Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: Windows Time Synchronization - Best Practices
From: Frank Knobbe <frank () knobbe us>
Date: Thu, 21 Oct 2004 22:13:51 -0500

On Thu, 2004-10-21 at 16:47, Gary E. Miller wrote:
Yeah, but you are still stuck with only ONE server, you are stuck with
SNTP and you have almost no way to tell if the time daemon is doing the
right thing.

Not quite. You can specify more than one server. Supposedly Windows
moves on the the next if the first one doesn't respond.
Do a "net help time" on the command line and it tells you how to do it.

With NTP you can designate a local master that gets it's time from a
diverse set of sources.  It is easy to verify and monitor it's proper
functioning.  Then you can redistribute it to your local hosts.

So? You can do the same with the Windows Time Service. Normally, you
have masters (typically domain controllers) get their time from the
Internet, and all other servers and clients can get the time from the
domain controllers. Again, "net help time" will show you how.

But I agree that full-fledged NTP servers have more capabilities than
the Windows Time Service. While it does the job -- synchronize time --
it offers less visibility as other NTP daemon as you note.


Attachment: signature.asc
Description: This is a digitally signed message part

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]