Many major enhancements to Microsoft Windows Server 2003 have to do with support services and remote desktop connectivity through terminal services. This chapter focuses on the key enhancements, including automatic updates, error reporting, help and support, remote desktop, and time services.
Windows Server 2003 features built-in support services at several levels. If you access the Services node in Computer Management, you’ll find a bundle of services dedicated to system support, including:
Automatic Updates. Responsible for performing automatic updates to the Windows Server 2003 operating system. Although this service typically is enabled, the Automatic Updates tab of the System properties dialog box controls how the service works. On servers, the default setting in the System utility is for manual updates only.
Error Reporting Service. Provides automated error collection, tracking, and reporting. When an application or component error occurs and the service is running, automated error information is generated and can be reported to Microsoft. Error reporting is discussed in the section entitled "Enabling and Disabling Error Reporting" in Chapter 2.
Help And Support. Provides the application framework for automatic system monitoring. This is the heart of the help and support facility built into Windows Server 2003.
Terminal Services. Enables users to remotely connect to the computer and handles the display of the desktop and application to those remote users. This one service provides the necessary background framework for Remote Desktop, Remote Assistance, Fast User Switching, and Terminal Server.
Volume Shadow Copy. Creates and manages volume shadow copies for backups and redundancy. A shadow copy is a point-in-time copy of files on a network share. Although this feature is disabled by default, you can use the Disk Management tool to configure shadow copies and allow for file recovery from accidental deletion or overwriting and for version checking. See Chapter 14, for details.
Windows Time. Synchronizes the system time with world time to ensure that the system time is accurate. You can configure computers to synchronize with a specific time server.
These support services provide the foundation for many of the enhanced features in Windows Server 2003. If they aren’t running or aren’t correctly configured, you might have problems using certain support features and, in some cases, Windows Server 2003 might not operate properly.
Many other services provide support features. However, you need these additional support services only in specific scenarios and they usually aren’t configured to start automatically. For example, on all versions of Windows Server 2003 (except Windows Server 2003, Web Edition) the application framework services are disabled or set to manual startup. If you’re using a different version of Windows Server 2003 to provide application services that take advantage of the Windows Server 2003 framework, you might need to reconfigure these services.
The automated help system built into Windows Server 2003 is fairly complex. The system is designed to automatically monitor system health, to perform preventative maintenance, and to report problems so they can be resolved. The help system has three key components:
A Help and Support Center with integrated help facilities
An application framework
A monitor that gathers and logs state information
The Help and Support Center is where you go to find system documentation and support services. You can start the Help and Support Center by clicking Start and then choosing Help And Support.
As you can see from Figure 5-1, the Help and Support Center is very different from the Help facilities built into previous versions of Windows. The Help And Support Center home page features links to online help documentation, support services, and important issues. The Help and Support Center is designed so that it seamlessly integrates locally stored content as well as content made available through remote sites. Overall, the documentation is much more task-focused and solution-focused than previous versions.
Figure 5-1. Use the Help and Support Center to find detailed technical information and to get support when you need it.
In the Support Tasks area of the Help And Support Center home page, you’ll find a link labeled Support. Click this link or the Support button on the toolbar to access the integrated support utilities, including:
Get Remote Assistance. Allows users to get live help from a technician. By clicking the link and sending a remote control invitation through e-mail, a user can get immediate help.
Get Help From Microsoft. Provides a list of online resources that you can use to contact Microsoft’s Technical Support staff, to access support communities, and to get follow-up information, such as the status of a previously submitted support request.
Visit The Windows Server Community. Allows users to access a help forum on the Web where they might be able to find answers to their questions.
The Get Remote Assistance and Get Help From Microsoft options use the Remote Assistance feature. Remote assistance is made possible through the Remote Desktop Help Session Manager service. If you’re the technician receiving the remote control request, you see a control panel that allows you to view the user’s desktop and to send chat messages to the user. You also have the option of taking control of the user’s system, sending a file to the user’s system, or exiting the session. If you take control of the user’s system, you can configure the computer just as if you were sitting at the keyboard, and the user will see these changes as well.
The Help And Support Center and the entire Windows Server 2003 help system are built on top of the application framework provided by the Windows service called Help and Support. As a Windows Server 2003 administrator, you don’t really need to understand the intricacies of the application framework. You should, however, know where the necessary files are stored so you can check them if you need to.
