What method should be used to set time in a domain, GPO or registry? Since Server 2008 has no time settings in the registry to begin with do you still need to enter anything in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer when in a domain and this is the the DC and time server for the domain or do the time keys take all settings from the GPO? Since this is for the Default Domain Controller GPO how do I specify which DC is the time source for the domain? Thanks

Hello Cjlindell, By default, Windows-based computers use the following hierarchy: All client desktop computers nominate the authenticating domain controller as their in-bound time partner. All member servers follow the same process that client desktop computers follow. All domain controllers in a domain nominate the primary domain controller (PDC) operations master as their in-bound time partner. All PDC operations masters follow the hierarchy of domains in the selection of their in-bound time partner. In this hierarchy, the PDC operations master at the root of the forest becomes authoritative for the organization. We highly recommend that you configure the authoritative time server to gather the time from a hardware source. When you configure the authoritative time server to sync with an Internet time source, there is no authentication. We also recommend that you reduce your time correction settings for your servers and stand-alone clients. These recommendations provide more accuracy and security to your domain. Configure a domain controller in the parent domain as a reliable time source http://technet.microsoft.com/en-us/library/cc739801(WS.10).aspx Configuring the Windows Time Service http://www.windowsnetworking.com/articles_tutorials/Configuring-Windows-Time-Service.html Windows Time Service GPO Settings http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/c9c70b7f-7493-4d1b-83aa-472ea36022fc Setting the Authoritative Time Server on the PDC Emulator Using Group Policy http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/6f025016-bbff-43b6-bd6c-e04b76b94155 Brent Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”

Brent, I don't believe you have answered my questions, though you are trying to help. I specifically asked What method should be used to set time in a domain, GPO or registry? This is not clearly stated anywhere. I understand Windows time hierarchy. What I want to know is what is the preferred method of setting up time in a domain? A GPO, or manually setting the registry or making changes @ a cmd prompt. If it is a GPO, what GPO should be edited or should a new one be created? In my case the existing Default Domain Controllers GPO was used for the DC holding the fsmo role and the Default Domain GPO is used for the rest of the domain. Something doesn't seem right here. I would really appreciate a simple and direct answer rather then copying and posting more info that still doesn't specifically answer my inquiry. Thanks

Hello, none of them, by default there is no need to configure it either way. You should configure the DC with the PDCEmulator FSMO to another time source, internet or hardware device with the "w32tm" command from an elevated command prompt, that's it. See my blog about details: http://msmvps.com/blogs/mweber/archive/2010/06/27/time-configuration-in-a-windows-domain.aspxBest regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.