Glossary
Numbers
802.11 :
Refers to a family of Institute of Electrical and Electronics Engineers (IEEE) specifications for wireless
networking.
802.11a :
An extension to 802.11 that applies to wireless local area networks (WLANs) and provides up to 54 Mbps in the 5 GHz band.
802.11b :
An extension to 802.11 that applies to wirelessLANs and provides 11 Mbps transmission (with a fallback to 5.5, 2, and 1 Mbps) in the 2.4 GHz band. 802.11b is a 1999 ratification to the original 802.11 standard, allowing wireless functionality comparable to Ethernet. Also called Wi-Fi.
802.11g :
An extension to 802.11 that applies to wireless LANs and provides 54 Mbps transmission in the 2.4 GHz band. 802.11g is backward compatible with 802.11b, allowing the two to work together.
A
access control entry (ACE):
An entry in an access control list (ACL) that defines the level of access for a user or group.
access control list (ACL) :
A set of data associated with a file, directory, or other resource that defines the permissions users or groups have for accessing it. In Active Directory, the ACL is a list of access control entries (ACEs) stored with the object it protects. In Microsoft Windows NT, an ACL is stored as a binary value called a security descriptor.
access token or security access token :
A collection of security identifiers (SIDs) that represent a user and that user’s group memberships. The security subsystem compares SIDs in the token to SIDs in an access control list (ACL) to determine resource access.
account lockout :
A security feature that disables a user account if failed logons exceed a specified number in a specified period of time. Locked accounts cannot log on and must be unlocked by an administrator.
Active Directory :
Beginning in Microsoft Windows 2000 Server and continuing in Windows Server 2003, Active Directory replaces the Windows NT collection of directory functions with functionality that integrates with and relies upon stan dards including Domain Name System (DNS), Lightweight Directory Access Proto col (LDAP), and Kerberos security protocol.
Active Directory-integrated zone :
A DNS (Domain Name System) zone stored in Active Directory so it has Active Directory security features and can be used for multimaster replication.
Active Directory Service Interface (ADSI) :
A programming interface that provides access to Active Directory.
ActiveX :
A loosely defined set of technologies that allows software components to interact with each other in a networked environment.
ActiveX component :
Reusable software component that adheres to the ActiveX specification and can operate in an ActiveX-compliant environment.
Address :
A precise location where a piece of information is stored in memory or on disk. Also, the unique identifier for a node on a network. On the Internet, the code by which an individual user is identified. The format is username@hostname, where username is your user name, logon name, or account number, and hostname is the name of the computer or Internet provider you use. The host name might be a few words strung together with periods.
Address Resolution Protocol (ARP) :
A Transmission Control Protocol/Internet Pro tocol (TCP/IP) and AppleTalk protocol that provides IP-address-to-MAC (media access control) address resolution for IP packets.
Advanced Configuration Power Interface (ACPI) :
An industry specification, defining power management on a range of computer devices. ACPI compliance is nec essary for devices to take advantage of Plug and Play and power management capabilities.
allocation unit :
The smallest unit of managed space on a hard disk or logical volume. Also called a cluster.
anonymous FTP :
A way to use an FTP program to log on to another computer to copy files when you do not have an account on that computer. When you log on, enter anonymous as the user name and your e-mail address as the password. This gives you access to publicly available files. See also File Transfer Protocol (FTP).
AppleTalk :
Local area network architecture built into Macintosh computers to con nect them with printers. A network with a Windows Server 2003 server and Mac intosh clients can function as an AppleTalk network with the use of AppleTalk network integration (formerly Services for Macintosh).
Archive (A) attribute :
An attribute of each file that is used by backup utilities to determine whether or not to back up that file. The Archive attribute is set to TRUE whenever a file is created or modified. Differential and incremental backup jobs will back up files only if their archive attribute is TRUE.
Associate :
To connect files having a particular extension to a specific program. When you double-click a file with the extension, the associated program is launched and the file you clicked is opened. In Windows, associated file extensions are usually called registered file types.
Asynchronous Transfer Mode (ATM) :
A network technology based on sending data in cells or packets of a fixed
size. It is asynchronous in that the transmission of cells containing information from a particular user is not necessarily
periodic.
Attribute :
A characteristic. In Windows file management, it is information that shows whether a file is read-only, hidden, compressed, encrypted, ready to be backed up (archived), or should be indexed.
audit policy :
Defines the type of security events to be logged. It can be defined on a server or an individual computer.
authentication :
Verification of the identity of a user or computer process. In Windows Server 2003, Windows 2000, and Windows NT, authentication involves comparing the user’s security identifier (SID) and password to a list of authorized users on a domain controller.
authoritative restore :
Specifies a type of recovery of Active Directory. When an authoritative restore is performed using the Backup Utility and Ntdsutil in the Directory Services Restore Mode, the directory or the specific object(s) in the directory that have been authoritatively restored are replicated to other domain controllers in the forest. See also nonauthoritative restore.
Automated System Recovery (ASR) :
A feature of Windows Server 2003 that allows an administrator to return a failed server to operation efficiently. Using the ASR Wizard of the Backup Utility, you create an ASR set which includes a floppy disk with a catalog of system files, and a comprehensive backup. When a server fails, boot with the Windows Server 2003 CD-ROM and press F2 when prompted to start Automated System Recovery.
Automatic Updates :
A client-side component that can be used to keep a system up to date with security rollups, patches, and drivers. Automatic Updates is also the client component of a Software Update Services (SUS) infrastructure, which allows an enterprise to provide centralized and managed updates.
B
Background Intelligent Transfer Service (BITS) :
A service used to transfer files between a client and a Hypertext Transfer Protocol (HTTP) server. BITS intelli gently uses idle network bandwidth, and will decrease transfer requests when other network traffic increases.
backup domain controller (BDC) :
In a Windows NT domain, a computer that stores a backup of the database that contains all the security and account informa tion from the primary domain controller (PDC). The database is regularly and automatically synchronized with the copy on the PDC. A BDC also authenticates logons and can be promoted to a PDC when necessary. In a Windows Server 2003 or Windows 2000 domain, BDCs are not required; all domain controllers are peers, and all can perform maintenance on the directory.
backup media pool :
A logical set of backup storage media used by Windows Server 2003 and Windows 2000 Server Backup.
bandwidth :
On a network, the transmission capacity of a communications channel stated in megabits per second (Mbps). For example, Ethernet has a bandwidth of 10 Mbps. Fast Ethernet has a bandwidth of 100 Mbps.
basic disk :
A physical disk that is configured with partitions. The disk’s structure is compatible with previous versions of Windows and with several non-Windows operating systems.
Basic Input/Output System (BIOS) :
The program used by a personal computer’s microprocessor to start the system and manage data flow between the operating system and the computer’s devices, such as its hard disks, CD-ROM, video adapter, keyboard, and mouse.
binding :
A software connection between a network card and a network transport protocol such as Transmission Control Protocol/Internet Protocol (TCP/IP). BOOTP Used on Transmission Control Protocol/Internet Protocol (TCP/IP) networks to enable a diskless workstation to learn its own IP address, the location of a BOOTP server on the network, and the location of a file to be loaded into memory to boot the machine. This allows a computer to boot without a hard disk or a floppy disk. Stands for “Boot Protocol.”
bottleneck :
Refers to the point of resource insufficiency when demand for computer system resources and services becomes extreme enough to cause performance degradation.
Broadcasting :
To send a message to all computers on a network simultaneously. See also multicasting.
Browser service :
The service that maintains a current list of computers and provides the list to applications when needed. When a user attempts to connect to a resource in the domain, the Browser service is contacted to provide a list of available resources. The lists displayed in My Network Places and Active Directory Users and Computers (among others) are provided by the Browser service. Also called the Computer Browser service.
C
Caching :
A process used to enhance performance by retaining previously-accessed information in a location that provides faster response than the original location. Hard disk caching is used by the File and Print Sharing for Microsoft Networks ser vice, which stores recently accessed disk information in memory for faster retrieval. The Remote Desktop Connection client can cache previously viewed screen shots from the terminal server on its local hard disk to improve perfor mance of the Remote Desktop Protocol (RDP) connection.
Catalog : An index of files in a backup set.
certificate :
A credential used to prove the origin, authenticity, and purpose of a public key to the entity that holds the corresponding private key.
certificate authority (CA) :
The service that accepts and fulfills certificate requests and revocation requests and that can also manage the policy-directed registration process a user completes to get a certificate.
certificate revocation list (CRL) :
A digitally signed list (published by a certificate authority) of certificates that are no longer valid.
child domain :
A domain located directly beneath another domain name (which is known as a parent domain). For example, Engineering.scribes.com is a child domain of scribes.com, the parent domain. Also called a subdomain. child object An object inside another object. For example, a file is a child object inside a folder, which is the parent object.
Client Access License (CAL) :
The legal right to connect to a service or application. CALs can be configured per server or per device/per user.
Cluster :
A set of computers joined together in such a way that they behave as a single system. Clustering is used for network load balancing as well as fault tolerance. In data storage, a cluster is the smallest amount of disk space that can be allocated for a file.
Cluster service :
The collection of software on each node that manages all cluster specific activity.
Codec :
Technology that compresses and decompresses data, particularly audio or video. Codecs can be implemented in software, hardware, or a combination of both. common name (CN) The primary name of an object in a Lightweight Directory Access Protocol (LDAP) directory such as Active Directory. The CN must be unique within the container or organizational unit (OU) in which the object exists. concurrent Simultaneous.
console tree :
The default left pane in a Microsoft Management Console (MMC) that shows the items contained in a console.
container :
An Active Directory object that has attributes and is part of the Active Directory namespace. Unlike other objects, it does not usually represent something concrete. It is a package for a group of objects and other containers.
D
Delegate :
Assign administrative rights over a portion of the namespace to another user or group.
Device Driver :
A program that enables a specific device, such as a modem, network adapter, or printer, to communicate
with the operating system. Although a device might be installed on your system, Windows cannot use the device until
you have installed and configured the appropriate driver. Device drivers load automatically (for all enabled devices) when a computer is started, and thereafter run transparently.
Device Manager :
An administrative tool that you can use to administer the devices on your computer. Using Device
Manager, you can view and change device prop erties, update device drivers, configure device settings, and uninstall
devices.
digital signature :
An attribute of a driver, application, or document that identifies the creator of the file. Microsoft’s digital signature is included in all Microsoft-supplied drivers, providing assurance as to the stability and compatibility of the drivers with Windows Server 2003 and Windows 2000 Server.
directory service :
A means of storing directory data and making it available to net work users and administrators. For example, Active Directory stores information about user accounts, such as names, passwords, phone numbers, and so on, and enables other authorized users on the same network to access this information.
disk quota :
A limitation set by an administrator on the amount of disk space available to a user.
distinguished name (DN) :
In the context of Active Directory, “distinguished” means the qualities that make the name distinct. The DN identifies the domain that holds the object, as well as the complete path through the container hierarchy used to reach the object.
Distributed file system (Dfs) :
A file management system in which files can be located on separate computers but are presented to users as a single directory tree. DNS name servers Servers that contain information about part of the Domain Name
System (DNS) database. These servers make computer names available to queries for name resolution across the Internet. Also called domain name servers.
domain :
A group of computers that share a security policy and a user account data base. A Windows Server 2003 domain is not the same as an Internet domain. See also domain name.
domain controller A :
server in a domain that accepts account logons and initiates their authentication. In an Active Directory domain, a domain controller controls access to network resources and participates in replication.
domain functional level :
The level at which an Active Directory domain operates. As functional levels are raised, more features of Active Directory become available. There are four levels: Windows 2000 mixed, Windows 2000 native, Windows Server 2003 interim, and Windows Server 2003.
domain local group :
A local group used on ACLs only in its own domain. A domain local group can contain users and global groups from any domain in the forest, universal groups, and other domain local groups in its own domain. domain name In Active Directory, the name given to a collection of networked computers that share a common directory. On the Internet, the unique text name that identifies a specific host. A machine can have more than one domain name, but a given domain name points to only one machine. Domain names are resolved to IP addresses by DNS name servers.
Domain Name System (DNS) :
A service on Transmission Control Protocol/Internet Protocol (TCP/IP) networks (including the Internet) that translates domain names into IP addresses. This allows users to employ friendly names like FinanceServer or Adatum.com when querying a remote system, instead of using an IP address such as 192.168.1.10.
domain naming master :
The one domain controller assigned to handle the addition or removal of domains in a forest. See also Operations Master.
DWORD : A data type consisting of four bytes in hexadecimal.
Dynamic Data Exchange (DDE) :
Communication between processes implemented in the Windows family of operating systems. When programs that support DDE are running at the same time, they can exchange data by means of conversations. Conversations are two-way connections between two applications that transmit data alternately.
dynamic disk :
A disk that is configured using volumes. Its configuration is stored in the Logical Disk Manager (LDM) database, and is replicated to other dynamic disks attached to the same computer. Dynamic disks are compatible only with Windows Server 2003, Windows XP, and Windows 2000.
Dynamic Host Configuration Protocol (DHCP) :
A Transmission Control Protocol/ Internet Protocol (TCP/IP) protocol used to automatically assign IP addresses and configure TCP/IP for network clients.
dynamic-link library (DLL) :
A program module that contains executable code and data that can be used by various
programs. A program uses the DLL only when the program is active, and the DLL is unloaded when the program
closes.
E
Effective permissions :
The permissions that result from the evaluation of group and user permissions allowed, denied,
inherited, and explicitly defined on a resource. The effective permissions determine the actual access for a security
principal.
Enterprise : Term used to encompass a business’s entire operation, including all remote offices and branches.
environment variable :
A string of environment information such as a drive, path, or filename associated with a symbolic name. The System option in Control Panel or the Set command from the command prompt can be used to define environment variables.
Ethernet :
A local area network (LAN) protocol. Ethernet supports data transfer rates of 10 Mbps and uses a bus topology and thick or thin coaxial, fiberoptic, or twisted-pair cabling. A newer version of Ethernet called Fast Ethernet supports data transfer rates of 100 Mbps, and an even newer version, Gigabit Ethernet, supports data transfer rates of 1000 Mbps.
extended partition :
A nonbootable portion of a hard disk that can be subdivided into logical drives. There can be only a single extended partition per hard disk. Extensible Authentication Protocol (EAP) An extension to the Point-toPoint Pro tocol (PPP) that allows the use of arbitrary authentication methods for validating a PPP Connection.
Extensible Markup Language (XML) :
An abbreviated version of the Standard Gen eralized Markup Language (SGML), it allows the flexible development of userdefined document types and provides a non-proprietary, persistent, and verifiable file format for the storage and transmission of text and data both on and off the Web. external trust A one-way or two-way trust for providing access to a Windows NT 4 domain or a domain located in another forest that is not joined by a forest trust.
F
failover :
An operation that automatically switches to a standby database, server, or network if the primary system fails or is temporarily shut down for servicing. In server clusters, the process of taking resources off one node in a prescribed order and restoring them on another node.
fault tolerance :
The ability of a system to ensure data integrity when an unexpected hardware or software failure occurs. Many fault-tolerant computer systems mirror all operations—that is, all operations are done on two or more duplicate systems, so if one fails the other can take over.
File Replication Service (FRS) :
The service responsible for ensuring consistency of the SYSVOL folder on domain controllers. FRS will replicate, or copy, any changes made to a domain controller’s SYSVOL to all other domain controllers. FRS can also be used to replicate folders in a Distributed File System (Dfs).
File Transfer Protocol (FTP) :
A method of transferring one or more files from one computer to another over a network or telephone line. Because FTP has been implemented on a variety of systems, it’s a simple way to transfer information between usually incongruent systems such as a PC and a minicomputer.
firewall :
A protective filter for messages and logons. An organization connected directly to the Internet uses a firewall to prevent unauthorized access to its network. See also proxy server.
folder redirection :
An option in Group Policy to place users’ special folders, such as My Documents, on a network server.
forest :
A group of one or more Active Directory trees that trust each other through two-way transitive trusts. All trees in a forest share a common schema, configuration, and Global Catalog (GC). When a forest contains multiple trees, the trees do not form a contiguous namespace. Unlike trees, a forest does not need a distinct name.
forest trust :
A transitive trust used to share resources between forests. Can be oneway or two-way.
fully qualified domain name (FQDN) :
A domain name that includes the names of all network domains leading back to the root to clearly indicate a location in the domain namespace tree. An example of an FQDN is Accts.finance.adatum.com or Sales.europe.microsoft.com.
G
gateway :
A device used to connect networks using dissimilar protocols so that infor mation can be passed from one to another.
Global Catalog (GC) :
Contains a full replica of all Active Directory objects in its host domain plus a partial replica of all directory objects in every domain in the forest. A GC contains information about all objects in all domains in the forest, so finding information in the directory does not require unnecessary queries across domains. A single query to the GC produces the information about where the object can be found.
global group :
A group that can be used in its own domain and in trusting domains. However, it can contain user accounts and other global groups only from its own domain.
globally unique identifier (GUID) :
Part of the identifying mechanism generated by Active Directory for each object in the directory. If a user or computer object is renamed or moved to a different name, the security identifier (SID), relative dis tinguished name (RDN), and distinguished name (DN) will change, but the GUID will remain the same.
GUID partition table (GPT) :
The storage location for disk configuration information for disks used in 64-bit versions of Windows.
Group Policy :
Setting of rules for computers and users in Windows Server 2003 and Windows 2000 Server. Group Policy is able to store policies for file deployment, application deployment, logon/logoff scripts, startup/shutdown scripts, domain security, Internet Protocol security (IPSec), and so on.
Group Policy Object (GPO) :
A collection of policies stored in two locations: a Group Policy container (GPC) and a
Group Policy template (GPT). The GPC is an Active Directory object that stores version information, status
information, and other policy information (for example, application objects). The GPT is used for file-based data and
stores software policy, script, and deployment information. The GPT is located in the system volume folder of the
domain controller.
H
headless server :
A server without a monitor, keyboard, mouse, or video card, which is administered remotely.
Hive :
One of five sections of the registry. Each hive is a discrete body of keys, sub keys, and values that record configuration information for the computer. Each hive is a file that can be moved from one system to another but can be edited only by using the Registry Editor.
Host :
Any device on the network that uses TCP/IP. A host is also a computer on the Internet you might be able to log on to. You can use FTP to get files from a host computer and use other protocols (such as Telnet) to make use of the host computer.
hosts file :
A local ASCII text file that maps host names to IP addresses. Each line represents one host, starting with the IP address, one or more spaces, and then the host’s name.
hypertext :
A system of writing and displaying text that enables the text to be linked in multiple ways, available at several levels of detail. Hypertext documents can also contain links to related documents, such as those referred to in footnotes.
Hypertext Markup Language (HTML) :
A language used for writing pages for use on the Internet or an intranet. HTML allows text to include codes that define fonts, layout, embedded graphics, and hypertext links.
Hypertext Transfer Protocol (HTTP) The method by which Web pages are transferred over the network.
I
identity store :
A database of security identities, or security principals. Active Direc tory is the identity store for a Windows Server 2003 domain.
inheritance :
The process through which permissions are propagated from a parent object to its children. Inheritance is at work in Active Directory and on disk vol umes formatted with NTFS.
Instance :
The most granular level of performance counter. A performance object, such as LogicalDisk, has counters, such as % Free Space. That counter may have instances, representing specific occurrences of that counter, for example the free space on disk volume C:\ and disk volume D:\.
IntelliMirror :
A suite of technologies that allows a complete operating environment to follow the user to other computers, as well as offline. Components include the user’s profiles, data, and applications.
Internet Authentication Service (IAS) :
The Microsoft implementation of Remote Authentication Dial-In User Service (RADIUS), an authentication and accounting system used by many Internet Service Providers (ISPs). When a user connects to an ISP using a username and password, the information is passed to a RADIUS server, which checks that the information is correct, and then authorizes access to the ISP system.
Internet Control Message Protocol (ICMP) :
A protocol used to report problems encountered with the delivery of data, such as unreachable hosts or unavailable ports. ICMP is also used to send a request packet to determine whether a host is available. The receiving host sends back a packet if it is available and functioning. See also ping.
Internet Printing Protocol (IPP) :
A protocol that allows a client to send a job to a printer over the Internet or an intranet. The communication between the client and the printer is encapsulated in HTTP.
Internet Protocol (IP) :
The inter-network layer protocol used as a basis of the Internet. IP enables information to be routed from one network to another in packets and then reassembled when they reach their destination.
Internet Protocol version 6 (IPv6) :
A new version of Internet Protocol supported in Windows Server 2003. The current version of IP is version 4, also known as IPv4. IPv6, formerly called IP—The Next Generation (IPng), is an evolutionary upgrade and will coexist with version 4 for some time.
Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX) :
Transport protocols used in Novell NetWare networks.
interrupt request (IRQ) :
One of a set of possible hardware interrupts, identified by a number. The number of the IRQ determines which interrupt handler will be used.
Internet Protocol security (IPSec) :
An Internet Engineering Task Force (IETF) stan dard that provides authentication and encryption over the Internet. IPSec is widely used with virtual private networks (VPNs).
IP address :
A 128-bit number, usually represented as a four-part decimal separated by periods (for example, 192.168.1.10) that uniquely identifies a machine on the Internet. Every machine on the Internet has a unique IP address.
K
Kerberos :
An identity-based security system developed at the Massachusetts Institute of Technology (MIT) that authenticates users at logon. It works by assigning a unique key, called a ticket, to each user who logs on to the network. The ticket is then embedded in messages to identify the sender of the message. The Kerberos security protocol is the primary authentication mechanism in Windows Server 2003 and Windows 2000 Server.
Kernel :
The part of the executive (or operating system) that manages the processor. The kernel performs thread
scheduling and dispatching, interrupt and exception handling, and multiprocessor synchronization.
L
Layer Two Tunneling Protocol (L2TP) :
An extension to the Point-to-Point Protocol (PPP) used in conjunction with IPSec to provide secure VPN connections. license group A group of users or devices that shares one or more client access licenses (CALs). License groups are administered using the Licensing tool in the Administrative Tools folder.
Lightweight Data Interchange Format (LDIF) :
An ASCII file format used to transfer data between Lightweight Directory Access Protocol (LDAP) directory services.
