Timetabling Solutions V10 does not require local administrator rights for normal operation, licensing, or uploads.

If granting temporary local admin access resolves licensing or upload issues, this indicates a device or security policy restriction, not a software requirement.

This article provides a checklist for IT teams to identify and resolve the underlying cause, enabling local admin access to be safely removed.

Affected Environments

This issue is most commonly seen on:

  • Domain-joined devices

  • Intune-managed devices

  • Devices with Microsoft Defender or advanced endpoint security enabled

Recent Microsoft security hardening (including reputation-based protection) has increased the likelihood of legitimate applications being restricted by default.

IT Checklist – Permanent Resolution

1. Microsoft Defender & Endpoint Protection

Confirm the following are not blocked or restricted:

  • TimetablingSolutionsX.exe

  • ActivateSoftware.exe

Check:

  • Defender Reputation-based Protection

  • SmartScreen

  • Application Control / WDAC policies

  • Third-party endpoint protection (if applicable)

If Application Control is in use, ensure Timetabling Solutions is allow-listed as a trusted publisher.

2. Application Execution Policies

Review:

  • Microsoft Defender Application Control (WDAC)

  • AppLocker rules

  • Any execution restrictions applied to user-context processes

Ensure standard users can execute applications from:

C:\Program Files (x86)\Timetabling Solutions\

3. WebView2 Authentication Cache Access

Timetabling Solutions uses Microsoft WebView2 for secure authentication.

Confirm the user has permission to create and write to:

%LOCALAPPDATA%\Temp\TTSDesktopAuthentication

Ensure temp-folder access is not restricted by Group Policy, Intune, or endpoint security rules.

4. Device Time Synchronisation

Authentication requires the device clock to be within ±4 seconds of server time.

Check time status:

w32tm /query /status

For domain-joined or Intune-managed devices:

  • Confirm time corrections are actually applied

  • Restart the device if required, as time drift may persist until reboot

5. Network & TLS Configuration

Confirm:

  • Outbound HTTPS traffic (TCP 443) is allowed

  • TLS 1.2 or higher is enabled (TLS 1.0 and 1.1 are retired)

  • No SSL inspection or man-in-the-middle device is interfering with authentication traffic

6. Validation

Once the above checks are complete:

  1. Remove local administrator access from the user

  2. Re-test licensing and uploads

  3. Confirm the application functions under standard user permissions