We have an inhouse program that in order to work correctly, has to keep a system's time in sync. What we used to do with XP (and yes, yes, I know there are potential security issues here) is go into local security policy and allow Users or Domain users to change the time, thereby allowing the program run by them to change the time.
Fast forward to Windows 7. I was testing the same program and kept getting permissions issues (logged in as administrator). I had allowed regular users to change the time in the same way. Anyway, so after banging my head against the wall for this problem for a day or two, come to find out, it appears to work correctly for regular users, just not for domain admins who are running it non-elevated.
So here is my crazy question. I know the policy shouldn't pertain to administrators (and shouldn't need to), but I also know with Windows 7, (forgive me if I don't know the correct wording here) - as administrator logging in you have two tokens, one as a regular type user, one as administrator.
Is it possible that the policy changes didn't affect my "regular user" token, and that is why I get permission issues as administrator but not as a regular user? Sounds crazy but it is the only thing I can think of...