Lightweight Directory Access Protocol (LDAP) :
A protocol used to access a directory service. LDAP is a simplified version of the Directory Access Protocol (DAP), which is used to gain access to X.500 directories. LDAP is the primary access protocol for Active Directory.
LISTSERV :
A family of programs that manage Internet mailing lists by distributing messages posted to the list, and adding and deleting members automatically.
Lmhosts :
An ASCII text file like Hosts but used to associate IP addresses to host names inside a network. To remember which is which, remember Lmhosts as LAN Manager Hosts.
local area network (LAN) :
A group of connected computers, usually located close to one another (such as in the same building or the same floor of the building) so that data can be passed among them.
log on :
The act of entering into a computer system; for example, “Log on to the net work and read your e-mail.”
Logical Disk Manager (LDM) :
The service responsible for maintaining configuration information for disks that are configured as dynamic disks.
logical printer :
The representation of a physical printer. A logical printer is created on a Windows computer and includes the printer driver, printer settings, print defaults, and other configuration information that controls when and how a print job is sent to the printer.
logon script :
Typically a batch file set to run when a user logs on or logs off a sys tem. A logon script is used to configure a user’s initial environment. A logoff script is used to return a system to some predetermined condition. Either script can be assigned to multiple users individually or through Group Policy.
M
master boot record (MBR) :
The first sector on a hard disk where the computer gets its startup information. The MBR contains the partition table for the computer and a small program called the master boot code.
master file table (MFT) :
A special system file on an NT file system (NTFS) volume that consists of a database describing every file and subdirectory on the volume.
media access control (MAC) address :
A unique 48-bit number assigned to network interface cards by the manufacturer. MAC addresses are used for mapping in TCP/ IP network communication.
media pool :
A logical collection of removable media sharing the same management policies.
member server :
A server that is part of a domain but is not a domain controller. Member servers can be dedicated to managing files or printer services or other functions. A member server does not verify logons or maintain a security database. mirror 1. Two partitions on two hard disks (also called RAID-1) configured so that each will contain identical data to the other. If one disk fails, the other contains the data and processing can continue. 2. A File Transfer Protocol (FTP) server that provides copies of the same files as another server. Some FTP servers are so pop ular that other servers have been set up to mirror them and spread the FTP load to more than one site.
MMC (Microsoft Management Console) :
A framework for hosting administrative tools called snap-ins. A console might contain tools, folders, or other containers, Web pages, and other administrative items. These items are displayed in the left pane of the console, called a console tree. A console has one or more windows that can provide views of the console tree. See also snap-in.
multicasting :
Simultaneously sending a message to more than one destination on a network Multicasting is distinguished from broadcasting in that multicasting sends to only selected recipients.
multilink dialing :
Combining two or more physical communication links into a sin gle logical link to increase available bandwidth.
multimaster replication :
A feature of Active Directory, multimaster replication automatically propagates every object (such as users, groups, computers, domains, organization units, security policies, and so on) created on any domain controller to each of the other participating domain controllers. All domain controllers con tain the same directory data, so the domain does not depend on a single source for directory information.
multitasking :
Computer legerdemain by which tasks are switched in and out of the processor so quickly that it appears they are all happening at once. The success of a multitasking system depends on how well the various tasks are isolated from one another.
Multithreading :
The simultaneous processing of several threads inside the same program. Because several threads can be processed in parallel, one thread does not have to finish before another one can start.
N
name resolution The process of mapping a name to its corresponding IP address. namespace A name or group of names defined according to a naming convention; any bounded area in which a given name can be resolved. Active Directory is pri marily a namespace, as is any directory service. The Internet uses a hierarchical namespace that partitions names into categories known as top-level domains, such as .com, .edu, and .gov.
native mode :
In Windows 2000 domains, the condition of a domain when all domain controllers have been upgraded to Windows 2000 and the administrator has enabled native mode operation. In Windows Server 2003 domains, where there are no Windows 2000 or Windows NT 4 domain controllers, native mode is simply called Windows Server 2003 mode or functional level. See also domain functional level. Net Logon service A service that accepts logon requests from any client and pro vides authentication from the Security Accounts Manager (SAM) database of accounts.
NetBIOS Enhanced User Interface (NetBEUI) :
A small and fast protocol that requires little memory but can be routed only by using token ring routing. Remote locations linked by routers cannot use NetBEUI to communicate. network Two or more computers connected for the purpose of sharing resources.
Network Access Server (NAS) :
A server that accepts Point-to-Point Protocol connec tions and places them on the network served by NAS.
Network Address Translation (NAT) :
A technology that enables a local-area net work (LAN) to use one set of Internet Protocol (IP) addresses for internal traffic and a second set of addresses for external traffic.
Network Load Balancing (NLB) A technology that allows for efficient utilization of multiple network cards.
Network News Transfer Protocol (NNTP) :
A protocol defined for distribution, inquiry, retrieval, and posting of news articles on the Internet.
newsgroup :
On the Internet, a distributed bulletin board system about a particular topic. USENET News (also known as Netnews) is a system that distributes thousands of newsgroups to all parts of the Internet.
node :
A location on a tree structure with links to one or more items below it. On a local area network (LAN), a device that can communicate with other devices on the network. In clustering, a computer that is a member of a cluster.
non-authoritative restore :
When a domain controller’s system state is restored, Active Directory is restored. When the
domain controller is restarted, the informa tion in the directory, which is only as recent as the date of the backup set, is
brought up to date through normal replication processes between the restored domain controller and its replication
partners.