With this in mind, it’s important to note that the Help and Support service runs under the Svchost.exe process with the flags –K NETSVCS. When run in this mode, the Svchost.exe process acts as a listener that monitors the health and well-being of the system on which it’s running. The listener also periodically performs checkpoint operations that write system configuration information to subdirectories of the %SystemRoot% directory. These files contain logs and checkpoint data as well as temporary workspace for processing help system transactions.
After a checkpoint has been finalized, it’s written to a database file in the %SystemRoot%PCHEALTHELPCTRDatabase directory. This file is called Hcdata.edb. The database contains other types of help system information as well.
Note
Throughout this book you’ll see references to %SystemRoot%. This is an environment variable used by Windows Server 2003 to designate the base directory for the Windows Server 2003 operating system, such as C:WINDOWS. For more information on environment variables, see the section entitled "Configuring the User’s Environment Settings" in Chapter 10.
Status, a health monitor, is another key part of the Windows Server 2003 help system. Its goal is to collect system state information that can be used to identify current or potential system problems, such as an abnormal boot or a drive low on free space. The operating system can then process the information and make it available through the Help and Support Center.
To gather system information, Status relies on the Help and Support service. If you examine this service, you’ll find that it runs an executable called Svchost.exe, which in turn uses Wmiprvse.exe to gather system information. The information gathered by the Windows Management Instrumentation (WMI) provider service (WMIPRVSE) is obtained and displayed in the Help and Support Center using separate executables. The Help and Support Center runs under the Helpctr.exe executable, which provides the primary interface, and uses Helphost.exe and Helpsvc.exe to provide essential host listener and support services.
You can view the information gathered by Status by completing the following steps:
Click Start and then choose Help And Support.
Click the Support button on the toolbar to access the Support area and then click My Computer Information. This link is listed under the See Also heading.
In the right pane, click View The Status Of My System Hardware And Software.
As shown in Figure 5-2, you’ll see a summary of the system state. If there are any current or potential problems, these problems will be identified and, if available, there will be a link to a help document that you can use to resolve the problem.
Figure 5-2. Periodically monitor system health to ensure that there aren’t current or potential problems on the system.
Note
Interestingly enough, system state information is gathered using the WMI service. WMI provides a set of interfaces that implement object classes for accessing the operating system and its components and representing their state values. One of these object classes is Win32_Computer, which has a property called Bootup-State. The bootup state indicates how the system was started. If the computer was started normally, the bootup state is set to "Normal boot." If the computer was started in Safe Mode, the bootup state is set to "Fail-safe boot." This property value and other property values gathered through WMI are reflected in the Help and Support Center under My Computer Information and Advanced System Information.
The Help and Support service must be running for Status to gather information. If the health statistics aren’t accessible or aren’t being updated, you should ensure that the service is running and that it’s configured properly. You can access Services through Computer Management or through the Services utility.
After you access Services, ensure that the Help and Support service is running. If it isn’t, right-click the service and then select Start. The service should be configured to start up automatically. If it isn’t, double-click the service, select Automatic as the Startup Type, and then click OK.
Another reason you might be experiencing problems obtaining system health information is if the system drive (the drive containing the Windows operating system) has no available space. The Help and Support service collects system health information and stores it in the data collection directory (%SystemRoot%PchealthHelpctrDatacoll). System state information collected by Status is stored in files formatted in Extensible Markup Language (XML), a markup language for structuring information. These files must be written properly so that the help subsystem can process them. If the system drive is out of free space, you’ll need to free some space so that system health information can be written to the drive.
Automatic Updates help you keep the Windows Server 2003 operating system up to date. It compares the programs, operating system components, and drivers installed on a system to a master list of items available at the Microsoft Web site and determines whether there are updates that should be installed.
You configure Automatic Updates using the System utility. When you enable Automatic Updates, an update icon appears in the system tray when there are updates to download or install. The background process running the update process is the Automatic Updates service. This service is responsible for periodically checking for compatible updates for a system. When an automatic update is available, you’ll see a bubble over the update icon announcing the update’s availability.
The updates installed through the Automatic Updates service appear on the Change Or Remove Programs page of the Add Or Remove Programs dialog box when you select the Show Updates check box. You can remove an automatic update the same way that you uninstall any other program. For details, see the section entitled "Removing Automatic Updates to Recover from Problems," later in this chapter.
