Configuring Windows TimeSystem time has an increasingly important role as the Windows operating system matures, particularly with regard to Kerberos security, which is the default Windows Server 2003 authentication mechanism. With Kerberos security, the network depends on system clocks being in close synchronization. If the clocks on different systems aren't closely synchronized, authentication tickets can become invalid before they reach a destination host. Keeping the system in sync with the actual time isn't easy. System clocks can lose time. Users can accidentally set the system clock to the wrong time. Other things can go wrong as well. To help resolve problems with system time and time synchronization, Windows systems can use the Windows Time service to set a consistent network time based on the time at an Internet time server. Time services allow precise synchronization with world time. The Windows Time service used with desktop and server systems is a bit different. The sections that follow examine the Windows Time service for Windows Server 2003. For complete details on Windows Time service for Windows XP Professional, see the section of Chapter 3 in " Microsoft Windows XP Professional Administrator's Pocket Consultant " (Microsoft Press) entitled "Configuring Network Time." Windows Time and Windows Server 2003Stand-alone and member servers are configured to synchronize with a time server automatically. This time server is referred to as the authoritative time server . The way Windows Time works depends on whether the system is part of a workgroup or a domain. Here's a basic overview of how Windows Time works in workgroups:
In domains, a domain controller is chosen automatically as the reliable time source for the domain, and other computers in the domain sync time with this server. Should this server be unavailable to provide time services, another domain controller takes over. You cannot, however, change the Windows Time configuration. If you want to better manage Windows Time in a domain, you should install the appropriate components. The two key components are:
Any Windows Server 2003 system can be a Windows NTP client or a Windows NTP server. Typically, Windows NTP servers are configured as Windows NTP clients as well. Here's how that works:
You enable and configure Windows NTP clients and Windows NTP servers through Group Policy. The related policies are found under Computer Configuration\Administrative Templates\System\Windows Time Service. Enabling and Disabling Windows Time on Stand-alone and Member ServersYou can enable or disable network time for stand-alone or member servers by completing the following steps:
When you use network time, keep in mind that on large networks it's much more efficient to set up a local time server (which is the standard configuration for domains). With a local time server, SNTP messages from workstations and servers are broadcast locally and don't go out to the Internet. The messages sent between the local time server and the external time server are the only external time traffic. |