Solved

Windows Time XP Clients

Posted on 2009-05-11
12
678 Views
Last Modified: 2012-05-06
Is there a way to set the Windows Time Group Policy to allow a Windows XP client to take time from a Windows 2003 server? I do not know what the settings should be.
0
Comment
Question by:mail2clk
  • 2
  • 2
  • 2
  • +4
12 Comments
 
LVL 10

Expert Comment

by:bob_the_builder
ID: 24354147
This explains how to cofnigure a client to get Time service from another server

http://technet.microsoft.com/en-us/library/cc773263.aspx

Cheers,

Bob
0
 
LVL 10

Expert Comment

by:bob_the_builder
ID: 24354154
0
 
LVL 3

Accepted Solution

by:
rsquibb earned 85 total points
ID: 24354160
I believe if a computer is on a domain then it automatically syncs the time with a domain server.  It explains here how to test if this is working ok http://tinyurl.com/c9mz39
0
 
LVL 16

Assisted Solution

by:ccomley
ccomley earned 166 total points
ID: 24354166
If the XP machines are in the "windows domain" of the server, then this should happen automatically. By default, domain workstations are time sync'd to the server(s) when they log in. YOU should make sure that at least one of the server(s) is picking up its time sync from an internet source - and if you have more than one server the rest should either also use an internet source or should pick up from the primary. The WORKSTATIONS will time-sync to the server at login time.

If the XP machine(s) in question are NOT part of the domain, then you will need to set them up manually to use an "external" source, though that source can still be your Windows server if you choose.

http://support.microsoft.com/kb/307897

0
 
LVL 82

Assisted Solution

by:oBdA
oBdA earned 83 total points
ID: 24354170
Assuming that this is an AD domain: just do nothing.
In an AD domain, there's a time sync hierarchy *by* *default*: members will sync with the DC authenticating them, DCs will sync with the PDc emulator. No need to do anything manually, except maybe configure the PDCe to sync with an external source.
On the PDCe, open a command prompt and enter (replacing <1.2.3.4> with the time server of your choice; the ,0x8 at the end ill tell the time service to run in ntp client mode):

w32tm /config /manualpeerlist:<1.2.3.4>,0x8 /syncfromflags:MANUAL /update
w32tm /resync

A list of the Simple Network Time Protocol (SNTP) time servers that are available on the Internet
http://support.microsoft.com/kb/262680

The pool.ntp.org project
http://www.pool.ntp.org/
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 16

Assisted Solution

by:ccomley
ccomley earned 166 total points
ID: 24354187
Note by the way if the discrepency between the w/s RTC and the server time is too great, it won't sync. In that case you must manually update the time on the rogue XP machine to be close to the server's time then try again, it'll kick in.

One of the most common reasons for this to fail is incorrect time zone setting. If the XP box is set to the wrong zone, but then the clock has been "corrected", but when performing a time sync the TZ is taken into account, so the difference in zone will be added/subtracted to the shown time and that means the times will really be different by some hours, and that's too far to sync..

0
 

Assisted Solution

by:Hooshiara1
Hooshiara1 earned 83 total points
ID: 24354563
hi
in the DHCP you can specify time server for all client .
DHCP \ Server option \ select time server
0
 
LVL 38

Assisted Solution

by:ChiefIT
ChiefIT earned 83 total points
ID: 24355030
What these folks are telling you is true.

I would like to discourage against using group policy to synch up your client machines to the server. It overrides the default configuration of the time service that automatically synchronizes your domain pcs to the server. If you use group policy, most folks make the mistake of including the domain controller within the policy. So, they end up synchronizing the domain controller with itself. That causes problems, with the domain controller's time.

By default the FSMO role holder has synchronization flags that tell all clients on the domain "I am your time server and you need to be within five minutes plus or minus of my time" That plus or minus is called a phase offset. You can change the phase offset to be a little closer to your time servers time. But it is not necessary.

One thing you might consider is to synch your domain controller to an outside time source. This is very easily done by simply downloading a little program called Symmtime, from Symetricom's web site. Symmetricom makes time servers. This little program has a list of time servers you can synch your domain controller to and it automatically resets your clock to synch with the outside time source.

Once again, the only synch you really need to consider is synchronizing your FSMO role holder DC with an outside time source.

Also, on symmetricom's web site, there is a little program called LMcheck that will allow you to review your entire domains synchronization. Both LMcheck and Symmtime are freeware from a manufacturer of good quality time servers. I have two time servers aboard my ship for GPS time. Exact time for all PCs is critical to my operations. So, these tools have been valuable to me.
My ship:
http://www.opb.org/programs/ofg/videos/view/268-Multi-Beam-Sonar

Since I am only agreeing with the above five comments, please don't accredit me points.
0
 

Author Comment

by:mail2clk
ID: 24392974
The domain controller sync's with an outside time server. The clients are on static ip addresses so I cannot specifiy the time server. The users never logoff or very rarely. The policy implemented covers the workstations only and the intention is to correct the workstations time at intervals.

Is there a better way of doing this? What I would like to do is configure it to point to the domain controller instead of an external time server. There are a number of other settings in the policy I am not to sure about.

Is there a definitive guide on the different input parameters.

Thanks in advance.
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 24393044
Regardless of being fixed or DHCP clients, the clients should still synch with the FSMO role holder. Even workgroups that are not behind the firewall should synch with the DC. As long as port 123 isn't blocked they should synch up.

What I would do in your shoes is to download a program called LMcheck. It is free from Symmetricom. Symmetricom builds time servers, (both GPS and atomic clocks). I have two aboard. LMcheck will check your domain PCs for how out of synch they really are.

http://www.greyware.com/software/domaintime/instructions/tools/lmcheck.asp

If your clients are within five minutes of the server, that means they are within the phase offset that is the default phase offset that Microsoft set up.

If you insist on using an authoritative time server, you can set the GPOs, but I wouldn't include the server within the group policy objects. Also the GPOs do not include workgroup computers on your LAN.
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Q_22799695.html
0
 
LVL 82

Expert Comment

by:oBdA
ID: 24395859
Again: your best choice is to set your policies back to "not configured" and let Windows do what it does by default. Kerberos requires that the time difference between DCs and domain members is reasonably small, so domain members will sync *by* *default*. They'll find a time server all by themselves.
Furthermore, manually specifying a time server (command line, DHCP, policy, regedit, whatever) on a domain member, without changing its sync type to NTP instead of NT5DS, will have absolutely no effect. The client will ignore the time server and use the domain hierarchy.
Don't make things more complicated than they have to be. Remove the time service policies, and configure the PDCe to use a more reliable time source than the default time.windows.com.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now