NTFS file system (NTFS) :
The native file system for Windows Server 2003, Windows 2000, and Windows NT. Supports long filenames, a variety of permissions for sharing files to manage access to files and folders, and a transaction log that allows the com pletion of any incomplete file-related tasks if the operating system is interrupted.
O
Object :
A particular set of attributes that represents something concrete, such as a user, a printer, or an application. The attributes hold data describing the thing that is identified by the object. Attributes of a user might include the user’s given name, surname, and e-mail address. The classification of the object defines which types of attributes are used. For example, the objects classified as users might allow the use of attribute types like common name, telephone number, and e-mail address, whereas the object class of organization allows for attribute types like organization name and business category. An attribute can take one or more values, depending on its type.
object identifier (OID) :
A globally unique identifier (GUID), which is assigned by the Directory System Agent (DSA) when the object is created. The GUID is stored in an attribute, the object GUID, which is part of every object. The object GUID attribute cannot be modified or deleted. When storing a reference to an Active Directory object in an external store (for example, a database), you should use the object GUID because, unlike a name, it will not change.
Operations Master :>
A domain controller that has been assigned Active Directory operations that are single master— that is, operations that are not permitted to occur at different places in the network at the same time. Some single-master operations include schema modification, domain naming, and the relative identi fier (RID) allocator.
organizational unit (OU) :
A container object in Active Directory used to separate computers, users, and other resources into logical units. An organizational unit is the smallest entity to which Group Policy can be linked. It is also the smallest scope to which administration authority can be delegated.
P
packet The basic unit of information sent over a network. Each packet contains the destination address, the sender’s address, error-control information, and data. The size and format of a packet depend on the protocol being used.
page A document, or collection of information, available over the Web. A page can contain text, graphics, video, and sound files. Also can refer to a portion of mem ory that the virtual memory manager can swap to and from a hard disk. paging A virtual memory operation in which pages are transferred from memory to disk when memory becomes full. When a thread accesses a page that’s not in memory, a page fault occurs and the memory manager uses page tables to find the page on disk and then loads the page into memory.
PDC Emulator master :
The domain controller that services network clients that do not have Active Directory client software installed and replicates changes to any Windows NT backup controllers. The PDC emulator master also handles authen tication requests for accounts with recently changed passwords, if the change has not been replicated yet to the entire domain.
Ping :
An Internet Protocol (IP) utility that checks to see whether another computer is available and functioning. It sends a short message to which the other computer automatically responds. If the other computer does not respond to the ping, it is often an indication that communications between the two computers cannot be established at the IP level.
point of presence (POP) :
A physical site in a geographic area where a network access provider, such as a telecommunications company, has equipment to which users connect. The local telephone company’s central office in a particular area is also sometimes referred to as their POP for that area.
Point-to-Point Tunneling Protocol (PPTP)
A protocol that provides router-to router and host-to-network connections over a telephone line (or a network link that acts like a telephone line). See also Serial Line Internet Protocol (SLIP). port From a computer system perspective, a physical connection point on a com puter where you can connect devices that pass data into and out of a computer. For example, a printer is typically connected to a parallel port (also called an LPT port), and a modem is typically connected to a serial port (also called a COM port). From a network perspective, a port is a numbered communication channel through which information passes from one computer system to another. Terminal Services traffic, for example, communicates on port 3389.
Post Office Protocol (POP) :
A protocol by which a mail server on the Internet lets you access your mail and download it to a computer. Most people refer to this protocol with its version number (POP2, POP3, and so on) to avoid confusing it with points of presence (POPs).
primary domain controller (PDC) :
In a Windows NT domain, the server that authenticates domain logons and maintains the security policy and master database for a domain. In a Windows 2000 or Windows Server 2003 domain, running in mixed mode, one of the domain controllers in each domain is identified as the PDC emulator master for compatibility with down-level clients and servers.
primary partition :
A portion of the hard disk that’s been marked as a potentially bootable logical drive by an operating system. MS-DOS can support only a single primary partition. Master boot record disks can support four primary partitions. Computers with the Intel Itanium processor use a GUID partition table that supports up to 128 primary partitions.
Profile :
Loaded by the system when a user logs on, the profile defines a user’s envi ronment, including network settings, printer connections, desktop settings, and program items.
proxy server :
A server that receives Web requests from clients, retrieves Web pages, and forwards them back to clients. Proxy servers can dramatically improve perfor mance for groups of users by caching retrieved pages. Proxy servers also provide security by shielding the IP addresses of internal clients from the Internet.
public-key cryptography :
A method of secure transmission in which two different keys are used—a public key for encrypting data and a private key for decrypting data.
Q
Quality of Service (QoS) A set of standards for assuring the quality of data transmission on a network.
Queue Length :
A performance counter that measures the number of instructions that are waiting to be processed by an object such as the Processor or Physical Disk. If the Queue Length is greater than 2 or 3 for an extended period of time, it is a reflection that the system’s resources are not sufficient for the demands being placed on that system.
R
realm trust :
Used to connect between a non-Windows Kerberos realm and a Windows Server 2003 domain. Realm trusts can be transitive or non-transitive, one-way, or two-way.
Recovery Console :
A command-line interface that provides limited access to the system for troubleshooting purposes. The Recovery Console can be launched by booting with the Windows Server 2003 CD-ROM and, when prompted, pressing R for Repair.
redundant array of independent disks (RAID) :
A range of disk management and striping techniques to implement fault tolerance.
relative distinguished name (RDN) :
Active Directory uses the concept of a relative distinguished name (RDN), which is the part of the distinguished name that is an attribute of the object itself.
relative identifier (RID) :
The part of the security identifier (SID) that is unique to each object.
Remote Access Service (RAS) :
Allows users to connect from remote locations and access their networks for file and printer sharing and e-mail. The computer initiat ing the connection is the RAS client; the answering computer is the RAS server.
