Creating a Standalone NTP Server With Windows

Home > Blogs > Windows 7 > Creating a Standalone NTP Server With Windows

Creating a Standalone NTP Server With Windows

2 26 Mike Danseglio
Added by November 24, 2014

I must govern the clock, not be governed by it.” – Golda Meir

You probably already know that having accurate time set on all clients and servers is important. Very bad things happen when computer clocks disagree. Things like:

  • Users cannot logon to a domain
  • Applications overwrite new data with older versions
  • Servers fail to synchronize data between each other, causing version conflicts
  • Financial transactions become subject to dispute
  • Regulatory requirements are not met

Luckily Windows has taken this into account. The Network Time Protocol (NTP) service has been built into Windows since Windows XP and Windows Server 2003, and most Unix and Linux implementations have supported NTP since they were first built.

Windows Client and Server Time Synchronization

Unfortunately most Windows implementations do not use NTP as it is not enabled in many situations. One of those situations is a non-domain joined server. An unjoined system can function as both a NTP server and client, but it doesn’t do either by default.

I’ve already written about configuring a standalone Windows computer to function as a NTP client. Another common need is to create a standalone NTP server that can provide time synchronization for unjoined Windows computers as well as other operating systems like Linux and Mac OSX.

Configuring Windows as a Standalone NTP Server

Windows implements the W32Time service as both an NTP client and server. The service is off by default. So configuring a system as an NTP server requires both enabling the W32Time service and configuring it as a server. The process is very simple.

First, use the Services console to locate the Windows Time service. It will likely be off as shown in Figure 1.

001-Windows-Time-is-not-yet-enabled-or-started

Figure 1. Windows Time is not yet enabled or started.

You need to both start the service and configure it for Automatic start as shown in Figure 2.

002-W32Time-service-is-started-and-configured-for-automatic-start

Figure 2. The W32Time service is started and configured for automatic start.

Enabling the NTP server service requires a quick registry modification. Open Regedit and navigate to HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Services \ W32Time \ TimeProviders \ NtpServer and change Enabled from 0 to 1. This is shown in Figure 3.

003-Changing-the-NtpServer-Enabled-value-to-1

Figure 3. Changing the NtpServer Enabled value to 1.

The last step is to update the Windows Time service’s running configuration. You do this by opening a command prompt and typing the w32tm /config /update command. You can then verify that the NTP server service is enabled with the w32tm /query /configuration command. Both of these are shown in Figure 4.

004-The-output-of-the-w32tm-command

Figure 4. The output of the w32tm command.

Notice in the VMICTimeProvider section that Enabled is set to 1. That’s the flag that enables NTP server in Windows. Because that’s the running configuration, Windows is now running as a NTP server.

Enjoy,

Mike Danseglio -CISSP / CEH
Interface Technical Training – Technical Director and Instructor

Videos You May Like

Creating Users and Managing Passwords in Microsoft Office 365

0 581 3

In this Office 365 training video, instructor Spike Xavier demonstrates how to create users and manage passwords in Office 365.   For instructor-led Office 365 training classes, see our course schedulle: Spike Xavier SharePoint Instructor – Interface Technical Training Phoenix, AZ 20347: Enabling and Managing Office 365    

How to clone a Windows Server 2012 or 2012 R2 Domain Controller

3 1343 3

One of the coolest new features in Window Server 2012 and Windows Server 2012 R2 is the ability to clone a Domain Controller. In the past, if we had virtualized Domain Controllers and we actually took a snapshot of it and then rolled back to that snapshot, it would break the logon service on that … Continue reading How to clone a Windows Server 2012 or 2012 R2 Domain Controller

Detailed Forensic Investigation of Malware Infections – April 21, 2015

4 545 3

How does an investigator hunt down and identify unknown malware? In this recording of our IT Security training webinar on April 21, 2015, Security expert Mike Danseglio (CISSP / CEH) performed several malware investigations on infected computers and identify symptoms, find root cause, and follow the leads to determine what’s happening. He demonstrated his preferred … Continue reading Detailed Forensic Investigation of Malware Infections – April 21, 2015

Write a Comment

See what people are saying...

