0

we've got a DC on Server 2003 the domain is running fine and all but I've got a problem with our external sites which are connected via the MPLS but not on the domain. The shops are running thin clients with Win Xp embedded, we're trying to get their box time synced with the domain but I have no idea how to allow anonymous access only to sync time, net time always returns with access denied and I would rather not leave any domain credentials anywhere in a scrypt on the box.

The exact time on the box really isn't that crucial as the boxes only create a RDP session but if the time is off by more than about 5 days then the connection is refused.

So the question is: how can I allow anonymous time sync with net time or is there a better way to achieve the same thing?

hyp
  • 495
  • 4
  • 12

2 Answers2

0

If the time only has to be accurate within a number of days, why bother using your domain time ?

Just let the XP boxes sync with the standard Internet time servers configured by MS.

adaptr
  • 16,576
  • 23
  • 34
  • Ah forgot to say about it that we're keeping rather tight on what the shops can see so I would still prefer to check the domain controller if theres a way to do it – hyp Feb 13 '12 at 10:05
  • Put your own harwdware clock onto the network and also use it as domain time source. – TomTom Feb 13 '12 at 10:37
0

You can use the Windows XP integrated time service to query the NTP server running on your domain controllers. Just set the time server either using 

 net time /SETSNTP:your.domain.controll.er

or the

 w32tm /config /manualpeerlist:your.domain.controll.er /syncfromflags:manual
 w32tm /update

sequence - the time service will sync the time periodically with the named machine over NTP (Port 123/udp).

You can still use w32tm /resync whenever you need to initialize synchronization manually. Synchronization status and error messages are logged to the client's event log.

the-wabbit
  • 40,737
  • 13
  • 111
  • 174