5 28

Added by Mike Danseglio November 24, 2014

I must govern the clock, not be governed by it.” – Golda Meir

You probably already know that having accurate time set on all clients and servers is important. Very bad things happen when computer clocks disagree. Things like:

• Users cannot logon to a domain
• Applications overwrite new data with older versions
• Servers fail to synchronize data between each other, causing version conflicts
• Financial transactions become subject to dispute
• Regulatory requirements are not met

Luckily Windows has taken this into account. The Network Time Protocol (NTP) service has been built into Windows since Windows XP and Windows Server 2003, and most Unix and Linux implementations have supported NTP since they were first built.

Windows Client and Server Time Synchronization

Unfortunately most Windows implementations do not use NTP as it is not enabled in many situations. One of those situations is a non-domain joined server. An unjoined system can function as both a NTP server and client, but it doesn’t do either by default.

I’ve already written about configuring a standalone Windows computer to function as a NTP client. Another common need is to create a standalone NTP server that can provide time synchronization for unjoined Windows computers as well as other operating systems like Linux and Mac OSX.

Configuring Windows as a Standalone NTP Server

Windows implements the W32Time service as both an NTP client and server. The service is off by default. So configuring a system as an NTP server requires both enabling the W32Time service and configuring it as a server. The process is very simple.

First, use the Services console to locate the Windows Time service. It will likely be off as shown in Figure 1.

Figure 1. Windows Time is not yet enabled or started.

You need to both start the service and configure it for Automatic start as shown in Figure 2.

Figure 2. The W32Time service is started and configured for automatic start.

Enabling the NTP server service requires a quick registry modification. Open Regedit and navigate to HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Services \ W32Time \ TimeProviders \ NtpServer and change Enabled from 0 to 1. This is shown in Figure 3.

Figure 3. Changing the NtpServer Enabled value to 1.

The last step is to update the Windows Time service’s running configuration. You do this by opening a command prompt and typing the w32tm /config /update command. You can then verify that the NTP server service is enabled with the w32tm /query /configuration command. Both of these are shown in Figure 4.

Figure 4. The output of the w32tm command.

Notice in the VMICTimeProvider section that Enabled is set to 1. That’s the flag that enables NTP server in Windows. Because that’s the running configuration, Windows is now running as a NTP server.

Enjoy,

Mike Danseglio -CISSP / CEH
Interface Technical Training – Technical Director and Instructor