Windows Time XP Clients

Is there a way to set the Windows Time Group Policy to allow a Windows XP client to take time from a Windows 2003 server? I do not know what the settings should be.
Who is Participating?
Richard SquibbConnect With a Mentor I.T & Services ManagerCommented:
I believe if a computer is on a domain then it automatically syncs the time with a domain server.  It explains here how to test if this is working ok
This explains how to cofnigure a client to get Time service from another server


Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

ccomleyConnect With a Mentor Commented:
If the XP machines are in the "windows domain" of the server, then this should happen automatically. By default, domain workstations are time sync'd to the server(s) when they log in. YOU should make sure that at least one of the server(s) is picking up its time sync from an internet source - and if you have more than one server the rest should either also use an internet source or should pick up from the primary. The WORKSTATIONS will time-sync to the server at login time.

If the XP machine(s) in question are NOT part of the domain, then you will need to set them up manually to use an "external" source, though that source can still be your Windows server if you choose.

oBdAConnect With a Mentor Commented:
Assuming that this is an AD domain: just do nothing.
In an AD domain, there's a time sync hierarchy *by* *default*: members will sync with the DC authenticating them, DCs will sync with the PDc emulator. No need to do anything manually, except maybe configure the PDCe to sync with an external source.
On the PDCe, open a command prompt and enter (replacing <> with the time server of your choice; the ,0x8 at the end ill tell the time service to run in ntp client mode):

w32tm /config /manualpeerlist:<>,0x8 /syncfromflags:MANUAL /update
w32tm /resync

A list of the Simple Network Time Protocol (SNTP) time servers that are available on the Internet

The project
ccomleyConnect With a Mentor Commented:
Note by the way if the discrepency between the w/s RTC and the server time is too great, it won't sync. In that case you must manually update the time on the rogue XP machine to be close to the server's time then try again, it'll kick in.

One of the most common reasons for this to fail is incorrect time zone setting. If the XP box is set to the wrong zone, but then the clock has been "corrected", but when performing a time sync the TZ is taken into account, so the difference in zone will be added/subtracted to the shown time and that means the times will really be different by some hours, and that's too far to sync..

Hooshiara1Connect With a Mentor Commented:
in the DHCP you can specify time server for all client .
DHCP \ Server option \ select time server
ChiefITConnect With a Mentor Commented:
What these folks are telling you is true.

I would like to discourage against using group policy to synch up your client machines to the server. It overrides the default configuration of the time service that automatically synchronizes your domain pcs to the server. If you use group policy, most folks make the mistake of including the domain controller within the policy. So, they end up synchronizing the domain controller with itself. That causes problems, with the domain controller's time.

By default the FSMO role holder has synchronization flags that tell all clients on the domain "I am your time server and you need to be within five minutes plus or minus of my time" That plus or minus is called a phase offset. You can change the phase offset to be a little closer to your time servers time. But it is not necessary.

One thing you might consider is to synch your domain controller to an outside time source. This is very easily done by simply downloading a little program called Symmtime, from Symetricom's web site. Symmetricom makes time servers. This little program has a list of time servers you can synch your domain controller to and it automatically resets your clock to synch with the outside time source.

Once again, the only synch you really need to consider is synchronizing your FSMO role holder DC with an outside time source.

Also, on symmetricom's web site, there is a little program called LMcheck that will allow you to review your entire domains synchronization. Both LMcheck and Symmtime are freeware from a manufacturer of good quality time servers. I have two time servers aboard my ship for GPS time. Exact time for all PCs is critical to my operations. So, these tools have been valuable to me.
My ship:

Since I am only agreeing with the above five comments, please don't accredit me points.
mail2clkAuthor Commented:
The domain controller sync's with an outside time server. The clients are on static ip addresses so I cannot specifiy the time server. The users never logoff or very rarely. The policy implemented covers the workstations only and the intention is to correct the workstations time at intervals.

Is there a better way of doing this? What I would like to do is configure it to point to the domain controller instead of an external time server. There are a number of other settings in the policy I am not to sure about.

Is there a definitive guide on the different input parameters.

Thanks in advance.
Regardless of being fixed or DHCP clients, the clients should still synch with the FSMO role holder. Even workgroups that are not behind the firewall should synch with the DC. As long as port 123 isn't blocked they should synch up.

What I would do in your shoes is to download a program called LMcheck. It is free from Symmetricom. Symmetricom builds time servers, (both GPS and atomic clocks). I have two aboard. LMcheck will check your domain PCs for how out of synch they really are.

If your clients are within five minutes of the server, that means they are within the phase offset that is the default phase offset that Microsoft set up.

If you insist on using an authoritative time server, you can set the GPOs, but I wouldn't include the server within the group policy objects. Also the GPOs do not include workgroup computers on your LAN.
Again: your best choice is to set your policies back to "not configured" and let Windows do what it does by default. Kerberos requires that the time difference between DCs and domain members is reasonably small, so domain members will sync *by* *default*. They'll find a time server all by themselves.
Furthermore, manually specifying a time server (command line, DHCP, policy, regedit, whatever) on a domain member, without changing its sync type to NTP instead of NT5DS, will have absolutely no effect. The client will ignore the time server and use the domain hierarchy.
Don't make things more complicated than they have to be. Remove the time service policies, and configure the PDCe to use a more reliable time source than the default
All Courses

From novice to tech pro — start learning today.