Win2K doesn't exec logon script

Charles Marcus CharlesM at
Tue Oct 16 14:57:55 GMT 2001

Man, talk about insecure - any application like that should only grab the
time from a time server, certainly not from a local workstation.

Although I do see other problems with giving the user the ability to change
the date/time (emails are incorrectly stamped, etc), the below problem is
one of poor application design/implementation, wouldn't you agree?


-----Original Message-----
From: samba-admin at [mailto:samba-admin at]On
Behalf Of Bill Moran
Sent: Tuesday, October 16, 2001 3:35 PM
To: samba at
Subject: Re: Win2K doesn't exec logon script

I posted this earlier, although not in as much detail ... I want to
something important:
Doing this will give your users the ability to right click on the clock and
change the local workstation time.  I've seen this be a problem where
employees use the computer to clock in via some software ... they arrive
late, set the time to when they should have clocked in and clock in.
At the end of the day, they set the time to 5:00 (even though it's 4:30) and
leave early while the timeclock software thinks they left on time.
Having said that, if you aren't in that situation, the change recommended
below works fine.  I know of at least one facility using this hack without

On Tuesday 16 October 2001 13:05, John H Terpstra wrote:
> It is VERY possible for the logon script to change the local time settings
> of the WinNT/2K/XP client that is logging on. By default, only
> Administrators and Power Users are allowed to change the system time.
> If you want this to be enabled for normal users then here is how to do
> it:
> Go to Control Panel, launch "Local Security Settings"
> Now, you will find under:
> 	Security Settings->Local Policiees->User Rights Assignement
> an entry called:
> 	Change the System Time
> double-click on this entry and add "YOUR_DOMAIN/Domain Users", or if you
> TRUST everyone, add "Everyone".
> This does it.
> Cheers,
> John T.

Bill Moran
Potential Technology technical services
(412) 793-4257

To unsubscribe from this list go to the following URL and read the

More information about the samba mailing list