Details
This policy setting specifies whether the Windows NTP Client is enabled. Enabling the Windows NTP Client allows your computer to synchronize its computer clock with other NTP servers. You might want to disable this service if you decide to use a third-party time provider.
The recommended state for this setting is: Enabled.
Rationale:
A reliable and accurate account of time is important for a number of services and security requirements, including but not limited to distributed applications, authentication services, multi-user databases and logging services. The use of an NTP client (with secure operation) establishes functional accuracy and is a focal point when reviewing security relevant events
Solution
To establish the recommended configuration via GP, set the following UI path to Enabled:
Computer ConfigurationPoliciesAdministrative TemplatesSystemWindows Time ServiceTime ProvidersEnable Windows NTP Client
Note: This Group Policy path is provided by the Group Policy template W32Time.admx/adml that is included with all versions of the Microsoft Windows Administrative Templates.
Impact:
You can set the local computer clock to synchronize time with NTP servers.
Default Value:
Disabled. (The local computer clock does not synchronize time with NTP servers.)
References:
CCE-37843-0
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Windows.