Sunday, October 27, 2013

Configure an authoritative time server using PowerShell

Windows Server includes W32Time, the Time Service tool that is required by the Kerberos authentication protocol. The Windows Time service makes sure that all computers in an organization that are running the Microsoft Windows 2000 Server operating system or later versions use a common time.
These configuration are based on Microsoft Recommendation, you can change the value base on your environment

Write-Host "This script will configure this server to be as Time Server, If you are ready to start press Enter "

Set-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\" -Name "Type" -Value "NTP"

set-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Services\W32Time\Config\" -Name "AnnounceFlags" -Value "5"

#Enable the Server
set-ItemProperty "hklm:\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer" -Name "Enabled" -Value "1"

#Ask the User for the IP or the DNS name for the Time Server you want to sync the time from
$NTPServerIP=Read-Host "Please type the IP address or the DNS name for the time server you want to sync from" 

#The Value 0x1 is a must other wise the next commands will not work
set-ItemProperty "hklm:\SYSTEM\CurrentControlSet\Services\W32Time\Parameters" -Name "NtpServer" -Value $NTPServerIP",0x1"

#TimeInSeconds is a placeholder for the number of seconds that you want between each poll
set-ItemProperty "hklm:\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\" -Name "SpecialPollInterval" -Value "900"

set-ItemProperty "hklm:\SYSTEM\CurrentControlSet\Services\W32Time\Config\" -Name "MaxPosPhaseCorrection" -Value "3600"

set-ItemProperty "hklm:\SYSTEM\CurrentControlSet\Services\W32Time\Config\" -Name "MaxNegPhaseCorrection" -Value "3600"

#Stop and restart the service
Restart-Service w32time

No comments: