Posts tagged windows

Windows Server Time Services

Nov 18th

Posted by Matt in Computers

No comments

One thing that I think no one cares a great deal about is if their clock is off by a minute or two.  Unfortunately, when running computers they do.  Even a slight variation in the time can mean a difference from your computers talking to each other to rejecting each other due to security policy violations.  In this case because there is a clock skew.  So just wanted to write on how to setup an authoritative time server in your Windows AD environment.  AD is pretty picky about the time and its the easiest place to setup the authoritative time server for your domain, as all your domain joined PCs will sync pretty quickly if the AD server makes a time shift.  This will work on any version of Windows Server Domain Controllers (2000/2003/2008) that I know of.  You can even do it on XP, Vista, Win7, but on the desktop there is an extra tab to modify the time server source directly.  Also when you join a computer to a domain it will pull the time from the domain controller.

Configuring the Windows Time service to use an external time source

To configure an internal time server to synchronize with an external time source, follow these steps:

  1. Change the server type to NTP. To do this, follow these steps:
    1. Click Start, click Run, type regedit, and then click OK.
    2. Locate and then click the following registry subkey:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type

      Change type to NTP

      Change type to NTP

    3. In the right pane, right-click Type, and then click Modify.
    4. In Edit Value, type NTP in the Value data box, and then click OK.
    5. Your modified value should look as such:
      Changed to NTP Type

      Changed to NTP Type

  2. Set AnnounceFlags to 5. To do this, follow these steps:
    1. Locate and then click the following registry subkey:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags

      Change the AnnounceFlags Value

      Change the AnnounceFlags Value

    2. In the right pane, right-click AnnounceFlags, and then click Modify.
    3. In Edit DWORD Value, type 5 in the Value data box, and then click OK.
    4. The modified value should look as such:
      Changed AnnouncedFlags Value

      Changed AnnouncedFlags Value

  3. Enable NTPServer. To do this, follow these steps:
    1. Locate and then click the following registry subkey:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer

      Enable the NTP Server

      Enable the NTP Server

    2. In the right pane, right-click Enabled, and then click Modify.
    3. In Edit DWORD Value, type 1 in the Value data box, and then click OK.
    4. Your changed value should look as such:
      Enabled NTP Server

      Enabled NTP Server

  4. Specify the time sources. To do this, follow these steps:
    1. Locate and then click the following registry subkey:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
    2. In the right pane, right-click NtpServer, and then click Modify.
    3. In Edit Value, type Peers in the Value data box, and then click OK.
      Modifying the NTP Servers List

      Modifying the NTP Servers List

      Note Peers is a placeholder for a space-delimited list of peers from which your computer obtains time stamps. Each DNS name that is listed must be unique. You must append ,0×1 to the end of each DNS name. If you do not append ,0×1 to the end of each DNS name, the changes made in step 5 will not take effect.  You can add additional NTP servers with a single character “space” between the ‘,0×1′ and the next server.  Look at my screenshot below for a visual explanation.  I recommend setting three as this is usually the standard for NTP.  You can go to the NTP Pool website here to find what servers work best for you.  Closer to you is always better.  In my case, I used the Japan pool.

      Modified NTP Server Source List

      Modified NTP Server Source List

  5. Select the poll interval. To do this, follow these steps:
    1. Locate and then click the following registry subkey:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\SpecialPollInterval
    2. In the right pane, right-click SpecialPollInterval, and then click Modify.
    3. In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.
      Change the default polling period

      Change the default polling period

      Note TimeInSeconds is a placeholder for the number of seconds that you want between each poll. A recommended value is 900 Decimal. This value configures the Time Server to poll every 15 minutes.  This will tell your domain controller to communicate with the NTP pool servers that you just set to make sure that it is within the correct time boundaries.

      Modified Poll Interval Time

      Modified Poll Interval Time

  6. Configure the time correction settings. To do this, follow these steps:
    1. Locate and then click the following registry subkey:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\MaxPosPhaseCorrection
    2. In the right pane, right-click MaxPosPhaseCorrection, and then click Modify.
    3. In Edit DWORD Value, click to select Decimal in the Base box.
    4. In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.

