Check the documentation for SetLocalTime and see an example of adjusting SE_SYSTEMTIME_NAME privilege for SetSystemTimeAdjustmentPrecise function: https://learn.microsoft.com/en-us/windows/win32/api/sysinfoapi/nf-sysinfoapi-setsystemtimeadjustmentprecise. It is probably required for SetLocalTime too.
setlocaltime failed ERROR_PRIVILEGE_NOT_HELD 1314 (0x522) A required privilege is not held by the client
I have the Local Security Policies:
- Change the system time Everyone, Local Service, Administrators, Users
- Change the time zone Everyone, Local Service, Administrators, Users
- Replace a process level token Everyone, Local Service, Network Service
Yet when I run as a regular User and my application calls SetLocalTime, it fails with: ERROR_PRIVILEGE_NOT_HELD 1314 (0x522) A required privilege is not held by the client
This has worked on Windows 2K, Windows XP, Windows Vista, Windows 7; but not on Windows 10!!!!! Please advise.
3 answers
Sort by: Most helpful
-
-
Castorix31 86,986 Reputation points
2021-02-28T08:52:52.053+00:00 I did some tests on Windows 10 with the privilege added with SecPol.msc
and it only worked when the app is run as Admin
(with a Manifest and
requireAdministrator (/level='requireAdministrator'),
otherwise I receive ERROR_NOT_ALL_ASSIGNED when I try to enable the SE_SYSTEMTIME_NAME privilege with AdjustTokenPrivileges -
Kris Kazmar 21 Reputation points
2022-06-02T05:56:34.277+00:00 Our application on Windows 10 IoT Enterprise has an OPC UA Server, which needs to update daily (unattended) the computer time/date from an Edge server. This mechanism needs to set the system time, set the bias between system and local time, and disable daylight saving time. Disabling DST works and for this reason I believe setting the bias will work (same call), but I get a 1314 error when setting the time with the below code. I would like to see an answer to this ongoing question. The program is run by a user with admin privilege and UAC is already disabled. The SetSystemTime() returns 1314. How is this resolved for an unattended user privilege program run on a Windows 10 IoT Enterprise (LTSC 2019/2021) device? SetLocalTime() returns the same error of 1314.
// // Function: // OpcUaSetUtcDateTime() // // Description: // This function sets the UTC date/time and the UTC minus local time minutes // offset. // // Format: // void OpcUaSetUtcDateTime(unsigned short Year, unsigned char Month, // unsigned char Day, unsigned char Hour, unsigned char Minute, // unsigned char Second, short UtcMinusLocalMinutesOffset) // // UtcMinusLocalMinutesOffset - UTC minus local time minutes offset // // UTC = local time + UtcMinusLocalMinutesOffset // UtcMinusLocalMinutesOffset = UTC - local time // // Returns: // Returns 0 if successful and -1 otherwise // int OpcUaSetUtcDateTime(unsigned short Year, unsigned char Month, unsigned char Day, unsigned char Hour, unsigned char Minute, unsigned char Second, short UtcMinusLocalMinutesOffset) { // Bounds check the minutes offset short MaxOffset = 12 * 60; short MinOffset = -14 * 60; if (UtcMinusLocalMinutesOffset > MaxOffset) UtcMinusLocalMinutesOffset = MaxOffset; else if (UtcMinusLocalMinutesOffset < MinOffset) UtcMinusLocalMinutesOffset = MinOffset; // Get the token to elevate the privilege HANDLE TokenHndl; if (OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &TokenHndl) == 0) { LogEvtMsg(__FILE__, __LINE__, EVT_MSG_SEV_ERR, "Error invoking OpenProcessToken() - %u", GetLastError()); return(-1); } // Lookup the privilege for setting the time zone info TOKEN_PRIVILEGES TokenPriv; if (LookupPrivilegeValue(NULL, SE_TIME_ZONE_NAME, &TokenPriv.Privileges[0].Luid) == 0) { LogEvtMsg(__FILE__, __LINE__, EVT_MSG_SEV_ERR, "Error invoking LookupPrivilegeValue() - %u", GetLastError()); CloseHandle(TokenHndl); return(-1); } // Elevate the privilege for setting the time