I'm going through our PCI audit results and one of the things I need to look into is setting up the NTP being configured to loopback. This strikes me as being bad for AD enabled machines and the time drift, or am I not understanding what setting it to loopback actually is? What are the impacts of doing this?
Question
NTP set to loopback?
+23
+18I haven't heard of that being used. It's technical possible, but wouldn't keep accurate time.
We always set them to use the AD domain.
+1To implement this, the code below may help. Kudos to @franton
I am not sure on impact of doing this.
Hello.
I implemented this as per the CIS guide but frankly I think it's pointless. I always point corporate devices to the internal NTP services, whether they be the stratum 1/2 servers or to the AD domain controller(s) IF they're running NTP services. (learned the hard way that Windows Time Services != NTP ... too bad the people I worked for never did).
+23we have our internal NTP servers & apple's time servers (for DEP reasons). Not sure if there was anything that may not work because of setting to loopback. I thought it was kind of pointless too.
+25It doesn't address the CIS guide, but to appease the firewall admins at a previous org that refused to open an NTP port to time.aople.com I had the DNS folks redirect time.apple.com to an internal NTP server. While it'd have been easy enough to edit the hosts file on a Mac this solution also addressed the needs of iOS devices (which I think still have no method to re-direct NTP queries)
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.