Windows: The Sands of the Time Zone

by: rudyoomsPosted on:

Last Updated on July 26, 2024 by rudyooms

This blog will discuss some Windows Time sync/Zone issues on your Windows devices and how to deal with them.

1. Introduction

I guess it’s “time” to ensure your device always has the proper time (zone) set because having time issues on the device is terrible, but having time issues during Autopilot could even be worse.

I recommend reading this blog to learn more about fixing time zone issues during Windows Autopilot.

What options do we have to change the time zone ourselves, or how can we ensure it is automatically configured? Let’s find out, shall we ?

2. Time Changing Privileges

Let’s start by changing it ourselves to get some background information about how the time sync should work. If everything is working as it should, it’s great! But what if it is summertime again and some Windows 10 devices do not automatically change the system time?

When we have admin privileges (why???), you can manually sync the time, but you don’t have this luxury if you’re a user without admin privileges.

3. When does it sync?

Okay, when we want to change the time ourselves, we need admin permissions. But we also need to ask ourselves if it happens automatically. Yes, it does. By default, the Windows Time service checks the time about every 9 hours (2 to the 15th power = 32,768 seconds). 9 Hours—that’s a really, really long time to wait!

So, we need to come up with a simple solution. Like always, we have many options to choose from, let’s look at some of them.

4. Fixing the Time Syncing/Zone issues!

Luckily, we have six excellent options for solving the time sync/zone issues!

Option 1:

  • Changing the maxpollinterval/minpollinterval to change the 15th power or creating a specialpollinterval

HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config\MaxPollInterval = 15 (default)

HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config\SpecialPollInterval

Option 2:

  • Creating a Powershell script in Intune to configure the Windows time service to start automatically instead of manually?

Set-Service W32time -startuptype automatic

Start-Service W32time

Option 3:

  • Another possibility would be allowing users to change their time if Windows 10 doesn’t do it for them. You could create a CSP

./Device/Vendor/MSFT/Policy/Config/UserRights/ChangeSystemTime

*S-1-5-19*S-1-5-32-544*S-1-5-32-545

As shown above, I am using the SID instead of the group name because the latter could differ between languages.

Please note that giving the user the privilege to change the time will NOT give them the possibility to start the time sync manually; they can change the clock the old-school way.

Option 4:

  • Another option would be to create a Powershell Script which creates a scheduled task to trigger the time sync each hour.

schtasks /Create /F /RU SYSTEM /RL HIGHEST /SC HOURLY /TN Timesync /TR “cmd /c w32tm /resync”

schtasks /run /I /TN timesync

Option 5:

When configuring/solving the time sync issues.. please pretty please with sugar on top, don’t forget to configure the network time protocol 🙂

Option 6:

When you want to make sure your Time is syncing with the proper Time Zone, you could easily configure a CSP to define the Time Zone. In this example below, I am defining the W. Europe Standard Time Zone

You could check out which Time Zone you need to configure by using the PowerShell command: get-timezone

  • OMA-URI: ./Device/Vendor/MSFT/Policy/Config/TimeLanguageSettings/ConfigureTimeZone
  • Data type: Select String;
  • Value: W. Europe Standard Time

Option 7:

Did you ever experience a weird issue when you configured the Time Zone and it suddenly reverted back to another Time Zone?

Please check out if Location Services is enabled. You can enable the location services with this PowerShell Script. It configures all requirements and will make sure the location service is started.


New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Force | Out-Null
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Name "LetAppsAccessLocation" -Value 1 -Type DWord -Force
New-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location" -Force | Out-Null
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location" -Name "Value" -Type "String" -Value "Allow" 
Set-ItemProperty -path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Sensor\Overrides\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}" -Name "SensorPermissionState" -Type "DWord" -Value 1 -Force
Set-Service -Name "tzautoupdate" -StartupType Automatic; Start-Service -Name "tzautoupdate"
Start-Service -Name "lfsvc"
w32tm /resync

Conclusion:

You don’t have to choose only one solution; you could combine them. We configured the W32 time service to start automatically and created the CSP so users could change the time themselves if needed.

Changing the system clock without needing to be an admin is another reason why users don’t need admin privileges. The list of what you can do without admin privileges is very large.

LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked *

23  +    =  24