Announcement

Collapse
No announcement yet.

VISTA setting the date and time

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • VISTA setting the date and time

    This function fails with error code 1300 under Vista.

    I assume this has something to do with priviledges?

    Is there a VISTA approved way to do this?

    Code:
    '¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤'
    FUNCTION SetTimePrivilege() AS LONG 
    
      LOCAL hProcess, hToken, BuffLen, BuffNeeded, RetVal AS LONG
      LOCAL WinErr AS DWORD
      LOCAL TP, TPnew AS TOKEN_PRIVILEGES
      LOCAL LD AS LUID
                        
    
        hProcess = GetCurrentProcess()
        RetVal   = OpenProcessToken( hProcess, (%TOKEN_ADJUST_PRIVILEGES OR %TOKEN_QUERY), hToken )
        IF RetVal THEN
          RetVal = LookupPrivilegeValue( "", "SeSystemtimePrivilege", LD )' Get the LUID for setSystemTime privilege. 
          IF RetVal THEN
            'MSGBOX "LookupPrivilegeValue="+STR$(RetVal),48,"SetTimePrivilege()"
          ELSE
            MSGBOX "Unable to Access Time Privilege",48,"SetTimePrivilege()"  
            FUNCTION = RetVal
            EXIT FUNCTION
          END IF 
    
        ELSE
          MSGBOX "Unable to OpenProcessToken",48,"SetTimePrivilege()"
          FUNCTION = RetVal
          EXIT FUNCTION
        END IF
    
        TP.PrivilegeCount = 1
        TP.Privileges(0).pLuid = LD 
        TP.Privileges(0).Attributes = %SE_PRIVILEGE_ENABLED ' grant temp access to this function
        BuffLen = SIZEOF(TPnew) 
                             
    
        ' The AdjustTokenPrivileges function enables or disables privileges in the specified access token. 
        ' Enabling or disabling privileges in an access token requires TOKEN_ADJUST_PRIVILEGES access.
        RetVal = AdjustTokenPrivileges( BYVAL hToken, BYVAL 0, TP, BYVAL BuffLen, TPnew, BuffNeeded )
        WinErr = GetLastError ' ERROR_SUCCESS = adjusted ALL specified privileges
        IF RetVal AND WinErr = %ERROR_SUCCESS THEN ' If the function succeeds, the return value is nonzero.
          FUNCTION = 1 ' success MSGBOX FormatErrMsg(WinErr),48,"SetTimePrivilege()" 
          EXIT FUNCTION
        ELSE 
          MSGBOX "Unable to AdjustTokenPrivileges: "+FormatErrMsg(WinErr),48,"SetTimePrivilege()"  
          FUNCTION = 0 ' Failed
          EXIT FUNCTION
        END IF
    
    END FUNCTION
    ------------------
    Kind Regards
    Mike

  • #2
    Also,
    How do you shell the "Date Time Properties" dialog?

    Code:
    LOCAL zFandP AS ASCIIZ*255 
    zFandP = SpclFolder( %CSIDL_SYSTEM ) + "\Clock.???"  ' 
    CALL SHELLEXECUTE( 0, "open", zFandP, BYVAL 0, BYVAL 0, %SW_SHOWNORMAL ) ' Open
    Cant find anything in Poffs about this.

    ------------------
    Kind Regards
    Mike

    Comment


    • #3
      can't help with the vista question but here's a useful post from patrice:
      http://www.powerbasic.com/support/pb...ad.php?t=22068
      e.g.
      Code:
       
      shell "rundll32.exe shell32.dll,control_rundll timedate.cpl,,0"
      works well on winxp but vista..?

      rgds dave

      ------------------
      Rgds, Dave

      Comment


      • #4
        Not on point but...
        ==> IF RetVal AND WinErr = %ERROR_SUCCESS THEN

        I never liked writing like this. Does this mean..

        IF (Retval AND WinErr) = %ERROR_SUCCESS THEN
        or does it mean
        IF Retval AND (WinErr = %ERROR_SUCCESS) THEN

        I know the operator precedence is all documented, but I'd just as soon use extra parens to make sure the compiler knows exactly what I mean. (also so I know what I meant when I look at the code in six months or so).

        Michael Mattias
        Tal Systems (retired)
        Port Washington WI USA
        [email protected]
        http://www.talsystems.com

        Comment


        • #5
          For that matter; What does: %ERROR_SUCCESS mean? From a linguistic standpoint it appears to be an oxymoron.
          One does not usually associate an Error with Success.

