Click here to get back home

NTP Time
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
NTP Time Bad Beagle 09-11-2006
|--> Re: NTP Time Steven L Umbach09-11-2006
`--> Re: NTP Time Roger Abell [MV...09-12-2006
Posted by Bad Beagle on September 11, 2006, 1:48 pm
Please log in for more thread options
 Can someone please give me some suggestons? I would like to use an external
ntp time server as our time source. What are teh best practices? I have no
domain controllers in my DMZ. Should I point a dmz server to a public ntp
time source and then point my domain controller on the lan to my dmz server?
Thoughts or suggestions please.



Posted by Steven L Umbach on September 11, 2006, 11:01 pm
Please log in for more thread options
 I would point the PDC fsmo to a public time server or a few of them. If you
want you can then configure your firewall to make sure it uses only those
servers. If you point it to a dmz server and the dmz server is compromised
[such risk is why they are in the dmz] then your domain has the wrong time.

Steve


> Can someone please give me some suggestons? I would like to use an
> external ntp time server as our time source. What are teh best practices?
> I have no domain controllers in my DMZ. Should I point a dmz server to a
> public ntp time source and then point my domain controller on the lan to
> my dmz server? Thoughts or suggestions please.
>



Posted by Roger Abell [MVP] on September 12, 2006, 9:19 am
Please log in for more thread options
It is a very narrow hole needed in the boundary firewall, one port
(if I recall, 123 udp) to your selected NTP servers IPs from the
forest root PDC FSMO, or from an internal surrogate that your
forest root timeserver uses.
For those to whom this exposure is too great, you will find that
they invest in an atomic clock hardware device for internal use.


> Can someone please give me some suggestons? I would like to use an
> external ntp time server as our time source. What are teh best practices?
> I have no domain controllers in my DMZ. Should I point a dmz server to a
> public ntp time source and then point my domain controller on the lan to
> my dmz server? Thoughts or suggestions please.
>



Similar ThreadsPosted
Server Time May 7, 2008, 6:57 am
time controll on ISA July 6, 2008, 3:20 am
Admin can't change time? June 16, 2005, 1:15 pm
Great time in France June 7, 2006, 10:58 am
daylight saving time (DST) February 27, 2007, 5:01 pm
Shortcut prompts with Run As dialogue every time October 7, 2005, 1:28 pm
user logon time tracking November 3, 2006, 1:08 am
How to force User log off when time expires? July 20, 2007, 5:48 am
Could not start the Windows Time Error 1300 June 22, 2005, 10:03 am
track employee time using logon & logoff December 13, 2006, 7:40 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap