AX-AMaxwell/configure-ntp-evaluation.ps1

## configure-ntp-evaluation.ps1
<#
    .SYNOPSIS

        Assigns a customized NTP configuration for Windows 8.1 and newer devices.

    .DESCRIPTION

        Implements the following NTP configuration:
            - Configures NTP synchronization to "time.windows.com" in client mode with a custom interval
            - Allows NTP synchronization through all available means
            - Allows domain members to synchronize time outside of their Active Directory site
            - Sets the NTP DNS lookup failure retry interval to 15-minutes
            - Sets the number of times the NTP service will reattempt DNS lookups before sending another network NTP service discovery request to 7
            - Sets the NTP polling interval to 400 seconds
            - Disables event log NTP service events
            - Enables the NTP service

    .NOTES

        Author : Anthony Maxwell
        Date   : 07/19/2023
#>

#########################################
# PARAMETERS

# define the appropriate registry properties
$props = (
    # configures Microsoft's time server as the NTP source
    # 0x9 flag indicates client mode with a specified interval
    @{
        Path  = 'HKLM:\SOFTWARE\Policies\Microsoft\W32time\Parameters'
        Name  = 'NtpServer'
        Value = 'time.windows.com,0x9'
    },
    # allows NTP synchronization through all available means
    @{
        Path  = 'HKLM:\SOFTWARE\Policies\Microsoft\W32time\Parameters'
        Name  = 'Type'
        Value = 'AllSync'
    },
    # allow NTP synchronization outside the device's active directory site
    @{
        Path         = 'HKLM:\SOFTWARE\Policies\Microsoft\W32time\TimeProviders\NtpClient'
        Name         = 'CrossSiteSyncFlags'
        Value        = 2
        PropertyType = 'DWord'
    },
    # define the retry interval for failed NTP DNS lookups
    @{
        Path         = 'HKLM:\SOFTWARE\Policies\Microsoft\W32time\TimeProviders\NtpClient'
        Name         = 'ResolvePeerBackoffMinutes'
        Value        = 15
        PropertyType = 'DWord'
    },
    # define the number of times to reattempt NTP DNS lookups before an NTP service is requested again from the network
    @{
        Path         = 'HKLM:\SOFTWARE\Policies\Microsoft\W32time\TimeProviders\NtpClient'
        Name         = 'ResolvePeerBackoffMaxTimes'
        Value        = 7
        PropertyType = 'DWord'
    },
    # define the NTP polling interval in seconds
    @{
        Path         = 'HKLM:\SOFTWARE\Policies\Microsoft\W32time\TimeProviders\NtpClient'
        Name         = 'SpecialPollInterval'
        Value        = 400
        PropertyType = 'DWord'
    },
    # defines event log behavior surrounding NTP events
    # 0 -> no events are generated
    @{
        Path         = 'HKLM:\SOFTWARE\Policies\Microsoft\W32time\TimeProviders\NtpClient'
        Name         = 'EventLogFlags'
        Value        = 0
        PropertyType = 'DWord'
    },
    # enables the device's NTP client
    @{
        Path         = 'HKLM:\SOFTWARE\Policies\Microsoft\W32time\TimeProviders\NtpClient'
        Name         = 'Enabled'
        Value        = 1
        PropertyType = 'DWord'
    }
)

#########################################
# EVALUATION

# iterate props and evaluate
foreach ( $prop in $props )
{
    # check the registry path exists
    if ( !( Test-Path -Path $prop.Path -PathType Container ) )
    {
        Write-Output "Registry key `"$( $prop.Path )`" missing, remediation required."
        exit 1
    }

    # attempt to retrieve the property
    $currentProp = Get-ItemProperty -Path $prop.Path -Name $prop.Name -ErrorAction Ignore

    # attempt to retrieve the property value
    $currentPropValue = $currentProp | Select-Object -ExpandProperty $prop.Name -ErrorAction Ignore

    # evaluate for consistency with our desired values
    if ( !$currentProp -or !$currentPropValue -or $currentPropValue -ne $prop.Value )
    {
        Write-Output "Registry property `"$( $prop.Name )`" is not inline with our desired value, remediation required."
        exit 1
    }
}

Write-Output 'This device is inline with our desired configuration, exiting.'
exit 0
	<#
	.SYNOPSIS

	Assigns a customized NTP configuration for Windows 8.1 and newer devices.