          ------------------

          Comment


          • #6
            To set the time and date on a Windows Vista system, the process needs to run with elevated privileges. In other words, if you're looking to do it programmatically, your user is going to get a UAC elevation prompt on the secure desktop.


            ------------------
            Mike Stefanik
            www.catalyst.com
            Catalyst Development Corporation
            Mike Stefanik
            sockettools.com

            Comment


            • #7
              For that matter; What does: %ERROR_SUCCESS mean? From a linguistic standpoint it appears to be an oxymoron.
              One does not usually associate an Error with Success.
              It simply means the function completed without error. Highly useful if you are calling a function that only returns an error code:

              Code:
                nRetVal = CallMyFunction()
                If (nRetVal = %ERROR_SUCCESS) Then
                   ? "All OK"
                Else
                   ? "Error " + Format$(nRetVal)
                End If
              IMO, way better than a simple TRUE/FALSE return value as you can return an API error, a PB error, or a custom error value.

              ------------------
              kgpsoftware.com - Downloads
              kgpsoftware.com - Development and Consulting
              kgpsoftware.com | Slam DBMS | PrpT Control | Other Downloads | Contact Me

              Comment


              • #8
                All good points thx.
                Mike
                On my VISTA box the time set just flat fails with error 1300. I
                do not get the UAC prompt or anything.
                When this app is installed it runs with elevated privs, but after
                that I guess all I can do is prompt the user to set the date and
                time manually.

                So how do you shell the "Date Time Properties"?


                ------------------
                Kind Regards
                Mike

                Comment


                • #9
                  On my VISTA box the time set just flat fails with error 1300. I do not get the UAC prompt or anything.

                  Without going into a lot of detail, your application needs to run with elevated privileges beforehand. In other words, a process can't elevate it's privilege while its running.

                  If I understand what you're trying to do, you have some part of your program where the user can update their system time through your UI. What you would need to do for Vista is create a second "helper" program that actually sets the clock (just pass the values through the command line). That helper program would then have a manifest that specifies that it is supposed to run at elevated privilege.

                  The sequence would go something like this:

                  1. User enters the new date/time, clicks a button
                  2. You launch your helper program which has a manifest that specifies it must run with elevated privileges.
                  3. Vista shows the user a UAC prompt, advising them that the program requires elevation
                  4. If the user accepts, your helper program runs, and changes the date/time

                  Here's a page with a bunch of links to more information about UAC:
                  http://technet.microsoft.com/en-us/w.../aa905108.aspx


                  ------------------
                  Mike Stefanik
                  www.catalyst.com
                  Catalyst Development Corporation
                  Mike Stefanik
                  sockettools.com

                  Comment


                  • #10
                    Mike
                    "That helper program would then have a manifest that specifies that it is supposed to run at elevated privilege."
                    Could you please give an example of a working "Manifest" for Vista.

                    Thanks



                    ------------------
                    Trento Castricone
                    http://www.raineyday.com
                    mailto:[email protected][email protected]</A>
                    Trento Castricone
                    www.fileraptor.com
                    [email protected]

                    Comment


                    • #11
                      A manifest is an XML file that's included as a resource in the executable. Here's an example of one that specifies the program should run with normal privileges:

                      Code:
                      <?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
                      <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
                          <assemblyIdentity 
                              version="1.0.0.1000" 
                              processorArchitecture="X86" 
                              name="MyCompany.MyProduct.MyProgram" 
                              type="win32" />
                          <description>Description of MyProgram</description>
                          <dependency>
                              <dependentAssembly>
                                  <assemblyIdentity 
                                      type="win32" 
                                      name="Microsoft.Windows.Common-Controls" 
                                      version="6.0.0.0" 
                                      processorArchitecture="X86" 
                                      publicKeyToken="6595b64144ccf1df" 
                                      language="*" />
                              </dependentAssembly>
                          </dependency>
                          <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
                              <security>
                                  <requestedPrivileges>
                                      <requestedExecutionLevel level="asInvoker" uiAccess="false" />
                                  </requestedPrivileges>
                              </security>
                          </trustInfo>
                      </assembly>
                      Here's an example of one for a program that needs to run with elevated privileges. The only difference is the requestedExecutionLevel tag:

                      Code:
                      <?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
                      <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
                          <assemblyIdentity 
                              version="1.0.0.1000" 
                              processorArchitecture="X86" 
                              name="MyCompany.MyProduct.MyElevatedProgram" 
                              type="win32" />
                          <description>Description of MyProgram that requires elevation</description>
                          <dependency>
                              <dependentAssembly>
                                  <assemblyIdentity 
                                      type="win32" 
                                      name="Microsoft.Windows.Common-Controls" 
                                      version="6.0.0.0" 
                                      processorArchitecture="X86" 
                                      publicKeyToken="6595b64144ccf1df" 
                                      language="*" />
                              </dependentAssembly>
                          </dependency>
                          <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
                              <security>
                                  <requestedPrivileges>
                                      <requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
                                  </requestedPrivileges>
                              </security>
                          </trustInfo>
                      </assembly>
                      Those manifests also specify that your UI controls should have the "themed" look to them. In any case, to include the manifest as a resource in your program, you need to store the manifest in a file (e.g.: MyProgram.manifest), create an RC file and then add a line like:

                      Code:
                      1 24 "MyProgram.manifest"
                      The PB documentation has the details about how to add resources to your program. The value 24 there is the ID for the RT_MANIFEST resource type. You compile that, and then use the #RESOURCE directive in your PB program.

                      If you want your application to be considered a first-class citizen under Vista, it must have a manifest with the trustInfo section. If it doesn't, Vista considers it to be a legacy application. However, if you do provide a manifest, you must make sure that you follow all of the rules with regards to running in a least-privilege environment. In other words, no storing files under C:\Program Files and all of the other things we've discussed at length here over the past few months.

                      By the way, if you get curious about what that "uiAccess" value means, it should usually always be false. It has nothing to do with whether or not your program has a UI. It specifies whether your program needs access to the protected system UI for automation (in other words, the ability to automate the user interface of another process that may be running at a higher privilege).

                      Hope that helps.

                      EDIT: Edited to clarify that the manifest must have the trustInfo section. A program with a manifest that only defines the common controls dependency will still be considered a legacy application as far as Vista is concerned.

                      ------------------
                      Mike Stefanik
                      www.catalyst.com
                      Catalyst Development Corporation



                      [This message has been edited by Mike Stefanik (edited June 23, 2007).]
                      Mike Stefanik
                      sockettools.com

                      Comment


                      • #12
                        Mike

                        Your VISTA postings have been very helpful.

                        Thanks again.

                        ------------------
                        Trento Castricone
                        http://www.raineyday.com
                        mailto:[email protected][email protected]</A>
                        Trento Castricone
                        www.fileraptor.com
                        [email protected]

                        Comment


                        • #13
                          mike, thankyou once again for taking the time to explain and
                          post that.

                          since we have your attention
                          after many months of hemming an hawing about how best to adapt my
                          suite of apps to the vista environment with the minimum impact
                          and without scattering files to the four corners of planet vista
                          (a cold and desolate place!)

                          i settled upon an idea suggested by jordan russell from the inno
                          forum. http://www.powerbasic.com/support/pb...ad.php?t=14252

                          do you see any problems with this?
                          do you know how to implement this programmatically with pb (it
                          seems mm might be stumped...)


                          ------------------
                          kind regards
                          mike

                          Comment


                          • #14
                            I settled upon an idea suggested by Jordan Russell from the Inno forum...

                            You could take that approach, but personally I wouldn't recommend it. Vista considers C:\Windows and C:\Program Files to be secure folders with resitricted access rights. In fact, there are security policies that an administrator can set which can require that an executable can only be launched from a secure folder. If I had policy enabled, and found that your application was creating subdirectories with wide-open privileges under C:\Program Files, I would not be terribly pleased with you.

                            If you think about it, you're also making things more difficult for your users as to what to backup. If you store your data under your application folder, then that means your users will have to know what parts of C:\Program Files they need to back up, and what parts they don't need to worry about (because they'll be re-installing the application anyway). If every vendor played by the rules, there's only two folders that users would need to backup on a Vista system: C:\Users\<UserName> and C:\ProgramData. That's it. Of course, not every application plays by the rules, so you have data and configuration files scattered amongst the programs in C:\Program Files, C:\Windows and everywhere else. But why be part of the problem, when you can store your data where it's supposed to be (according to Windows standards), rather than with your application executable?

                            I know there's this stubborn streak amongst some programmers that says "Dammit! I've always stored my data files with my application, that's how I like it!" But the reality is that it's really not that difficult to use the appropriate folders that Microsoft designates, and if you "play by the rules" you'll avoid potential compatibility problems in the future as well.

                            That's just my 2 cents. Your mileage may vary, keep your arms and legs inside the vehicle at all times, standard disclaimers apply.