When you open the System Properties dialog box, you’ll find that you can configure Automatic Updates in several ways. You can set the update configuration to any of the following options:
Automatic. Updates are automatically downloaded and installed according to a schedule that you specify. When updates have been downloaded, the operating system notifies you so you can review the updates that are scheduled to be installed. You can install the updates then or wait for the scheduled installation time.
Download only. The operating system retrieves all updates as they become available and then prompts you when they’re ready to be installed. You can then accept or reject the update. Accepted updates are installed. Rejected updates aren’t installed but remain on the system, where they can be installed later.
Notify only. The operating system notifies you before retrieving any updates. If you elect to download the update, you still have the opportunity to accept or reject it. Accepted updates are installed. Rejected updates aren’t installed but remain on the system, where you can install them later.
Manual. All automatic download and notification options are disabled and you must manually apply updates by visiting the Windows Update Web site.
If you want to use Automatic Updates on a system, complete the following steps:
From the Control Panel, select or double-click System, and then click the Automatic Updates tab of the System Properties dialog box, as shown in Figure 5-3.
To disable automatic updates, select Turn Off Automatic Updates. This option turns off Automatic Updates completely, requiring manual installation of updates.
Security
To ensure the integrity of critical production systems, you might want to disable automatic updates. Before applying updates to operational servers, you should test the updates on nonproduction (development or test) servers. The test period should usually last one to two weeks, or longer, to ensure that problems don’t crop up when you least expect them. After you finish testing the updates, you can manually apply them to your production systems.
To enable automatic updates, choose one of the following update options:
Automatic. This option is good when you don’t want the installation of updates to interfere with business operations. The update schedule is either Every Day at a specific hour, such as 3:00 a.m., or on a specific day of the week and hour, such as Every Sunday at 5:00 a.m. If you’re logged on to the system as an administrator, you’ll be notified of pending installations and have the opportunity to postpone the installation. If a restart is required as a result of an update and you’re logged on as an administrator, you’ll have the opportunity to postpone the restart. Other users don’t have this option. Local users and terminal services users will be notified, however, of a pending restart. Other users, such as those accessing an application or file on the system, won’t be notified.
Download Updates For Me, But Let Me Choose When To Install Them. This is the best option to use when you want to be sure updates are downloaded, but it doesn’t ensure that updates will be installed.
Notify Me But Don’t Automatically Download Or Install Them. This option allows you to control whether downloads occur at all. Use this option when you need more control over the application of updates.
Sometimes installing updates might make a system less responsive and might require a system restart. Because of this, you might want to manually install updates or schedule installation of updates for nonbusiness or nonpeak usage hours. In this way, there should be less impact on users and business operations. It won’t prevent data loss, however, if active users are working with resources on the system. Click OK.
Another way to configure Automatic Updates is through Group Policy. The most useful policies for Automatic Updates are:
Windows Automatic Updates. Whenever a user connects to the Internet, Windows searches for updates that are available for the computer. If you don’t want the operating system to search for updates, enable this policy. Windows will then be prohibited from searching for updates. This policy is located in User ConfigurationAdministrative TemplatesSystem.
Turn Off Automatic Update Of ADM Files. Group Policy can be modified by the automatic updates process. Typically, this means that new policies are installed and made available the next time you open the Group Policy Object Editor. If you don’t want Group Policy to be updated through the automatic updates process, enable this policy. This policy is located in User ConfigurationAdministrative TemplatesSystemGroup Policy, and its settings are ignored if the policy Always Use Local ADM Files For The Group Policy Object Editor is enabled.
Remove Access To Use All Windows Update Features. Prohibits access to all Windows Update features. If enabled, all Automatic Updates features are removed and can’t be configured. This includes the Automatic Updates tab in the System utility, the Windows Update link on the Start Menu and on the Tools menu in Internet Explorer, and driver updates from the Windows Update Web site in the Device Manager. This policy is located in User ConfigurationAdministrative TemplatesWindows ComponentsWindows Update.
Configure Automatic Updates. Configures automatic updates settings for a domain, site, organizational unit, or local computer through Group Policy. If enabled, you set the options much as you do in the Automatic Updates tab of the System utility. If disabled, automatic updates must be manually installed. This policy is located in Computer ConfigurationAdministrative TemplatesWindows ComponentsWindows Update.
