This user right determines which users and groups can change the time and date on the internal clock of the computer. Users that are assigned this user right can affect the appearance of event logs. If the system time is changed, events that are logged will reflect this new time, not the actual time that the events occurred. This user right is defined in the Default Domain Controller Group Policy object (GPO) and in the local security policy of workstations and servers. Default on workstations and servers: Administrators Local Service Default on domain controllers: Administrators Server Operators Local Service Countermeasure: Restrict the Change the system time user right to users with a legitimate need to change the system time, such as members of the IT team. Potential Impact: There should be no impact, because time synchronization for most organizations should be fully automated for all computers that belong to the domain. Computers that do not belong to the domain should be configured to synchronize with an external source. Fix: (1) GPO: Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesUser Rights AssignmentChange the system time (2) REG: ### (3) WMI: root sopcomputer#RSOP_UserPrivilegeRight#AccountList#UserRight='SeSystemtimePrivilege' and precedence=1

[list_of_users_followed_by_comma]

(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Change the system time (2) REG: ### (3) WMI: root\rsop\computer#RSOP_UserPrivilegeRight#AccountList#UserRight='SeSystemtimePrivilege' and precedence=1