Ask the Expert

Can users log on to a domain when a system clock is desynchronized?

How can I allow users to log on to the domain when their machine's date is weeks or maybe even years behind? We have a one-week training lab that requires the domain time to be set to the week of March 24, 2003. This barrier prevents us from installing the base image on the Friday before training and having a script that sets the machine's time to the domain's time whenever the trainees log on. Kerberos will not allow the trainee to log on and authenticate so the script can set the time. Start-up scripts will not work because the machine needs flexibility in its role.

Requires Free Membership to View

It is in general not a good idea to have any machine whose clock is out of sync, even deliberately. There are several reasons for this, one of which is that the authentication of security certificates -- some of which are created at install time -- are tracked through the system clock. If the system clock is heavily desynchronized, then certain security verifications become impossible because the computer has no idea if any of its root certificates are still valid. This is by design.

This was first published in January 2004

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: