Updating windows firewall
Although the connection between Microsoft Update and WSUS requires ports 80 and 443 to be open, you can configure multiple WSUS servers to synchronize with a custom port.
Therefore, if you consider issues like accuracy, reliability and security important for your network, an independent NTP/SNTP server is strongly recommended alternative to do the job.We have a set of public web servers behind a firewall we would like to be able to perform Windows Updates on, without giving them more access than they need.Besides what other host names and ports would need to be unblocked for Windows Updates to work?From is what's needed to get WSUS working through your firewall (which IMHO you should definitely think about if you have more than 10 clients).This should be the same for a regular client box to access the MS servers.This problem has not been observed with the w32time version which has been shipped with Windows 2000, only with later versions.
Using some commands in a command line window, the behavior of w32time can be changed so that w32time sends the correct "client" mode request packets.
Scroll to "Windows Time" feature and check its "Status", which should be on "running".
Check also the "Startup Type" and set it to "Automatic" or "Manual" if possible.
If the status of the Windows Time is currently not shown, then right click and choose Properties to open "Windows Time Properties (Local Computer)" window.
In the Service status click on the "Start" button to start the time service. A great deal of synchronization problems may be caused by network break downs, unpredicted traffic delays, unknown accuracy and public NTP servers where you don't have control over.
Then the following command can be used to immediately make the changes effective: If this command has completed successfully your system clock has synchronized to the given NTP server.