Copy and paste the code block into notepad and name the file W32TimeDefaultSettings.reg
run as an administrator.
Code is provided as is with no warranty or guarantee of liability and recommended for MCSE, MCITP or MCASAE
For MCSA ensure you are familiar with NTP and Windows Time Service or ask one of the above to help.
For MCTS or MCP working towards more advanced certification, same as above.
Do not be afraid to ask for help from someone more experienced.
Be prepared to buy them a beverage or lunch, get used to the idea of paying for help.
Joshua Cuellar, MCITP:Enterprise
IT\Software Engineering, B.Sc.
CompTIA GFL Security+
Additional notes below code.
Open an administrator command prompt and type:
net stop w32time
copy this to notepad and save as W32TimeDefaultSettings.reg and right click then run as administrator, reboot your computer.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time]
"RequiredPrivileges"=hex(7):53,00,65,00,41,00,75,00,64,00,69,00,74,00,50,00,72,\
00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,68,00,\
61,00,6e,00,67,00,65,00,4e,00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,\
00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,00,\
61,00,74,00,65,00,47,00,6c,00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,00,76,\
00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,53,00,79,00,73,00,74,00,\
65,00,6d,00,54,00,69,00,6d,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\
00,67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,\
6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\
00,00,00,00,00
"ServiceSidType"=dword:00000001
"Start"=dword:00000003
"Type"=dword:00000020
"Description"="@%SystemRoot%\\system32\\w32time.dll,-201"
"DisplayName"="Windows Time"
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\
00,65,00,00,00
"ObjectName"="NT AUTHORITY\\LocalService"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters]
"ServiceDll"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,\
00,5c,00,53,00,59,00,53,00,54,00,45,00,4d,00,33,00,32,00,5c,00,77,00,33,00,\
32,00,74,00,69,00,6d,00,65,00,2e,00,44,00,4c,00,4c,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceMain"="SvchostEntry_W32Time"
"Type"="NTP"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient]
"DllName"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,\
5c,00,53,00,59,00,53,00,54,00,45,00,4d,00,33,00,32,00,5c,00,77,00,33,00,32,\
00,74,00,69,00,6d,00,65,00,2e,00,44,00,4c,00,4c,00,00,00
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer]
"DllName"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,\
5c,00,53,00,59,00,53,00,54,00,45,00,4d,00,33,00,32,00,5c,00,77,00,33,00,32,\
00,74,00,69,00,6d,00,65,00,2e,00,44,00,4c,00,4c,00,00,00
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider]
"DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,76,\
00,6d,00,69,00,63,00,74,00,69,00,6d,00,65,00,70,00,72,00,6f,00,76,00,69,00,\
64,00,65,00,72,00,2e,00,64,00,6c,00,6c,00,00,00
"Enabled"=dword:00000001
"InputProvider"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TriggerInfo\0]
"Type"=dword:00000003
"Action"=dword:00000001
"Guid"=hex:ba,0a,e2,1c,51,98,21,44,94,30,1d,de,b7,66,e8,09
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config]
"UtilizeSslTimeData"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits]
"SecureTimeEstimated"=hex(b):6f,b5,b4,5a,1c,cb,d8,01
"SecureTimeHigh"=hex(b):6f,1d,79,bc,24,cb,d8,01
"SecureTimeLow"=hex(b):6f,4d,f0,f8,13,cb,d8,01
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime]
"SecureTimeTickCount"=hex(b):bf,7c,93,09,00,00,00,00
"SecureTimeConfidence"=dword:00000006
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Security]
"Security"=hex:01,00,04,80,c0,00,00,00,cc,00,00,00,00,00,00,00,14,00,00,00,02,\
00,ac,00,07,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,\
00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,\
00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,00,14,00,\
8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,9d,01,02,00,01,\
01,00,00,00,00,00,05,13,00,00,00,00,00,14,00,a9,00,02,00,01,01,00,00,00,00,\
00,05,13,00,00,00,00,00,28,00,ff,01,0f,00,01,06,00,00,00,00,00,05,50,00,00,\
00,be,74,e7,bc,ae,48,97,10,76,da,90,56,60,67,61,e6,11,7b,11,fb,01,01,00,00,\
00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
Notes:
Once you paste this into notepad and save the file you can open a copy in a code editor.
