NTP for Windows

Windows has an awful NTP implementation, and they've taken away the settings from Control Panel to select your server.

Computers on a domain use slightly different defaults than stand-alone computers. For example, they use the domain controller for the default clock source, since since Kerberos requires all clocks in the domain to be close.

Start time server
To expose the clock on Windows with an NTP server, for example, so you can monitor it with Nagios:

net stop w32time net start w32time
 * In regedit, set Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer\Enabled = 1
 * Restart the Windows Time service. Or:

Set polling interval
To fix a machine with a wandering clock, I lowered this setting. Note that it's LOG seconds, so the defaults of 10 and 15 means 2^10=1024 seconds (or 17m4s) and 2^15=32768 seconds (~9h). I use 4 and 8 (a range of 16s to 4m16s) to keep clocks reasonably tight, since the sync algorithm is naive.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\MinPollInterval = 4 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\MaxPollInterval = 8

Then restart the Windows Time service.

If you've manually set the list of peers, this is the wrong setting. See "Set peer list" instead.

Query status
w32tm /query /peers

Set peer list
w32tm /config /update /manualpeerlist:"10.255.255.123 pool.ntp.org"

If you change this, you may want to set HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\SpecialPollInterval also, since the default polling interval changes. This is specified in plain seconds, not log seconds.