A security mechanism that determines which operations a user, group, service, or computer is authorized to perform on a computer or on a particular object, such as a file, printer, registry key, or directory service object.

A list of security protections that apply to an entire object, a set of the object's properties, or an individual property of an object. There are two types of access control lists: discretionary and system.

The directory service that stores information about objects on a network and makes this information available to users and network administrators. Active Directory gives network users access to permitted resources anywhere on the network using a single logon process. It provides network administrators with an intuitive, hierarchical view of the network and a single point of administration for all network objects.

The volume from which the computer starts up. The active volume must be a simple volume on a dynamic disk. You cannot mark an existing dynamic volume as the active volume, but you can upgrade a basic disk containing the active partition to a dynamic disk. Once the disk is upgraded to dynamic, the partition becomes a simple volume that is active.

A set of technologies that allows software components to interact with one another in a networked environment, regardless of the language in which the components were created.

A standard single-byte character encoding scheme used for text-based data. ASCII uses designated 7-bit or 8-bit number combinations to represent either 128 or 256 possible characters. Standard ASCII uses 7 bits to represent all uppercase and lowercase letters, the numbers 0 through 9, punctuation marks, and special control characters used in U.S. English. Most current x86-based systems support the use of extended (or "high") ASCII. Extended ASCII allows the eighth bit of each character to identify an additional 128 special symbol characters, foreign-language letters, and graphic symbols.

A set of routines that an application uses to request and carry out lower-level services performed by a computer's operating system. These routines usually carry out maintenance tasks such as managing files and displaying information.

On x86-based computers, the set of essential software routines that test hardware at startup, start the operating system, and support the transfer of data among hardware devices. The BIOS is stored in read-only memory (ROM) so that it can be executed when you turn on the computer. Although critical to performance, the BIOS is usually invisible to computer users.

An ASCII (unformatted text) file that contains one or more operating system commands. A batch program's file name has a .cmd or .bat extension. When you type the file name at the command prompt, or when the batch program is run from another program, its commands are processed sequentially. Batch programs are also called batch files.

Software that interprets the markup of files in HTML, formats them into Web pages, and displays them to the end user. Some browsers also permit end users to send and receive e-mail, read newsgroups, and play sound or video files embedded in Web documents.

A version of Windows which consists of binaries that provide additional error checking, argument verification, and system debugging code. Much of the extra code in the checked binaries is in the form of ASSERT macros that test an expression. If the expression evaluates to FALSE, the macro generates a kernel debugger error message and breaks into the debugger. This lets you immediately determine the cause and location of the error.Because of the additional error checking code and debugging information, the checked binaries are larger and run slower than the free binaries. This can conceal synchronization or other timing-related problems, such as race conditions, that become apparent only in the free build.If you run the checked build of Windows NT without having enabled kernel debugging, unexpected system shutdowns can occur. This is because the additional checks in the checked build increase the likelihood of encountering a breakpoint.

In data storage, the smallest amount of disk space that can be allocated to hold a file. All file systems used by Windows organize hard disks based on clusters, which consist of one or more contiguous sectors. The smaller the cluster size, the more efficiently a disk stores information. If no cluster size is specified during formatting, Windows picks defaults based on the size of the volume. These defaults are selected to reduce the amount of space that is lost and the amount of fragmentation on the volume. A cluster is also called an allocation unit.

In computer networking, a group of independent computers that work together to provide a common set of services and present a single-system image to clients. The use of a cluster enhances the availability of the services and the scalability and manageability of the operating system that provides the services.

A means of providing support for character sets and keyboard layouts for different countries or regions. A code page is a table that relates the binary character codes used by a program to keys on the keyboard or to characters on the display.

A server-side interface for initiating software services. For example a set of interfaces that describe how a Web server communicates with software on the same computer. Any software can be a CGI program if it handles input and output according to the CGI standard.

