How do you configure Authoritative Time Service in Group Policy so all the domain members use the domain controller with the PDC FSMO role?

windows-server-2008 windows-server-2003 group-policy

I know by default domain members sync time to the domain controller. However computers can be set later to pull time from an external source and then cause problem. How can this be fixed in Group Policy so that domain members always sync back to the domain controller and that that the domain controller syncs from hardware?


Solution 1:

There is a pretty good article on MSDN Blogs that describes how to configure Windows Time Service using Group Policy.

Group Policy Settings Explained - Windows Time Service (blogs.msdn.com)

Solution 2:

By default, unless you've modified it, all DC's sync to the PDC emulator, and clients will sync to the DC's in the closest site defined to them in sites and services. The PDC emulator should be synced to an upstream time source. I've NEVER had to make a policy change on the client policies.

Related

machines of two subnets communicate through CentOS(with two NICs)
shell : warn about or deny command execution with help of an alias
Opensuse port forwarding 80 to 8080 not working
why sc query fails from one machine but works from another
Unable to add a physical disk to a Storage Spaces storage pool but can add it to a new pool?
Cron Job not Running
Apache Restart cause [proxy_http:error] [pid 120502] (70008)Partial results are valid but processing is incomplete
sketchy nginx access log entries
Block an IP-address which tries to download entire website
Ansible: Raise Error if replace did not find anything to replace
VMware vsphere essentials plus network cabling
Scan outgoing Postfix email for spam with Spamassassin