How can I allow users to log on to the domain when their machine's date is weeks or maybe even years behind? We have a one-week training lab that requires the domain time to be set to the week of March 24, 2003. This barrier prevents us from installing the base image on the Friday before training and having a script that sets the machine's time to the domain's time whenever the trainees log on. Kerberos will not allow the trainee to log on and authenticate so the script can set the time. Start-up scripts will not work because the machine needs flexibility in its role.
It is in general not a good idea to have any machine whose clock is out of sync, even deliberately. There are several reasons for this, one of which is that the authentication of security certificates -- some of which are created at install time -- are tracked through the system clock. If the system clock is heavily desynchronized, then certain security verifications become impossible because the computer has no idea if any of its root certificates are still valid. This is by design.
Dig Deeper on Windows Operating System Management
This week, our expert answers the question of how to get DVD data off a disc, even if the user's PC doesn't have an optical drive.continue reading
This week, our expert answers a question on how to connect a phone or tablet to a USB drive with a micro-USB connector.continue reading
Open source and free suites such as LibreOffice and OpenOffice could save organizations money, but not effort in comparison with Microsoft Office.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.