06.12.2024

How to Set an NTP Server Group Policy?

What is NTP-server?

An NTP server is indispensable for ensuring consistent timekeeping across numerous devices within a corporate network. This is especially important when it comes to monitoring and recording system events, as precise timestamps are vital for efficient analysis and problem-solving. When an NTP server is implemented, all connected devices can synchronize their clocks with the centralized time source, thereby minimizing inconsistencies and ensuring reliable operation.

Moreover, having a central database for time data facilitates easy tracking and auditing of network activity, which is crucial for adherence to compliance standards and maintaining security protocols. In summary, an NTP server plays a vital role in streamlining operations within a corporation by providing accurate time synchronization and logging capabilities.

Server configuration

In the Windows there is daemon for control time, which allows to serve another computer precise date and time - win32tm. Commonly setup service start at the Domain Controller automatically, but there is situation when we need indicate specific parameters and value. For that we can use CMD with utility which we described above for setup our server and then with Group Policy spread config to the client machine.

First of all explain syntax of the utility w32tm: w32tm [/options] value. At the begin we indicate utility than options for they and enter value!

Make sure that service was not shutdown:

w32tm /query /status

After confirmation about stopped service we can enter config into our server, also we need indicate master NTP server which will synchronize time and date. For reason fault-tolerance we need to indicate minimum four servers with near with you region:

w32tm /config /manualpeerlist:"0.europe.pool.ntp.org, 1.europe.pool.ntp.org, 2.europe.pool.ntp.org, 3.europe.pool.ntp.org" /syncfromflags:manual /reliable:YES /update 

Wait till the end of the process and synchronize:

w32tm /resync

Than enable by the CLI command:

net stop w32time
net start w32time

Screenshot №1 — Stop service

Make sure that our settings was applied!

w32tm /query /status

Screenshot №2 — Check status

Alright configuration NTP-server have done!

Group Policy

Open search bar and look for Group Policy, launch them in the Domain Controller or machine with AD:

Screenshot №3 — Search GP

Choose GPO or create new, by clicking on the Forest -> Domains -> Domain and click by the left button of mouse. Choose Create and name Policy:

Screenshot №4 — Create GP

Select the one you just created and go to the following sequences  Computer Configuration -> Policies -> Administrative Templates -> System -> Windows Time Service.

Screenshot №5 — Search Time Service

Choose Time Providers and edit them value as you can see in the picture below:

Screenshot №6 — First value

Edit point with NTP server and indicate our NTP machine in my case that 192.168.1.1 and next you can see flag for synchronization. Therefore change next point:

Screenshot №7 — Second value

Then for properly work we need to link our GPO to the domain, click right button at the domain and link them:

Screenshot №8 — Link GPO

On the client side you can wait when policies will update, that can take a long time, however there is way to manually resync client with domain controller:

gpupdate /force

The one disadvantage of this way, that requirement to update every computer manually!

Highlight! Have a look at the list of user and computer which in the table, due to potential issue with work NTP-server, you have to exclude or select another group without them. So server will have exclusive options, which we set up before!

 

The implementation of an NTP server is crucial for maintaining consistent and accurate timekeeping across a corporate network. Precise timestamps are essential for effective analysis and troubleshooting of system events, making an NTP server indispensable in ensuring reliable operations.