Set Time and Date Automatically

What the NTP time synchronization Worklet does

This Automox Worklet™ configures macOS endpoints to automatically synchronize their system clocks with a Network Time Protocol (NTP) server. The Worklet evaluates the current time sync configuration and, if needed, enables automatic synchronization and configures the endpoint to use a reliable NTP time server.

The Worklet uses the systemsetup command to manage time synchronization settings. It queries the current status with systemsetup -getusingnetworktime and, if necessary, enables time synchronization with systemsetup -setusingnetworktime on.

Why enforce automatic time synchronization

Endpoints with incorrect system time cannot authenticate to time-sensitive protocols like Kerberos, LDAP, and certificate-based authentication systems. Clock drift causes authentication failures, making it impossible for users to access network resources or domain-joined services. These authentication problems generate help desk tickets and reduce user productivity.

Security event correlation across your infrastructure requires accurate timestamps. Endpoints with incorrect system time generate logs that cannot be properly correlated with events from other systems. This makes security incident investigation difficult and may prevent your security team from detecting coordinated attacks or tracing the progression of a security breach.

Compliance requirements mandate accurate time synchronization for audit log integrity. Regulations like PCI-DSS require all systems to maintain synchronized time for forensic analysis and regulatory reporting. Endpoints that do not automatically synchronize time create compliance violations during security audits.

How NTP time synchronization works

1. Evaluation phase: The Worklet checks the current status of automatic time synchronization using systemsetup -getusingnetworktime. If enabled, the Worklet reports success and exits. If disabled, remediation proceeds.

2. Remediation phase: The Worklet enables automatic time synchronization with systemsetup -setusingnetworktime on. It then verifies the NTP server is set to time.apple.com (the default Apple time server) and adjusts it if needed using systemsetup -setnetworktimeserver.

Time synchronization requirements

• macOS 10.12 (Sierra) or later

• Root or administrator privileges to execute systemsetup commands

• Network connectivity to reach the configured NTP server (default: time.apple.com)

• UDP port 123 accessible for NTP protocol communication

• Workstations and servers (both endpoint types supported)

Expected time synchronization behavior

After remediation, macOS endpoints automatically synchronize their system clocks with network time servers. The endpoint maintains accurate time even when powered off for extended periods. Time-sensitive authentication protocols function reliably without clock drift errors.

The Worklet verifies automatic time synchronization is enabled through its evaluation phase. You can confirm the setting by checking System Preferences under Date and Time or reviewing Worklet execution results in the Automox console showing automatic time sync is active.

How to validate set time and date automatically changes

1. Run this Worklet on a pilot macOS endpoint and review evaluation output for set time and date automatically.

2. Confirm Automox activity logs show successful completion and exit code 0.

3. Verify endpoint state using checks aligned to evaluation script logic, such as exit, else.

4. Validate remediation effects from script operations such as else, systemsetup, exit, then rerun evaluation for compliance.

For technical validation, compare endpoint state to the Worklet evaluation logic and remediation flow for set time and date automatically. This supports repeatable security workflows, faster change control review, and auditable compliance evidence.

Useful script references for this Worklet include evaluation operations such as exit, else and remediation operations such as else, systemsetup, exit. Use these indicators to verify that endpoint changes match intended policy outcomes.