How to disable time and date from Intune Administrative template MS365

In Microsoft Intune, you can use Administrative Templates to manage Windows settings, including restrictions like disabling access to the time and date settings.

To disable the ability for users to modify time and date settings, follow these steps:

1. Navigate to Intune Administrative Templates

1. Sign in to the Microsoft Intune admin center.
2. Go to Devices > Configuration profiles > + Create profile.
3. Select:
   • Platform: Windows 10 and later.
   • Profile type: Templates > Administrative Templates.

2. Configure the Time and Date Restriction

1. In the template settings, search for the following policy:
   • “Prevent users from changing the date and time”
2. This policy is located under:
   • Control Panel > Regional and Language Options
3. Set the policy to Enabled.

3. Assign the Policy

1. After configuring the setting, click Next.
2. Assign the profile to the desired user groups or devices.
3. Click Create to apply the policy.

4. Sync the Policy

• Ensure the devices sync with Intune for the policy to take effect. Users will no longer be able to modify the time and date settings.

If further restrictions are needed (e.g., hiding the Date and Time settings from the Control Panel), additional Group Policy settings can be configured in Intune Administrative Templates.

If you are unable to find the “Prevent users from changing the date and time” setting in Intune’s Administrative Templates, it might not be exposed as a pre-configured option. However, you can achieve the desired functionality through either Custom Configuration Profiles or a Local Group Policy Object (LGPO) deployment. Or email us for consulting at [email protected]

Here’s how to proceed:

---

Option 1: Use a Custom Configuration Profile in Intune

You can create a custom profile using an OMA-URI setting to disable the ability to change date and time.

Steps:

1. Sign in to the Intune admin center:
   • Go to Devices > Configuration profiles > + Create profile.
2. Create a Custom Profile:
   • Platform: Windows 10 and later.
   • Profile Type: Templates > Custom.
3. Configure the OMA-URI Setting:
   • Name the profile and add the following OMA-URI setting:
     • Name: Disable changing date and time.
     • OMA-URI: ./Device/Vendor/MSFT/Policy/Config/ControlPanel/DateAndTimeChange
     • Data type: Integer.
     • Value: 0 (0 = Disable changes; 1 = Allow changes).
4. Assign and Deploy:
   • Assign the profile to the desired groups or devices and deploy.

---

Option 2: Use Local Group Policy via Intune (PowerShell Script)

If the Administrative Template doesn’t include the policy, you can configure it manually via a PowerShell script that applies the Local Group Policy.

Steps:

1. Write a PowerShell Script: Create a script to disable time and date modification:

   $RegPath = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System"
   If (!(Test-Path $RegPath)) {
       New-Item -Path $RegPath -Force
   }
   Set-ItemProperty -Path $RegPath -Name "DisableDateTimeControl" -Value 1
   

2. Upload the Script to Intune:
   • Go to Devices > Scripts > Add.
   • Choose Windows 10 and later as the platform and upload the script.
3. Assign the Script:
   • Assign the script to the appropriate device groups.

---

Option 3: Use Security Baselines

You can use Intune Security Baselines to restrict user access to Control Panel settings, which indirectly prevents date and time changes:

• Navigate to Endpoint security > Security baselines.
• Choose a baseline (e.g., Windows 10 MDM Security Baseline) and configure it to block Control Panel access.

---

Let me know if you need additional help with these configurations!