	.DESCRIPTION

	Implements the following NTP configuration:
	- Configures NTP synchronization to "time.windows.com" in client mode with a custom interval
	- Allows NTP synchronization through all available means
	- Allows domain members to synchronize time outside of their Active Directory site
	- Sets the NTP DNS lookup failure retry interval to 15-minutes
	- Sets the number of times the NTP service will reattempt DNS lookups before sending another network NTP service discovery request to 7
	- Sets the NTP polling interval to 400 seconds
	- Disables event log NTP service events
	- Enables the NTP service

	.NOTES

	Author : Anthony Maxwell
	Date : 07/19/2023
	#>

	#########################################
	# PARAMETERS

	# define the appropriate registry properties
	$props = (
	# configures Microsoft's time server as the NTP source
	# 0x9 flag indicates client mode with a specified interval
	@{
	Path = 'HKLM:\SOFTWARE\Policies\Microsoft\W32time\Parameters'
	Name = 'NtpServer'
	Value = 'time.windows.com,0x9'
	},
	# allows NTP synchronization through all available means
	@{
	Path = 'HKLM:\SOFTWARE\Policies\Microsoft\W32time\Parameters'
	Name = 'Type'
	Value = 'AllSync'
	},
	# allow NTP synchronization outside the device's active directory site
	@{
	Path = 'HKLM:\SOFTWARE\Policies\Microsoft\W32time\TimeProviders\NtpClient'
	Name = 'CrossSiteSyncFlags'
	Value = 2
	PropertyType = 'DWord'
	},
	# define the retry interval for failed NTP DNS lookups
	@{
	Path = 'HKLM:\SOFTWARE\Policies\Microsoft\W32time\TimeProviders\NtpClient'
	Name = 'ResolvePeerBackoffMinutes'
	Value = 15
	PropertyType = 'DWord'
	},
	# define the number of times to reattempt NTP DNS lookups before an NTP service is requested again from the network
	@{
	Path = 'HKLM:\SOFTWARE\Policies\Microsoft\W32time\TimeProviders\NtpClient'
	Name = 'ResolvePeerBackoffMaxTimes'
	Value = 7
	PropertyType = 'DWord'
	},
	# define the NTP polling interval in seconds
	@{
	Path = 'HKLM:\SOFTWARE\Policies\Microsoft\W32time\TimeProviders\NtpClient'
	Name = 'SpecialPollInterval'
	Value = 400
	PropertyType = 'DWord'
	},
	# defines event log behavior surrounding NTP events
	# 0 -> no events are generated
	@{
	Path = 'HKLM:\SOFTWARE\Policies\Microsoft\W32time\TimeProviders\NtpClient'
	Name = 'EventLogFlags'
	Value = 0
	PropertyType = 'DWord'
	},
	# enables the device's NTP client
	@{
	Path = 'HKLM:\SOFTWARE\Policies\Microsoft\W32time\TimeProviders\NtpClient'
	Name = 'Enabled'
	Value = 1
	PropertyType = 'DWord'
	}
	)

	#########################################
	# EVALUATION

	# iterate props and evaluate
	foreach ( $prop in $props )
	{
	# check the registry path exists
	if ( !( Test-Path -Path $prop.Path -PathType Container ) )
	{
	Write-Output "Registry key `"$( $prop.Path )`" missing, remediation required."
	exit 1
	}

	# attempt to retrieve the property
	$currentProp = Get-ItemProperty -Path $prop.Path -Name $prop.Name -ErrorAction Ignore

	# attempt to retrieve the property value
	$currentPropValue = $currentProp \| Select-Object -ExpandProperty $prop.Name -ErrorAction Ignore

	# evaluate for consistency with our desired values
	if ( !$currentProp -or !$currentPropValue -or $currentPropValue -ne $prop.Value )
	{
	Write-Output "Registry property `"$( $prop.Name )`" is not inline with our desired value, remediation required."
	exit 1
	}
	}

	Write-Output 'This device is inline with our desired configuration, exiting.'
	exit 0