Natter 0 Posted March 9, 2002 Hi, I want to syncronize the time of all clients logging on a domain. So I put the net time command in the login script, but that doesnt work, because the users of the clients dont have the right to set the time and I dont want to give it to them. How can i syncronize the time per login script? thx Share this post Link to post
Natter 0 Posted March 10, 2002 Its a NT4.0 Domain and a mix of NT4 / Win2k Clients.... thx for replying Share this post Link to post
ryoko 0 Posted March 11, 2002 Ok, here is a clumsy solution. I'll look in my resource kit to see if it has a better utility to do this, but until then this may work. I'm also assuming you have relatively few clients, enough that you can go to each workstation and do this, or some type of software to push this out (SMS server). On the local machine, create a script (it can even be a script to call another script on a DC) then using the srvany application make it a service. As the service you can have it log on with a higher level of rights. Now I admit this is really a bad solution, and only use it if you either don't get a better one or if you need a quick implementation. I really thought you could override a user lockout of setting things like the time on the domain. Something that would force the time to be synced to a domain controller but not changable by the clients. Well, let me look into it. -Ry Share this post Link to post
clutch 1 Posted March 11, 2002 I know what Ryoko is talking about, but there are a couple of other quick and dirty solutions. Doing a quick search at the Technet KB, I found some articles that should help. Now, one easy way to do this kind of synchronization is the setup the DHCP server to distribute the IP of the time-keeping server to all the clients. This is the way I do it on my mixed NT4/2K/XP network at work, but if for some reason this isn't an option (or some workstations still like to give you issues), there are other methods. First, you can always alter the logon script to manually sync the time to whatever server you like. Now, you are doing this, but you are getting a rights violation. This can be handled by going to the user manager and opening up the rights of your workgroup/domain users to change the time on the local machine. However, for a much more solid solution, having the workstation maintain a time sync on its own would work a lot better. So, how does one do that? Well, here are some links that I have to cover this: Get the "Timeserv" utility here, along with a great description on its configuration and use: http://www.microsoft.com/technet/treevie...ads/W32TIME.asp Setting up a Domain Time Source server, and initial description of syncing clients to that server: http://support.microsoft.com/default.aspx?scid=kb;EN-US;q131715 OK, so you have a Time Source, but how do I know that it has the right time? Well, you can get that info here (assuming you are in the US and all ): http://tycho.usno.navy.mil/ntp.html And you can validate it here: http://www.time.gov/ Defining Time Sources in a NT4 domain: http://support.microsoft.com/default.aspx?scid=kb;EN-US;q174557 Syncing Win2K clients in a NT4 domain: http://support.microsoft.com/default.aspx?scid=kb;EN-US;q258059 Syncing WinXP clients in a NT4 domain: http://support.microsoft.com/default.aspx?scid=kb;EN-US;q314345 This should pretty much nail down your time syncing issues in your domain. One other thing, in a pinch (and using SMS as mentioned before) you could actually have your network management software run the simple "NET TIME \\SERVER..." bit for you on the clients and servers, but just under an admin's credentials so you can get an initial sync if it's just a one time deal. I had to do this once, and it worked fine. But that would be assuming that you had SMS (I have 2.0), or some other network mgmt software like Tivoli or ZenWorks that could do this. HTH Share this post Link to post
bytemangler 0 Posted March 11, 2002 For my NT wks 4.0 users I just go into the client's user setting, policies, in user's right add the option to change system time. Than it's just a matter of adding a NET command in the logon script...NET TIME \\DOMAINSERVER /SET /YES. When a user logon on the network the script (located in the NETLOGON folder) tell the client to synchronize the clock with the specified server, set it, and don't prompt for a Y/N answer. Hope it help Share this post Link to post
ryoko 0 Posted March 11, 2002 That would work well bytemangler, however I think this is a security issue, where Natter does not want to grant user ability to change time. I can think of some people who might get into mischief with it. Still I never needed to lock down a system that much. Share this post Link to post