Back in Windows XP typical users couldn't change system's time zone. In newer versions the time zone can be changed even by non-admin users. I can understand the reason they added this ability, but it can really mess up with one of our time logging apps. So we decided to provide our users an option to disable this.
In "Local Security Policy" the key "Local Policies/User Rights Assignment/Change the time zone" contains the value "LOCAL SERVICE,Administrators,Users".
To make it short, we need a way our app (written in C#) to be able to remove or add the "Users" part from the above policy. Our app includes a system service so it has elevated rights.
We could use windows command prompt or free-to-distribute third party tools.
(PS: No server is involved, no DC, AD, etc. Just standalone PCs.)