setlocaltime failed ERROR_PRIVILEGE_NOT_HELD 1314 (0x522) A required privilege is not held by the client

Boyd Mills 21 Reputation points
2021-02-26T22:16:15.417+00:00

I have the Local Security Policies:

  • Change the system time Everyone, Local Service, Administrators, Users
  • Change the time zone Everyone, Local Service, Administrators, Users
  • Replace a process level token Everyone, Local Service, Network Service

Yet when I run as a regular User and my application calls SetLocalTime, it fails with: ERROR_PRIVILEGE_NOT_HELD 1314 (0x522) A required privilege is not held by the client

This has worked on Windows 2K, Windows XP, Windows Vista, Windows 7; but not on Windows 10!!!!! Please advise.

Windows API - Win32
Windows API - Win32
A core set of Windows application programming interfaces (APIs) for desktop and server applications. Previously known as Win32 API.
2,422 questions

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Viorel 112.1K Reputation points
    2021-02-27T06:59:43.85+00:00

    Check the documentation for SetLocalTime and see an example of adjusting SE_SYSTEMTIME_NAME privilege for SetSystemTimeAdjustmentPrecise function: https://learn.microsoft.com/en-us/windows/win32/api/sysinfoapi/nf-sysinfoapi-setsystemtimeadjustmentprecise. It is probably required for SetLocalTime too.

  2. Castorix31 81,726 Reputation points
    2021-02-28T08:52:52.053+00:00

    I did some tests on Windows 10 with the privilege added with SecPol.msc
    and it only worked when the app is run as Admin
    (with a Manifest and
    requireAdministrator (/level='requireAdministrator'),
    otherwise I receive ERROR_NOT_ALL_ASSIGNED when I try to enable the SE_SYSTEMTIME_NAME privilege with AdjustTokenPrivileges

  3. Kris Kazmar 21 Reputation points
    2022-06-02T05:56:34.277+00:00

    Our application on Windows 10 IoT Enterprise has an OPC UA Server, which needs to update daily (unattended) the computer time/date from an Edge server. This mechanism needs to set the system time, set the bias between system and local time, and disable daylight saving time. Disabling DST works and for this reason I believe setting the bias will work (same call), but I get a 1314 error when setting the time with the below code. I would like to see an answer to this ongoing question. The program is run by a user with admin privilege and UAC is already disabled. The SetSystemTime() returns 1314. How is this resolved for an unattended user privilege program run on a Windows 10 IoT Enterprise (LTSC 2019/2021) device? SetLocalTime() returns the same error of 1314.

    // 
// Function:
//  OpcUaSetUtcDateTime()
//
// Description:
//  This function sets the UTC date/time and the UTC minus local time minutes
//  offset.
//
// Format:
//  void OpcUaSetUtcDateTime(unsigned short Year, unsigned char Month,
//      unsigned char Day, unsigned char Hour, unsigned char Minute,
//      unsigned char Second, short UtcMinusLocalMinutesOffset)
//
//  UtcMinusLocalMinutesOffset - UTC minus local time minutes offset
//
//  UTC = local time + UtcMinusLocalMinutesOffset
//  UtcMinusLocalMinutesOffset = UTC - local time
//
// Returns:
//  Returns 0 if successful and -1 otherwise
//
int OpcUaSetUtcDateTime(unsigned short Year, unsigned char Month, unsigned char Day,
    unsigned char Hour, unsigned char Minute, unsigned char Second,
    short UtcMinusLocalMinutesOffset)
{
    // Bounds check the minutes offset
    short MaxOffset = 12 * 60;
    short MinOffset = -14 * 60;
    if (UtcMinusLocalMinutesOffset > MaxOffset)
        UtcMinusLocalMinutesOffset = MaxOffset;
    else if (UtcMinusLocalMinutesOffset < MinOffset)
        UtcMinusLocalMinutesOffset = MinOffset;

    // Get the token to elevate the privilege
    HANDLE TokenHndl;
    if (OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
        &TokenHndl) == 0)
    {
        LogEvtMsg(__FILE__, __LINE__, EVT_MSG_SEV_ERR, "Error invoking OpenProcessToken() - %u", GetLastError());
        return(-1);
    }

    // Lookup the privilege for setting the time zone info
    TOKEN_PRIVILEGES TokenPriv;
    if (LookupPrivilegeValue(NULL, SE_TIME_ZONE_NAME,
        &TokenPriv.Privileges[0].Luid) == 0)
    {
        LogEvtMsg(__FILE__, __LINE__, EVT_MSG_SEV_ERR, "Error invoking LookupPrivilegeValue() - %u", GetLastError());
        CloseHandle(TokenHndl);
        return(-1);
    }

    // Elevate the privilege for setting the time zone info
    TokenPriv.PrivilegeCount = 1;
    TokenPriv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
    if (AdjustTokenPrivileges(TokenHndl, FALSE, &TokenPriv, 0,
        (PTOKEN_PRIVILEGES)NULL, 0) == 0)
    {
        LogEvtMsg(__FILE__, __LINE__, EVT_MSG_SEV_ERR, "Error invoking AdjustTokenPrivileges() - %u", GetLastError());
        CloseHandle(TokenHndl);
        return(-1);
    }