Specify Intranet Microsoft Update Service Location. Designates an internal Web server rather than the Windows Update Web site as the location from which to check for and download updates. This policy is located in Computer ConfigurationAdministrative TemplatesWindows ComponentsWindows Update and is discussed in the next section.
On networks with hundreds or thousands of computers, the Automatic Updates process could use a considerable amount of network bandwidth, and having all the computers check for updates and install them over the Internet won’t make sense. Instead, you’ll want to consider enabling this policy, which tells individual computers to check a designated internal server for updates.
The designated update server must run Windows Server Update Services (WSUS), be configured as a Web server running Microsoft Internet Information Services (IIS), and be able to handle the additional workload, which might be considerable on a large network during peak usage times. Additionally, the update server must have access to the external network on port 80. The use of a firewall or proxy server on this port shouldn’t present any problems.
The update process also tracks configuration and statistics information for each computer. This information is necessary for the update process to work properly and can be stored on a separate statistics server (an internal server running IIS) or on the update server itself.
To specify an internal update server, follow these steps:
Configure the necessary server(s) as previously discussed.
In Group Policy for the appropriate domain, site, or organizational unit Group Policy Object, access Computer ConfigurationAdministrative TemplatesWindows ComponentsWindows Update, and then double-click Specify Intranet Microsoft Update Service Location.
Select Enabled.
Type the Uniform Resource Locator (URL) of the update server in the Set The Intranet Update Service For Detecting Updates text box. In most cases, this is http://servername, such as http://CorpUpdateServer01. For example, see Figure 5-4.
Type the URL of the statistics server in the Set The Intranet Statistics Server text box. This doesn’t have to be a separate server; you can specify the update server in this text box.
Click OK. After the applicable Group Policy Object is refreshed, systems running Windows 2000 Service Pack 3 or later, Windows XP Service Pack 1 or later, and Windows Server 2003 will look to the update server for updates. You’ll want to monitor the update and statistics server(s) closely for several days or weeks to ensure that everything is working properly. Directories and files will be created on the update and statistics server(s).
When Automatic Updates are enabled and an automatic update is available, you’ll see a bubble over the update icon announcing the update’s availability. Click the Auto-Update icon to open the Updates window. From that window, click Install/Download if you’ve chosen to autodownload or if you’ve chosen to be notified before the download. This starts the Automatic Updates process. You can also click Remind Me Later to postpone the update.
If you want to see more information about the update or be able to selectively enable or disable update components, click Details. You then see descriptive information on each update. To disable an update for a specific component, clear the related check box. When you’re ready to proceed, click Install.
If an automatic update caused a problem on a system, don’t worry. You can remove the automatic update in the same way that you uninstall any other program. Simply follow these steps:
From the Control Panel menu, select Add Or Remove Programs. The Add Or Remove Programs dialog box is displayed with the Change Or Remove Programs option selected.
Select the automatic update that you want to remove and then click Change/Remove. Repeat this step to remove other updates as desired.
Click Close. If the system needs to be restarted, you’ll see a restart prompt.
Windows Server 2003 has several remote connectivity features. With Remote Assistance, users can send invitations to support technicians, allowing them to service a computer remotely. With Remote Desktop, users can connect remotely to a computer and access its resources. In this section, you learn how to configure Remote Assistance and Remote Desktop. By default, neither of the remote connectivity features is enabled. You must manually enable the remote assistance and remote desktop features.
Remote Assistance is a useful feature for help desks to take advantage of. Not only can administrators allow higher-level support personnel to view the server’s desktop, but also administrators can allow the support personnel to take control of the desktop and solve problems. This feature could be used to walk junior administrators through a complex process or even to manage system configuration while another administrator watches the progress of the changes. The key to Remote Assistance is in the access levels that you grant.
By default, Remote Assistance is configured to allow support personnel to view and remotely control desktop computers running Windows XP Professional. Anyone logged on to a Windows Server 2003 system can send assistance invitations to internal and external resources, and this might present a security concern for organizations. To reduce potential security problems, you might want to allow support staff to view but not control desktop computers.
Security
If you’re using Remote Assistance on a computer also running Windows Firewall, it’s important to point out that no additional configuration is necessary to bypass the firewall. Remote Assistance will temporarily and automatically open firewall ports during an assistance session. Other types of firewalls that might be between the source and destination computers in an assistance session are another matter entirely, and you’ll typically need to open TCP Port 135. See the Microsoft Knowledge Base Article 301527 for troubleshooting details (http://support.microsoft.com/default.aspx?scid=kb;en-us;301527).
To configure Remote Assistance, follow these steps:
From the Control Panel menu, select System and then click the Remote tab.
To disable Remote Assistance, clear the Turn On Remote Assistance And Allow Invitations To Be Sent From This Computer check box and then click OK. Skip the remaining steps.
To enable Remote Assistance, select the Turn On Remote Assistance And Allow Invitations To Be Sent From This Computer check box. Afterward, click Advanced. This displays the Remote Assistance Settings dialog box shown in Figure 5-5.
The Allow This Computer To Be Controlled Remotely option sets limits for Remote Assistance. When selected, this setting allows assistants to view and control the computer. To provide view-only access to the computer, clear this check box.
The Invitations options control the maximum time window for invitations. You can set a value in minutes, hours, or days, up to a maximum of 30 days. If you set a maximum limit value of 10 days, for example, you can create an invitation with a time limit up to, but not more than, 10 days. The default maximum expiration limit is 30 days.
Real World
Another key aspect of Remote Assistance that you can control is the time limit for invitations. The default maximum time limit is 30 days. Although the intent is to give support personnel a time window in which to respond to requests, it also means that they could use an invitation to access a computer over a period of 30 days. For instance, suppose you send an invitation with a 30-day time limit to a support person who resolves the problem the first day. That person would then still have access to the computer for another 29 days, which wouldn’t be desirable for security reasons. To reduce the risk to your systems, you’ll usually want to reduce the default maximum time limit considerably—say, to 1 hour. If the problem isn’t solved in the allotted time period, you can issue another invitation.
Click OK twice when you’re finished configuring Remote Assistance options.
Unlike Remote Assistance, which provides a view of the current user’s desktop, Remote Desktop provides several levels of access:
If you’re currently logged on to the desktop locally and you then try to log on remotely, the local desktop locks automatically and you can access all the currently running applications as if you were sitting at the keyboard working locally. This feature is useful if you want to work from home or an alternate location.
If you’re included on the computer’s remote access list and not logged on otherwise, you can initiate a new Windows session from a remote location. The Windows session will behave as if you were sitting at the keyboard working locally and can be used when other users are also logged on to the computer. In this way, multiple users could access the same computer simultaneously.
Remote Desktop isn’t enabled by default. You must specifically enable it, thereby allowing remote access to the computer. When it’s enabled, any members of the Administrators group can connect to the computer by default. You must place other users specifically on a remote access list to permit them to gain access to the computer.
Security
If you’re configuring Remote Desktop on a computer also running Windows Firewall, you must specify Remote Desktop as an access exception as discussed in Chapter 14. Other types of firewalls that might be between the source and destination computers in a Remote Desktop session are another matter entirely, and you’ll typically need to open TCP Port 3389. See the Microsoft Knowledge Base article 875357 for troubleshooting details (http://support.microsoft.com/default.aspx?scid=kb;en-us;875357).
To configure Remote Desktop, follow these steps:
Access the System Properties dialog box from Control Panel and then click the Remote tab.
To disable Remote Desktop access, clear the Enable Remote Desktop On This Computer check box and then click OK. Skip the remaining steps.
To enable remote desktop access, select the Enable Remote Desktop On This Computer check box. Afterward, click Select Remote Users.
To grant Remote Desktop access to a user, click Add. This opens the Select Users Or Groups dialog box. In the Select Users Or Groups dialog box, type the name of a user you want to use in the Name text box and then click Check Names. If matches are found, select the account you want to use and then click OK. If no matches are found, update the name you entered and try searching again. Repeat this step as necessary and then click OK when finished.
Tip
By default, the scope of the Select Users Or Groups dialog box is set to Users to prevent novice administrators from accidentally granting remote access to large numbers of users. If you’re an experienced administrator and are sure you want to grant all members of an entire group remote access privileges, click Object Types, select Groups, and then click OK. You’ll then be able to specify users or groups in the Select Users Or Groups dialog box.
To revoke remote access permissions for a user account, select the account and then click Remove.
Click OK twice when you’re finished.
