howto have older windows (not on internet) just get the right date from newer windows on internet. In this example winXP/7/8 uses psrdatesvc to get datetime on private non-internet network without NTP from a windows or linux pc serving RFC868 time (default port 37).

rdate-windows-howto.txt

In example scenario below, the "XP" box can also be vista/win7-8-8.1 (maybe even 10), 32 or 64 bit. 
How to keep XP on minimally on network, but not internet, using network only to update time and push files via scp/sftp.
Both old XP and Server are kept safe by closing all ports on XP, and allow that XP computer to connect only to port 37 on a (rfc868 aka "rdate") time-server. The device providing TIME service on port37 should get its own time from internet/intranet (by ntp, etc).
(The time-server does not have run a server-os: it can be almost any linux device, or even a windows-pc.)

With all ports closed on XP, the time-server cannot infect XP. If XP is infected, such as by a usb-key, it cannot spread over
network to time-server (unless time-server has vulnerability known to virus. Turn off smb1 on time-server (if windows)!

On XP/7/8/8.1, rdatesvc.exe (= prdatesvc = PermaSoft Rdate service) safely keeps system time and date correct by periodically from
port 37 on a specified time SerVeR, such time.nist.gov one of the few public time servers in 2020 still answering on port 37
see https://tf.nist.gov/tf-cgi/servers.cgi  In our case since not on internet, we can get date/time from local intranet pc.

Old XP pc only able to see     RFC868 time SerVeR (rdate at port 37)
169.254.x.y (SerVeR)           Only port 37 needs be open on the 169.254.x.y fixed IP
                ------        +----------------+
               |      |       |       |F       |
               |  XP  |       |       |i       |
               |  all +-------+ 37    |r       +------>WLAN providing correct time and date
               | ports|       | is    |e       |       (usual networking, maybe even internt ;-)
               |closed|       | only  |W       |
               |      |       | port  |A       |
                ------        | open  |L       |
                              |       |L       |
         private un-routed    +----------------+
         (ethernet cable)
         from XP to Server

Use case: WindowsXP computer running instruments or controls that cannot be upgraded.

Obviously should not be on internet, and ideally would be air-gapped. But we need time and date to be correct. The following method works even with every incoming port blocked on XP, and no internet at all on XP: just a unrouted local network connection to a rfc868 server.

This seems to be most secure way to keep time correct seems. On XP requires only install of very simple free 3rd-party rdate service for windows from: https://www.pirmasoft.de/downloads/rdatesvc.zip From the readme.txt in the zip:
"Rdatesvc is a service for Windows 2000 / Windows XP that reads the current time from a Unix Time Server (port 37) and sets the local system time of the Windows computer accordingly. Rdatesvc was tested on Windows 2000 and Windows XP." The readme.txt in zip file has all you need to know. I'm going to ask them to provide the source code, but it seems legit (i.e. not malware).

Just make a non-internet network connection, like an ethernet cable, from the xp computer to a device that can provide correct date-and-time at port 37. This can be a rasberry-pi, old (puppy?) linux laptop, or even a newer windows computer running free open-source rf868time from http://www.unixwiz.net/tools/rfc868time.html Setup the non-internet nic on server connection to have a fixed IP like 169.254.169.254 / 255.255.0.0 (whatever).

In debian-based linux, something like: sudo apt-get install xinetd rdate
Edit /etc/xinetd.d/time to enable time service.
sudo /etc/init.d/xinetd restart
To test: rdate -p localhost
rdate -p 169.254.169.254

From xp, verify we can talk to port 37 (no timeout): telnet 169.254.169.254 37 (you should see a just few strange chars returned.)

At this point, test on XP:
net stop psrdatesvc (Then set the time ahead or behind like 5 minutes)

net start psrdatesvc (Within a second or two you should see the time get set back to the correct time).
I'll provide more info later on how often it corrects the time on windows, and note that it might make clock jump back, like from 1:23 to 1:20. (This is where ntp works is better as it will never go back in time, but just slow down the ticking of system clock until it is correct again. That is, time will always montonically increase, never go backwards, but the rate of increase is varied to keep in sync with external time source.)

