Enforce Server was installed without enabling Network Time Protocol (NTP). Is it possible to turn on NTP without reinstalling?

The NTP time source should be the same for all machines.

You can configure the Enforce Server to use NTP after installation, if it is not done initially.  

The various detection servers could use the Enforce server as the NTP source, however, this is not the only architecture to set up NTP.

NOTE:  You must choose the same synchronization method for all Symantec servers.

There are a few ways to set up NTP after an install:

1. Configure NTP server in AD if DLP systems are in an AD domain (on a GPO policy level through AD)
2. Configure all DLP systems as clients of a common corporate or external NTP server
3. Use Enforce as NTP server and DLP detection servers as its clients

To verify which server is the default NTP source on Windows:

1. From the command line, run 'w32tm /resync /rediscover'
2. Check Windows Event Log shortly after to see what is the active time source

Reference: https://learn.microsoft.com/en-us/windows-server/networking/windows-time-service/windows-time-service-tools-and-settings for further information.