As an administrator, you can make Remote Desktop connections to Windows servers and workstations. With Windows 2000 Server, you enable Remote Desktop connections by installing Terminal Services and then configuring Terminal Services in Remote Access mode. With Windows XP, Remote Desktop connections are enabled by default and all administrators are granted access automatically. With Windows Server 2003, Remote Desktop is installed automatically but not enabled until you specifically do so.
One way to make a Remote Desktop connection to a server or workstation is to follow these steps:
Choose Start, All Programs, Accessories, Communications, and then Remote Desktop Connection. This displays the Remote Desktop Connection dialog box.
In the Computer text box, type the name of the computer to which you want to connect. If you don’t know the name of the computer, use the drop-down list provided to choose an available computer or select Browse For More from the drop-down list to display a list of domains and computers in those domains.
By default, Windows Server 2003 uses your current user name, domain, and password to log on to the remote computer. If you want to use different account information, click Options and then enter values in the related User Name, Password, and Domain text boxes.
Click Connect. Enter your account password if prompted, and then click OK. If the connection is successful, you’ll see the Remote Desktop window on the selected computer and you’ll be able to work with resources on the computer. In the case of a failed connection, check the information you provided and then try to connect again.
Note
Clicking Options in the Remote Desktop Connection dialog box displays additional options for creating and saving connections. These advanced options allow you to change display size for the remote desktop; manage connections to local resources, such as printers, serial ports, and disk drives; run programs automatically on connection; and enable or disable local caching and data compression.
Although Remote Desktop Connection is easy to use, it isn’t the best tool to use if you routinely connect to computers remotely. Instead, you’ll want to use the Remote Desktops console, which is available on a computer when you install the Windows Server 2003 administrative tools. With Remote Desktops you can configure connections for multiple systems and afterward you can easily switch between connections.
You’ll find Remote Desktops as an option on the Administrative Tools menu. Figure 5-6 shows the console with connections configured for CorpServer01, CorpServer02, CorpServer03, and CorpServer04. These connections were added by right-clicking the Remote Desktops node in the console, selecting Add New Connection, and then entering the server name (or Internet Protocol [IP] address) and the necessary logon information. The requirements are the same as for the Remote Desktop Connection utility.
Figure 5-6. If you routinely connect to remote systems, Remote Desktops should be your tool of choice. You can configure persistent connection information and then establish connection simply by clicking on a server.
After you define a connection, you can connect to the server and display the remote desktop simply by clicking the connection entry. If, for some reason, the connection fails, you can force Windows to try to connect again by right-clicking the connection and selecting Connect.
System time has had an increasingly important role as the Windows operating system has matured, particularly with regard to Kerberos security, which is the default Windows Server 2003 authentication mechanism. With Kerberos security, the network depends on system clocks being in close synchronization. If the clocks on different systems aren’t closely synchronized, authentication tickets can become invalid before they reach a destination host.
Keeping the system in sync with the actual time isn’t easy. System clocks can lose time. Users can accidentally set the system clock to the wrong time. Other things can go wrong as well. To help resolve problems with system time and time synchronization, Windows systems can use the Windows Time service to set a consistent network time based on the time at an Internet time server. Time services allow precise synchronization with world time.
Workstations and servers are configured to synchronize with a time server automatically. This time server is referred to as the authoritative time server. The way Windows Time works depends on whether the system is part of a workgroup or a domain. Although you can use the registry to control Windows Time on an individual computer, Group Policy offers the easiest way to manage Windows Time throughout the enterprise. Group Policy settings that control Windows Time are under Computer ConfigurationAdministrative TemplatesSystemWindows Time ServiceGlobal Configuration Settings. Global Configuration Settings have precedence over registry settings. If you change Registry values for time services, you can apply them by typing the following command at the command prompt:
w32tm /config /update
For computers in a workgroup, you can enable Internet time using the Date And Time utility in Control Panel. In Active Directory domains, a domain controller is chosen automatically as the reliable time source for the domain and other computers in the domain synchronize time with this server. Should this server be unavailable to provide time services, another domain controller takes over. You can’t, however, change the Windows Time configuration. If you want to manage Windows Time in a different way, you must first enable and configure Internet Time through Group Policy. The related policies are found under Computer ConfigurationAdministrative TemplatesSystemWindows Time ServiceTime Providers. You can also configure global time service options using Global Configuration Settings under Computer ConfigurationAdministrative TemplatesSystemWindows Time Service.