Prevent application changing system time

  • Thread starter Thread starter Steve
  • Start date Start date
S

Steve

Hello,

We have some 3rd party applications that run on our server
and appear to sometimes change the system date and time.

Is there a way to configure Windows to prevent an
application from having the permissions or access rights
to this?

Thanks,

Steve
 
Can you run the application using an account that doesn't have the right to
modify time?
 
The users that log in do not have rights to change the
time (double-clicking on the clock in the system tray
gives the Restrictions message "This operation has been
cancelled due to restrictions in effect on this
computer.").

However, when they run this particular application, it
somehow can change the date and time. The application is
an ancient DOS executable (compiled from Microsoft Basic
Professional Development System (PDS) version 7.10)

Is this application avoiding Windows security, or is there
another security setting I am missing?

Regards,

Steve
 
The users that log in do not have rights to change the
time (double-clicking on the clock in the system tray
gives the Restrictions message "This operation has been
cancelled due to restrictions in effect on this
computer.").

However, when they run this particular application, it
somehow can change the date and time. The application is
an ancient DOS executable (compiled from Microsoft Basic
Professional Development System (PDS) version 7.10)
Nasty.


Is this application avoiding Windows security, or is there
another security setting I am missing?
Click to expand...

Good question, do you have access to the code involved? What about running
it with a debbugger? Normally the HAL should prevent direct access to
hardware, but you might be able to pin down how the code is modifying time
by using some of the utilities at www.sysinternals.com. AccessEnum, RegMon
and TokenMon.
 
Steve said:
I've found a bit more out: I created a new user with no
rights to change the clock, then ran a test program under
this context to change the clock - it failed. I then ran
the suspect software, and the clock did not change *BUT*
the reports it produced were *DIFFERENT* from when it ran
in a context where it *could* change the clock.
Click to expand...

Thanks for feedback. Take note that if the developer does anounce the
application as W2K-compliant, there should be no way that an application
should be allowed to modify time on the system regardless of what rights are
given to interactive user. I'm sure you'll agree. Time in W2K is more
critical than a heartbeat.
 
Back
Top