Solved

lock windows time and date group policy

Posted on 2007-04-05
12
956 Views
Last Modified: 2008-02-20
i am running a small business server 2003 premium edition server with about 50 workstations running windows xp pro sp2, is there anyway of "locking" the clock, time and date calendar so that people can view it but not change it.  problem was on numerous occasionsions i think people are using the time and date as a calender so to speak, and managed to reset the date on the pc.  of course when they shut down they cant log on because the time and date doesnt match the domain controller.
0
Comment
Question by:brad2000smith
  • 6
  • 5
12 Comments
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 18856972
It doesn't really make sense that users can't log on after the computer is shut down because time synchronization actually occurs at boot, before they would log on.  And if they did change the time/date it should sync back to the current time automatically.

However, if you somehow have not joined the workstations to the domain properly so that they properly sync from the server, you will need to correct that.

First, review this article on fixing time sync errors:
http://www.smallbizserver.net/tabid/266/articleType/ArticleView/articleId/71/How-to-fix-time-synchronization-errors.aspx

Then, if you did not originally join the workstations to the server using http://<servername>/connectcomputer, you should fix that by following these steps:


At the client machine:
1.  Log in with THAT machine's LOCAL administrator account.
2.  Unjoin the domain into a WORKGROUP
3.  Change the name of the computer (this is not an option, you must use a name that is unique and hasn't been used before on your SBS)
4.  Delete or rename the following directory C:\Program Files\Microsoft Windows Small Business Server\Clients if it exists
5.  Make sure that the network settings are configured to get an IP address automatically (DHCP enabled)
6.  Reboot

Then on the server, from the Server Management Console:
1.  Remove the client computers if it still shows in the Client Computer screen on the Server Management Console
2.  Add the client with it's NEW name using the Add Computer wizard

Then, go back to the client machine, log back in with the local Administrator account and join the domain by opening Internet Explorer and navigating to http://<servername>/connectcomputer

Jeff
TechSoEasy
0
 

Expert Comment

by:lilceez
ID: 18863019
You can use the Group Policy Object Editor to hide the time from users so they can't play with it but I'm not 100% sure if there is an option to lock the time and date and still have it displayed. I would check it out.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 18864582
There is an option to do that in Group Policies, but that would be like putting a bandaid on a gunshot wound.  The root problem needs to be fixed.  Not the symptom.

Jeff
TechSoEasy
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:brad2000smith
ID: 18881213
ok well im pretty sure that they are joined to the domain correctly ie all the settings etc seem to be ok, is there any way to tell for sure?thank you for the help.
Do i do this on the server or client?

w32tm /config /manualpeerlist:time.nist.gov,0x8 /syncfromflags:MANUAL
net stop w32time
net start w32time
w32tm /resync

what does this mean and where do i set these?
Here we should use the "0x8" flag which sets the SBS server in Client Mode. These are the valid settings:

0x01 use special poll interval SpecialInterval
0x02 UseAsFallbackOnly
0x04 send request as SymmatricActive mode
0x08 send request as Client mode

and this i run on the client as its xp machines we have?
net time /setsntp:servername
w32tm /resync   (for XP)

i do have this occuring in event viewer would this be anything to do with it, if i dont have an external time source which i dont, how do i disable Ntpclient? which again event viewer prompts me to do.

"The time service has not synchronized the system time for 86400 seconds  because none of the time service providers provided a usable time  stamp. The time service is no longer synchronized and cannot provide  the time to other clients or update the system clock. Monitor the  system events displayed in the Event  Viewer to make sure that a more  serious problem does not exist. "
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 18886954
Perhaps this KB article is a bit clearer?  http://support.microsoft.com/kb/816042

You don't disable the ntpclient, and you DO need to configure the server for an external time source.  THe above KB article will explain how.

Jeff
TechSoEasy
0
 

Author Comment

by:brad2000smith
ID: 18888151
my small business server is configured to this on the MS article
"Configuring the Windows Time service to use an internal hardware clock" these registry are correct.  so why are my clocks not re-synching? if i change the date on my windows clock to 2011 for example and reboot i cant log on.  it says that the time and date are incorrect.

"Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source.  It is recommended that you either configure a reliable time service in the root domain, or manually configure the PDC to synchronize with an external time source.  Otherwise, this machine will  function as the authoritative time source in the domain hierarchy.  If an external  time source is not configured or used for this computer, you may choose to disable  the NtpClient."

"The time service has not synchronized the system time for 86400 seconds  because none of the time service providers provided a usable time  stamp. The time service is no longer synchronized and cannot provide  the time to other clients or update the system clock. Monitor the  system events displayed in the Event  Viewer to make sure that a more  serious problem does not exist"

I have these in event viewer occuring. any ideas?  as my server is the only server in the domain surely i can configure that as the master and for the workstations to resync their time from it?

0
 

Author Comment

by:brad2000smith
ID: 18888167
ps on a small business server when joing in a workstation should you always use servername\connectcomputer or can i go to computer name then change and type the domain in there, does it make a difference?
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 18901433
It absolutely makes a difference and you should always use connectcomputer.  To see all that this does look at http://sbsurl.com/connect.

I have never configured an SBS to use it's internal clock, so I'm unsure as to why it wouldn't work.  I could guess though that if you change the clock to something that far off it will have a problem with all of the previously time-stamped items that are in place before your reboot.

Jeff
TechSoEasy
0
 

Author Comment

by:brad2000smith
ID: 18916675
when i try and run connectcomputer - it says please run the newtorking wizard to complete setup. what does this mean? has the connectcomputer feature been turned off? if so where and how?  i have also noticed that if i join a computer to the domain through system properties, the time and date changes to US time zone and we are in the UK.  even thought the time on the server and client pc was set to UK before joining.  why is this?
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 18925146
If that's the error you are getting, then you need to do what it says in this MS KB article:
http://support.microsoft.com/kb/838431

Jeff
TechSoEasy
0
 

Author Comment

by:brad2000smith
ID: 18927334
what external time sources should i use? my sbs server is the only server on the domain.
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 125 total points
ID: 18932582
It's best to use pool.ntp.org.  Go to http://pool.ntp.org to see how that works.  Also, you'll find a good overview of SBS's configuration needs here:  http://msmvps.com/blogs/bradley/archive/2007/01/03/need-to-set-up-the-sbs-box-as-an-authoritative-time-server.aspx

Jeff
TechSoEasy
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction At 19:33 (UST) on Tuesday 21st September the long awaited email arrived with the subject title of “ANNOUNCING THE AVAILABILITY OF WINDOWS SBS 7 PREVIEW”.  It was time to drop whatever I was doing and dedicate as much bandwidth as possi…
I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question