  1. Avatar Adas

    Hello, when i try sync two PCs, client PC write SYNC FAILED. I am trying on WINDOWS 10. Can you help me?

  2. Avatar Hagai Shalev

    for Win10 I managed to do all in small batch

    sc config w32Time start= auto

    reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer /v Enabled /t REG_DWORD /d 0x1 /f

    w32tm /config /update

    w32tm /query /configuration

  3. Avatar Richard

    I have had moderate success with this, some PCs seem to work fine, others just don’t pick up the Windows NTP server.

    I do have a question though, how is the NTP server service broadcast? – I ask as I often work with PC’s with dual network cards, where the second network card is not the main network. BUT I want to access the Windows NTP server from the secondary network.
    It seems to me that the Windows NTP server does not broadcast on this secondary network.
    Look forward to any thoughts on this… thanks

  4. Avatar Nissim

    Could you please provide the procedure for configuring a standalone Windows computer to function as a NTP client?
    (I searched for it but couldn’t find)

    Thanks!
    Nissim

  5. Avatar Chad B

    Can you please post the article discussing how to setup the NTP clients? I can ping the server from the client, but they won’t sync their time with it.

  6. Avatar Brian

    Does this work on Server 2016 and Windows 10? I cant get it work even though I methodically followed all the steps.

  7. Avatar Pete

    Nice an clear tutorial. Saved me downloading a different server I had no idea it was built in. Many thanks.

  8. Avatar JB

    Make sure you use spaces before /

  9. Avatar Anwar

    I have run command prompt as administrator but after enter w32tm /config /update command I getting
    “The Command /config /update is unknow” can any one help

  10. Avatar Gene B.

    Note, if you get ‘Access denied’ when issuing the w32tm command, run the command prompt as administrator, then run w32tm.

  11. Avatar Thang Duong Bao

    I’m checked with Windows 10, need to restart service in cmd: net stop w32time && net start w32time
    Also, alow inbount connection on firewall UTP port 123

  12. Avatar AndyBoss

    Great article! I have an RFID reader connected to my laptop which asks “SNTP Server Name or IP Address”. I have entered ‘localhost’ which it accepts, but I’m unsure if this is correct. I assume the RFID reader device pings the laptop, but so far, the RFID reader clock is not updated. Some help in this are would be really appreciated. Thx

  13. Avatar yaqove

    Tnx

  14. Avatar Marc

    Job’s done with the add of Kybe in comment, it work perfectly ! Thanks !!

  15. Avatar Joe

    Once configured as an authoritative NTP server can the same server be used for other Windows applications?

    Joe

  16. Avatar Elsadeg

    I got access denied error

  17. Avatar Asintoc

    In which port should the ntp client be listening? I want to make it programmatically for Android clients

  18. Avatar Gone

    Not sure it will work with if W10 as time server and WinCE7 as client

  19. Avatar kyb

    I could be useful to Change the value from 10 to 5 in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags (it means to use local CMOS time clock, KB314054).

  20. Avatar tejmani

    configuration is now ok smoothly working, when i set to router as ntp client there no little different time

  21. Avatar Dave Cason

    Hi, tried to get it running on a Non-DC 2012 server but that last flag – the VMIVT is still 0 or off !! What next ? Also can I tell the servers DHCP to point to itself via a scope option 004 to use its self as a time server for clients – in this case IP phones !?

  22. Avatar Swapnendu

    Note that NTP server functionality with this change works in kind of a proxy mode, Windows NTP Client should already be pointed to a valid NTP server else the Local Registry HAck will not work.

  23. Avatar Mik

    Hi

    I have a little trouble with the communication across the network. I disabled all firewalls, but anyway the client mashine can not connect to the server (IP address). I can ping both ways, any suggestions?

  24. Avatar P1azer

    amit: Justly simply go to system time settings (double click on time icon on right corner) and fil the Server: column with IP adress of your NTP server and it should work like that.

  25. Avatar Paul

    Thanks much … it really works…..

  26. Avatar amit

    how client and NTP server communicate please let me know what we will do at client machine

Share your thoughts...

Please fill out the comment form below to post a reply.