    // Get the time zone info
    DYNAMIC_TIME_ZONE_INFORMATION TimeZoneInfo;
    ZeroMemory(&TimeZoneInfo, sizeof(TimeZoneInfo));
    if (GetDynamicTimeZoneInformation(&TimeZoneInfo) == TIME_ZONE_ID_INVALID)
        TimeZoneInfo.Bias = -UtcMinusLocalMinutesOffset;

    // Disable DST if not already
    bool Updated = false;
    if (TimeZoneInfo.DynamicDaylightTimeDisabled == false)
    {
        Updated = true;
        TimeZoneInfo.DynamicDaylightTimeDisabled = true;
    }

    // Set the local time minutes offset
    LONG Bias = UtcMinusLocalMinutesOffset;
    if (TimeZoneInfo.Bias != Bias)
    {
        Updated = true;
        TimeZoneInfo.Bias = Bias;
    }

    // Clear the remaining structure
    TimeZoneInfo.StandardBias = 0;
    TimeZoneInfo.StandardName[0] = 0;
    TimeZoneInfo.StandardDate.wDay = 0;
    TimeZoneInfo.StandardDate.wDayOfWeek = 0;
    TimeZoneInfo.StandardDate.wHour = 0;
    TimeZoneInfo.StandardDate.wMilliseconds = 0;
    TimeZoneInfo.StandardDate.wMinute = 0;
    TimeZoneInfo.StandardDate.wMonth = 0;
    TimeZoneInfo.StandardDate.wSecond = 0;
    TimeZoneInfo.StandardDate.wYear = 0;

    TimeZoneInfo.DaylightBias = 0;
    TimeZoneInfo.DaylightName[0] = 0;
    TimeZoneInfo.DaylightDate.wDay = 0;
    TimeZoneInfo.DaylightDate.wDayOfWeek = 0;
    TimeZoneInfo.DaylightDate.wHour = 0;
    TimeZoneInfo.DaylightDate.wMilliseconds = 0;
    TimeZoneInfo.DaylightDate.wMinute = 0;
    TimeZoneInfo.DaylightDate.wMonth = 0;
    TimeZoneInfo.DaylightDate.wSecond = 0;
    TimeZoneInfo.DaylightDate.wYear = 0;

    int RetCode = 0;

    // Set the time zone info
    if (Updated)
        if (SetDynamicTimeZoneInformation(&TimeZoneInfo) == 0)
        {
            RetCode = -1;
            LogEvtMsg(__FILE__, __LINE__, EVT_MSG_SEV_ERR, "Error invoking SetDynamicTimeZoneInformation() - %u", GetLastError());
        }

    // De-elevate the privilege for setting the time zone info
    TokenPriv.Privileges[0].Attributes = NULL;
    if (AdjustTokenPrivileges(TokenHndl, FALSE, &TokenPriv, 0,
        (PTOKEN_PRIVILEGES)NULL, 0) == 0)
    {
        LogEvtMsg(__FILE__, __LINE__, EVT_MSG_SEV_ERR, “Error invoking AdjustTokenPrivileges() - %u", GetLastError());
        CloseHandle(TokenHndl);
        return(-1);
    }

    // Lookup the privilege for setting the time
    if (LookupPrivilegeValue(NULL, SE_SYSTEMTIME_NAME,
        &TokenPriv.Privileges[0].Luid) == 0)
    {
        LogEvtMsg(__FILE__, __LINE__, EVT_MSG_SEV_ERR, "Error invoking LookupPrivilegeValue() - %u", GetLastError());
        CloseHandle(TokenHndl);
        return(-1);
    }

    // Elevate the privilege for setting the time
    TokenPriv.PrivilegeCount = 1;
    TokenPriv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
    if (AdjustTokenPrivileges(TokenHndl, FALSE, &TokenPriv, 0,
        (PTOKEN_PRIVILEGES)NULL, 0) == 0)
    {
        LogEvtMsg(__FILE__, __LINE__, EVT_MSG_SEV_ERR, "Error invoking AdjustTokenPrivileges() - %u", GetLastError());
        CloseHandle(TokenHndl);
        return(-1);
    }

    // Set the UTC time and date
    SYSTEMTIME SystemTime;
    SystemTime.wMilliseconds = 0;
    SystemTime.wDayOfWeek = 0;
    SystemTime.wYear = (WORD)Year;
    SystemTime.wMonth = (WORD)Month;
    SystemTime.wDay = (WORD)Day;
    SystemTime.wHour = (WORD)Hour;
    SystemTime.wMinute = (WORD)Minute;
    SystemTime.wSecond = (WORD)Second;
    if (SetSystemTime(&SystemTime) == 0)
    {
        RetCode = -1;
        LogEvtMsg(__FILE__, __LINE__, EVT_MSG_SEV_ERR, "Error invoking SetSystemTime() - %u", GetLastError());
    }

    // De-elevate the privilege for setting the time
    TokenPriv.Privileges[0].Attributes = NULL;
    if (AdjustTokenPrivileges(TokenHndl, FALSE, &TokenPriv, 0,
        (PTOKEN_PRIVILEGES)NULL, 0) == 0)
    {
        LogEvtMsg(__FILE__, __LINE__, EVT_MSG_SEV_ERR, "Error invoking AdjustTokenPrivileges() - %u", GetLastError());
        CloseHandle(TokenHndl);
        return(-1);
    }

    // Close the token to elevate the privilege
    CloseHandle(TokenHndl);

    return(RetCode);
}
    0 comments