Jamf Nation Community

If you take /usr/sbin/systemsetup -setnetworktimeserver "time.apple.com" and replace time.apple.com with your desired NTP, you should be good. Just be sure to test before deploying to the masses.

Thanks everyone!

@sdagley do you have an updated script by chance?

@doreyme What @dwenger posted above is basically what I last used, but I never tried it with Mojave or Catalina. It should still work.

@sdagley so im assuming thats in the file and process payload?

@doreyme The Files and Processes payload will work, or you can create a new script under Settings->Computer Management->Scripts (don't forget the #!/bin/sh as the first line of the script in that case).

@sdagley so im looking to go the files and processes route. Would it look something like this:

/usr/sbin/systemsetup -setnetworktimeserver "time.gov"

if i wanted to use time.gov

if you want to nail the time server, I'd recommend using a configuration profile instead. The keys and preference domains are stated in the config profile reference:

https://developer.apple.com/business/documentation/Configuration-Profile-Reference.pdf

Check out the "time server" payload.

The Time Server payload is designated by specifying com.apple.MCX as the PayloadType value.
This payload allows devices to connect to custom time servers.
In addition to the settings common to all payload types, the Time Server payload defines the following keys:

timeServer
timeZone

The ntp server to connect to.
Availability: Available in macOS 10.12.4 and later.
Time zone path location string in /usr/share/zoneinfo/. For example, ”America/Denver” or ”Zulu”.
Availability: Available in macOS 10.12.4 and later.

@m.entholzner thanks for the reply.

Not entirely sure how to use a configuration profile for this instead. but i was planning on using a policy with the Files and Processes payload using this

sudo systemsetup -setusingnetworktime on -setnetworktimeserver time-a.nist.gov

+1 on @m.entholzner's advice. In most instances, if you can use a profile to accomplish your desired task, it's the way to go. Profile Creator https://github.com/ProfileCreator/ProfileCreator appears to have the provisions in place for building a profile with time server info, but I haven't personally used the payload myself.

Thanks Everyone!

Hi all, just come across this as we have a PCI requirement that any Macs involved in PCI work need to point to a specific NTP server.

The 3rd Party App (ProfileCreator) mentioned can create a Config Profile with Time Server settings but importing it into our Jamf environment doesn't work (it imports the General Payload but the Time Server Payload is missing).

I'm going to write a script to run daily on the required Macs to point to the required NTP server:

#!/bin/sh
/usr/sbin/systemsetup -setusingnetworktime on -setnetworktimeserver (our PCI NTP Server)

That should cover it, right?

That should work, but you should be able to make the Configuration Profile work. Did you sign the profile before you uploaded it? Sometimes that helps. (Also, did you apply the profile to a test machine after you uploaded it? Sometimes the Jamf GUI won't show profile settings that are not standard.

Also, if you have already created your Profile in profile creator, you could just export the Time Server payload as a PLIST (click and hold the export button and choose Export PLIST). You can then create a new profile in Jamf and upload that PLIST in the custom settings. Make sure the Preference Domains is com.apple.MCX

@jay-kay To expand on what @RBlount said...

An Application & Custom Settings payload as he describes is the easiest solution.

As to why... Jamf Pro doesn't have a built-in editor for the Time Server settings, so if you upload a profile containing that payload you're not going to see it displayed in the GUI. That profile may still work, but to be sure you'd need to have ProfileCreator sign the profile when it's created so that when uploaded to Jamf Pro no modifications will be made to the payload(s).