An object-based programming model designed to promote software interoperability; it allows two or more applications or components to easily cooperate with one another, even if they were written by different vendors, at different times, in different programming languages, or if they are running on different computers running different operating systems. COM is the foundation technology upon which broader technologies can be built. Object linking and embedding (OLE) technology and ActiveX are both built on top of COM.

A protocol used in the negotiation process in a PPP connection. Compression Control Protocol is one type of Network Control Protocol (NCP). NCPs are used to establish and configure different network protocol parameters for IP, IPX, and NetBEUI.

The left pane in Microsoft Management Console (MMC) that displays the items contained in the console. By default it is the left pane of a console window, but it can be hidden. The items in the console tree and their hierarchical organization determine the capabilities of a console.

A set of information that includes identification and proof of identification that is used to gain access to local and network resources. Examples of credentials are user names and passwords, smart cards, and certificates.

A procedure used in checking for errors in data transmission. CRC error checking uses a complex calculation to generate a number based on the data transmitted. The sending device performs the calculation before transmission and sends its result to the receiving device. The receiving device repeats the same calculation after transmission. If both devices obtain the same result, it is assumed that the transmission was error-free. The procedure is known as a redundancy check because each transmission includes not only data but extra (redundant) error-checking values. Communications protocols such as XMODEM and Kermit use cyclical redundancy checking.

A networking program, usually associated with UNIX systems, that runs in the background performing tool functions such as housekeeping or maintenance without user intervention or awareness. Pronounced "demon."

See Dynamic Host Configuration Protocol.

The connection to your network if you are using a device that uses the telephone network. This includes modems with a standard phone line, ISDN cards with high-speed ISDN lines, or X.25 networks.

If you are a typical user, you may have one or two dial-up connections, for example, to the Internet and to your corporate network. In a more complex server situation, multiple network modem connections might be used to implement advanced routing.

Both the directory information source and the service that make the information available and usable. A directory service enables the user to find an object given any one of its attributes.

A name that uniquely identifies an object by using the relative distinguished name for the object, plus the names of container objects and domains that contain the object. The distinguished name identifies the object as well as its location in a tree. Every object in Active Directory has a distinguished name. A typical distinguished name might be

CN=MyName,CN=Users,DC=Microsoft,DC=Com

This identifies the MyName user object in the microsoft.com domain.

A service that allows system administrators to organize distributed network shares into a logical namespace, enabling users to access files without specifying their physical location and providing load sharing across network shares.

A group of computers that are part of a network and share a common directory database. A domain is administered as a unit with common rules and procedures. Each domain has a unique name.

An Active Directory domain is a collection of computers defined by the administrator of a Windows network. These computers share a common directory database, security policies, and security relationships with other domains. An Active Directory domain provides access to the centralized user accounts and group accounts maintained by the domain administrator. An Active Directory forest is made up of one or more domains, each of which can span more than one physical location.

A DNS domain is any tree or subtree within the DNS namespace. Although the names for DNS domains often correspond to Active Directory domains, DNS domains should not be confused with Active Directory domains.

In a Windows domain environment, a computer running Active Directory that manages user access to a network, which includes logging on, authentication, and access to the directory and shared resources.

An implementation of DFS in which DFS topological information is stored in Active Directory. Because this information is made available on multiple domain controllers in the domain, domain DFS provides fault-tolerance for any distributed file system in the domain.

A hierarchical, distributed database that contains mappings of DNS domain names to various types of data, such as IP addresses. DNS enables the location of computers and services by user-friendly names, and it also enables the discovery of other information stored in the database.

A TCP/IP service protocol that offers dynamic leased configuration of host IP addresses and distributes other configuration parameters to eligible network clients. DHCP provides safe, reliable, and simple TCP/IP network configuration, prevents address conflicts, and helps conserve the use of client IP addresses on the network.

DHCP uses a client/server model where the DHCP server maintains centralized management of IP addresses that are used on the network. DHCP-supporting clients can then request and obtain lease of an IP address from a DHCP server as part of their network boot process.

An operating system feature that allows executable routines (generally serving a specific function or set of functions) to be stored separately as files with .dll extensions. These routines are loaded only when needed by the program that calls them.

A string consisting of environment information, such as a drive, path, or file name, associated with a symbolic name that can be used by Windows. You use System in Control Panel or the set command from the command prompt to define environment variables.

In computers with the Intel Itanium processor, the interface between a computer's firmware, hardware, and the operating system. The Extensible Firmware Interface (EFI) defines a new partition style called GUID partition table (GPT). EFI serves the same purpose for Itanium-based computers as the BIOS found in x86-based computers. However, it has expanded capabilities that provide a consistent way to start any compatible operating system and an easy way to add EFI drivers for new bootable devices without the need to update the computer's firmware.

A derivative of the file allocation table (FAT) file system. FAT32 supports smaller cluster sizes and larger volumes than FAT, which results in more efficient space allocation on FAT32 volumes.

The ability of computer hardware or software to ensure data integrity when hardware failures occur. Fault tolerant features appear in many server operating systems and include mirrored volumes, RAID-5 volumes, and server clusters.

A file system used by MS-DOS and other Windows-based operating systems to organize and manage files. The file allocation table (FAT) is a data structure that Windows creates when you format a volume by using the FAT or FAT32 file systems. Windows stores information about each file in the FAT so that it can retrieve the file later.

A file share accessible by a network path that is supported as a cluster resource by a Resource DLL.

A member of the TCP/IP suite of protocols, used to copy files between two computers on the Internet. Both computers must support their respective FTP roles: one must be an FTP client and the other an FTP server.

For Indexing Service, software that extracts content and property values from a document in order to index them.

For IPSec, a specification of IP traffic that provides the ability to trigger security negotiations for a communication based on the source, destination, and type of IP traffic.

Active Directory operations that are not permitted to occur at different places in the network at the same time. Each role controls another specific set of directory changes. For each role, only the domain controller holding that role can make the associated directory changes. For example, Active Directory performs schema updates to prevent conflicts in a single-master fashion. Only one domain controller in the entire forest, the domain controller holding the schema master role, accepts updates to schema objects. An administrator can shift the schema master role from one domain controller to another as the need arises, but at any moment only one domain controller holds the schema master role.

A stream of data sent or received by a host. Also called network traffic.

A collection of one or more Windows domains that share a common schema, configuration, and global catalog and are linked with two-way transitive trusts.

In synchronous communication, a package of information transmitted as a single unit from one device to another.

A device connected to multiple physical TCP/IP networks capable of routing or delivering IP packets between them. A gateway translates between different transport protocols or data formats (for example, IPX and IP) and is generally added to a network primarily for its translation ability.

In the context of interoperating with Novell NetWare networks, a gateway acts as a bridge between the server message block (SMB) protocol used by Windows networks and the NetWare core protocol (NCP) used by NetWare networks. A gateway is also called an IP router.

A 16-byte value generated from the unique identifier on a device, the current date and time, and a sequence number. A GUID is used to identify a particular device or component.

A display format, like that of Windows, that represents a program's functions with graphic images such as buttons and icons. GUIs allow a user to perform operations and make choices by pointing and clicking with a mouse.

The Microsoft Management Console (MMC) snap-in that is used to edit Group Policy objects.

A collection of Group Policy settings. Group Policy objects are essentially the documents created by the Group Policy snap-in, a Windows utility. Group Policy objects are stored at the domain level, and they affect users and computers contained in sites, domains, and organizational units. In addition, each Windows computer has exactly one group of settings stored locally, called the local Group Policy object.

In the user interface, an interface added to an object that facilitates moving, sizing, reshaping, or other functions pertaining to an object. In programming, a pointer to a pointer, that is, a token that lets a program access an identified resource.

A thin layer of software provided by the hardware manufacturer that hides, or abstracts, hardware differences from higher layers of the operating system. By means of the filter provided by the HAL, different types of hardware look alike to the rest of the operating system. This allows the operating system to be portable from one hardware platform to another. The HAL also provides routines that allow a single device driver to support the same device on all platforms.

The file system designed for the OS/2 version 1.2 operating system.