      Note TimeInSeconds is a placeholder for a reasonable value, such as 1 hour (3600) or 30 minutes (1800). The value that you select will depend upon the poll interval, network condition, and external time source.

    5. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\MaxNegPhaseCorrection
    6. In the right pane, right-click MaxNegPhaseCorrection, and then click Modify.
    7. In Edit DWORD Value, click to select Decimal in the Base box.
    8. In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.
      Modify the Correction Time

      Modify the Correction Time

      Note TimeInSeconds is a placeholder for a reasonable value, I usually use double what I set the poll interval to.  In this case 30 minutes or 1800 seconds. The value that you select will depend upon the poll interval, network condition, and external time source.

      Modified Phase Correction Time

      Modified Phase Correction Time

  7. Quit the registry editor.
  8. At the command prompt, type the following command to restart the Windows Time service, and then press ENTER:
    net stop w32time && net start w32time

    Restart the Time Services

    Restart the Time Services

  9. The time then almost immediately updated to the correct time as you can see in the next two pictures of the corrected time and also in the event log (eventvwr.msc)
    Updated to correct time

    Updated to correct time

    Event Log of Time Services

    Event Log of Time Services

I hope that this helps anyone who is trying to setup an authoritative time server in their Windows Domain network.  It’s not really hard.  Just make sure if you are changing multiple machines that the time you are modifying isn’t terribly huge.  (ie. half a day or something.)  If you change one AD machine and the clock jumps forward or back half a day (probably due to a time zone setting) the other servers will loose trust between the other machines.  Authentication processes will stop working and whatever else is based on those servers trusting each other.  A snowball of problems so just might want to keep that in mind.

This process was taken from the Microsoft article source KB816042.

, , ,

Easy Tweaks for Windows Desktops to get some extra performance

Nov 11th

Posted by Matt in Computers

1 comment

Thought I would add my small share of some simple Windows tweaks that I run to get a bit of extra performance out of my computer with everyone else.  There isn’t anything here that should destroy your system, but with anything please keep in mind what you are doing.

Enable Multi-Core Booting (XP/Vista/7)

With dual-core desktops almost the norm now with any PC you get these days, I have no idea why Window’s cannot detect and enable this during install.  But turning it on after your installation is still quite simple.  You will also need administrator access to run this command.

  1. Click on the “Start” icon and then “Run As…”  (or just press Windows Key + R) 
    msconfig
    Run command "msconfig"

    Run command "msconfig"

    Then press enter.

  2. From here you can change all your startup services for your Windows installation.
    msconfig default configuration screen

    msconfig default configuration screen

  3. If you want to turn off certain boot specific services you can do that, but for this we will just look at the “Boot” tab.  Press “Advanced Options“.
    msconfig > boot > "advanced options"

    msconfig > boot > "advanced options"

  4. Tick the “Number of processors” box and enable the maximum amount of processors you have to enable during boot time.
    msconfig BOOT advanced options

    msconfig BOOT advanced options

    As indicated below I have enabled dual-core booting for my dual core desktop.

    msconfig BOOT Advanced Options

    msconfig BOOT Advanced Options

    There is also an area for the “Maximum memory” as well.  I have tried it before on my desktop but it seemed to reduce the amount of maximum memory I have.  Putting 4GB in then rebooting showed in my computer properties that I only have 3.68GB or so.  Leaving it off shows the full 4GB so you can try enabling it if you so desire, but off works fine for me.

  5. To finish press OK twice and you will get a message warning about needing to reboot to apply the changes.  Press okay to reboot and the next boot your computer will boot up with multiple cores and hopefully that much faster.

Reclaim some disk space back from Windows.  (Vista/7)

This next one is an option that is mixed if you want to leave on or off.  It involves the hibernate disk file.  By default Vista/7 have this enabled.  As it is a hibernation file, it is exactly the size of memory that you have installed in your computer.  8GB of memory means a 8GB chunk of space on the hard disk.  If you are trying to reduce the installation footprint or have a small (SSD) drive to begin with this could be a lot of valuable space.  Or especially a desktop where usually the computer in question might be in sleep mode or off.  Disabling this is quite simple, and you get the amount of memory reclaimed from your harddisk instantaneously.  No reboot needed either!