I'll provide more details, maybe screenshots, in a follow-up comment.
Bonus points: you can backup files from the xp to the other device safely with unison, rsync, scp, or similar. Will put up another gist about automatic file-sync backups when I have time.

Probably good to keep time correct within a few seconds. Good overview of rfc868 on port 37 vs higher-accuracy ntp here: https://www.jfranken.de/homepages/johannes/vortraege/ntpd.en.html#ToC1 And so simple that it is more secure than ntp. From security section of
[http://www.unixwiz.net/tools/rfc868time.html [The service at port 37] accepts no data from the network: it accepts a connection, but then writes some bytes and closes the socket. Since there is no input buffer, there is no buffer to overflow.

Also works in case w32tim and/or time.microsoft.com screw up again... bad track record there per: FYI To Microsoft: Windows Time Synchronization Completely Broken (Vista, 2003, XP are all broken)

On XP test box, the time has stayed correct even when local time went back 1 hour in autumn with seasonal switch from EDT to EST.
The XP is getting time from a windows-7 computer, and the win7 pc gets correct time from internet.

You can always test if something is listening at port 37
If on a client without rdate, you can still test what date/time you get from port 37 without running rdate. Below is a method using bash, nc, and xxd from section 4 of "Tiny NTP client" at https://seriot.ch/ntp.php and note I use time.nist.gov instead of ntp.metas.ch
On macos: brew install rdate and/or brew install netcat then rdate -p time.nist.gov or, without rdate you can still display date:

$ date -r$((0x`echo|nc -w1 time.nist.gov 37|xxd -p`-64#23GDW0))
$ # or
$ date -r$((0x`echo|nc -w1 132.163.96.4 37|xxd -p`-64#23GDW0))
Wed Aug  5 16:52:48 EDT 2020

On linux or windows (see steps below showing how, on windows, to get git-bash and netcat with choco)

$ echo $((0x`echo|nc -w1 time.nist.gov 37|xxd -p`-64#23GDW0))
bash: nc: command not found
-2208988800
$ ###  (at this point install netcat so the "nc" command is available
$ echo $((0x`echo|nc -w1  37|xxd -p`-64#23GDW0))
1584038030
$ ### (ok, that is the correct number of seconds since the epoch. For human-readable use either date -d@ (gnu-date) or date -r (bsd-date)
$ date -d@$((0x`echo|nc -w1 time.nist.gov 37|xxd -p`-64#23GDW0))
Thu, Mar 12, 2020  2:36:00 PM
$ uname -a
MINGW64_NT-10.0-17763 

NOTE: The above was done on windows using git-provided bash and xxd, and choco-provided nc (netcat) . That is, as follows:

1. install free choco from https://chocolatey.org as it says in GettingStarted, namely Start: powershell (admin) and paste in this one big line:

Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))

2. Then just choco upgrade git and choco upgrade netcat To get a bash-shell (with $ prompt), right-click on any folder: Git Bash Here
   Or run from command-line "C:\Program Files\Git\git-bash.exe"

For testing the rf868time.exe (Unixwiz.net RFC868rdate time service) on windows, the right time/date is returned by rf868time.exe when querried from mac/linux using rdate <ip-of-windows> with firewall off. For example, with windows pc at 169.254.169.254

-bash-4.1$ uname -a
Linux ...
-bash-4.1$ rdate 169.254.169.254
rdate: [169.254.169.254]   Thu Mar 12 15:17:09 2020

While rdate gets correct date/time from windows pc, note that using bash/nc/xxd line I get errror and wrong date... I'll fix this posting when I figure out what is going on... maybe a byte-order (little-endian) thing? or maybe permissions on priv port???

$  date -d@$((0x`echo|nc -w1 localhost 37 | xxd -p`-64#23GDW0))
nc: Write error: Connection refused
Sun, Dec 31, 1899  7:00:00 PM
$  echo $((0x`echo|nc -w1 localhost 37 | xxd -p`-64#23GDW0))
nc: Write error: Connection refused
-2208988800