Ability to synchronize after the system clock is changed, the dial-up network connection is opened, system starts, etc.
It is able to work as a time server so you can synchronize any computer's clock to your PC in your LAN or Internet only full license or site license. It can work on unicast and multicast modes. You can monitor the status of server and client, and save to a log file. For example, a local PDC emulator does not attempt to query numbers three or six because a domain controller does not attempt to synchronize with itself.
The following table lists the queries that a domain controller makes to find a time source and the order in which the queries are made. A domain controller does not attempt to synchronize with itself.
Each query returns a list of domain controllers that can be used as a time source. Windows Time assigns each domain controller that is queried a score based on the reliability and location of the domain controller. The following table lists the scores assigned by Windows Time to each type of domain controller.
When the Windows Time service determines that it has identified the domain controller with the best possible score, no more queries are made. The scores assigned by the time service are cumulative, which means that a PDC emulator located in the same site receives a score of nine. If the root of the time service is not configured to synchronize with an external source, the internal hardware clock of the computer governs the time.
Manually-specified synchronization enables you to designate a single peer or list of peers from which a computer obtains time. If the computer is not a member of a domain, it must be manually configured to synchronize with a specified time source.
A computer that is a member of a domain is configured by default to synchronize from the domain hierarchy, manually-specified synchronization is most useful for the forest root of the domain or for computers that are not joined to a domain.
Manually specifying an external NTP server to synchronize with the authoritative computer for your domain provides reliable time. However, configuring the authoritative computer for your domain to synchronize with a hardware clock is actually a better solution for providing the most accurate, secure time to your domain.
Manually-specified time sources are not authenticated unless a specific time provider is written for them, and they are therefore vulnerable to attackers. Also, if a computer synchronizes with a manually-specified source rather than its authenticating domain controller, the two computers might be out of synchronization, causing Kerberos authentication to fail. This might cause other actions requiring network authentication to fail, such as printing or file sharing. If only the forest root is configured to synchronize with an external source, all other computers within the forest remain synchronized with each other, making replay attacks difficult.
The "all available synchronization mechanisms" option is the most valuable synchronization method for users on a network. This method allows synchronization with the domain hierarchy and may also provide an alternate time source if the domain hierarchy becomes unavailable, depending on the configuration. If the client is unable to synchronize time with the domain hierarchy, the time source automatically falls back to the time source specified by the NtpServer setting. This method of synchronization is most likely to provide accurate time to clients.
There are certain situations in which you will want to stop a computer from synchronizing its time. For example, if a computer attempts to synchronize from a time source on the Internet or from another site over a WAN by means of a dial-up connection, it can incur costly telephone charges. When you disable synchronization on that computer, you prevent the computer from attempting to access a time source over a dial-up connection.
You can also disable synchronization to prevent the generation of errors in the event log. Each time a computer attempts to synchronize with a time source that is unavailable, it generates an error in the Event Log. If a time source is taken off of the network for scheduled maintenance and you do not intend to reconfigure the client to synchronize from another source, you can disable synchronization on the client to prevent it from attempting synchronization while the time server is unavailable.
It is useful to disable synchronization on the computer that is designated as the root of the synchronization network. This indicates that the root computer trusts its local clock. If the root of the synchronization hierarchy is not set to NoSync and if it is unable to synchronize with another time source, clients do not accept the packet that this computer sends out because its time cannot be trusted.
The only time servers that are trusted by clients even if they have not synchronized with another time source are those that have been identified by the client as reliable time servers. The Windows Time service W32Time can be completely disabled. If you choose to implement a third-party time synchronization product that uses NTP, you must disable the Windows Time service. The Windows Time service communicates on a network to identify reliable time sources, obtain time information, and provide time information to other computers.
Skip to main content. This browser is no longer supported. Download Microsoft Edge More info. Contents Exit focus mode. Is this page helpful? Please rate your experience Yes No. Any additional feedback? Important Prior to Windows Server , the W32Time service was not designed to meet time-sensitive application needs. Submit and view feedback for This product This page.
View all page feedback. And breaking kerberos, will break your ability to login anywhere else on the network from that system. Even though it wasn't the answer I was hoping for, this showed me what I am trying to do is probably impossible. Joseph Kern Joseph Kern 9, 3 3 gold badges 30 30 silver badges 55 55 bronze badges.
Thats how I do it now. Was hoping to avoid taking it out of AD because I need to do it around 30 times today changing the date each time.
