How to return to Default settings of NTP/Time server on domain with GP

domain-controllergroup-policyntptime-synchronizationwindows-server-2003

This is an Edit – according to the comments, I may have not been understood/

Facts:

  • I have a Windows 2003 Domain
  • PDC Emulator is enabled and working correctly on my DC
  • I have a GPO that is NOT working correctly
  • I WANT my clients to sync with the PDC Emulator that is on my DC (W2K3)
  • I want my DC to sync with an external NTP server

This is the GPO that is currently the NTP GPO

Policy Setting 
Configure Windows NTP Client Enabled 
NtpServer 0.asia.pool.ntp.org,0x1 
Type NT5DS 
CrossSiteSyncFlags 2 
ResolvePeerBackoffMinutes 15 
ResolvePeerBackoffMaxTimes 7 
SpecialPollInterval 3600 
EventLogFlags 0 

Policy Setting 
Enable Windows NTP Client Disabled

Question 1:

  • If I simply disable the linked NTP GPO – Will my clients return to the default settings (assuming a gpupdate /force is needed) – Will they return – actually they will continue to sync to/with the same server, but just with NO GPO. – Is that correct?

  • If the answer to Q1 is NO, is there anything special I need to do on the domain?

Question 2: (sorry for not opening a new question)

  • I discovered that I have this line on our domain profile login script (login.cmd) set in the login script for the profile of each user:

    REM ———————————– Set Local time to domain time
    net time /domain:domainserver /set /y

Should/Can I delete it? I think it's a legacy command that was left. please advise, thanks

Thank you, I hope this edit cleared some points.

Best Answer

The policy you have listed should only be applied to the PDC. In fact, since only one server in your domain is the PDC, I don't even recommend using this GP setting, but instead, set it in the registry directly on the PDC DC (shameless plug for my blog entry on how to do this: http://wp.me/pZ5Rx-3v). If you insist on doing this via Group Policy, be sure to target the GPO to ONLY the PDC DC (no other computers, not even other DCs). If the policy is applied to other machines, they will all act as NTP clients, contacting the NTP server directly.

By default, domain-joined clients are set to use the Windows Time Service. So, once you clear out this GPO, the domain clients should revert to Windows Time Service automatically.

As for the command in the login script, you won't need it once you clean up the GPO, so it's safe to remove. It was likely put there by the person who originally crafted the GPO, since they couldn't figure out how to get the clients to use the PDC for time...

Related Topic