Ace
Wed May 07 21:03:16 PDT 2008
In news:8CF1DCC8-5103-4489-AD64-1F02E0BE036D@microsoft.com,
William Mann <WilliamMann@discussions.microsoft.com> typed:
> Timing is an important part of security; Since it is a domain
> sensitive issue, it needs to be a domain administrator account (or
> enterprise...etc) that adjusts the time.
>
> HTH.
>
Hi William,
Just to add for the poster, time skew for Kerberos authentication (which is
what AD usesis a 5 minute difference between the authenticating DC and the
member. The way it works by *default* is all machines in a specific domain
will get it's time sync from the DC that holds the PDC Emulator Role (not to
be confused with the legacy NT4 PDC nomenclature).
Simply sync the DC that holds this role with an external time source with
the following procedure and you and everyone in the domain should be good to
go. If you are not a domain admin, you can possibly place a request, or
whatever request procedure your company uses, with your IT department. But
then again, they may have already done so.
net stop w32time
net time /setsntp:192.5.41.41
net start w32time
Note: 192.5.41.41 is one of the US Navy's reliable time sources that many IT
departments in the world uses, well at least in the US.
--
Regards,
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
MVP Microsoft MVP - Directory Services
Microsoft Certified Trainer
For urgent issues, you may want to contact Microsoft PSS directly. Please
check
http://support.microsoft.com for regional support phone numbers.
Infinite Diversities in Infinite Combinations