setlocaltime failed ERROR_PRIVILEGE_NOT_HELD 1314 (0x522) A required privilege is not held by the client

Boyd Mills 21 Reputation points
2021-02-26T22:16:15.417+00:00

I have the Local Security Policies:

  • Change the system time Everyone, Local Service, Administrators, Users
  • Change the time zone Everyone, Local Service, Administrators, Users
  • Replace a process level token Everyone, Local Service, Network Service

Yet when I run as a regular User and my application calls SetLocalTime, it fails with: ERROR_PRIVILEGE_NOT_HELD 1314 (0x522) A required privilege is not held by the client

This has worked on Windows 2K, Windows XP, Windows Vista, Windows 7; but not on Windows 10!!!!! Please advise.

Windows API - Win32
Windows API - Win32
A core set of Windows application programming interfaces (APIs) for desktop and server applications. Previously known as Win32 API.
2,479 questions
{count} votes

3 answers

Sort by: Most helpful
  1. Viorel 113.8K Reputation points
    2021-02-27T06:59:43.85+00:00

    Check the documentation for SetLocalTime and see an example of adjusting SE_SYSTEMTIME_NAME privilege for SetSystemTimeAdjustmentPrecise function: https://learn.microsoft.com/en-us/windows/win32/api/sysinfoapi/nf-sysinfoapi-setsystemtimeadjustmentprecise. It is probably required for SetLocalTime too.


  2. Castorix31 82,406 Reputation points
    2021-02-28T08:52:52.053+00:00

    I did some tests on Windows 10 with the privilege added with SecPol.msc
    and it only worked when the app is run as Admin
    (with a Manifest and
    requireAdministrator (/level='requireAdministrator'),
    otherwise I receive ERROR_NOT_ALL_ASSIGNED when I try to enable the SE_SYSTEMTIME_NAME privilege with AdjustTokenPrivileges


  3. Kris Kazmar 21 Reputation points
    2022-06-02T05:56:34.277+00:00

    Our application on Windows 10 IoT Enterprise has an OPC UA Server, which needs to update daily (unattended) the computer time/date from an Edge server. This mechanism needs to set the system time, set the bias between system and local time, and disable daylight saving time. Disabling DST works and for this reason I believe setting the bias will work (same call), but I get a 1314 error when setting the time with the below code. I would like to see an answer to this ongoing question. The program is run by a user with admin privilege and UAC is already disabled. The SetSystemTime() returns 1314. How is this resolved for an unattended user privilege program run on a Windows 10 IoT Enterprise (LTSC 2019/2021) device? SetLocalTime() returns the same error of 1314.

    // 
    // Function:
    //  OpcUaSetUtcDateTime()
    //
    // Description:
    //  This function sets the UTC date/time and the UTC minus local time minutes
    //  offset.
    //
    // Format:
    //  void OpcUaSetUtcDateTime(unsigned short Year, unsigned char Month,
    //      unsigned char Day, unsigned char Hour, unsigned char Minute,
    //      unsigned char Second, short UtcMinusLocalMinutesOffset)
    //
    //  UtcMinusLocalMinutesOffset - UTC minus local time minutes offset
    //
    //  UTC = local time + UtcMinusLocalMinutesOffset
    //  UtcMinusLocalMinutesOffset = UTC - local time
    //
    // Returns:
    //  Returns 0 if successful and -1 otherwise
    //
    int OpcUaSetUtcDateTime(unsigned short Year, unsigned char Month, unsigned char Day,
        unsigned char Hour, unsigned char Minute, unsigned char Second,
        short UtcMinusLocalMinutesOffset)
    {
        // Bounds check the minutes offset
        short MaxOffset = 12 * 60;
        short MinOffset = -14 * 60;
        if (UtcMinusLocalMinutesOffset > MaxOffset)
            UtcMinusLocalMinutesOffset = MaxOffset;
        else if (UtcMinusLocalMinutesOffset < MinOffset)
            UtcMinusLocalMinutesOffset = MinOffset;
    
        // Get the token to elevate the privilege
        HANDLE TokenHndl;
        if (OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
            &TokenHndl) == 0)
        {
            LogEvtMsg(__FILE__, __LINE__, EVT_MSG_SEV_ERR, "Error invoking OpenProcessToken() - %u", GetLastError());
            return(-1);
        }
    
        // Lookup the privilege for setting the time zone info
        TOKEN_PRIVILEGES TokenPriv;
        if (LookupPrivilegeValue(NULL, SE_TIME_ZONE_NAME,
            &TokenPriv.Privileges[0].Luid) == 0)
        {
            LogEvtMsg(__FILE__, __LINE__, EVT_MSG_SEV_ERR, "Error invoking LookupPrivilegeValue() - %u", GetLastError());
            CloseHandle(TokenHndl);
            return(-1);
        }
    
        // Elevate the privilege for setting the time zone info
        TokenPriv.PrivilegeCount = 1;
        TokenPriv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
        if (AdjustTokenPrivileges(TokenHndl, FALSE, &TokenPriv, 0,
            (PTOKEN_PRIVILEGES)NULL, 0) == 0)
        {
            LogEvtMsg(__FILE__, __LINE__, EVT_MSG_SEV_ERR, "Error invoking AdjustTokenPrivileges() - %u", GetLastError());
            CloseHandle(TokenHndl);
            return(-1);
        }
    