Remote Assistance :
Allows for a novice user to use Windows Messenger to request personal, interactive help from an expert user. When the help request is accepted and the remote session negotiated, the expert is able to view and, if allowed by the novice, control the desktop.
Remote Authentication Dial-In User Service (RADIUS) :
A security authentication system used by many Internet service providers (ISPs). A user connects to the ISP and enters a user name and password. This information is verified by a RADIUS server, which then authorizes access to the ISP system.
Remote Desktop for Administration :
A technology based on Terminal Services that allows up to two remote connections to a server for remote administration purposes. In Windows 2000, this was known as Terminal Server in Remote Admin istration mode.
Remote Installation Services (RIS) :
Allows clients to boot from a network server and use special preboot diagnostic tools installed on the server to automatically install a client operating system.
Removable Storage Management (RSM) system :
A feature of Windows Server 2003 that interfaces with robotic changers and media libraries, enables multiple applications to share local libraries and tape or disk drives, and controls remov able media within a single-server system.
Replication :
On network computers, enables the contents of a directory, designated as an export directory, to be copied to other directories, called import directories. Active Directory changes are replicated to all domain controllers on a regular schedule.
Requests for Comments (RFCs) :
An evolving collection of information that details the functions within the TCP/IP family of protocols. Some RFCs are official docu ments of the Internet Engineering Task Force (IETF), defining the standards of TCP/IP and the Internet, whereas others are simply proposals trying to become standards, and others fall somewhere in between. Some are tutorial in nature, whereas others are quite technical.
roaming user profile :
A profile that is stored in a network-accessible location, thus allowing a user to access their desktop, application data, and settings when they log on to any computer. See also profile.
Router :
A network hardware device (or computer-installed software package) that handles the connection between two or more networks. Routers look at the des tination addresses of the packets passing through them and decide which route to use to send them.
S
schema :
A set of definitions of the object classes and attributes that can be stored in Active Directory. Like other objects in Active Directory, schema objects have an access control list (ACL) to limit alterations to only authorized users. schema master The single domain controller assigned to track all updates to a schema within a forest.
scope :
In Dynamic Host Configuration Protocol (DHCP), the range of Internet Protocol (IP) addresses available to be leased to DHCP clients by the DHCP service. In groups, scope describes where in the network permissions can be assigned to the group.
Security Accounts Manager (SAM) :
A service used at logon that manages user account information, including group membership.
security descriptor An attribute of an object that contains ownership and access control information.
Security Identifier (SID):
A unique number assigned to every computer, group, and user account on a Windows Server 2003, Windows 2000, or Windows NT network. Internal processes in the operating system refer to an account’s SID, rather than a name. A deleted SID is never reused.
security principal :
An identity that can be given permission to a resource. A security principal is an object that includes a security identifier (SID) attribute. Windows Server 2003 supports four security principals: users, groups, computers, and the InetOrgPerson object.
Serial Line Internet Protocol (SLIP) :
A protocol used to run Internet Protocol (IP) over serial lines or telephone lines using modems. Rapidly being replaced by Point-to-Point Tunneling Protocol (PPTP). SLIP is part of Windows remote access for compatibility with other remote access software.
server :
A computer that provides a service to other computers on a network. A file server, for example, provides files to client machines.
Server Message Block (SMB) :
An application-layer protocol that allows a client to access files and printers on remote servers. Clients and servers that are configured to support SMB can communicate using SMB over transport- and network-layer protocols, including Transmission Control Protocol (TCP/IP).
Service locator (SRV) resource record :
A record in a DNS zone that specifies the computer (by name) that is hosting a particular service. SRV records allow clients to query DNS for services.
shortcut trust :
Used to reduce logon times between two domains in a Windows Server 2003 or Windows 2000 forest. This type of trust is transitive and can be oneway or two-way.
Simple Object Access Protocol (SOAP) :
An XML/HTTP-based protocol that provides a way for applications to communicate with each other over the Internet, independent of platform.
site In Active Directory, an area of one or more well-connected subnets. When users log on to a site, clients use Active Directory servers in the same site. See also wellconnected.
smart card :
A credit card-sized device that securely stores user credentials such as passwords, certificates, public and private keys, and other types of personal information. snap-in A tool that can be added to a console supported by the Microsoft Manage ment Console (MMC). You can add a snap-in extension to extend the function of a snap-in.
Socket :
An endpoint to a connection. Two sockets form a complete path for a bidi rectional pipe for incoming and outgoing data between networked computers. The Windows Sockets API is a networking application programming interface (API) for programmers writing for the Windows family of products.
Software Update Services (SUS) :
A server-based technology that centralizes the acquisition and approval of security rollups and critical updates for distribution to network clients running the Automatic Updates client.
subnet :
The portion of a Transmission Control Protocol/Internet Protocol (TCP/IP) network in which all devices share
a common prefix. For example, all devices with an IP address that starts with 198 are on the same subnet. IP networks are divided using a subnet mask.
superscope :
A collection of scopes grouped into a single administrative whole. Grouping scopes together into a superscope makes it possible to have more than one logical subnet on a physical subnet.
SystemRoot :
The path and folder where the Windows system files are located. The value %SystemRoot% can be used in paths to replace the actual location. To iden tify the SystemRoot folder on a computer, type %SystemRoot% at a command prompt.
System State :
The collection of critical system files, such as the registry, COM+ registration database, and startup files that must be backed up regularly to provide for system recoverability.
SYSVOL :
The folder on a domain controller that contains group policies and logon scripts. SYSVOL is replicated between domain controllers by the file replication service (FRS).