Wow really? That should be in your initial post. I just updated your post a bit. Hope there's a better answer than "turning off the time service", probably not though. Marcin Marcin 11 2 2 bronze badges. Sign up or log in Sign up using Google. Sign up using Facebook. Sign up using Email and Password. Post as a guest Name. MaxPosPhaseCorrection All versions Specifies the largest positive time correction in seconds that the service makes.
MinPollInterval All versions Specifies the smallest interval, in log base 2 seconds, allowed for the system polling interval. Note that while a system does not request samples more frequently than this, a provider can produce samples at times other than the scheduled interval. The default value for domain controllers is 6.
PhaseCorrectRate All versions Controls the rate at which the phase error is corrected. Specifying a small value corrects the phase error quickly, but might cause the clock to become unstable. If the value is too large, it takes a longer time to correct the phase error. The default value on domain members is 1. The default value on stand-alone clients and servers is 7. Note Zero is not a valid value for the PhaseCorrectRate registry entry.
PollAdjustFactor All versions Controls the decision to increase or decrease the poll interval for the system. The larger the value, the smaller the amount of error that causes the poll interval to be decreased.
RequireSecureTimeSyncRequests Windows 8 and later versions Controls whether or not the DC will respond to time sync requests that use older authentication protocols. If enabled set to 1 , the DC will not respond to requests using such protocols. This is a boolean setting, and the default value is 0.
SpikeWatchPeriod All versions Specifies the amount of time that a suspicious offset must persist before it is accepted as correct in seconds. The default value on stand-alone clients and workstations is TimeJumpAuditOffset All versions An unsigned integer that indicates the time jump audit threshold, in seconds.
If the time service adjusts the local clock by setting the clock directly, and the time correction is more than this value, then the time service logs an audit event. UpdateInterval All versions Specifies the number of clock ticks between phase correction adjustments.
The default value for domain members is 30, The default value for stand-alone clients and servers is , Note Zero is not a valid value for the UpdateInterval registry entry. The default value on stand-alone clients and servers is 1. The default value on stand-alone clients and servers is 0x1.
The NtpServer is a time server that responds to client time requests on the network by returning time samples that are useful for synchronizing the local clock. LargeSampleSkew All versions Specifies the large sample skew for logging, in seconds. Events will be logged for this setting only when EventLogFlags is explicitly configured for 0x2 large sample skew.
The default value on domain members is 3. The default value on stand-alone clients and servers is 3. ResolvePeerBackOffMaxTimes All versions Specifies the maximum number of times to double the wait interval when repeated attempts to locate a peer to synchronize with fail. A value of zero means that the wait interval is always the minimum. The default value on domain members is 7.
ResolvePeerBackoffMinutes All versions Specifies the initial interval to wait, in minutes, before attempting to locate a peer to synchronize with. SpecialPollInterval All versions Specifies the special poll interval, in seconds, for manual peers. When the SpecialInterval 0x1 flag is enabled, W32Time uses this poll interval instead of a poll interval determined by the operating system. The default value on domain members is 3, The default value on stand-alone clients and servers is , It contains reserved data that is used by the Windows operating system.
It specifies the time, in seconds, before W32Time will resynchronize after the computer has restarted. Any changes to this setting can cause unpredictable results. The default value on both domain members and on stand-alone clients and servers is left blank.
The following registry entries are not a part of the W32Time default configuration but can be added to the registry to obtain enhanced logging capabilities. By default, the Windows Time service logs an event every time that it switches to a new time source. These are the global Group Policy settings and default values for the Windows Time service. Skip to main content. This browser is no longer supported. Download Microsoft Edge More info. Contents Exit focus mode. Is this page helpful? Please rate your experience Yes No.
Any additional feedback? Caution Don't use the Net time command to configure or set a computer's clock time when the Windows Time service is running.
Note If you have a computer with multiple network adapters is multi-homed , you cannot enable the Windows Time service based on a network adapter. Important Windows Server has improved the time synchronization algorithms to align with RFC specifications. Note In this case, if you want to set the clock back slowly, you would also have to adjust the values of PhaseCorrectRate or UpdateInterval in the registry to make sure that the equation result is TRUE.
Note When you remove a Group Policy setting, Windows removes the corresponding entry from the policy area of the registry. Warning This information is provided as a reference for use in troubleshooting and validation.
Note Some of the parameters in the registry are measured in clock ticks and some are measured in seconds. Ticks Property. Submit and view feedback for This product This page. View all page feedback. In this article.
0コメント