        // Get the time zone info
        DYNAMIC_TIME_ZONE_INFORMATION TimeZoneInfo;
        ZeroMemory(&TimeZoneInfo, sizeof(TimeZoneInfo));
        if (GetDynamicTimeZoneInformation(&TimeZoneInfo) == TIME_ZONE_ID_INVALID)
            TimeZoneInfo.Bias = -UtcMinusLocalMinutesOffset;
    
        // Disable DST if not already
        bool Updated = false;
        if (TimeZoneInfo.DynamicDaylightTimeDisabled == false)
        {
            Updated = true;
            TimeZoneInfo.DynamicDaylightTimeDisabled = true;
        }
    
        // Set the local time minutes offset
        LONG Bias = UtcMinusLocalMinutesOffset;
        if (TimeZoneInfo.Bias != Bias)
        {
            Updated = true;
            TimeZoneInfo.Bias = Bias;
        }
    
        // Clear the remaining structure
        TimeZoneInfo.StandardBias = 0;
        TimeZoneInfo.StandardName[0] = 0;
        TimeZoneInfo.StandardDate.wDay = 0;
        TimeZoneInfo.StandardDate.wDayOfWeek = 0;
        TimeZoneInfo.StandardDate.wHour = 0;
        TimeZoneInfo.StandardDate.wMilliseconds = 0;
        TimeZoneInfo.StandardDate.wMinute = 0;
        TimeZoneInfo.StandardDate.wMonth = 0;
        TimeZoneInfo.StandardDate.wSecond = 0;
        TimeZoneInfo.StandardDate.wYear = 0;
    
        TimeZoneInfo.DaylightBias = 0;
        TimeZoneInfo.DaylightName[0] = 0;
        TimeZoneInfo.DaylightDate.wDay = 0;
        TimeZoneInfo.DaylightDate.wDayOfWeek = 0;
        TimeZoneInfo.DaylightDate.wHour = 0;
        TimeZoneInfo.DaylightDate.wMilliseconds = 0;
        TimeZoneInfo.DaylightDate.wMinute = 0;
        TimeZoneInfo.DaylightDate.wMonth = 0;
        TimeZoneInfo.DaylightDate.wSecond = 0;
        TimeZoneInfo.DaylightDate.wYear = 0;
    
        int RetCode = 0;
    
        // Set the time zone info
        if (Updated)
            if (SetDynamicTimeZoneInformation(&TimeZoneInfo) == 0)
            {
                RetCode = -1;
                LogEvtMsg(__FILE__, __LINE__, EVT_MSG_SEV_ERR, "Error invoking SetDynamicTimeZoneInformation() - %u", GetLastError());
            }
    
        // De-elevate the privilege for setting the time zone info
        TokenPriv.Privileges[0].Attributes = NULL;
        if (AdjustTokenPrivileges(TokenHndl, FALSE, &TokenPriv, 0,
            (PTOKEN_PRIVILEGES)NULL, 0) == 0)
        {
            LogEvtMsg(__FILE__, __LINE__, EVT_MSG_SEV_ERR, “Error invoking AdjustTokenPrivileges() - %u", GetLastError());
            CloseHandle(TokenHndl);
            return(-1);
        }
    
        // Lookup the privilege for setting the time
        if (LookupPrivilegeValue(NULL, SE_SYSTEMTIME_NAME,
            &TokenPriv.Privileges[0].Luid) == 0)
        {
            LogEvtMsg(__FILE__, __LINE__, EVT_MSG_SEV_ERR, "Error invoking LookupPrivilegeValue() - %u", GetLastError());
            CloseHandle(TokenHndl);
            return(-1);
        }
    
        // Elevate the privilege for setting the time
        TokenPriv.PrivilegeCount = 1;
        TokenPriv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
        if (AdjustTokenPrivileges(TokenHndl, FALSE, &TokenPriv, 0,
            (PTOKEN_PRIVILEGES)NULL, 0) == 0)
        {
            LogEvtMsg(__FILE__, __LINE__, EVT_MSG_SEV_ERR, "Error invoking AdjustTokenPrivileges() - %u", GetLastError());
            CloseHandle(TokenHndl);
            return(-1);
        }
    
        // Set the UTC time and date
        SYSTEMTIME SystemTime;
        SystemTime.wMilliseconds = 0;
        SystemTime.wDayOfWeek = 0;
        SystemTime.wYear = (WORD)Year;
        SystemTime.wMonth = (WORD)Month;
        SystemTime.wDay = (WORD)Day;
        SystemTime.wHour = (WORD)Hour;
        SystemTime.wMinute = (WORD)Minute;
        SystemTime.wSecond = (WORD)Second;
        if (SetSystemTime(&SystemTime) == 0)
        {
            RetCode = -1;
            LogEvtMsg(__FILE__, __LINE__, EVT_MSG_SEV_ERR, "Error invoking SetSystemTime() - %u", GetLastError());
        }
    
        // De-elevate the privilege for setting the time
        TokenPriv.Privileges[0].Attributes = NULL;
        if (AdjustTokenPrivileges(TokenHndl, FALSE, &TokenPriv, 0,
            (PTOKEN_PRIVILEGES)NULL, 0) == 0)
        {
            LogEvtMsg(__FILE__, __LINE__, EVT_MSG_SEV_ERR, "Error invoking AdjustTokenPrivileges() - %u", GetLastError());
            CloseHandle(TokenHndl);
            return(-1);
        }
    
        // Close the token to elevate the privilege
        CloseHandle(TokenHndl);
    
        return(RetCode);
    }
    
    0 comments No comments