Szerkesztés

Megosztás a következőn keresztül:


Windows Time for Traceability

Regulations in many sectors require systems to be traceable to UTC. This means that a system's offset can be attested with respect to UTC. To enable regulatory compliance scenarios, Windows 10 (version 1703 or higher) and Windows Server 2016 (version 1709 or higher) provides new event logs to provide a picture from the perspective of the Operating System to form an understanding of the actions taken on the system clock. These event logs are generated continuously for Windows Time service and can be examined or archived for later analysis.

These new events enable the following questions to be answered:

  • Was the system clock altered
  • Was the clock frequency modified
  • Was the Windows Time service configuration modified

Availability

These improvements are included in Windows 10 version 1703 or higher, and Windows Server 2016 version 1709 or higher.

Configuration

No configuration is required to realize this feature. These event logs are enabled by default and can be found in the event viewer under the Applications and Services Log\Microsoft\Windows\Time-Service\Operational channel.

List of Event Logs

The following section outlines the events logged for use in traceability scenarios.

This event is logged when the Windows Time Service (W32Time) starts and logs information about the current time, current tick count, runtime configuration, time providers, and current clock rate.

Event description Service Start
Details Occurs at W32time Startup
Data logged
  • Current Time in UTC
  • Current Tick Count
  • W32Time Configuration
  • Time Provider Configuration
  • Clock Rate
Throttling mechanism None. This event fires every time the service starts.

Example:

W32time service has started at 2018-02-27T04:25:17.156Z (UTC), System Tick Count 3132937.

Command:

This information can also be queried using the following commands

W32Time and Time Provider configuration

w32tm.exe /query /configuration

Clock Rate

w32tm.exe /query /status /verbose