by MS
If there are differences in time between the time server and the system, the Windows Time service slowly corrects the time. The global settings UpdateInterval and FrequencyCorrectRate control the exact correction rate.
Note
SNTP defaults to using User Datagram Protocol (UDP) port 123. If this port is not open to the Internet, you can't synchronize the system with an Internet time server.
You can configure the Windows Time service via the Registry or Group Policy. Table 3-3 provides detailed information on the most used time service settings. The related Group Policy settings are under Computer ConfigurationAdministrative TemplatesSystemWindows Time ServiceGlobal Configuration Settings. If the Global Configuration Settings policy is enabled, its settings take precedence over local registry settings. The related registry settings are under HKLMSYSTEMCurrentControl SetServicesW32TimeConfig. If you change registry values for time services, you can apply them by typing the following command at the command prompt:
w32tm /config /update
Table 3-3: Global Configuration Settings for Windows Time Services
Setting
Description
Accepted Values/Flags
AnnounceFlags
Default value: 10 (8 + 2). Sets the time server classification. A computer must be classified first as a time server to be subsequently classified as a reliable time server. This is why the default flag is 10 (meaning flags 2 and 8 are applied). This setting is only used by domain controllers and determines how the time service is advertised by the Netlogon service.
10 (default with 8 + 2 flags) 0; the domain controller doesn't advertise time service. 1; the domain controller always advertises time service. 2; the domain controller is a time server and automatically determines whether it should advertise time service. 4; the domain controller will always advertise reliable time service. 8; the domain controller is a reliable time server and automatically determines whether it should advertise reliable time service.
EventLogFlags
Determines the types of events that the time service logs. Default value: 2.
1; logs when the time service must make a discontinuous change to the clock. 2; logs when the time service chooses a new source of time information. 3; logs when the time service hasn't acquired time samples for a period of 1.5 times the maximum poll interval and no longer trusts the local clock's accuracy.
FrequencyCorrectRate
Modifies the rate at which the time service corrects (synchronizes) the system clock. The value used is multiplied by the number of clock ticks in 64 seconds to come up with the base gain used to correct the system time. Generally, the smaller the value, the more responsive the system is to time changes. However, if the value is too small, the system time can change too frequently to be stable. A value of 3–5 is generally a stable range.
4 (default)
HoldPeriod
Determines the number of seconds the last consistently read time sample is held. It is essentially designed to prevent frequent time changes due to inconsistent time samples. During this period, time synchronization (as determined by the FrequencyCorrectRate) and spike detection (for consistent time samples) are switched off to allow for faster time correction (convergence).
5 (default)
LargePhaseOffset
Determines the time offset, in milliseconds, that triggers direct setting of the system clock. If the system clock is off by more than this amount, system time is set directly to the appropriate time rather than using time correction (convergence). Set the offset to a higher value to make it less likely that the system time will be set directly. However, if you do this, it is more likely that bad time samples will be considered good.
128,000 (default)
LocalClockDispersion
Indicates the relative reliability of the local CMOS clock when it's used as a time source for other computers but isn't synchronized with another network time source. The dispersion value is the number of seconds by which the time service should consider the local CMOS clock to be off from the estimated true time at any given time. The higher the reliability by which the local CMOS should be considered, the lower the dispersion value should be set. If the clock is synchronized from a network time source, the dispersion applies to that time source.
10 (default)
MaxAllowedPhaseOffset
Specifies the maximum time correction allowed when convergence is used (rather than direct time setting). If the system clock is off by more than this number of seconds, the time is corrected over multiple convergence intervals. This value is designed to prevent sudden large changes in time.
300 (default for DCs) 1 (default for other computers)
MaxNegPhaseCorrection
Specifies the largest negative time correction the time service is allowed to make. If the time is off by more than this amount, the required change is logged rather than corrected. For example, if the clock is set to 5:00 P.M. but it is really 1:59 A.M. of that same day (an earlier time), the required time change would be logged rather than corrected. An administrator would then need to set the time manually. A smaller value is considered more secure because it could prevent malicious time servers from changing system times erroneously.
54,000 (default)
MaxPollInterval
Determines the longest time interval to be used for checking the time. The value is set in units of 2n seconds where n is the value for this setting. The default value is 215 (32,768 seconds). The Windows Time service will consider itself to be in an unsynchronized state when 1.5 times the MaxPollInterval has elapsed and it is unable to obtain a time reading from a reliable time server. This value is also referred to as the maximum clock age and in the Network Time Protocol, the maximum clock age allowed is 86,400 seconds. Thus, if you set MaxPollInterval to a value greater than 15, the time server may be ignored completely by peers.
15 (default)
MaxPosPhaseCorrection
Specifies the largest positive time correction the time service is allowed to make. If the time is off by more than this amount, the required change is logged rather than corrected. For example, if the clock is set to 1:59 A.M. but it is really 5:00 P.M. of that same day (a later time), the required time change would be logged rather than corrected. An administrator would then need to set the time manually. A smaller value is considered more secure because it could prevent malicious time servers from changing system times erroneously.
54,000 (default)
MinPollInterval
Determines the shortest time interval to be used for checking the time. The value is set in units of 2n seconds where n is the value for this setting. The default value for DCs is 26 (64 seconds) because time synchronization is more important and 210 (1,024 seconds) for other computers to reduce the number of network accesses. Windows Vista and Windows Server 2003 won't poll more frequently than once every 16 seconds regardless of the MinPollInterval used.
6 (default for DCs) 10 (default for other computers)
PhaseCorrectionRate
Specifies the time correction interval in seconds. This is the interval for time correction when convergence is used. With the default value, the time can be corrected once every second.
1 (default)
PollAdjustFactor
Sets an adjustment interval for polling the time. The value is set in units of 2n seconds, where n is the value for this setting.
5 (default)
SpikeWatchPeriod
Sets the period in seconds during which suspicious time changes are watched before they are accepted as valid. If you lower this value, you allow the time server to correct time spikes (sudden changes in time) more quickly, but you also make it more likely that bad time samples will be considered good.
90 (default)
UpdateInterval
Determines the interval used for phase correction adjustments. The lower the value, the more accurate the time. The higher the value, the more efficient the time sampling. Thus there is a
trade to be made between accuracy and efficiency. On DCs, you want more accuracy and can use more system resources to maintain the system clock because clock accuracy is very important. On other computers, you balance the need for efficiency against the need for accuracy.
100 (DCs), 30,000 (member servers), 360,000 (standalone computers)
Configuring Internet Time in Workgroups
Most organizations will want to use Internet time so that computers can easily synchronize with external time servers. Because enabling Internet time is the default setting for Windows Vista, the real challenge lies in opening UDP port 123 on your firewall to allow the flow of Windows Time service traffic. Once you open this port on your firewall, the time service should operate normally.
You can enable or disable Internet time for individual systems in a workgroup by completing the following steps:
In Control Panel, click Clock, Language, And Region and then click Date And Time.
Select the Internet Time tab and then click Change Settings.
To enable Internet time, select Automatically Synchronize With An Internet Time Server and then select the time server you want to use. You should also ensure that the Windows Time service is running in the Services utility.
To disable Internet time, clear the Automatically Synchronize With An Internet Time Server check box.
Use the Server field to specify the Internet time server to use. Several default time servers are listed, including http://www.time.windows.com and http://www.time.nist.gov. You can select one of these or type in the fully qualified domain name of another time server to use.
Click OK.
When you use Internet time, keep in mind that on large networks, it's much more efficient to set up a local time server. With a local time server, SNTP messages from work-stations and servers are broadcast locally and don't go out to the Internet. The messages sent between the local time server and the external time servers are the only external time traffic.
If a computer isn't set to the correct time, network access is usually the problem. Computers must have access to the network to access a local time server. They must have access to the Internet to access an Internet time server, which also requires that UDP port 123 be open to the computer on the organization's firewall or proxy server.
You can check the status of time synchronization at any time, and you can force a computer to update the time immediately as well. If you suspect that time synchronization is failing, you can check the status of the last synchronization by following these steps:
In Control Panel, click Clock, Language, And Region and then double-click Date And Time.
Select the Internet Time tab.
Any error encountered during the last synchronization attempt will be displayed.
You can troubleshoot the configuration by following these steps:
In Control Panel, click Clock, Language, And Region and then double-click Date And Time.
Select the Internet Time tab and then click Change Settings.
Ensure that the time server is set correctly. If necessary, retype the value.
Click Update Now to force Windows Vista to attempt to synchronize with the specified time server.
If an error occurs, check the network connectivity as well as the status of the Windows Time service. Again, the computer must have appropriate network or Internet access, and the Windows Time service must be running for this feature to work properly.
Configuring Internet Time in Domains
In Microsoft Active Directory directory service domains, a domain controller is chosen automatically as the reliable time source for the domain, and other computers in the domain synchronize time with this server. Should this server be unavailable to provide time services, another domain controller takes over. You cannot, however, change the Windows Time configuration. If you want to manage Windows Time in a different way, you must first enable and configure Internet Time through Group Policy. The related policies are found under Computer ConfigurationAdministrative Templates SystemWindows Time ServiceTime Providers and include the following settings:
Enable Windows NTP Client When this setting is enabled, this computer can synchronize its clock with designated NTP servers.
