Secure Time Seeding in Windows 10
Scenarios where a computer shows incorrect time and date
Below are the scenarios where a system date and time setting on a computer incorrectly reverts to a date and time that is at least one day in the past:
Improving timekeeping in Windows 10; here are the solutions
1] Hosting a custom “Secure” Time Service
Obtaining the current time from a server over a protocol like SSL, while ignoring the errors in time-related protocol validations on the client is one solution. This is an unfavourable solution as any exceptions to the security validations would require thorough inspection since it opens the client to potential threats. Another challenge that the client may face from this solution is the inability to reach the server from the current network at any point of time.
2] Secure Time Seeding – a client-side solution:
The secure answer to address this issue is Windows 10’s Secure Time Seeing feature; this is a part of the Windows Time Service. With the use of metadata from outgoing SSL connections this feature actively sets the date & time for a computer. While hosting a custom” Secure” Time service makes security exceptions the Secure Time Seeding feature is much more trusted. This works on the principle of trusting only the data from SSL connections which are established based on the certificates installed on the client, without treating specific certificates differently. In the Windows 10 the Secure Time Seeding feature was shipped and the same is turned “ON” by default. Windows tablets and other Windows devices running this version of the OS use this feature already and the same shows advancements in timekeeping.
Prerequisites for Secure Time Seeding feature
This feature requires-
W32time Service to be enabled (“Set Time Automatically” Date-Time UI setting enabled)Internet connectivity andOutgoing SSL traffic from the device to function.
To see this feature in action, simply reset your system clock forward or backward by a week’s time or longer. You would notice that time gets automatically updated after a short duration.
Enabling and disabling Secure Time Seeding
To disable:
To disable the secure time seeding feature, go to the below mentions registry key and set the registry value to ‘0’ for the following Registry Key:
Value Name: UtilizeSslTimeDataValue Type: REG_DWORD
To enable:
Simply set the above registry value to 1 and reboot your machine.Also, ensure W32time service is also enabled.
There was one known issue related to time keeping in Windows 10 client, where the Windows System time jumped. But this seems to have been fixed by Microsoft now. To read more about the Secure Time Seeding in Windows 10 visit MSDN Blogs.