Go Back   TechArena Community > Technical Support > Computer Help > Windows Server > Windows Server Help
Become a Member!
Forgot your username/password?
Tags Active Topics RSS Search Mark Forums Read

Sponsored Links



Net time on login script

Windows Server Help


Reply
 
Thread Tools Search this Thread
  #1  
Old 05-02-2008
Marc S
 
Posts: n/a
Net time on login script

Prior consultants put the "net time" command into a login script.

net time \\servername / set /y (the server name is the correct one)

I get an eror when the script runs that the option is unavailable. The
Syntax looks wrong in the script.

Before I spend any time to fix this, does this need to be in the Login Script?

Reply With Quote
  #2  
Old 05-02-2008
Ace Fekay [MVP]
 
Posts: n/a
Re: Net time on login script

In news:87E10FD9-0701-469C-AAAF-0B733E944B8C@microsoft.com,
Marc S <MarcS@discussions.microsoft.com> typed:
> Prior consultants put the "net time" command into a login script.
>
> net time \\servername / set /y (the server name is the correct one)
>
> I get an eror when the script runs that the option is unavailable.
> The Syntax looks wrong in the script.
>
> Before I spend any time to fix this, does this need to be in the
> Login Script?


Nope. Not needed. All domain members will get their time sync from the DC
that holds the PDC Emulator Role by default. Nothing else to configure on
the client or other servers. However you would want to do a one shot time
config on the DC that holds the PDC Emulator role. This was designed this
way to insure time is properly set across the domain because AD uses
Kerberos for authentication, which uses a time stamp in the authentication
stream as a 'salt' to insure the authentication traffic is not replayed.
Kerberos only allows a 5 minute skew otherwise authentication will fail,
people can't logon, Exchange fails... the list goes on.

Assuming you are running Windows 2003 (different for 2000):

net stop w32time
net time /setsntp:192.5.41.41
net start w32time

Make sure UDP 123 is allowed access in your firewall from that IP to the DC
holding the PDC Emulator role. That IP is one of the Navy time servers.

--
Regards,
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
MVP Microsoft MVP - Directory Services
Microsoft Certified Trainer

Infinite Diversities in Infinite Combinations


Reply With Quote
  #3  
Old 05-02-2008
Marc S
 
Posts: n/a
Re: Net time on login script



"Ace Fekay [MVP]" wrote:

> In news:87E10FD9-0701-469C-AAAF-0B733E944B8C@microsoft.com,
> Marc S <MarcS@discussions.microsoft.com> typed:
> > Prior consultants put the "net time" command into a login script.
> >
> > net time \\servername / set /y (the server name is the correct one)
> > I get an eror when the script runs that the option is unavailable.
> > The Syntax looks wrong in the script.
> >
> > Before I spend any time to fix this, does this need to be in the
> > Login Script?

>
> Nope. Not needed. All domain members will get their time sync from the DC
> that holds the PDC Emulator Role by default. Nothing else to configure on
> the client or other servers. However you would want to do a one shot time
> config on the DC that holds the PDC Emulator role. This was designed this
> way to insure time is properly set across the domain because AD uses
> Kerberos for authentication, which uses a time stamp in the authentication
> stream as a 'salt' to insure the authentication traffic is not replayed.
> Kerberos only allows a 5 minute skew otherwise authentication will fail,
> people can't logon, Exchange fails... the list goes on.
>
> Assuming you are running Windows 2003 (different for 2000):
>
> net stop w32time
> net time /setsntp:192.5.41.41
> net start w32time
>
> Make sure UDP 123 is allowed access in your firewall from that IP to the DC
> holding the PDC Emulator role. That IP is one of the Navy time servers.
>
> --
> Regards,
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
> MVP Microsoft MVP - Directory Services
> Microsoft Certified Trainer
>
> Infinite Diversities in Infinite Combinations



How can I see if the "one time shot" was already setup on a Domain
Controller, before I run the net time you suggested?

If I have three Domain Controllers, will this be done on all three. Or only
one is the main Time Server?