Enable Windows NTP Server When this setting is enabled, this computer can service NTP requests from other computers.
Configure Windows NTP Client When you enable this setting, you are able to set the Internet time configuration options, including the name of the time server to use.
You can also configure global time services options using Global Configuration Settings under Computer ConfigurationAdministrative TemplatesSystemWindows Time Service.
With this in mind, you configure Internet Time in a domain by completing the following steps:
Access policy for the appropriate domain, site, or OU.
Expand Computer Configuration, Administrative Templates, System, Windows Time Service, Time Providers.
Double-click Enable Windows NTP Server, select Enabled, and then click OK.
Access the appropriate domain, site, or organizational unit Group Policy Object in the Group Policy Object Editor.
Expand Computer Configuration, Administrative Templates, System, Windows Time Service, Time Providers.
Double-click Enable Windows NTP Client, select Enabled, and then click OK.
Double-click Configure Windows NTP Client and then select Enabled. Use the fields available to set the default NTP settings, including the name of the time server to use. Click OK when you are finished.
Chapter 4: Customizing the Desktop and the Interface
Overview
As an administrator, you'll often be asked to help users customize their desktop and user profile data. You might even be asked to create for new users a default working environment that closely maps to the corporate standard or core user preferences. One way to create a default working environment is to create a default user account, log on as that user, set up the environment as necessary, and then use the account and its associated profile as the starting point for new accounts.
Microsoft Windows Vista provides a whole new level of desktop and screen customization options. Although these options are useful, they can cause problems that you, as an administrator, might be asked to help resolve. You might also see users struggling to fix these issues on their own, so you might want to lend a hand. This chapter focuses on the configuration and troubleshooting of the following areas:
Menus, the taskbar, and toolbars
Desktop themes and backgrounds
Custom desktop content
Screen saver dos and don'ts
Display appearance and settings
Optimizing Windows Vista Menus
The Start menu and its related menus are designed to provide easy access to applications and utilities installed on a system. Unfortunately, the more applications and utilities you install, the more cluttered the menu system becomes. To help users escape the clutter and better use the menu system, this section focuses on techniques you can use to optimize menus.
Changing Between Classic Start Menu and Simple Start Menu
Windows Vista provides two views of the Start menu: Classic and simple. The Classic Start menu provides the traditional view of the menu system as found in Windows 2000 and earlier versions of the Windows operating system. The simple Start menu provides a streamlined view of the menu system that's better organized than its more traditional predecessor. Many hardcore Windows users and administrators are apt to hate the simple Start menu when they first see it, but they grow to love it once they customize it.
You can change between the Classic Start menu and the simple Start menu at any time by following these steps:
Right-click Start on the taskbar and then select Properties on the shortcut menu. The Taskbar And Start Menu Properties dialog box is displayed.
On the Start menu tab, select Start Menu to use the simple view, or select Classic Start Menu to use the classic view.
&n
bsp; Click OK. If you've already customized settings for the menu view, these custom settings are restored automatically.
Customizing Classic Start Menu Options
If you choose the Classic Start menu, Windows Vista provides excellent control over the Start menu. You can choose which commands appear on the Start menu and how they are arranged. You can add menus for Control Panel, Network Connections, Printers And Faxes, and other key tools. You can also enable or disable personalized menus on the Programs menu.
To change the Start menu options, follow these steps:
Right-click Start on the taskbar and then select Properties. The Taskbar And Start Menu Properties dialog box is displayed with the Start Menu tab selected by default.
Verify that Classic Start Menu is selected and click Customize to the right of the Classic Start Menu option. This displays the Customize Classic Start Menu dialog box, shown in Figure 4-1.
Figure 4-1: Customize the Classic Start menu using this dialog box.
Select or clear any of the check boxes in the Advanced Start Menu Options list box.
Click OK.
Click OK to close the Taskbar And Start Menu Properties dialog box.
Table 4-1 provides a list of the Classic Start menu options. As the table shows, most of the options control user actions or determine whether various selections are available directly from the Start menu or through separate windows.
Table 4-1: Classic Start Menu Options
Setting
Purpose
Display Administrative Tools
Adds or removes the Administrative Tools menu. When selected, the menu is available from the Programs menu.
Display Favorites
Adds or removes the Favorites menu. When selected, the menu is available from the Start menu. Enable this option if a user uses the Favorites list frequently.
Display Log Off
Adds or removes the LOG OFF command. When selected, the LOG OFF command is available on the Start menu. If you don't select this option, users must press Ctrl+Alt+Del to access the LOG OFF command.