Q
Problem solve Get help with specific problems with your technologies, process and projects.

Can users log on to a domain when a system clock is desynchronized?

How can I allow users to log on to the domain when their machine's date is weeks or maybe even years behind? We have a one-week training lab that requires the domain time to be set to the week of March 24, 2003. This barrier prevents us from installing the base image on the Friday before training and having a script that sets the machine's time to the domain's time whenever the trainees log on. Kerberos will not allow the trainee to log on and authenticate so the script can set the time. Start-up scripts will not work because the machine needs flexibility in its role.
It is in general not a good idea to have any machine whose clock is out of sync, even deliberately. There are several reasons for this, one of which is that the authentication of security certificates -- some of which are created at install time -- are tracked through the system clock. If the system clock is heavily desynchronized, then certain security verifications become impossible because the computer has no idea if any of its root certificates are still valid. This is by design.

Dig Deeper on Windows client management

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchSQLServer

SearchEnterpriseDesktop

SearchVirtualDesktop

Close