Accurate time synchronization is critical in enterprise environments. Many systems such as SIEM platforms (e.g., Splunk), security logs, authentication systems, and domain controllers rely on consistent timestamps for proper correlation and analysis.
In this guide, we will configure Network Time Protocol (NTP) settings using Group Policy (GPO) to ensure all Windows machines synchronize their time with reliable Indian NTP pool servers.
This configuration will:
โ Synchronize system time across domain machines
โ Prevent log timestamp mismatches
โ Improve log correlation in SIEM tools like Splunk
โ Maintain consistent security auditing and authentication events
โ๏ธ Step 1: Configure Windows NTP Client via Group Policy
๐ Path
โ Policies
โ Administrative Templates
โ System
โ Windows Time Service
โ Time Providers
Configure the following policy:
๐ง Configure Windows NTP Client
-
Open Configure Windows NTP Client
-
Set policy to Enabled
Configure these parameters:
| Setting | Value |
|---|---|
| NtpServer | 0.in.pool.ntp.org,1.in.pool.ntp.org,2.in.pool.ntp.org,3.in.pool.ntp.org |
| Type | NTP |
| ResolvePeerBackoffMaxTimes | 4 |
Leave all other settings as default.
๐ฅ Also Enable These Policies
Enable the following:
โ Enable Windows NTP Client
โ Enable Windows NTP Server
This ensures the system can both synchronize time and serve time if required.
๐งญ Step 2: Configure Time Zone Using GPO Registry Preferences
To enforce the correct Indian Standard Time (IST) across all machines, we configure registry settings through GPO.
๐ Path
โ Preferences
โ Windows Settings
โ Registry
Create a Registry Collection
-
Right click Registry
-
Select New โ Collection Item
-
Name it:
Now add the following Registry Items inside this collection.
๐ Registry Configuration for Time Zone
All registry entries use the following base path:
1๏ธโฃ Default Registry Entry
โ Configuration
| Setting | Value |
|---|---|
| Action | Update |
| Hive | HKEY_LOCAL_MACHINE |
| Key Path | SYSTEM\CurrentControlSet\Control\TimeZoneInformation |
| Value Type | REG_SZ |
2๏ธโฃ ActiveTimeBias
| Setting | Value |
|---|---|
| Action | Update |
| Hive | HKEY_LOCAL_MACHINE |
| Value Name | ActiveTimeBias |
| Value Type | REG_DWORD |
| Value Data | 0xFFFFFEB6 (4294966966) |
3๏ธโฃ Bias
| Setting | Value |
|---|---|
| Action | Update |
| Hive | HKEY_LOCAL_MACHINE |
| Value Name | Bias |
| Value Type | REG_DWORD |
| Value Data | 0xFFFFFEB6 (4294966966) |
4๏ธโฃ DaylightBias
| Setting | Value |
|---|---|
| Action | Update |
| Hive | HKEY_LOCAL_MACHINE |
| Value Name | DaylightBias |
| Value Type | REG_DWORD |
| Value Data | 0x0 (0) |
5๏ธโฃ DaylightName
| Setting | Value |
|---|---|
| Action | Update |
| Hive | HKEY_LOCAL_MACHINE |
| Value Name | DaylightName |
| Value Type | REG_SZ |
| Value Data | @tzres.dll,-491 |
6๏ธโฃ DaylightStart
| Setting | Value |
|---|---|
| Action | Update |
| Hive | HKEY_LOCAL_MACHINE |
| Value Name | DaylightStart |
| Value Type | REG_BINARY |
| Value Data | 00000000000000000000000000000000 |
7๏ธโฃ DynamicDaylightTimeDisabled
| Setting | Value |
|---|---|
| Action | Update |
| Hive | HKEY_LOCAL_MACHINE |
| Value Name | DynamicDaylightTimeDisabled |
| Value Type | REG_DWORD |
| Value Data | 0x0 (0) |
8๏ธโฃ StandardBias
| Setting | Value |
|---|---|
| Action | Update |
| Hive | HKEY_LOCAL_MACHINE |
| Value Name | StandardBias |
| Value Type | REG_DWORD |
| Value Data | 0x0 (0) |
9๏ธโฃ StandardName
| Setting | Value |
|---|---|
| Action | Update |
| Hive | HKEY_LOCAL_MACHINE |
| Value Name | StandardName |
| Value Type | REG_SZ |
| Value Data | @tzres.dll,-492 |
๐ StandardStart
| Setting | Value |
|---|---|
| Action | Update |
| Hive | HKEY_LOCAL_MACHINE |
| Value Name | StandardStart |
| Value Type | REG_BINARY |
| Value Data | 00000000000000000000000000000000 |
1๏ธโฃ1๏ธโฃ TimeZoneKeyName
| Setting | Value |
|---|---|
| Action | Update |
| Hive | HKEY_LOCAL_MACHINE |
| Value Name | TimeZoneKeyName |
| Value Type | REG_SZ |
| Value Data | India Standard Time |
๐ง Step 3: Configure Windows Time Service
Now ensure the Windows Time Service (W32Time) is configured and running.
๐ Path
โ Preferences
โ Control Panel Settings
โ Services
Create a New Service Configuration
Right click Services โ New โ Service
Configure the following:
| Setting | Value |
|---|---|
| Service Name | W32Time |
| Startup Type | Automatic |
| Service Action | Start Service |
This ensures the Windows Time Service always runs on system startup.
๐ Why This Configuration is Important
Proper time synchronization provides several critical benefits:
๐ Security & Authentication
Kerberos authentication in Active Directory requires synchronized system time.
If time drift exceeds 5 minutes, authentication failures may occur.
๐ SIEM Log Correlation (Splunk)
Security monitoring tools like Splunk rely on timestamps to correlate events.
Incorrect system time can cause:
-
โ Incorrect alert timelines
-
โ Missed correlations
-
โ Incident investigation issues
With centralized NTP configuration, all logs maintain consistent timestamps.
๐ฅ Operational Stability
Consistent system time ensures reliable operation of:
-
Active Directory
-
Scheduled Tasks
-
Certificates
-
Authentication logs
-
Security monitoring
๐ Conclusion
By configuring NTP synchronization and time zone settings via Group Policy, organizations can ensure all domain systems maintain accurate and consistent time.
This configuration improves:
โ Security logging
โ SIEM log analysis
โ Authentication reliability
โ System stability
Centralized management through GPO also simplifies administration and ensures uniform configuration across the entire domain.
โ Recommended For
-
Enterprise Windows environments
-
SOC / SIEM deployments
-
Splunk log monitoring setups
-
Security compliance frameworks
If you are still facing an issue, feel free to Ask Doubts in the Comment Section Below and Donโt Forget to Follow us on ๐ย Social Networks.
| Happy Splunking ๐
