Windows 2000 Kerberos authentication protocol relies heavily on domain controllers (DCs) having a common time. Therefore, Win2K ships with Windows Time Service (W32Time), which takes a hierarchical approach to assigning time, as the following list shows:

• All client desktops and member servers use their authenticating DCs as the inbound time partner.
• All DCs in a domain use the PDC Flexible Single-Master Operation (FSMO) as the in-bound time partner.
• PDC FSMOs use the domain hierarchy to pick their in-bound time partner.

To configure Win2K to use an external time server, use the command:

C:\> net time /setsntp:192.4.41.40

You can use several external time servers that are based at the US Naval Observatory, including the following examples:

• ntp2.usno.navy.mil - 192.5.41.209
• tick.usno.navy.mil - 192.4.41.40
• tock.usno.navy.mil - 192.5.41.41

Domain administrators should not hit directly on tick.usno.navy.mil, tock.usno.navy.mil, or ntp2.usno.navy.mil. Instead, they should use their ISP’s NTP server (they should have one), unless they have unusual requirements for precision.

Please read " Public NTP Servers, Rules of Engagement" before you use the NTP service in Win2K.

When you perform the /setsntp command, it updates registry entry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\ntpserver. Simple Network Time Protocol (SNTP) uses UDP port 123, so you need to ensure that proxy servers or firewalls don’t block this port.

For more information, see ftp://ftp.microsoft.com/ResKit/y2kfix/x86/w32time/w32time.doc to see the w32time.doc file. Although the developers wrote this file for Windows NT 4.0's w32time program, not for Win2K’s W32Time, the file is still worth reading.

You should also read the Microsoft articles
" Basic Operation of the Windows Time Service" and also
" How to Configure an Authoritative Time Server in Windows 2000".

Below is a list of some of the other registry parameters for W32Time service.

Name	Description
LocalNTP (REG_DWORD)	According to w32time.doc, setting this value to 1 (W32Time uses an .ini file and sets the value to yes) sets up the local machine as an SNTP server.
Log (REG_DWORD)	Setting this value to 1 gets W32Time to write to the System Log when the time is synchronized. The default value is 0.
NTPServer (REG_SZ)	This registry parameter is the (S)NTP server to get the time from. You can use the command net time /setsntp[:serverlist] to set the parameter from the command line. The file w32time.doc states that BroadcastClient and MulticastClient are reserved names and that you can’t use them for NTP servers. However, I don’t know what BroadcastClient and MulticastClient stand for.
Period (REG_SZ)	See w32time.doc and the Microsoft article that I noted above.
PrimarySource (REG_SZ)	This registry entry lists the NetBIOS names of all the network Master Time Servers. You must prefix each name with two backslashes (\\) and separate names by semicolons (;).
RandomPrimary (Unknown type, probably a REG_DWORD)	This registry entry selects a random primary server from the PrimarySource list.
ReliableTimeSource	This value is presumably REG_SZ, with the name of the RTS server.
SecondaryDomain (REG_SZ)	Setting this value tells a secondary machine which domain to broadcast its Time Request to. The w32time.doc file says that if you leave the entry blank, the secondary machine will query its domain for time information. This feature is very helpful in a master or multiple-master domain model in which network administrators don&rsqui;t want to set up each domain with its own Primary Time Server.
TASync	See w32time.doc for a detailed explanation.
Type (REG_SZ)	NTP/PRIMARY/SECONDARY. See w32time.doc