Things like:. Luckily Windows has taken this into account. Unfortunately most Windows implementations do not use NTP as it is not enabled in many situations. One of those situations is a non-domain joined server.
Another common need is to create a standalone NTP server that can provide time synchronization for unjoined Windows computers as well as other operating systems like Linux and Mac OSX. The service is off by default. So configuring a system as an NTP server requires both enabling the W32Time service and configuring it as a server. The process is very simple. First, use the Services console to locate the Windows Time service.
It will likely be off as shown in Figure 1. I understand my referenced Microsoft source differently, that it comes close to a subset of ntp v3 when configured to use multiple external non-Windows ntp time sources. As I mentioned before, defaults, protocols and achievable accuracy depend on multiple factors. Most are documented by Microsoft. That's my question too, especially if you have chosen to use Windows time service instead of a fully compliant ntp implementation. Is it possible that it is not one of the requirements of the audit but instead just your mis- interpretation?
I would instead expect that the audit should report the achieved time accuracy over time as well as its variations or quality over time. And if high accuracy is required, I would expect several other aspects in the audit, e. There are other requirements for time curacy as well. Your knowledge about Windows time service. I didn't claim it would be totally wrong. What you know is still supported but it is no longer the default, except for connections with legacy devices or limited embedded devices.
SNTP is considered a still supported legacy mode of Windows time service. As I wrote above, it is needed for communications with legacy general purpose computing devices as well as for communications with limited embedded devices. For 12 to 15 years now, Windows time service switched its defaults. Windows time service can be configured to something close to a subset of ntp v3.
This is the default of Windows time service when several external non-Windows time sources are specified. I'm more active in technical software projects. In your case, is it such a self-assessment or an external audit?
So for the purpose of your audit, I would declare it Windows time service instead of ntp. The Wikipedia article declares it fully compliant with ntp while Microsoft denies having made such claims pronounced by Wikipedia. There is some compatibility with ntp v3. And there are different modes available within Windows time service.
So as you have now a deeper understanding of Windows time service and its relations to ntp and SNTP as well as of its different modes of operations as well as alternatives, you may do an overview if additional comments make sense in your audit or are already covered in the areas of time accuracy and time service vulnerability.
But I assume that beside doing such an audit, you should take additional notes how long it will still be possible to operate Windows server R2 in a compliant manner. I expect there are known dates where you'll need to either redesign such deployment or migrate to a more recent platform. If you want to stick with Windows, even a more recent version of an embedded edition of Windows could be an option.
The advantage of embedded editions is that you may gain better controls over lattencies and that you may much better downstrip the operating system for deployment as needed. Once extended support runs out - it will have to be upgraded. Get answers from your peers along with millions of IT pros who visit Spiceworks.
Best Answer. LarryCK wrote: however, one of the links that supposedly gives the answer is dead and the other one does not seem to mention NTP protocol version anywhere. If you need full ntp compliance , you may choose other implementations, including the reference implementation.
As far as I remember, the reference implementation for ntp v4 is available for Windows , including Windows Server R2 and Windows Server There are instructions how to integrate that reference implementation into Windows. The above mentioned Wikipedia article also mentions that this reference implementation has been audited in and several security issues found. I don't know to which extent this fixes have been addressed since. We recommend time servers from Meinberg , but you can also find time servers from End Run , Spectracom and many others.
If you have a static IP address and a reasonable Internet connection bandwidth is not so important, but it should be stable and not too highly loaded , please consider donating your server to the server pool.
It doesn't cost you more than a few hundred bytes per second traffic, but you help this project survive. Please read the joining page for more information. If your Internet provider has a timeserver , or if you know of a good timeserver near you, you should use that and not this list - you'll probably get better time and you'll use fewer network resources.
If you know only one timeserver near you, you can of course use that and two from pool. It can rarely happen that you are assigned the same timeserver twice - just restarting the ntp server usually solves this problem. If you use a country zone, please note that it may be because there is only one server known in the project - better use a continental zone in that case.
You can browse the zones to see how many servers we have in each zone. Be friendly. Many servers are provided by volunteers, and almost all time servers are really file or mail or webservers which just happen to also run ntp.
So don't use more than four time servers in your configuration, and don't play tricks with burst or minpoll - all you will gain is extra load on the volunteer time servers.
0コメント