Re: Time sync problem

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Andrew Mitchell (amitchell_at_removecasey.vic.gov.au)
Date: 06/30/04 

Date: Wed, 30 Jun 2004 07:42:34 -0700

=?Utf-8?B?SGVucmlr?= <Henrik@discussions.microsoft.com> said

> Hi
> My Boss recently told me to set up time syncronize between client and
> server. No outside syncronization will be allowed at any way.
>
> That meens that our server shall keep its own time and the clients
> should sunc with the server. We use server 2K3 and xp clients.
> We tested to configure in GPO machine settings in a OU which all client
> computer reside the ntp protocall to sync with our domain controller
> dc1.domain.local and enabled ntp client in the next section in the GPO.
>
> The clients didn't sync .
>

I think they did synch, but not in the way you thought they would.
An immediate synch will only occur at login if the clients clock is behind
the server, or more than 3 minutes ahead of the server. If it is less than 3
minutes fast the client will slow its clock and slowly adjust.

http://support.microsoft.com:80/support/kb/articles/Q224/7/99.ASP&NoWebConten
t=1

> We tested to use in a login script net time but when a user loged on and
> the logon script was running on the machine it said you dont have the
> necessary rights.

That's correct. Normal users don't have the necessary permissions to set the
time. Nor should they. If they can set the clock they can break the Kerberos
authentication which relies on times being matched between clients and
servers.

If you want to use the 'net time' command you must do it from a startup
script assigned via a GPO which will run in the local system context, not in
a login script which runs in the users context. 

-- 
Andy.

Relevant Pages

  • Re: Line replace
    ... writing duty to the file and my script only gets access when ... but sometimes our mobile clients try to access ... Most of the clients run Suse9.3 so does the server ... some are wxp machines which get their ssh access via ...
    (comp.lang.python)
  • RE: Users Cant Access Documents on Server
    ... Thanks for using the SBS newsgroup. ... As well as we know, if a workstation would not access network shares, then ... Leave the Default Gateway of the internal NIC blank of the server box. ... Clients That Require SMB Signing ...
    (microsoft.public.windows.server.sbs)
  • Re: Users Cant Access Documents on Server
    ... my computer to the network on the server. ... Connection Wizard none of the computers were listed. ... The Mac clients can not communicate with the server box. ... > Error Messages When You Open or Copy Network Files on Windows XP SP1 ...
    (microsoft.public.windows.server.sbs)
  • Re: [SLE] SMTP authentication
    ... So eventhough my local SMTP server dials up to the internet with a certain username and password, that same username and password would not be used as authentication between my local SMTP server and the ISP's one, should it be used as a relay? ... either defer all outgoing mails until you connect to the internet, then flush out all the mails in the queue. ... Your local server would use an external program like fetchmail to poll the mailserver of your ISP, download the mails and feed them to Postfix. ... The test does NOT say "All clients must be in mynetworks, ...
    (SuSE)
  • RE: VPN Clients Not Registering in AD DNS
    ... via VPN, the DNS records of the VPN clients are unable to be registered. ... Windows 2003 server? ... please let me know whether the clients get the IP ...
    (microsoft.public.windows.server.sbs)