zone info TokenPriv.PrivilegeCount = 1; TokenPriv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; if (AdjustTokenPrivileges(TokenHndl, FALSE, &TokenPriv, 0, (PTOKEN_PRIVILEGES)NULL, 0) == 0) { LogEvtMsg(__FILE__, __LINE__, EVT_MSG_SEV_ERR, "Error invoking AdjustTokenPrivileges() - %u", GetLastError()); CloseHandle(TokenHndl); return(-1); } // Get the time zone info DYNAMIC_TIME_ZONE_INFORMATION TimeZoneInfo; ZeroMemory(&TimeZoneInfo, sizeof(TimeZoneInfo)); if (GetDynamicTimeZoneInformation(&TimeZoneInfo) == TIME_ZONE_ID_INVALID) TimeZoneInfo.Bias = -UtcMinusLocalMinutesOffset; // Disable DST if not already bool Updated = false; if (TimeZoneInfo.DynamicDaylightTimeDisabled == false) { Updated = true; TimeZoneInfo.DynamicDaylightTimeDisabled = true; } // Set the local time minutes offset LONG Bias = UtcMinusLocalMinutesOffset; if (TimeZoneInfo.Bias != Bias) { Updated = true; TimeZoneInfo.Bias = Bias; } // Clear the remaining structure TimeZoneInfo.StandardBias = 0; TimeZoneInfo.StandardName[0] = 0; TimeZoneInfo.StandardDate.wDay = 0; TimeZoneInfo.StandardDate.wDayOfWeek = 0; TimeZoneInfo.StandardDate.wHour = 0; TimeZoneInfo.StandardDate.wMilliseconds = 0; TimeZoneInfo.StandardDate.wMinute = 0; TimeZoneInfo.StandardDate.wMonth = 0; TimeZoneInfo.StandardDate.wSecond = 0; TimeZoneInfo.StandardDate.wYear = 0; TimeZoneInfo.DaylightBias = 0; TimeZoneInfo.DaylightName[0] = 0; TimeZoneInfo.DaylightDate.wDay = 0; TimeZoneInfo.DaylightDate.wDayOfWeek = 0; TimeZoneInfo.DaylightDate.wHour = 0; TimeZoneInfo.DaylightDate.wMilliseconds = 0; TimeZoneInfo.DaylightDate.wMinute = 0; TimeZoneInfo.DaylightDate.wMonth = 0; TimeZoneInfo.DaylightDate.wSecond = 0; TimeZoneInfo.DaylightDate.wYear = 0; int RetCode = 0; // Set the time zone info if (Updated) if (SetDynamicTimeZoneInformation(&TimeZoneInfo) == 0) { RetCode = -1; LogEvtMsg(__FILE__, __LINE__, EVT_MSG_SEV_ERR, "Error invoking SetDynamicTimeZoneInformation() - %u", GetLastError()); } // De-elevate the privilege for setting the time zone info TokenPriv.Privileges[0].Attributes = NULL; if (AdjustTokenPrivileges(TokenHndl, FALSE, &TokenPriv, 0, (PTOKEN_PRIVILEGES)NULL, 0) == 0) { LogEvtMsg(__FILE__, __LINE__, EVT_MSG_SEV_ERR, “Error invoking AdjustTokenPrivileges() - %u", GetLastError()); CloseHandle(TokenHndl); return(-1); } // Lookup the privilege for setting the time if (LookupPrivilegeValue(NULL, SE_SYSTEMTIME_NAME, &TokenPriv.Privileges[0].Luid) == 0) { LogEvtMsg(__FILE__, __LINE__, EVT_MSG_SEV_ERR, "Error invoking LookupPrivilegeValue() - %u", GetLastError()); CloseHandle(TokenHndl); return(-1); } // Elevate the privilege for setting the time TokenPriv.PrivilegeCount = 1; TokenPriv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; if (AdjustTokenPrivileges(TokenHndl, FALSE, &TokenPriv, 0, (PTOKEN_PRIVILEGES)NULL, 0) == 0) { LogEvtMsg(__FILE__, __LINE__, EVT_MSG_SEV_ERR, "Error invoking AdjustTokenPrivileges() - %u", GetLastError()); CloseHandle(TokenHndl); return(-1); } // Set the UTC time and date SYSTEMTIME SystemTime; SystemTime.wMilliseconds = 0; SystemTime.wDayOfWeek = 0; SystemTime.wYear = (WORD)Year; SystemTime.wMonth = (WORD)Month; SystemTime.wDay = (WORD)Day; SystemTime.wHour = (WORD)Hour; SystemTime.wMinute = (WORD)Minute; SystemTime.wSecond = (WORD)Second; if (SetSystemTime(&SystemTime) == 0) { RetCode = -1; LogEvtMsg(__FILE__, __LINE__, EVT_MSG_SEV_ERR, "Error invoking SetSystemTime() - %u", GetLastError()); } // De-elevate the privilege for setting the time TokenPriv.Privileges[0].Attributes = NULL; if (AdjustTokenPrivileges(TokenHndl, FALSE, &TokenPriv, 0, (PTOKEN_PRIVILEGES)NULL, 0) == 0) { LogEvtMsg(__FILE__, __LINE__, EVT_MSG_SEV_ERR, "Error invoking AdjustTokenPrivileges() - %u", GetLastError()); CloseHandle(TokenHndl); return(-1); } // Close the token to elevate the privilege CloseHandle(TokenHndl); return(RetCode); }