Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

What are the best practices for the properly configuring NTP in a Windows 2000/2003 Environment

Posted on 2011-04-20
7
Medium Priority
?
734 Views
Last Modified: 2012-05-11
I'm in a Windows 2000/2003 domain. In addition I have a dmz environment that contains mostly Windows 2000/2003 servers and a couple Solaris Web servers and a DR ennvironment containing mostly windows 2003 servers and a couple of Solaris Web servers. What is the best practices approach and design to the proper configuration of NTP?
0
Comment
Question by:cheyliger
  • 5
  • 2
7 Comments
 
LVL 17

Expert Comment

by:surbabu140977
ID: 35440476
I have a sketchy memory of this having been done a long time back. But in short, you need to install Windows time service and configure PDC master to use either internal or external source. The list of external stratum1/2 servers are located below.
http://support.microsoft.com/kb/262680

The below link is actually describing how you can use the PDC as the authorative one using either internal CMOS or external source.
http://support.microsoft.com/kb/816042

I am not a SUN person, but you can definitely configure them to use your PDC as the NTP source like the windows clients.

Best,


0
 
LVL 17

Expert Comment

by:surbabu140977
ID: 35440506
If your env is large then you might consider using/installing ntpd for windows/linux. That should bring down the time correction within 35 ms.

Best,
0
 

Author Comment

by:cheyliger
ID: 35451678
Thank you, Subabu140 for your suggestions but, when I inquired about best practises for configuring NTP I'm looking for what is the accepted standard approach  to set up and configuring it, such as is it best to use pool time servers as opposed to a couple of non pool ones or govt time servers as opposed to non govt ones. Also, my env is small so using or installing ntpd for windows /linux may not be option.
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
LVL 17

Accepted Solution

by:
surbabu140977 earned 2000 total points
ID: 35451956
I would generally configure 1 server internally to point to an external source e.g pool.ntp.org. The rest of the clients should point to that internal server. That should suffice and not a bad practice at all. :)

For ONLY windows or AD environement Microsoft authorative times servers should have been enough. (http://community.spiceworks.com/education/projects/Microsoft_Authoritative_Time_Servers)

below is just an alternate suggestion. (for a mix of windows/non-windows env)

Installing one non-windows (sun/linux) time server and have ALL your  devices synchronize with these Linux Time Servers. This would simply add another Stratum to the whole configuration, by which i mean, do not configure the workstations themselves to hit your Linux Time Server, but rather point your Active Directory server(s) to your internal Linux Time Server, which will allow the workstations to continue to use default dependencies on their Domain Controller(s) time configuration(s).


Best,


0
 
LVL 17

Expert Comment

by:surbabu140977
ID: 35451969
To exactly answer your question, I always prefer the pool.

Best,
0
 
LVL 17

Expert Comment

by:surbabu140977
ID: 35451978
And as a FYI,  there is no benefit to using specific servers over pool servers, unless you know you're really really close to one. Every single one of them is synched to a high-tiered server, and can be considered quite accurate.
0
 

Author Comment

by:cheyliger
ID: 35498823
I actually wanted to use Surbabu140 first comment as the complete answer but I mistakingly clicked on the one that is highlighted "green" and the system wont allow me to correct it.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question