  1. Open a command prompt as an “Administrator” level user and run the command: 
    powercfg -h off
    Administrator Elevated: Turn off Hibernation

    Administrator Elevated: Turn off Hibernation

  2. That’s it you’re done. You can run a quick 
    dir /ah

    on the root OS directory to see that the hiberfil.sys has been removed to confirm.  You can see this in my before and after screenshots.

    Hibernation File is on

    Hibernation File is on (before)

    Hibernation file off (after)

    Hibernation file off (after)

    I’ve just saved myself 6GB+ of diskspace on function that I won’t use on my desktop.  With RAM prices becoming ridiculously cheap, and having 4GB or more in a system isn’t that uncommon anymore.  Why anyone would want to try and save a system state of GB of data is beyond me.  It will probably take longer for the system to come out of hibernation than it would with a fresh startup.  Batteries are getting better as well, so unless you’re crossing the ocean, leaving the system in sleep mode should be sufficient.  You’ll have almost an instant on, aside from the larger drain on the battery rather than having it in hibernate mode.

Remove and disable the System Restore Points  (Vista/7)

Note: The previous two tweaks are fairly simple and as long as you don’t turn off all of your services in msconfig, the system usable.  This next one does have possible ramifications down the road should you need to restore the system from a previous state.  I don’t install a lot of software so I usually turn this off to help with installations, updates, and such.

  1. Click on the Windows “Start” icon > Computer (right click) > Properties
    Computer Properties

    Computer Properties

  2. Click on Advance system settings > System Protection > Click Configure
    System Properties > System Protection

    System Properties > System Protection

  3. Change the Restore Settings to Turn off system protection.  Also Delete any current restore points.  Note: After doing this, any ability to revert to the “Last known state” function will cease to work.  You will gain a performance boot when installing updates and other programs though as its not having to make several copies of itself when installing.
    Disable the system restore

    Disable the system restore

    Press okay to complete.

    System Protection Warning

    System Protection Warning

    Press yes to continue and you will come back to the properties screen.  You will now see that system protection is off.  Press OK again one more time to leave the system properties.

    System Protection Disabled

    System Protection Disabled

Modifying the swap disk file

If you have a lot of RAM in your machine you might want to try disabling the page swap file on your PC as well.  That way Windows has no ability to try and make unnecessary swaps to the disk.  At 8GB of RAM you can pretty much have almost anything under the sun open for days and it will be alright.  4GB is also doable, but I would recommend not to open as many applications.  Again mileage will vary depending on what you run.  I would recommend that you run “taskmgr” and look at the running processes (as administrator) during normal use to see how much memory each application is using during normal usage. At 2GB or less, it is probably best to create a fixed file size of a 1:1 ratio.  Not as good as no swap file, but at least the system will not be trying to resize the swap file while at the same time trying to write data to it.  (This is the default setting for Windows.)

  1. Click on the Windows “Start” icon > Computer (right click) > Properties
    Computer Properties

    Computer Properties

  2. Click on the Advanced tab > press Settings…
    System Properties > Advanced

    System Properties > Advanced

  3. In the Performance Options window goto the Advanced tab and press Change…
    Performance Options > Advanced

    Performance Options > Advanced

  4. A new window titled Virtual Memory will appear.  Deselect the “Automatically manage paging file size for all drives” then proceed to set a custom size.  For 8GB+, “No paging file” should work. For 4GB, it’s a toss up.  I’ve done fine with “No paging file”, if your system starts crashing applications unexpectedly check the Task Manager and if you need more memory set a 4096MB Initial and Maximum size.  This effectively fixes the swap file size and the system to make the hard disk delete and recreate swap files when it needs to grow them.  For <2GB, I highly recommend setting a custom size of 2048MB.  If you don’t you’ll probably start seeing a lot of random applications frequently after using your computer for some time.
    Virtual Memory

    Virtual Memory

  5. Press Set to apply the settings, and then OK to exit out.  Press OK again two more times to leave the System Properties.  At this point you will be reminded that your changes will not take effect until you reboot your system.  Reboot the system and the new virtual memory settings will take effect.

These are just some of the free simple solutions that I apply to my computer to keep it zippy.  Hope that it helps you.  If I find anything else I’ll update this again.

, ,