to the internet?? If it were me I'd call them out on this and just tell them to use what everyone else uses because it works perfectly well for 99.9999% of the world. – ADyson Sep 14 '20 at 13:59
  • (And if you couldn't persuade them simply by talking and explaining the facts, then, assuming you don't have too much competition for this work, you could make your custom solution ridiculously expensive as an extra incentive to do the sensible thing...) – ADyson Sep 14 '20 at 14:01
  • @ADyson Yes they are aware that the API is performing over the internet, although I think this actually boils down to ignorance and not wanting to change. I get what you say and it is a frustration for myself as well, yet I've learned with these guys that you just do the thing they want like they want it or see yourself replaced. Unfortunately I don't charge per solution as this is a day job, yet jumping through their hoops taught me a lot of other things. I guess that this is a bonus as I learn to skin cats differently to the rest each time I do a piece of code for them. – Joandre Tait Sep 14 '20 at 14:06
  • Ok I see. Maybe you just have to go with the "I don't recommend this solution at all but will do it if you really want me to" approach, and make sure you get an email from them proving that they acknowledge this, so that if/when something goes wrong, and/or they decide they want to use SNTP after all, you can prove that you warned them and they went ahead anyway. This tactic works in my organisation whenever someone senior insists that we do something ridiculous and then tries to blame us for the results :-). – ADyson Sep 14 '20 at 14:08
  • 1
    I see, thank you for the advice and assistance @ADyson – Joandre Tait Sep 14 '20 at 14:33
  • Another approach is Scheduled events. See https://superuser.com/questions/770420/schedule-a-task-with-admin-privileges-without-a-user-prompt-in-windows-7 – Jason Sep 14 '20 at 15:10

1 Answers1

1

Thanks to @ADyson for the comment:

"P.S. If you really have to do this, you could pass data to the background service simply by writing it to a file, and telling the service to look in that file for the data. Or...just don't use a winforms app at all. Basically you could write your service to be something that's installed on every machine that needs it, runs in the background constantly, gets the data from the API on a regular basis and updates the system time. So basically an alternative to SNTP (albeit probably lower-quality overall, but does a similar job)."

This will literally be the best solution to easily and quickly implement the required functionality. I know it is not "the right way", but for the requirements and constraints, it is "the best way".

Joandre Tait
  • 23
  • 1
  • 8
  • You do know _NTP is already installed (and running!) in Windows out of the box_, right? All you have to do is get your clients and server looking at the same NTP source, and their clocks will stay in sync to within a few milliseconds. There's nothing "extra" to using it... just a registry setting to tell them where you want them to look. – Joel Coehoorn Sep 15 '20 at 02:36
  • @JoelCoehoorn I had a look at this and thought 'uh duh', but I think they are going to deactivate this on the settings and have it work this other way around. To be honest at this point I don't know what they're excuses or reasons are for wanting to be different – Joandre Tait Sep 21 '20 at 20:46