                            ------------------
                            Mike Stefanik
                            www.catalyst.com
                            Catalyst Development Corporation



                            [This message has been edited by Mike Stefanik (edited June 23, 2007).]
                            Mike Stefanik
                            sockettools.com

                            Comment


                            • #15
                              mike
                              i have date and time issues too.
                              it would be nice if windows would allow a user to adjust the time and not the date, but as i understand,
                              the privilege to adjust time is also tied to privilege to change date.

                              our company made a switch to software that allows a users to change the operating systems date.
                              which i was absolutely floored over(meaning i could not believe it).
                              i have found it absolutely imperative to maintain the correct date and time on the computer and
                              its operating systems from early years, back to 1983.
                              the reason the programmer gave was to be able to run programs with a different date than today,
                              what a piece of crap, in my opinion, not to handle the date functions the program needs inside of a program itself.
                              so i did not like that, i made it where users could not change the date inside group policy on windows 2000 pro.
                              but i still have a problem with keeping the time and date accurate.
                              it seems vista users are having the same problems as well. i do not have window servers or domain controllers,
                              where i belive i maybe could set the date and time if i had those products.
                              i found some code here on how to set date and time forom a internet sntp server, see http://www.powerbasic.com/support/pb...ad.php?t=29498
                              thanks mike doty

                              now getting to my question.
                              can we run a program, or some service, to get and set the time from a internet server during system bootup,
                              before windows gets a chance to block an unprivileged user.
                              that would solve my problem, as i do not want a user to have administrator privileges.
                              therefore a simple boot would set the correct time and date, although it would be even better
                              to be able to change the time at any time.
                              paul




                              ------------------




                              [this message has been edited by paul d purvis (edited june 25, 2007).]
                              p purvis

                              Comment


                              • #16
                                You could always have the application(s) get the date from somewhere else and use that instead of system date.

                                Michael Mattias
                                Tal Systems (retired)
                                Port Washington WI USA
                                [email protected]
                                http://www.talsystems.com

                                Comment


                                • #17
                                  can we run a program, or some service, to get and set the time from a internet server during system bootup, before windows gets a chance to block an unprivileged user.

                                  The Windows Time service already does this for you, it's part of the base operating system and it doesn't require a domain controller. If you open the clock control applet (just click on the time in the lower right corner of the taskbar), and click on the "Change date and time settings" link, a dialog will display. Click on the Internet tab, and you'll see a message that looks something like:

                                  This computer is set to automatically synchronize with
                                  'time.windows.com'

                                  Next synchronization: 6/27/2007 at 11:12 AM


                                  ------------------
                                  Mike Stefanik
                                  www.catalyst.com
                                  Catalyst Development Corporation
                                  Mike Stefanik
                                  sockettools.com

                                  Comment


                                  • #18
                                    Mike,
                                    unfortunatly despite everyones best efforts, I get support calls
                                    regularly from peopl who's clock is set to 2004 or somesuch.
                                    The only way to deal with this I have found is to just simply
                                    check their clock and set it with my app. This works really well.

                                    You would not believe the amount of time I waste dealing with
                                    stuff like this!



                                    ------------------
                                    Kind Regards
                                    Mike

                                    Comment


                                    • #19
                                      Well, the good news is that in Vista, changing the system clock requires elevated privileges which means it's a lot less likely that your average "clueless end user" will muck things up by accident. And if they have a broadband connection, then they'll never need to set it. I haven't touched my system clock a single time since I've installed Vista (not even as part of the installation, other than to set the current timezone).


                                      ------------------
                                      Mike Stefanik
                                      www.catalyst.com
                                      Catalyst Development Corporation
                                      Mike Stefanik
                                      sockettools.com

                                      Comment


                                      • #20
                                        well mike s.

                                        thanks for reinforcing the windows time sntp service.
                                        i am running windows 2000 pro and have no domains.
                                        inside services.msc i turned on --windows time-- automatically.
                                        then i ran the command net time /setsntp:site
                                        and it did the job i wanted to do, boy have i spent a lot of hours and time.
                                        smarter now too, we all can have a big laugh, maybe i did needed that
                                        computer video professor cd that arrived at my house wrongly after all.
                                        my systems are set to not allow the computer user to set the date and time.
                                        under priviledges set for a user on windows 2000 pro sp4, that is the
                                        default setup amyway.
                                        the times i tried this, it did not work, probably me being tired.
                                        but it works now.
                                        thanks for posting that post.
                                        it made me go back over the problems i was having with the correct computer time.
                                        and a great fix.

                                        paul

                                        and here, an insignificant
                                        inside joke for mike s.

                                        ------------------


                                        [This message has been edited by paul d purvis (edited June 26, 2007).]
                                        p purvis

                                        Comment

                                        Working...
                                        X