A section of the registry that appears as a file on your hard disk. The registry subtree is divided into hives (named for their resemblance to the cellular structure of a beehive). A hive is a discrete body of keys, subkeys, and values that is rooted at the top of the registry hierarchy. A hive is backed by a single file and a .log file, which are in the systemroot\System32\Config or the systemroot\Profiles\username folders.

By default, most hive files (Default, SAM, Security, and System) are stored in the systemroot\System32\Config folder. The systemroot\Profiles folder contains the user profile for each user of the computer. Because a hive is a file, it can be moved from one system to another. However, you must use the Registry Editor to edit the file.

A local text file in the same format as the 4.3 Berkeley Software Distribution (BSD) UNIX /etc/hosts file. This file maps host names to IP addresses, and it is stored in the \%Systemroot%\System32\Drivers\Etc folder.

See Hypertext Markup Language.

A simple markup language used to create hypertext documents that are portable from one platform to another. HTML files are simple ASCII text files with codes embedded (indicated by markup tags) to denote formatting and hypertext links.

The protocol used to transfer information on the World Wide Web. An HTTP address (one kind of Uniform Resource Locator [URL]) takes the form: http://www.microsoft.com.

The domain controller assigned to update group-to-user references whenever group memberships are changed, and to replicate these changes to any other domain controllers in the domain. At any time, there can be only one infrastructure master in a particular domain.

A set of directory-based change and configuration management features introduced in Windows 2000 and enhanced in Windows XP. When IntelliMirror is used in both the server and client, the users' data, applications, and settings follow them when they move to another computer.

An application programming interface that resides on a server computer for initiating software services tuned for Windows operating systems.

A 32-bit address used to identify a node on an IP internetwork. Each node on the IP internetwork must be assigned a unique IP address, which is made up of the network ID, plus a unique host ID. This address is typically represented with the decimal value of each octet separated by a period (for example, 192.168.7.27). In this version of Windows, you can configure the IP address statically or dynamically through DHCP.

Transport protocols used in Novell NetWare networks, which together correspond to the combination of TCP and IP in the TCP/IP protocol suite. Windows implements IPX through NWLink.

There are no glossary terms that begin with this letter.

An authentication mechanism used to verify user or host identity. The Kerberos V5 authentication protocol is the default authentication service for Windows 2000. Internet Protocol security (IPSec) and the QoS Admission Control Service use the Kerberos protocol for authentication.

The core of layered architecture that manages the most basic operations of the operating system and the computer's processor. The kernel schedules different blocks of executing code, called threads, for the processor to keep it as busy as possible and coordinates multiple processors to optimize performance. The kernel also synchronizes activities among Executive-level subcomponents, such as I/O Manager and Process Manager, and handles hardware exceptions and other hardware-dependent functions. The kernel works closely with the hardware abstraction layer.

A highly privileged mode of operation where program code has direct access to all memory, including the address spaces of all user-mode processes and applications, and to hardware. Kernel mode is also known as supervisor mode, protected mode, or Ring 0.

In Registry Editor, a folder that appears in the left pane of the Registry Editor window. A key can contain subkeys and value entries. For example, Environment is a key of HKEY_CURRENT_USER.

In IP security (IPSec), a value used in combination with an algorithm to encrypt or decrypt data. Key settings for IP security are configurable to provide greater security.

A network service that supplies session tickets and temporary session keys used in the Kerberos V5 authentication protocol. In Windows 2000 and Windows XP, the KDC runs as a privileged process on all domain controllers.

A command shell which provides the following functionality: file input and output redirection; command-line editing using vi; command history; integer arithmetic; pattern matching and variable substitution; command name abbreviation (aliasing); built-in commands for writing shell programs.

A communications network connecting a group of computers, printers, and other devices located within a relatively limited area (for example, a building). A LAN allows any connected device to interact with any other on the network.

A protected subsystem that authenticates and logs users onto the local system. In addition, the LSA maintains information about all aspects of local security on a system (collectively known as the local security policy), and provides various services for translation between names and identifiers.

