Originally Posted by sbm12

If your computer is in a domain it is pretty important to let the Windows Time Service (the built-in NTP client) just sync to your domain. In other words don't mess with it. If the time gets out of sync by more than 5 minutes (I'm 99% sure this is the margin) then authentication will start failing due to the way Kerberos (the authentication mechanism) is built. If you're in a domain but never on your corporate network (VPN or for real) your computer will likely start to drift and eventually have other issues, including the computer account expiring on the domain, but that takes several months of being disconnected before it is really an issue.

If you are not in a domain the computer will try to sync to time.microsoft.com by default. You can change that with the command "net time /setsntp:<servername1,servername2,...>" or using the local security policy GUI described above. The MS one should be fine in most cases.