?
Solved

Group policy setting to set workstations time with a domain controller

Posted on 2013-06-01
5
Medium Priority
?
12,273 Views
Last Modified: 2013-06-18
Hi guys,
I hope you are well and can help.
I wish to sync our workstations time through group policy with their domain controller but I cannot seem to find the required setting (if there is one).
We run windows xp and windows 7 and currently do this via a logon script, but windows 7 machines have issues with UAC when they try and sync with the net time command.

Any help greatly appreciated.
0
Comment
Question by:Simon336697
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 4

Assisted Solution

by:TalShyar
TalShyar earned 500 total points
ID: 39213861
Try this (This was done on Windows 2008 R2 Domain Controller with Forest and Domain set to Windows 2008 R2 functional level):

1. Open "Start | Administrative Tools | Group Policy Management"

2. Drill down to Forest | Domains | "Your Domain Nam" | Group Policy Objects | Default Domain Policy. [You can choose your own policy too]

3. Right click on policy and click on Edit.

4. Expand to "Computer Configuration | Policies | Administrative Templates: Policy definitions... | System | Windows Time Service"

5. Make the necessary changes

6. Wait for the group policy to propagate throughout your environment.

Good Luck
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 500 total points
ID: 39213880
By default you shouldn't need to sync time.  The windows time hierarchy should take over.  Below are two of my favorite time blog entries

http://blogs.technet.com/b/nepapfe/archive/2013/03/01/it-s-simple-time-configuration-in-active-directory.aspx

http://tigermatt.wordpress.com/2009/08/01/windows-time-for-active-directory/

Thanks

Mike
0
 
LVL 1

Author Comment

by:Simon336697
ID: 39215325
Hi Mike,

Thanks so much for that.

We have Windows XP systems and Windows 7 machines.

When a user logs on, the Logon script executes:

Net time %logonserver% /set

Are you saying that we could remove this command, and that for both:

Windows XP and
Windows 7

Machines they will automatically sync time with their domain controller that authenticates them?

Thanks again
0
 
LVL 24

Assisted Solution

by:Sandeshdubey
Sandeshdubey earned 500 total points
ID: 39215839
If you have applied GPO or script then remove the same as suggested it is not required, computer will  sync time from DC by default assuming that authorative time server ois configured correctly.More see this:http://support.microsoft.com/kb/223184

Configure authorative time server on the PDC role holder server.http://support.microsoft.com/kb/816042
0
 
LVL 26

Accepted Solution

by:
Leon Fester earned 500 total points
ID: 39215902
Yes, You can safely remove those instructions from your logon script/startup script for ALL Windows clients and servers.

Description of windows time sync hierarchy:
To guarantee appropriate common time usage, the Windows Time service uses a hierarchical relationship that controls authority, and the Windows Time service does not allow for loops. By default, Windows-based computers use the following hierarchy: •All client desktop computers nominate the authenticating domain controller as their in-bound time partner.
•All member servers follow the same process that client desktop computers follow.
•All domain controllers in a domain nominate the primary domain controller (PDC) operations master as their in-bound time partner.
•All PDC operations masters follow the hierarchy of domains in the selection of their in-bound time partner.
In this hierarchy, the PDC operations master at the root of the forest becomes authoritative for the organization. We highly recommend that you configure the authoritative time server to obtain the time from a hardware source. When you configure the authoritative time server to sync with an Internet time source, there is no authentication. We also recommend that you reduce your time correction settings for your servers and stand-alone clients. These recommendations provide more accuracy and security to your domain.
http://support.microsoft.com/kb/816042

Other reading information:
http://technet.microsoft.com/en-us/library/cc756572(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc773013(v=ws.10).aspx

OOPS, Slow typist alert! Didn't mean to repeat earlier post.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question