Time Sync in W2k server

  • Thread starter Thread starter HN
  • Start date Start date
H

HN

How impoertant is to have time sync between domain users
and domain controller. Reason I ask is because we have
an inside accounting program that needs to allow users to
change their date and time on their workstation.
Sometimes it could be up to 3 days difference.

Any ideas how to do this without conflicting with time
sync?
 
-----Original Message-----
How impoertant is to have time sync between domain users
and domain controller. Reason I ask is because we have
an inside accounting program that needs to allow users to
change their date and time on their workstation.
Sometimes it could be up to 3 days difference.

Any ideas how to do this without conflicting with time
sync?
.
Click to expand...
Might want to re-consider. By default, anything past 5
minutes causes problems with Kerberos. I have never heard
of an account application that requires situations where
the computer clock ( date / time ) needs to be changed.
Sounds kinda fishy! But, hey, it is none of my business.

HTH,

Cary
 
Hello,

Time is very important in 2000, because the kerberos protocol is highly
dependant on time.

Maximum Tolerance for Synchronization of Computer Clocks --> The KDC
server's clock and the Kerberos client's clock have to be synchronized to
within a specified number of minutes. If the clocks are not synchronized
within the specified number of minutes, tickets are not issued to the
client. This is a deterrent in Replay attacks. Settings are in minutes.
Default value: 5 minutes.

232179 Kerberos Administration in Windows 2000
http://support.microsoft.com/?id=232179

266080 Answers to Frequently Asked Kerberos Questions
http://support.microsoft.com/?id=266080

Thank You.

Diana.

(e-mail address removed)

This posting is provided "AS IS" with no warranties, and confers no rights.
 
Back
Top