Windows: The Sands of the Time Zone

by: rudyoomsPosted on:

Last Updated on February 2, 2024 by rudyooms

This blog will be about some Windows Time sync/Zone issues during OOBE | Autopilot, and how to deal with them.

I guess it’s “time” to make sure your device always has the proper time (zone) set because having time issues on the device is bad but having time issues during Autopilot could even be worse.

What options do we have to change the time zone ourselves or how can we make sure it is automatically configured?

I will divide this blog into multiple parts

  1. Time changing privileges
  2. When does it sync?
  3. Fixing Time syncing/Zone issues

1. Time Changing Privileges

Let’s start with how we can change it ourselves to get some background information about how the time sync should work. If everything is working as it should, it’s great! but what if it is summertime again and some Windows 10 devices did not automatically change the system time?

When you do have admin privileges (why???) you can manually sync the time, but you don’t have this luxury if you’re a user without admin privileges.

2. When does it sync?

Okay, when we want to change the time by ourselves we need admin permissions. But we also need to ask ourselves the question if it also happens automatically. Yes, it does… By default, the Windows Time service checks the time about every 9 hours (2 to the 15th power = 32,768 seconds) 9 Hours, that’s a really really long time to wait!

So we need to come up with a simple solution. Like always, we have a lot of options to choose from, let’s look at some of them

3. Fixing the Time Syncing/Zone issues!

Luckily we have 6 nice options for how we could solve the time sync/zone issues!

Option 1:

  • Changing the maxpollinterval/minpollinterval to change the 15th power or creating a specialpollinterval

HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config\MaxPollInterval = 15 (default)

HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config\SpecialPollInterval

Option 2:

  • Creating a Powershell script in Intune to configure the Windows time service to start automatically instead of manually?

Set-Service W32time -startuptype automatic

Start-Service W32time

Option 3:

  • Another possibility would be giving the user the privilege to change the time themselves if Windows 10 won’t do it for them. You could create a CSP

./Device/Vendor/MSFT/Policy/Config/UserRights/ChangeSystemTime

*S-1-5-19*S-1-5-32-544*S-1-5-32-545

As shown above, I am using the SID instead of the group name, because it could differ with each language.

Please note, giving the user the privilege to change the time, will NOT give them the possibility to start the time sync manually but they can change the clock the old-school way.

Option 4:

  • Another option would be to create a Powershell Script which creates a scheduled task to trigger the time sync each hour.

schtasks /Create /F /RU SYSTEM /RL HIGHEST /SC HOURLY /TN Timesync /TR “cmd /c w32tm /resync”

schtasks /run /I /TN timesync

Option 5:

When configuring/solving the time sync issues.. please pretty please with sugar on top, don’t forget to configure the network time protocol 🙂

Option 6:

When you want to make sure your Time is syncing with the proper Time Zone, you could easily configure a CSP to define the Time Zone. In this example below, I am defining the W. Europe Standard Time Zone

You could check out which Time Zone you need to configure by using the PowerShell command: get-timezone

  • OMA-URI: ./Device/Vendor/MSFT/Policy/Config/TimeLanguageSettings/ConfigureTimeZone
  • Data type: Select String;
  • Value: W. Europe Standard Time

Option 7:

Did you ever experience a weird issue when you configured the Time Zone and it suddenly reverted back to another TimeZone?

Please check out if Location Services is enabled. You could enable the Location services with this PowerShell Script. It configures all requirements and will make sure the location service is started

Set-ItemProperty -path "HKLM:\SYSTEM\CurrentControlSet\Services\tzautoupdate" -Name Start -Value 3 -Type DWord
New-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location" -Force | Out-Null
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location" -Name "Value" -Type "String" -Value "Allow" 
Set-ItemProperty -path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Sensor\Overrides\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}" -Name "SensorPermissionState" -Type "DWord" -Value 1 -Force
Start-Service -Name "lfsvc"
w32tm /resync

Conclusion:

You don’t have to choose only 1 solution, you could combine them. We configured the W32 time service to start automatically and we created the CSP, so users could change the time themselves if needed.

Changing the system clock without the need to be an admin is yet another reason why users really don’t need to have admin privileges. The list of what you can do without admin privileges is becoming very large.

LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked *

68  +    =  71