The use case is rare, but what do you do for a time server when Active Directory isn't available and a number of computers (which may or may not be Windows) have a single authoritative time source? The answer is Network Time Protocol (NTP), but configuring it outside of Active Directory is slightly different. (Read my tip on configuring a time server within Active Directory domain controllers.)When a Windows Server makes the transition to being a domain controller, the capability of functioning as an NTP server comes online. Within the Windows Registry, the HKLM | System | CurrentControlSet | Services | W32Time | TimeProviders | NtpServer section has the configuration for the local NTP server. A default installation of Windows Server 2008 R2 shows this in Figure A. (Note: Editing the registry is risky, so be sure you have a verified backup before saving any changes.) Figure A
Click the image to enlarge.In Figure A, the "Enabled" registry value is off at a value of 0, indicating that the NTP server is not running on the computer. If you change the value to 1 and enter w32tm /config /update, it will change the running configuration of W32TM, the Windows Time engine. In addition, if you run w32tm /query /configuration, it will display the change that changed the enabled value from 0 to 1 for the local NTP server (Figure B). Figure B
Click the image to enlarge.
Now you can configure other devices to use the NTP server configuration on this computer, and no Active Directory permissions are required. This is different than using the net time command, which does not use NTP.
Have you had to turn on NTP for standalone servers? If so, what additional steps did you take? Share your comments in the discussion.
Rick Vanover is a software strategy specialist for Veeam Software, based in Columbus, Ohio. Rick has years of IT experience and focuses on virtualization, Windows-based server administration, and system hardware.