Video Screencast Help

To NTP or Not NTP on Servers

Created: 16 Aug 2010 • Updated: 17 Sep 2010 | 6 comments
This issue has been solved. See solution.

Hello all. I would like this cleared up. Some say do NOT install NTP on Windows servers and some say do. They also say that IPS should be installed on servers. You cannot install IPS without NTP so I see a lot of contradictory information on this. Please clear this up and say once and for all that NTP should or should not be installed on Windows Servers.

Thanks

Comments 6 CommentsJump to latest comment

Rafeeq's picture

Its not advice to install NTP and PTP on severs
PTP will not work on server os ; it will be OFF - its by design
since you might have external firewall no one wil install NTP as its rules wil block the functionality of the servers; thats y its not installed;
if you have tested the firewall rules before install; then you can install NTP with no issues.

AravindKM's picture

.Best Practices for Installing Symantec Endpoint Protection on Windows Servers

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

P_K_'s picture

This is a kind of myth that needs to be cleared.

NTP can  be installed and is supported on a server OS.

IN the days when RTM was relased i am taking about 2007 then we used to say  this but now NTP can be installed on all SERVER OS 32 bit as well as 64 bit.

The "Scan for trojans and worms" and the "Scan for keyloggers" options are currently not supported on Windows server operating systems or 64-bit Windows that is the reason the PTP will say off or waiting for updates. In simple words only A COMPONENT OF SEP is not supported on the server OS , it does not mean that entire PTP is not supported.

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

SOLUTION
AravindKM's picture

You can install NTP in a server,but before installing you have to test throughly in a test environment because NTP is having firewall component which can stop any type of traffic.So if you test in a test you can create all necessary rules for allowing the required traffic....

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

AravindKM's picture

Have a look at this KB
About Windows Firewall and Symantec Endpoint Protection's NTP

Best practices regarding Intrusion Prevention System technology

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

sandra.g's picture

You can install NTP for Intrusion Prevention and withdraw the firewall policy to put the firewall side of NTP in 'pass-through' mode.  See the link that Aravind provided, Best practices regarding Intrusion Prevention System Technology.

It was a common recommendation when SEP first came out to put AV/AS only on a server, but with the way the threat landscape has changed, all components are recommended.  Definitely test on a small group of client computers (including servers) before deploying that feature set to them. The document How to add or remove features to existing Symantec Endpoint Protection client installations will walk you through how to change the feature set.

sandra

Symantec, Information Developer
Installation, Migration, Deployment and Patching
User Protection & Productivity, Endpoint Protection

Don't forget to mark your thread as 'solved' with the answer that best help