A set of objects that represent various types of information about a device, used by Simple Network Management Protocol (SNMP) to manage the device. Because different network management services are used for different types of devices and protocols, each service has its own set of objects.

The first sector on a hard disk, which starts the process of booting the computer. The MBR contains the partition table for the disk and a small amount of executable code called the master boot code.

See Master Boot Record.

A sublayer of the IEEE 802 specifications that defines network access methods and framing.

An algorithm that ensures the quality of a block of data.

See Management Information Base.

A framework for hosting administrative tools, called consoles. A console may contain tools, folders or other containers, World Wide Web pages, and other administrative items. These items are displayed in the left pane of the console, called a console tree. A console has one or more windows that can provide views of the console tree.

The main MMC window provides commands and tools for authoring consoles. The authoring features of MMC and the console tree itself may be hidden when a console is in User Mode.

One of the two volumes that make up a mirrored volume. Each mirror of a mirrored volume resides on a different disk. If one mirror becomes unavailable (due to a disk failure, for example), Windows can use the remaining mirror to gain access to the volume's data.

The default domain mode setting on Windows 2000 domain controllers. Mixed mode allows Windows NT backup domain controllers to co-exist in a Windows 2000 domain. Mixed mode does not support the universal and nested group enhancements of Windows 2000. You can change the domain mode setting to native mode when all Windows NT domain controllers are removed from a domain.

See Microsoft Management Console.

A set of unique names for resources or items used in a shared computing environment.

For Microsoft Management Console (MMC), the namespace is represented by the console tree, which displays all of the snap-ins and resources that are accessible to a console.

For Domain Name System (DNS), namespace is the vertical or hierarchical structure of the domain name tree. For example, each domain label, such as host1 or example, used in a fully qualified domain name, such as host1.example.microsoft.com, indicates a branch in the domain namespace tree.

The condition in which all domain controllers in the domain have been upgraded to Windows 2000 and an administrator has enabled native mode operation (through Active Directory Users and Computers).

See network basic input/output system.

A network protocol native to Microsoft Networking. It is usually used in small, department-size local area networks (LANs) of 1 to 200 clients. It can use Token Ring source routing as its only method of routing. It is the Microsoft implementation of the NetBIOS standard.

An application programming interface (API) that can be used by programs on a local area network (LAN). NetBIOS provides programs with a uniform set of commands for requesting the lower-level services required to manage names, conduct sessions, and send datagrams between nodes on a network.

The area on the taskbar to the right of the taskbar buttons. The notification area displays the time and can also contain shortcuts that provide quick access to programs, such as Volume Control and Power Options. Other shortcuts can appear temporarily, providing information about the status of activities. For example, the printer shortcut icon appears after a document has been sent to the printer and disappears when printing is complete.

An advanced file system that provides performance, security, reliability, and advanced features that are not found in any version of FAT. For example, NTFS guarantees volume consistency by using standard transaction logging and recovery techniques. If a system fails, NTFS uses its log file and checkpoint information to restore the consistency of the file system. In Windows 2000 and Windows XP, NTFS also provides advanced features such as file and folder permissions, encryption, disk quotas, and compression.

A challenge/response authentication protocol. The NTLM authentication protocol was the default for network authentication in Windows NT version 4.0 and earlier and Windows Millennium Edition and earlier. The protocol continues to be supported in Windows 2000 and Windows XP but no longer is the default.

An implementation of the Internetwork Packet Exchange (IPX), Sequenced Packet Exchange (SPX), and NetBIOS protocols used in Novell networks. NWLink is a standard network protocol that supports routing and can support NetWare client-server applications, where NetWare-aware Sockets-based applications communicate with IPX/SPX Sockets-based applications.

A method for sharing information among applications. Linking an object, such as a graphic, from one document to another inserts a reference to the object into the second document. Any changes you make in the object in the first document will also be made in the second document. Embedding an object inserts a copy of an object from one document into another document. Changes you make in the object in the first document will not be updated in the second unless the embedded object is explicitly updated.

