I'm going through our PCI audit results and one of the things I need to look into is setting up the NTP being configured to loopback. This strikes me as being bad for AD enabled machines and the time drift, or am I not understanding what setting it to loopback actually is? What are the impacts of doing this?
Page 1 / 1
I haven't heard of that being used. It's technical possible, but wouldn't keep accurate time.
We always set them to use the AD domain.
To implement this, the code below may help. Kudos to @franton
I am not sure on impact of doing this.
Hello.
I implemented this as per the CIS guide but frankly I think it's pointless. I always point corporate devices to the internal NTP services, whether they be the stratum 1/2 servers or to the AD domain controller(s) IF they're running NTP services. (learned the hard way that Windows Time Services != NTP ... too bad the people I worked for never did).
we have our internal NTP servers & apple's time servers (for DEP reasons). Not sure if there was anything that may not work because of setting to loopback. I thought it was kind of pointless too.
It doesn't address the CIS guide, but to appease the firewall admins at a previous org that refused to open an NTP port to time.aople.com I had the DNS folks redirect time.apple.com to an internal NTP server. While it'd have been easy enough to edit the hosts file on a Mac this solution also addressed the needs of iOS devices (which I think still have no method to re-direct NTP queries)
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.