• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 136
  • Last Modified:

How Do I Prevent Time Sync for Member Servers?

My customer does some sort of testing that requires that their server be set a few months in the past.  Since it is a Windows 2000 server in a Windows 2003 domain, the date keeps getting reset back to the present.  How can I prevent this for the one server?
0
sipatterson
Asked:
sipatterson
  • 2
1 Solution
 
jkrCommented:
>>How can I prevent this for the one server?

Stop the NTP client on that very machine. See also http://www.microsoft.com/technet/prodtechnol/windows2000serv/maintain/operate/wintime.mspx ("The Windows Time Service")
0
 
sipattersonAuthor Commented:
We have tried stopping and disabling the windows time service...it reenables and restarts itself after a few days.

I found in several articles that I can set HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time\Parameters\type to "NoSync".  I did this, but when I tried to the Windows Time service to "Automatic" and start it, I get the following error:

*****************************
Could not start the Windows Time service on Local COmputer.

Error 1058: The service cannot be started, either because it is disabled or because it has no enabled devices assosiated with it.
*****************************

Seems like it might be unrelated to the original date problem, but I'm not certain.
0
 
Debsyl99Commented:
Hi

From jkr's link - "Checks the client's time to make sure that it falls within the server's time and the allowable skew"

Kerberos authentication in Windows 2000 is dependent on the time setting of a client (or non-authorative time server) falling within the allowable time skew of the server which by default is (from memory) anything less than five minutes (but not more). If you set this server's time to be three months earlier and subsequently manage to keep it there, it will run into problems being authenticated within the rest of the domain, and will most likely be prevented from accessing any necessary network resources.

"Many components of operating systems in the Microsoft Windows Server 2003 family rely on accurate and synchronized time to function correctly. For example, without clocks that are synchronized to the correct time on all computers, Windows Server 2003 family authentication might falsely interpret logon requests as intrusion attempts and consequently deny access to users"

from
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03mngd/26_s3wts.mspx#XSLTsection121121120120

Hope this helps a bit!

Deb :))
0
 
Debsyl99Commented:
Hi

Do you need any further help on this? Please let us know

Thanks

Deb :))
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now