PAGANED
asked on
GPO --> NTP : Windows Time Server + GPO --> Change SystemTime
I have a bit of a problem...
Both GPOs do not work together
.
I am running a GPO BAT script (USER Applied)
SERVERNAME = our SERVER NAME
.......
NET TIME \\SERVERNAME /SET /YES
......
This works perfectly fine
.
.
Now I am trying to keep USERS (our users are local administrators to their computers)
from being able to edit the Windows Time Clock : Windows 7 Ult x32
This GPO is a (COMPUTER) applied
Computer >> Policies >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment >> Change the System Time (set to Domain Admins)
This GPO works just fine as well , however this one seems to Trump the User login due to the fact that it is a Computer GPO policy
Regardless of Group Policy Inheritance with the NetTime being above the Windows Clock Edit
.
.
So maybe I shouldn't be using NET TIME bat script anyway ... so I went into a new GPO
Computer >> Policies >> Administrative Templates >> System >> Windows Time Service >> Time Providers
I'm thinking I could just point to a specific NTP server , although I would prefer to point to my Network Server
Here's what I did >> (defaults except for NTP server)
NtpServer : nist1-la.ustiming.org,0x09
Type : NT5DS
CrossSiteSyncFlags : 2
ResolvePeerBackoffMinutes : 15
ResolvePeerBackoffMaxTimes : 7
SpecialPollInterval : 3600
EventLogFlags : 0
.
.
This was applied , but time did not change.
I had the computer set 10 minutes ahead of actual time
.
.
What am I doing wrong?
Both GPOs do not work together
.
I am running a GPO BAT script (USER Applied)
SERVERNAME = our SERVER NAME
.......
NET TIME \\SERVERNAME /SET /YES
......
This works perfectly fine
.
.
Now I am trying to keep USERS (our users are local administrators to their computers)
from being able to edit the Windows Time Clock : Windows 7 Ult x32
This GPO is a (COMPUTER) applied
Computer >> Policies >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment >> Change the System Time (set to Domain Admins)
This GPO works just fine as well , however this one seems to Trump the User login due to the fact that it is a Computer GPO policy
Regardless of Group Policy Inheritance with the NetTime being above the Windows Clock Edit
.
.
So maybe I shouldn't be using NET TIME bat script anyway ... so I went into a new GPO
Computer >> Policies >> Administrative Templates >> System >> Windows Time Service >> Time Providers
I'm thinking I could just point to a specific NTP server , although I would prefer to point to my Network Server
Here's what I did >> (defaults except for NTP server)
NtpServer : nist1-la.ustiming.org,0x09
Type : NT5DS
CrossSiteSyncFlags : 2
ResolvePeerBackoffMinutes : 15
ResolvePeerBackoffMaxTimes
SpecialPollInterval : 3600
EventLogFlags : 0
.
.
This was applied , but time did not change.
I had the computer set 10 minutes ahead of actual time
.
.
What am I doing wrong?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
.
They both don't work together
COMPUTER >> Change the System Time trumps the USER >> Net Time script
.
.
I see that I DON'T need to run the Net Time script at all
.
.
On a side note :
Why didn't the NTP Time Providers GPO work ?
The GPO was applied (gpresult /r)
Time however, did not change as it was set 10 minutes ahead
.