[ntp:questions] Does NTPClient need to be enabled for clients
Ace Fekay [MVP-DS, MCT]
aceman at mvps.RemoveThisPart.org
Sun Feb 14 07:21:53 UTC 2010
"Jorge Silva" <jorgesilva_pt at hotmail.com> wrote in message
news:6006FF85-DB68-4B1D-AB27-F753E8EF5C5F at microsoft.com...
> Okay, I see that people are missing the point that I tried to explain. The
> problem is the precedence! When you open a precedence you're (probably)
> opening a "door" to problems (for those that work in medium/large systems,
> they know what I mean). IMO DCs shouldn't go out to public, it doesn't
> matter if is only because the PDCe needs to sync the Time with a reliable
> external time source or the importance that the Time service has in a
> Active Directory hierarchy. In medium, large systems that can be the
> argument to open other things that might be considered low risk value in
> terms of security and valuable in terms of internal functionality. What
> this means is, is the time service important to Kerberos? Yes. Is Time
> sync important to Active Directory? Absolutely. Will Active Directory stop
> working if the PDCe doesn't sync its time with an external source? No way.
> Is it important to have the correct and most accurate time inside your
> system? Of course, you don't want to issue documents to your clients with
> the incorrect time. Hum... What is more important: to have the most
> accurate time in your internal/external systems or protect your DCs from
> external time sources? THEY'RE BOTH IMPORTANT!!! :) - How to solve this?
> For those you who can afford, create/expose a dedicated "Box" with one or
> more external/internal/reliable Time server and sync your PDCe from there.
> Keep in mind that in some companies, time is very, very, very important,
> and their applications can't afford to have the %minutes skew that the
> Kerberos has configured by default . So How do they solve this problem?
> They spend huge amounts of money in boxes and Applications that are smart
> enough to sync, compare, calculate and issue the exact/correct/time to
> their systems, in some scenarios this can be done at the second :)
> Conclusion of all threads:
> - Is the best option to have the PDCe sync with external times sources?
> Probably not.
> -Is the Linksys a crappy router? Yes (just kidding, it's worse than that
> -What Paul's router does? Mushroom cheese steak, cheese fries, and a
> vanilla milkshake.
I'll take two.
More information about the questions