We explain and demonstrate everything you need to know about the Net Time Service w32tm and how to configure it on a Windows Domain Controller.
To determine which Net Time Server is right for you visit www.pool.ntp.org
Windows Time Service Tutorial 0:20
Do All Domain Controllers Need The Net Time Service set? 0:40
What is a PDC Emulator 0:57
How to Figure Out Which DC is the PDC Emulator 1:17
What is the current time service configuration 1:50
What is FREE-RUNNING SYSTEM CLOCK 2:00
How To Set the W32TM Nettime Service 2:30
Why is Time Service Important to Windows Domains 4:25
How to Choose a Time Server NTP 5:05
W32tm Command Explained 6:23
What is 0x8 7:14
How to reset w32tm Time Service 9:35
Setting Net Time in GPO 9:50
Command to Force a Time Update 10:35
How To Check the Net Time NTP 10:52
W32TM Commands Used in This Video
w32tm /query /source
w32tm /config /manualpeerlist:”1.ca.pool.ntp.org,0x8 3.ca.pool.ntp.org,0x8 time.nrc.ca,0x8″ /syncfromflags:manual /update
w32tm /resync [/computer:] [/nowait] [/rediscover] [/soft]
Net Stop W32time
Net Start W32time
w32tm /config /update
w32tm /stripchart /computer:3.ca.pool.ntp.org
0x4 SymmetricActive: Google Windows Time Server: 3.3 Modes of Operation
Why Is Time So Important In A Windows Domain?
In short, time important in any computer network to avoid “replay attacks”. Hackers can (and have!), connected to a network, recorded all of the traffic, found the username and password entries in that traffic, hacked to a computer on the network and then “replayed” the typing of the username and password.
Kerberos in the encryption Windows uses for credentials and it will invalidate any traffic older than 5 minutes to avoid replay attacks. However, there are many other reasons to worry about time accuracy, like
- Debit & Credit Card transaction standards (PCI – Payment Card Industry) require 1 second accuracy
- Government Regulations like:
- 50 ms accuracy for FINRA in the US
- 1 ms ESMA (MiFID II) in the EU.
- Cryptography Algorithms
- Blockchain framework for bitcoin transactions
- Distributed systems like Disk Clusters, Exchange Clusters and SQL Clusters require time to be the same on all copies
- Distributed Logs and Threat Analysis
- Active Directory Replication
In case you did not catch it in our video the PDC Emulator is the only place w32tm should be set to use an external provider and how to find an NTP provider:
You also might be interested in time accuracy improvements made to Windows 2016 by reading THIS Microsoft article. You might also find Configure the Root PDC with an Authoritative Time Source and Avoid Widespread Time Skew helpful.
w32tm set ntp server, w32tm set time server, Net Time Service, net time software, ntp server, ntp server setup, ntp server configuration in windows 2019, windows domain controller, Windows Server 2022, Windows Server 2019, Server 2022, Server 2019