net time and user rights
Hi, I want to syncronize the time of all clients logging on a domain. So I put the net time command in the login script, but that doesnt work, because the users of the clients dont have the right to set the time and I dont want to give it to them.
Hi,
I want to syncronize the time of all clients logging on a domain. So I put the net time command in the login script, but that doesnt work, because the users of the clients dont have the right to set the time and I dont want to give it to them.
How can i syncronize the time per login script?
thx
I want to syncronize the time of all clients logging on a domain. So I put the net time command in the login script, but that doesnt work, because the users of the clients dont have the right to set the time and I dont want to give it to them.
How can i syncronize the time per login script?
thx
Participate on our website and join the conversation
This topic is archived. New comments cannot be posted and votes cannot be cast.
Responses to this topic
Ok, here is a clumsy solution. I'll look in my resource kit to see if it has a better utility to do this, but until then this may work. I'm also assuming you have relatively few clients, enough that you can go to each workstation and do this, or some type of software to push this out (SMS server).
On the local machine, create a script (it can even be a script to call another script on a DC) then using the srvany application make it a service. As the service you can have it log on with a higher level of rights.
Now I admit this is really a bad solution, and only use it if you either don't get a better one or if you need a quick implementation. I really thought you could override a user lockout of setting things like the time on the domain. Something that would force the time to be synced to a domain controller but not changable by the clients. Well, let me look into it.
-Ry
On the local machine, create a script (it can even be a script to call another script on a DC) then using the srvany application make it a service. As the service you can have it log on with a higher level of rights.
Now I admit this is really a bad solution, and only use it if you either don't get a better one or if you need a quick implementation. I really thought you could override a user lockout of setting things like the time on the domain. Something that would force the time to be synced to a domain controller but not changable by the clients. Well, let me look into it.
-Ry
I know what Ryoko is talking about, but there are a couple of other quick and dirty solutions. Doing a quick search at the Technet KB, I found some articles that should help. Now, one easy way to do this kind of synchronization is the setup the DHCP server to distribute the IP of the time-keeping server to all the clients. This is the way I do it on my mixed NT4/2K/XP network at work, but if for some reason this isn't an option (or some workstations still like to give you issues), there are other methods.
First, you can always alter the logon script to manually sync the time to whatever server you like. Now, you are doing this, but you are getting a rights violation. This can be handled by going to the user manager and opening up the rights of your workgroup/domain users to change the time on the local machine. However, for a much more solid solution, having the workstation maintain a time sync on its own would work a lot better. So, how does one do that? Well, here are some links that I have to cover this:
Get the "Timeserv" utility here, along with a great description on its configuration and use:
http://www.microsoft.com/technet/treevie...ads/W32TIME.asp
Setting up a Domain Time Source server, and initial description of syncing clients to that server:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q131715
OK, so you have a Time Source, but how do I know that it has the right time? Well, you can get that info here (assuming you are in the US and all ):
http://tycho.usno.navy.mil/ntp.html
And you can validate it here:
http://www.time.gov/
Defining Time Sources in a NT4 domain:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q174557
Syncing Win2K clients in a NT4 domain:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q258059
Syncing WinXP clients in a NT4 domain:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q314345
This should pretty much nail down your time syncing issues in your domain.
One other thing, in a pinch (and using SMS as mentioned before) you could actually have your network management software run the simple "NET TIME \\SERVER..." bit for you on the clients and servers, but just under an admin's credentials so you can get an initial sync if it's just a one time deal. I had to do this once, and it worked fine. But that would be assuming that you had SMS (I have 2.0), or some other network mgmt software like Tivoli or ZenWorks that could do this.
HTH
First, you can always alter the logon script to manually sync the time to whatever server you like. Now, you are doing this, but you are getting a rights violation. This can be handled by going to the user manager and opening up the rights of your workgroup/domain users to change the time on the local machine. However, for a much more solid solution, having the workstation maintain a time sync on its own would work a lot better. So, how does one do that? Well, here are some links that I have to cover this:
Get the "Timeserv" utility here, along with a great description on its configuration and use:
http://www.microsoft.com/technet/treevie...ads/W32TIME.asp
Setting up a Domain Time Source server, and initial description of syncing clients to that server:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q131715
OK, so you have a Time Source, but how do I know that it has the right time? Well, you can get that info here (assuming you are in the US and all ):
http://tycho.usno.navy.mil/ntp.html
And you can validate it here:
http://www.time.gov/
Defining Time Sources in a NT4 domain:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q174557
Syncing Win2K clients in a NT4 domain:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q258059
Syncing WinXP clients in a NT4 domain:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q314345
This should pretty much nail down your time syncing issues in your domain.
One other thing, in a pinch (and using SMS as mentioned before) you could actually have your network management software run the simple "NET TIME \\SERVER..." bit for you on the clients and servers, but just under an admin's credentials so you can get an initial sync if it's just a one time deal. I had to do this once, and it worked fine. But that would be assuming that you had SMS (I have 2.0), or some other network mgmt software like Tivoli or ZenWorks that could do this.
HTH
For my NT wks 4.0 users I just go into the client's user setting, policies, in user's right add the option to change system time. Than it's just a matter of adding a NET command in the logon script...NET TIME \\DOMAINSERVER /SET /YES. When a user logon on the network the script (located in the NETLOGON folder) tell the client to synchronize the clock with the specified server, set it, and don't prompt for a Y/N answer. Hope it help