Lines 61-82 are security settings, most ntp servers don't have this implemented yet but its good to start getting used to seeing these settings.
If you want to remove them and add them in later once your more familiar with secure ntp, that should be fine.
If you want to leave them in in case your ntp server does use secure connections, that is fine also.
On lines 28 to 30 you can remove this string
,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,\
6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\
00,00,00,00,00
This adds the SeImpersonatePrivilege to the NTP service, it works without it. This privilege allows the system to impersonate the user for authentication.
Example the system might have a certificate to interface with an upstream server but a specific user has a certificate to make changes or request changes/request updates to the upstream service.
This is more advanced role based security and the default implementation for NTP should probably be anonymous.
Identify, Impersonate and Delegate (on behalf of) are more advanced systems management topics which will be covered later.
To summarize, its part of the security settings and shouldn't hurt to have it in there as long as its set to anonymous by default. There are logs that will show how is actually logged into the client system if that ever needs to be reviewed.
If your afraid of making mistakes delete lines 21-30 and insert this in line 21
"RequiredPrivileges"=hex(7):53,00,65,00,41,00,75,00,64,00,69,00,74,00,50,00,72,\
00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,68,00,\
61,00,6e,00,67,00,65,00,4e,00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,\
00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,00,\
61,00,74,00,65,00,47,00,6c,00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,00,76,\
00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,53,00,79,00,73,00,74,00,\
65,00,6d,00,54,00,69,00,6d,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\
00,67,00,65,00,00,00,00,00
So for example, you would delete lines 61-82 and delete lines 21-30 and insert the non SE Impersonate into line 21.
Once this is done you can run the following commands or put it in a batch file:
Note:
w32time is the service name (use with net stop and net start)
w32tm is the command name use to configure and use the ntp client service, use with cmd prompt
net stop w32time
ipconfig /flushdns
ipconfig /release
ipconfig /renew
w32tm /register
net start w32time
w32tm /resync
w32tm /query /peers
scroll through the output to make sure you don't have any errors. Read the errors, take notes and work through them one at a time.
w32tm /unregister removes the windows time service from administrative tools/services
w32tm /register adds the windows time service to administrative tools/services
net start w32time wont work if the service isn't registered
net stop w32time should give less errors but don't start the service, unregister and try to stop, that's how you get system corruption issues.
reboot the computer
use the gui for internet time and regedit and compare to your command line output.
All the registry keys in the .reg file can be found in
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time
from Windows 2000 SP4 to Windows 11 and Windows 2022 regardless of platform or edition
The reg file will also replace dll reference and sid values. After that you can use w3w32tm /?2tm to change config from the command line:
w32tm /?
Control Panel -> View by Small Icons or View by Large Icons -> Date and Time -> Internet time
From here you can change the ntp server and update the time
e.g w32tm /config /update /manualpeerlist:servername.domain.tld
e.g w32tm /resync
Note: you can add multiple servers from the command prompt, haven't tried this in the gui but it might work
e.g w32tm /config /update /manualpeerlist:servername.domain.tld servername2.domain.tld servername3.domain.tld
You can view the servers in the registry, explore the keys and understand what you are working with.
Final Note
Do not ever apply domain controller settings to a workstation or server that is not a domain controller unless you know what you are doing, have permission to do so and a specific reason why you doing so and an understanding of implications, caveats and other solutions or workarounds.
This post providee an ntp client configuration and should work on both workstations or servers.
Do not change local or network sytem services to different credentials unless you know what you are doing. Do not change the authentication method (group services vs. own) unless you know what you are doing and know how to correctly modify all other underlying services.
Even people that know what they are doing, will think twice about these credentials and authentication method changes as it can cause errors later down the line with a system update that follows Microsoft configuration specifications.
Once you are done with this first part and your Windows Time Service is working its a good idea to do some final clean up on the computer.
- Disk Cleanup
- Check/Delete Temp Files
- Delete System Restore Points and turn service off
- Run an AV Scan
- Reboot your computer and check the service is still running
- Create a backup and/or turn system restore back on and create a restore Points
- run sfc /scannow
- When that is done you can do a diskcheck and defrag, any other mainenance and do a final back and/or restore point
If your on a domain controller, now you can fix your upstream and downstream services but the NTP client should be working now.