T
Telnet :
The protocol and program used to log on from one Internet site to another. The Telnet protocol/program gets you to the logon prompt of another host. terminal A device that allows you to send commands to another computer. At a minimum, this usually means a keyboard, a display screen, and some simple circuitry. You will usually use terminal software in a personal computer—the software pretends to be, or emulates, a physical terminal and allows you to type commands to another computer.
Terminal Services :
The underlying technology that enables Remote Desktop for Administration, Remote Assistance, and Terminal Server.
thread :
An executable entity that belongs to one (and only one) process. In a multi tasking environment, a single program can contain several threads, all running at the same time.
token ring :
A type of computer network in which the computers connected in a ring. A token, which is a special bit pattern, travels around the ring. To communicate to another computer, a computer catches the token, attaches a message to it, and the token continues around the network, dropping off the message at the designated location.
transitive trust :
The standard trust between Windows Server 2 0 0 3 domains in a domain tree or forest. Transitive trusts are always two-way trusts. When a domain joins a domain tree or forest, a transitive trust relationship is established automatically.
Transmission Control Protocol/Internet Protocol (TCP/IP) :
A suite of protocols that networks use to communicate with each other on the Internet. tree A tree in Active Directory is just an extension of the idea of a directory tree. It’s a hierarchy of objects and containers that demonstrates how objects are con nected, or the path from one object to another. Endpoints on the tree are usually objects.
trust relationship :
A security term meaning that one workstation or server trusts a domain controller to authenticate a user logon on its behalf. It also means a domain controller trusts a domain controller in another domain to authenticate a logon.
U
Uniform Resource Locator (URL) :
The standard way to give the address of any resource on the Internet that is part of the Internet. For example, http://www.adatum.com. The most common way to use a URL is to enter it into a Web browser.
universal group :
A group that can be used anywhere in a domain tree or forest. Members can come from any domain, and rights and permissions can be assigned at any domain. Universal groups are available only when the domain is in native mode.
Universal Naming Convention (UNC) :
A PC format for indicating the location of resources on a network. UNC uses the following format: \\Server\Shared_ resource_path. To identify the Example.txt file in the Sample folder on the server named Ample, the UNC would be \\Ample\Sample\Example.txt.
Universal Plug and Play (UPnP)
A standard that enables a network-attached device such as a PC, peripheral, or wireless device to acquire an Internet Protocol (IP) address and then, using Internet and Web protocols such as Hypertext Transfer Protocol (HTTP), to announce its presence and availability on the network.
universal serial bus (USB) :
An interface between a computer and add-on devices that enables simplified connection and Plug-and-Play detection of those devices. USB ports support multiple devices per port and usually allow a device to be added to the computer without powering the computer off.
UNIX :
An operating system designed to be used by many computer users at the sametime (multiuser) with Transmission Control Protocol/Internet Protocol operating system for servers on the Internet.
user account :
A user’s access to a network. Each user account has a unique username and security ID (SID).
User Principal Name (UPN) :
An attribute of every user object in Active Directory
(TCP/IP) built in. A common
that uniquely identifies that user in the entire forest. The UPN includes the user logon name and a suffix, such as lsmithbates@contoso.com.
user profile Information about user accounts. See also profile.
user right :
A logon right or privilege that allows a user to perform a system task, such
as logging on locally or restoring files and folders. Because user rights are systemspecific, rather than resource
specific, they will override permissions on an indi vidual resource. For example, users with the user right to Backup Files And Folders can back up a file to tape even if they are denied read permission for that file.
V
Virtual Private Network (VPN) :
A network constructed by using public wires to connect nodes. VPNs use encryption, such as Internet Protocol security (IPSec), and other security mechanisms to make sure only authorized users can access the network and that the data cannot be intercepted.
Voice over Internet Protocol (VoIP) :
A method for using the Internet as a transmission medium for telephone calls. Volume Shadow Copy Service (VSS) A service that creates snapshot backups of files, allowing a backup utility to back up the snapshot regardless of whether the original file is locked or open.
W
Web-Based Enterprise Management (WBEM) :
A set of management and Internet standard technologies developed to unify the management of enterprise computing environments. Microsoft’s implementation of WBEM is the Windows Management Instrumentation.
well-connected :
Being fast and reliable for the needs of Active Directory site com munication. The definition of “sufficiently fast and reliable” for a particular network depends on the work being done on the specific network.
wide area network (WAN) Any Internet or network that covers an area larger than a single building or campus.
Windows Internet Name Service (WINS) :
A name resolution service that converts computer NetBIOS names to Internet Protocol (IP) addresses in a routed environment.
Windows Management Instrumentation (WMI) :
A programming interface that provides access to the hardware, software, and other components of a computer. WMI is the Microsoft implementation of Web-Based Enterprise Management (WBEM) to establish standards of data in Enterprise Management.
Windows Sockets (Winsock) :
Winsock is a standard way for Windows-based pro grams to work with Transmission Control Protocol/Internet Protocol (TCP/IP). You can use Winsock if you use SLIP to connect to the Internet.
Workstation :
In Windows NT, a computer running the Windows NT Workstation operating system. In a wider context, used to describe any powerful computer optimized for graphics or computer-aided design (CAD) or any of a number of other functions requiring high performance.
X
X.500 :
A standard for a directory service established by the International Telecommunications Union (ITU). The same standard is also published by the International Standards Organization/International Electro-technical Commission (ISO/IEC).
The X.500 standard defines the information model used in the directory service. All information in the directory is stored in entries, each of which belongs to at least one object class. The actual information in an entry is determined by attributes that are contained in that entry.
Z
zone :
A part of the Domain Name System (DNS) namespace that consists of a single domain or a domain and subdomains managed as a single, separate entity.
Tuesday, April 15, 2008
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment