Stop Active Directory from updating computer time and date

As long as he is not making changes to active directory the impact to the environment will be minimal. The user may have problems getting group policy updates and may have issues authenticating (but that can be fixed with a time reset and reboot) You will have to:

  1. sync time to a nonexistent timesource see Windows Time Service Tools and Settings this will prevent the domain from automatically repairing the time
  2. change the time manually.

you can keep the users machine in sync and allow him to have a time difference on a virtual machine rather than his workstation (windows virtual machine will allow this)


If the time is off authentication to Network Resources will fail. If the user logs off with the time out of sync all domain authentication for that computer will fail. In order to get back in you would have to unplug from the network and log in using cached credentials.

Cleanest way would probably be to have the user test from a workstation that is not on the domain.


The protocols used to contact domain controllers (specifically Kerberos) are based on the computer's time. All sorts of authentication errors can result from messing with the time. generally, a time skew of more than 5 minutes will give you problems.

More info on how Kerberos works here: http://en.wikipedia.org/wiki/Kerberos_%28protocol%29