EvotecIT / Testimo

Testimo is a PowerShell module for running health checks for Active Directory against a bunch of different tests
547 stars 58 forks source link

Get-TimeSetttings ignore Policies Entries #41

Closed ruddj closed 5 years ago

ruddj commented 5 years ago

Good Day, First great job on the tool. It helped us identify some things we need to look at in our environment. 2 Comments about the Time settings check.

The Get-TimeSetttings command seems to ignore entries in HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\W32time We use a group policy with WMI filter for PDC to configure our NTP time server, but report does not pick up the changed values.

2nd is the TimeSynchronizationExternal check always checks pool.ntp.org which may be blocked by environments that don't allow internet access from their DCs. This is probably a more local config issue.

PrzemyslawKlys commented 5 years ago
  1. Thank you. Will verify why is that.

  2. What would you suggest? I could probably allow edit of that parameter via Parameters section like it is possible for Test parameters.

PrzemyslawKlys commented 5 years ago
        $TimeParameters = Get-PSRegistry -ComputerName $_ -RegistryPath "HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Parameters"
        $TimeConfig = Get-PSRegistry -ComputerName $_ -RegistryPath "HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config"
        $TimeNTPClient = Get-PSRegistry -ComputerName $_ -RegistryPath "HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NTPClient"
        $TimeNTPServer = Get-PSRegistry -ComputerName $_ -RegistryPath "HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NTPServer"
        $TimeVMProvider = Get-PSRegistry -ComputerName $ComputerName -RegistryPath "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider"

Yes, it seems I am only checking this. I guess I need to expand on your registry keys

PrzemyslawKlys commented 5 years ago

https://docs.microsoft.com/en-us/windows-server/networking/windows-time-service/windows-time-service-tools-and-settings

ruddj commented 5 years ago
  1. Possibly allow parameter that could be set in configuration file? In our case we have a specific external server we can access that we could override the value with.
PrzemyslawKlys commented 5 years ago

Ok, both problems should be now fixed. Hope you can test when a new version gets released.

ruddj commented 5 years ago

Thank you. I will update and test when next release is pushed to Powershell Gallery.