Last Updated on February 28, 2023 by rudyooms

This blog will be about some Windows Time sync/Zone issues during OOBE | Autopilot, and how to deal with them.

Today some customers called because they were having some Time sync issues. It wasn’t a coincidence that it was summertime again! So it’s “time” for Windows to make sure your clock is adjusted to the summertime. Luckily Windows has a built-in mechanism to configure the clock/time automatically for you.

I will divide this blog into multiple parts

1. Time changing privileges
2. When does it sync?
3. Fixing Time syncing/Zone issues

1. Time Changing Privileges

If everything is working as it should, it’s great! but like I said, yesterday some customers called, their Windows 10 devices did not automatically change the system time!

When you do have admin privileges (why???) you can manually sync the time, but you don’t have this luxury if you’re a user without admin privileges.

2. When does it sync?

Okay, when we want to change the time by ourselves we need admin permissions. But we also need to ask ourselves the question if it also happens automatically. Yes, it does… By default, the Windows Time service checks the time about every 9 hours (2 to the 15th power = 32,768 seconds) 9 Hours, that’s a really really long time to wait!

So we need to come up with a simple solution. Like always, we have a lot of options to choose from, let’s look at some of them

3. Fixing the Time Syncing/Zone issues!

But luckily we have 6 nice options for how we could solve this problem and start doing some time syncing!

3.1: Option 1:

• We could simply ask the customer to have some patience? But that’s not really user-friendly I guess.

3.2: Option 2:

• Changing the maxpollinterval/minpollinterval to change the 15^th power or creating a specialpollinterval

HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config\MaxPollInterval = 15 (default)

HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config\SpecialPollInterval

3.3: Option 3:

• Creating a Powershell script in Intune to configure the Windows time service to start automatically instead of manual?

Set-Service W32time -startuptype automatic

Start-Service W32time

3.4: Option 4:

• Another possibility would be giving the user the privilege to change the time themselves if Windows 10 won’t do it for you. You could create a CSP

./Device/Vendor/MSFT/Policy/Config/UserRights/ChangeSystemTime

*S-1-5-19*S-1-5-32-544*S-1-5-32-545

 As shown above I am using the SID instead of the group name, because it could differ with each language.

Please note, giving the user the privilege to change the time, will NOT give them the possibility to start the time sync manually but they can change the clock the old-school way.

3.5: Option 5:

• Another option would be to create a Powershell Script which creates a scheduled task to trigger the time sync each hour.

schtasks /Create /F /RU SYSTEM /RL HIGHEST /SC HOURLY /TN Timesync /TR “cmd /c w32tm /resync”

schtasks /run /I /TN timesync

3.6: Option 6:

When configuring/solving the time sync issues.. please pretty please with sugar on top, don’t forget to configure the network time protocol 🙂

3.7: Option 7:

When you want to make sure your Time is syncing with the proper Time Zone, you could easily configure a CSP to define the Time Zone. In this example below, I am defining the W. Europe Standard Time Zone

You could check out which Time Zone you need to configure by using the PowerShell command: get-timezone

• OMA-URI: ./Device/Vendor/MSFT/Policy/Config/TimeLanguageSettings/ConfigureTimeZone
• Data type: Select String;
• Value: W. Europe Standard Time

3.8: Option 8:

Did you ever experience a weird issue when you configured the Time Zone and suddenly it reverted back to another TimeZone?

Please check out if Location Services is enabled. You could enable the Location services with this PowerShell Script. It configures all requirements and will make sure the location service is started

Set-ItemProperty -path "HKLM:\SYSTEM\CurrentControlSet\Services\tzautoupdate" -Name Start -Value 3 -Type DWord
New-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location" -Force | Out-Null
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location" -Name "Value" -Type "String" -Value "Allow" 
Set-ItemProperty -path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Sensor\Overrides\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}" -Name "SensorPermissionState" -Type "DWord" -Value 1 -Force
Start-Service -Name "lfsvc"
w32tm /resync

Conclusion:

You don’t have to choose only 1 solution, you could combine them. We configured the W32 time service to start automatically and we created the CSP, so users could change the time themselves if needed.

Changing the system clock without the need to be an admin is yet another reason why users really don’t need to have admin privileges. The list of what you can do without admin privileges is becoming very large.