Reply With Quote
  #4  
Old 06-02-2008
net_admin
 
Posts: n/a
Re: Net time on login script

http://support.microsoft.com/kb/816042


--
NetAdmin <São Paulo, BR>



"Marc S" wrote:

>
>
> "Ace Fekay [MVP]" wrote:
>
> > In news:87E10FD9-0701-469C-AAAF-0B733E944B8C@microsoft.com,
> > Marc S <MarcS@discussions.microsoft.com> typed:
> > > Prior consultants put the "net time" command into a login script.
> > >
> > > net time \\servername / set /y (the server name is the correct one)
> > > I get an eror when the script runs that the option is unavailable.
> > > The Syntax looks wrong in the script.
> > >
> > > Before I spend any time to fix this, does this need to be in the
> > > Login Script?

> >
> > Nope. Not needed. All domain members will get their time sync from the DC
> > that holds the PDC Emulator Role by default. Nothing else to configure on
> > the client or other servers. However you would want to do a one shot time
> > config on the DC that holds the PDC Emulator role. This was designed this
> > way to insure time is properly set across the domain because AD uses
> > Kerberos for authentication, which uses a time stamp in the authentication
> > stream as a 'salt' to insure the authentication traffic is not replayed.
> > Kerberos only allows a 5 minute skew otherwise authentication will fail,
> > people can't logon, Exchange fails... the list goes on.
> >
> > Assuming you are running Windows 2003 (different for 2000):
> >
> > net stop w32time
> > net time /setsntp:192.5.41.41
> > net start w32time
> >
> > Make sure UDP 123 is allowed access in your firewall from that IP to the DC
> > holding the PDC Emulator role. That IP is one of the Navy time servers.
> >
> > --
> > Regards,
> > Ace
> >
> > This posting is provided "AS-IS" with no warranties or guarantees and
> > confers no rights.
> >
> > Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
> > MVP Microsoft MVP - Directory Services
> > Microsoft Certified Trainer
> >
> > Infinite Diversities in Infinite Combinations

>
>
> How can I see if the "one time shot" was already setup on a Domain
> Controller, before I run the net time you suggested?
>
> If I have three Domain Controllers, will this be done on all three. Or only
> one is the main Time Server?
>
>
>

Reply With Quote
  #5  
Old 06-02-2008
Ace Fekay [MVP]
 
Posts: n/a
Re: Net time on login script

In news:4DDBA95C-EF0F-4EE8-B854-6F89D57711B1@microsoft.com,
Marc S <MarcS@discussions.microsoft.com> typed:

>
> How can I see if the "one time shot" was already setup on a Domain
> Controller, before I run the net time you suggested?
>
> If I have three Domain Controllers, will this be done on all three.
> Or only one is the main Time Server?


You can do it over and over again and again. It won't hurt. It just sets it
to whatever you set it to. Or look in the reg like that article shows.

Ace


Reply With Quote
  #6  
Old 06-02-2008
Marc S
 
Posts: n/a
Re: Net time on login script



"Ace Fekay [MVP]" wrote:

> In news:4DDBA95C-EF0F-4EE8-B854-6F89D57711B1@microsoft.com,
> Marc S <MarcS@discussions.microsoft.com> typed:
>
> >
> > How can I see if the "one time shot" was already setup on a Domain
> > Controller, before I run the net time you suggested?
> >
> > If I have three Domain Controllers, will this be done on all three.
> > Or only one is the main Time Server?

>
> You can do it over and over again and again. It won't hurt. It just sets it
> to whatever you set it to. Or look in the reg like that article shows.
>
> Ace
>


Perfect. Thanks so much.
Reply With Quote
  #7  
Old 07-02-2008
Ace Fekay [MVP]
 
Posts: n/a
Re: Net time on login script

In news:F7D732D9-FA92-4CA0-AF95-8877757246A9@microsoft.com,
Marc S <MarcS@discussions.microsoft.com> typed:
> Perfect. Thanks so much.


My pleasure.


Reply With Quote
Reply

  TechArena Community > Technical Support > Computer Help > Windows Server > Windows Server Help
Tags: , ,



Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "Net time on login script"
Thread Thread Starter Forum Replies Last Post
Calling login Script Chicago2010 Software Development 1 13-08-2010 12:07 PM
WAP login script in php Steinbach Software Development 3 14-04-2009 09:22 AM
Script to find last login time of a user in Windows 2000 Server sevaanan Window 2000 Help 1 03-08-2008 05:23 PM
to add username & password into my login.cmd - login script sphilip Windows Server Help 4 05-03-2008 11:04 PM
Startup Script or Login Script ?? WANNABE Active Directory 5 22-12-2006 07:44 PM


All times are GMT +5.5. The time now is 01:31 PM.