NTP Service (Windows Time)

[Guest Tyler Barnes]

I have a Windows 2003 Stnd server that is a member of a domain. However, the

specalized software used on this server is logged in via a local account on

the server. Because of this software I am needing to sync with a NTP server

for proper time stamps for this application; however, if I set the NTP server

staticly and type net time under the local account; I get Access Denied.

 

Is this because this machine is on the domain and I am logged in as a local

account?

 

This local account is an Administrator of the local machine, BTW.

 

Thank you!

[Guest William Mann]

RE: NTP Service (Windows Time)

 

Timing is an important part of security; Since it is a domain sensitive

issue, it needs to be a domain administrator account (or enterprise...etc)

that adjusts the time.

 

HTH.

 

"Tyler Barnes" wrote:

> I have a Windows 2003 Stnd server that is a member of a domain. However, the

> specalized software used on this server is logged in via a local account on

> the server. Because of this software I am needing to sync with a NTP server

> for proper time stamps for this application; however, if I set the NTP server

> staticly and type net time under the local account; I get Access Denied.

>

> Is this because this machine is on the domain and I am logged in as a local

> account?

>

> This local account is an Administrator of the local machine, BTW.

>

> Thank you!

[Guest Ace Fekay [MVP]]

Re: NTP Service (Windows Time)

 

In news:8CF1DCC8-5103-4489-AD64-1F02E0BE036D@microsoft.com,

William Mann <WilliamMann@discussions.microsoft.com> typed:

> Timing is an important part of security; Since it is a domain

> sensitive issue, it needs to be a domain administrator account (or

> enterprise...etc) that adjusts the time.

>

> HTH.

>

 

 

Hi William,

 

Just to add for the poster, time skew for Kerberos authentication (which is

what AD usesis a 5 minute difference between the authenticating DC and the

member. The way it works by *default* is all machines in a specific domain

will get it's time sync from the DC that holds the PDC Emulator Role (not to

be confused with the legacy NT4 PDC nomenclature).

 

Simply sync the DC that holds this role with an external time source with

the following procedure and you and everyone in the domain should be good to

go. If you are not a domain admin, you can possibly place a request, or

whatever request procedure your company uses, with your IT department. But

then again, they may have already done so.

 

net stop w32time

net time /setsntp:192.5.41.41

net start w32time

 

Note: 192.5.41.41 is one of the US Navy's reliable time sources that many IT

departments in the world uses, well at least in the US.

 

 

--

Regards,

Ace

 

This posting is provided "AS-IS" with no warranties or guarantees and

confers no rights.

 

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,

MVP Microsoft MVP - Directory Services

Microsoft Certified Trainer

 

For urgent issues, you may want to contact Microsoft PSS directly. Please

check http://support.microsoft.com for regional support phone numbers.

 

Infinite Diversities in Infinite Combinations