(→GPO) |
(→GPO) |
||
Line 54: | Line 54: | ||
*Enable Windows NTP Server = Enabled | *Enable Windows NTP Server = Enabled | ||
− | ''ServerFlags | + | ''ServerFlags you may have noticed the ,0x1 at the end of the NTP Server setting. This is a bitmask flag with the following options:''<br> |
− | 0x01 = SpecialInterval (Use a predefined interval)<br> | + | ''0x01 = SpecialInterval (Use a predefined interval)''<br> |
− | 0x02 = UseAsFallbackOnly (Try all other servers first)<br> | + | ''0x02 = UseAsFallbackOnly (Try all other servers first)''<br> |
− | 0x04 = SymmatricActive<br> | + | ''0x04 = SymmatricActive''<br> |
− | 0x08 = Client<br> | + | ''0x08 = Client''<br> |
− | ''EventLogFlags | + | ''EventLogFlags is a bitmask, which means you can take the various values and add them together to implement multiple settings.''<br> |
− | For example:<br> | + | ''For example:''<br> |
− | 0 = Disabled<br> | + | ''0 = Disabled''<br> |
− | 1 = Log when ever a time jump is detected<br> | + | ''1 = Log when ever a time jump is detected''<br> |
− | 2 = Log when ever a time source change is made<br> | + | ''2 = Log when ever a time source change is made''<br> |
− | 3 = 1+2 (Log time jumps and time source changes)<br> | + | ''3 = 1+2 (Log time jumps and time source changes)''<br> |
== Reference == | == Reference == |
Revision as of 20:03, 30 September 2013
Contents
Windows 2003 & XP
Stop the Windows Time service
net stop w32time
Force a resync
w32tm /resync
Set the time source
net time /setsntp:<Time_Source>
View the current time source
net time /querysntp
Note: In most cases you dont need to stop the w32time service anymore.
Windows 2008 & 2012 Server
Stop the W32Time service:
net stop w32time
Configure the external time sources:
w32tm /config /syncfromflags:manual /manualpeerlist:'0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org'
Make your PDC a reliable time source for the clients:
w32tm /config /reliable:yes
Start the w32time service:
net start w32time
The windows time service should begin synchronizing the time.
Check the external NTP servers in the time configuration by typing:
w32tm /query /configuration
External Time Source GPO
The PDC Emulator FSMO role is critical because it is the time source for the rest of the devices on the domain. In the event that your PDC goes down, you will likely transfer or seize the role onto another Domain Controller. The problem with this is the new DC was most likely never configured for an external time source. The solution is to create a Group Policy object that sets the external NTP settings, and create a WMI filter that applies this GPO to only the PDCs within the domain.
WMI Filter
SELECT * FROM Win32_ComputerSystem WHERE DomainRole = 5
GPO
Link the following GPO to the Domain Controllers OU.
Computer Configuration\Policies\Administrative Templates\System\Windows Time Service\Time Providers
- Configure Windows NTP Client
- NTP Server: us.pool.ntp.org,0x1
- Type: NTP
- EventLogFlags: 3
- Enable Windows NTP Server = Enabled
ServerFlags you may have noticed the ,0x1 at the end of the NTP Server setting. This is a bitmask flag with the following options:
0x01 = SpecialInterval (Use a predefined interval)
0x02 = UseAsFallbackOnly (Try all other servers first)
0x04 = SymmatricActive
0x08 = Client
EventLogFlags is a bitmask, which means you can take the various values and add them together to implement multiple settings.
For example:
0 = Disabled
1 = Log when ever a time jump is detected
2 = Log when ever a time source change is made
3 = 1+2 (Log time jumps and time source changes)