Let’s Locate Systems with Incorrect Time Zone Settings Using SCCM

In this article I explain how you can use System Center Configuration Manager (SCCM) 2007 to find systems configured with an incorrect time zone, and then fix it via an advertisement. The SCCM database stores a system’s time in the same format stored in Windows.

One way to obtain the system’s time zone in Windows is to query for the CurrentTimeZone property of the Win32_ComputerSystem WMI class. The value returned will be number of minutes that the computer time is offset from Coordinated Universal Time (UTC).

For example, New York is 5 hours behind UTC when observing daylight saving. So when New York is in Eastern Daylight Time (EDT), a Windows system in New York will keep the system’s CurrentTimeZone setto ‐240, which represents 4 hours (divide 240 by 60 minutes) and the negative sign representing that it is behind UTC. When daylight savings is in effect, the system’s time will be set an hour behind (for a total of 5 hours behind UTC).

The correct time zone value stored in SCCM for a system in New York while observing daylight saving is ‐‐240. There are built‐in reports in SCCM that show you this time zone value. Sometimes the need may arise to fix the time zone on systems that have it set incorrectly. One way to remediate this is to create a collection that will be populated by systems with an incorrect time zone. In this example, I’ll create a collection that will have as members systems in New York with an incorrect value in the CurrentTimeZone property. If you have systems in multiple time zones, you can first create a collection that contains only computers in New York (you can base your collection on systems’ Organizational Unit in Active Directory or their IP subnet(s), and then when you create the collection with systems having an incorrect time zone in New York you just configure it to be limited to the New York collection.

The SQL query for this collection is

select
SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,
SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,
SMS_R_SYSTEM.Client from SMS_R_System JOIN SMS_G_System_COMPUTER_SYSTEM
on SMS_G_System_COMPUTER_SYSTEM.ResourceID=SMS_R_SYSTEM.ResourceID where
SMS_G_System_COMPUTER_SYSTEM.CurrentTimeZone != '‐240'

Once the collection is populated, you can target it with an SCCM package that will run a program with
the following command to fix it:

Tzutil /s “Eastern Standard Time”

You don’t have to indicate that the package contains source files in Windows 7 as tzutil.exe is built‐in into it.

As systems in the collection successfully run the program, they’ll be removed from it when the collection evaluates next time (the image in this example has the evaluation to be performed once a day). As new systems are reported in the SCCM database with the incorrect time zone value, they’ll become members of the collection when it evaluates next time. Once they join the collection, they’ll receive the advertisement to run the Tzutil fix (as long as the advertisement hasn’t expired).

Share:

Facebook
Twitter
LinkedIn

Contact Us

=
On Key

More Posts

WME Cybersecurity Briefings No. 014
Cyber Security

WME Security Briefing 14 June 2024

LightSpy Spyware’s macOS Variant Detected with Advanced Surveillance Capabilities Overview Findings reveal a previously undocumented macOS variant of the LightSpy spyware. It was initially thought to target only iOS users. This spyware utilizes a plugin-based system

Read More »
WME Cybersecurity Briefings No. 013
Cyber Security

WME Security Briefing 10 June 2024

CISA Urges Patching of Actively Exploited Linux Kernel Vulnerability Overview CISA just issued an urgent advisory concerning a newly discovered security flaw in the Linux kernel. The flaw is being actively exploited to affect the netfilter component of

Read More »
3 Things to Consider Before You Enable Copilot for Microsoft 365
Microsoft Copilot

3 Things to Consider Before You Enable Copilot for Microsoft 365

In today’s digital landscape, any productivity tool that streamlines workflow and boosts performance is a pleasant addition. With its AI-powered productivity-enhancing capabilities, Microsoft Copilot has emerged as a game-changer for employees, particularly for organizations using Microsoft

Read More »
WME Cybersecurity Briefings No. 012
Cyber Security

WME Security Briefing 03 June 2024

Moroccan Cybercrime Group Exploits Gift Card Systems for Major Financial Gains Overview: Storm-0539, also called Atlas Lion, is a Moroccan cybercrime group that executes advanced email and SMS phishing attacks. They are committing fraud by utilizing

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.

=