|
-
March 10th, 2011, 03:08 PM
#1
Junior Member
What is messing with my time sync settings?
(No idea if people here will answer this type of question, but I'm really worried about this and hoping someone can help.)
I noticed that my computer's time was 10 min slow, tried to sync it, sync didn't work, tried to start Windows Time Service but couldn't, so I went investigating W32Time. I got it to work by changing it from peer mode to client mode, re-registering it and restarting it but then noticed that many registry values for W32Time did not match the published defaults. Any ideas why they wouldn't? Is this dangerous?
My machine is running the latest updated version of XP.
Here's my reference for defaults:
http://technet.microsoft.com/en-us/l...mes_tools_uhlp
-------------------
Here's what I found, keys that don't match published defaults:
SpikeWatchPeriod
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
The default value on domain members is 900. The default value on stand-alone clients and workstations is 900. (Mine is 90)
EventLogFlags
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient
Default is 0x1 reachability changes (Mine is 0)
InputProvider
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer
Default it Yes 1 (Mine is 0)
LargePhaseOffset
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
The default value on domain members is 50000000. The default value on stand-alone clients and servers is 50000000. (Mine is 1280000)
LargeSampleSkew
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient
The default value on domain members is 3. (I don't have any value.)
MaxClockRate
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
The default value for stand-alone clients and servers is 155860. (Mine is 156640.)
NtpServer
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
Default is time.windows.com,0x1. I added an entry for time.nist.gov,0x8 that appears to be working. I'd like to remove the time.windows.com,0x1 entry.
----
Also, there is no domain controller, and no group policy, but there are a bunch of additional registry flags that look like I there is, like:
CrossSiteSyncFlags
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient
and a few others.
Is this a security hole? Should I change these keys back to the defaults? Should I replace win32time.dll with a factory version? Most importantly, who or what is messing with my time services?
Similar Threads
-
By al1aprize in forum Spyware / Adware
Replies: 23
Last Post: March 15th, 2004, 01:24 AM
-
By instronics in forum The Security Tutorials Forum
Replies: 3
Last Post: February 17th, 2003, 11:45 AM
-
By instronics in forum The Security Tutorials Forum
Replies: 7
Last Post: February 5th, 2003, 10:04 AM
-
By Noble Hamlet in forum AntiOnline's General Chit Chat
Replies: 1100
Last Post: March 17th, 2002, 09:38 AM
-
By Badassatchu in forum Non-Security Archives
Replies: 1
Last Post: November 23rd, 2001, 11:13 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote