[aklug] Re: OT: Windozs time syncronization

From: Royce Williams <royce@tycho.org>
Date: Thu Oct 15 2015 - 14:52:36 AKDT

In true Royce form, more info than you needed:

The granularity of the native client isn't fine enough, IMO:

https://en.wikipedia.org/wiki/Network_Time_Protocol#Windows_Time_service

Quoting:

Beginning with Windows Server 2003 and Windows Vista, a compliant
implementation of full NTP is included.[20]Microsoft says that the
W32Time service cannot reliably maintain sync time to the range of 1
to 2 seconds.[21] If higher accuracy is desired, Microsoft recommends
using a different NTP implementation.[22]

And read this, it's enlightening:

https://technet.microsoft.com/en-us/library/cc773013(v=ws.10).aspx

I recommend using a real NTP client for the Windows side to get the
right granularity and true local drift adjustment:

https://www.meinbergglobal.com/english/sw/ntp.htm

I'd also definitely deploy multiple internals NTP servers, so that you
get proper internal detection of falsetickers.

And when NTPSec launches, doing secure NTP internally would be awesome.

Royce

On Thu, Oct 15, 2015 at 1:58 PM, Christopher Howard <ch.howard@zoho.com> wrote:
> Hey guys... How is time syncronization (supposed to be) handled in a
> Windows shop (using 2008 server). Does the server need to be running
> an NTP server, or do the clients (Windows 7, 10) query for time in
> some other way? Does each client PC need to be joined to the domain or
> do they automagically look for a server on the network?
>
> --
> http://justonemoremathproblem.com/
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Thu Oct 15 14:53:28 2015

This archive was generated by hypermail 2.1.8 : Thu Oct 15 2015 - 14:53:28 AKDT