Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 734
  • Last Modified:

Configuring NTP for all domain servers using GPO best practice

Hi All,

I'd like to implement the Group Policy modification so that I can enter the NTP setting for my PDC emulator to be the primary source of time for all network devices and servers.

here's my list of NTP:
server 0.oceania.pool.ntp.org
server 1.oceania.pool.ntp.org
server 2.oceania.pool.ntp.org
server 3.oceania.pool.ntp.org

Open in new window


1. how do I input those four servers into the text boxes in
Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers
because it is just one lineTextbox and which flag format do I need to use?

2. Can I just simply modify the Default Domain Controllers Policy because I only want to target this to the PDC role holder ? or do I have to create new one and then perform WMI filter  
Select * from Win32_ComputerSystem where DomainRole = 5

Open in new window

0
Senior IT System Engineer
Asked:
Senior IT System Engineer
  • 3
  • 2
  • 2
3 Solutions
 
it_saigeDeveloperCommented:
You will have to create a new Policy set that is applied with the WMI filter you specified.  If you apply the filter to the Default Domain Controllers Policy, then only your PDC Emulator will apply the policies therein, all of you other domain controllers will not apply the policy set.

-saige-
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
ah I see.
So what I need to do is to create new GPO object and change just single line "Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers" ?

what about the 4 values to be entered into the textbox ?
0
 
it_saigeDeveloperCommented:
Here is an example of using WMI Filtering with regards to PDC Emulator and Time Services:

http://blogs.technet.com/b/askds/archive/2008/11/13/configuring-an-authoritative-time-server-with-group-policy-using-wmi-filtering.aspx

As for the values to be entered, don't set the settings in the policy you referenced, create registry entries as shown here:

http://www.xenappblog.com/2012/time-server-group-policy/

-saige-
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
Seth SimmonsSr. Systems AdministratorCommented:
if you're using the server with the PDC emulator role for the time source, why use GPO?
by default domain members will look to that server for time so as long as that server is configured properly for an external time source, you shouldn't need to do anything else

How to configure an authoritative time server in Windows Server
https://support2.microsoft.com/kb/816042/en-us
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
ok, so in this case the PDC emulator server itself can be reconfugured using the registry entry ?
is that correct rather than using GPO to point the PDC emulator to the 4x NTP Pool servers above ?
0
 
Seth SimmonsSr. Systems AdministratorCommented:
yeah...GPO isn't necessary
configure those registry values, restart NTP service and the system log should show entries saying it is receiving good time from one of the providers you specified
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
Cool, I was confused myself reading the book from Amazon "Virtualizing Microsoft Business Critical Applications on VMware vSphere (VMware Press Technology)" which says that I need to perform the GPO method in setting one PDC role in my single domain to be the time server.

and when i started to do the implementation on my GP console, i confused myself and lucky that I didn't edit the Default DC GPO :-)
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now