An application programming interface (API) that enables database applications to access data from a variety of existing data sources.

An Active Directory container object used within domains. An organizational unit is a logical container into which users, groups, computers, and other organizational units are placed. It can contain objects only from its parent domain. An organizational unit is the smallest scope to which a Group Policy object can be linked, or over which administrative authority can be delegated.

A member of a mirrored volume or a RAID-5 volume that has failed due to a severe cause, such as a loss of power or a complete hard-disk head failure. When this happens, the fault-tolerant driver determines that it can no longer use the orphaned member and directs all new reads and writes to the remaining members of the fault-tolerant volume.

An Open Systems Interconnection (OSI) network layer transmission unit that consists of binary information representing both data and a header containing an identification number, source and destination addresses, and error-control data.

In network protocol communications, a specially reserved field of a defined bit length that is attached to the front of a packet for carry and transfer of control information. When the packet arrives at its destination, the field is then detached and discarded as the packet is processed and disassembled in a corresponding reverse order for each protocol layer.

The interrupt that occurs when software attempts to read from or write to a virtual memory location that is marked not present.

In Task Manager, page fault is the number of times data has to be retrieved from disk for a process because it was not found in memory. The page fault value accumulates from the time the process started.

A calculated value that is used to reconstruct data after a failure. RAID-5 volumes stripe data and parity intermittently across a set of disks. When a disk fails, some server operating systems use the parity information together with the data on good disks to recreate the data on the failed disk.

In asynchronous communications, an extra bit used in checking for errors in groups of data bits transferred within or between computer systems. In modem-to-modem communications, a parity bit is often used to check the accuracy with which each character is transmitted.

A portion of a physical disk that functions as though it were a physically separate disk. After you create a partition, you must format it and assign it a drive letter before you can store data on it.

On basic disks, partitions are known as basic volumes, which include primary partitions and logical drives. On dynamic disks, partitions are known as dynamic volumes, which include simple, striped, spanned, mirrored, and RAID-5 volumes.

An area of the Master Boot Record that the computer uses to determine how to access the disk. The partition table can contain up to four partitions for each physical disk.

A sequence of directory (or folder) names that specifies the location of a directory, file, or folder within the Windows directory tree. Each directory name and file name within the path must be preceded by a backslash (\). For example, to specify the path of a file named Readme.doc located in the Windows directory on drive C, type C:\Windows\Readme.doc.

A removable device, approximately the size of a credit card, that can be plugged into a PCMCIA slot in a portable computer. PCMCIA devices can include modems, network adapters, and hard disk drives.

Some PCMCIA cards can be connected to and disconnected from your computer without restarting it. Before you remove the PCMCIA card, however, you should use the Add Hardware Wizard to notify Windows that you are doing so. Windows will then notify you when you can remove the device.

A Windows NT administrative tool that monitors performance on local or remote computers. Performance Monitor is replaced by the Performance console in Windows 2000.

A rule associated with an object to regulate which users can gain access to the object and in what manner. Permissions are granted or denied by the object's owner.

An Institute of Electrical and Electronics Engineers (IEEE) standard that defines a set of operating-system services. Programs that adhere to the POSIX standard can be easily ported from one system to another. POSIX was based on UNIX system services, but it was created in a way that allows it to be implemented by other operating systems.

A maildrop service that allows a client to retrieve mail that the server is holding for it. The most recent implementation is Version 3, or POP3.

In a Windows NT Server 4.0 or earlier domain, the computer running Windows NT Server that authenticates domain logons and maintains the directory database for a domain. The PDC tracks changes made to accounts of all computers on a domain. It is the only computer to receive these changes directly. A domain has only one PDC. In this version of Windows, one of the domain controllers in each domain is identified as the PDC for compatibility with Windows NT 4.0 and earlier versions of Windows NT.

A device that puts text or images on paper or other print media. Examples are laser printers or dot-matrix printers.

An operating system object that consists of an executable program, a set of virtual memory addresses, and one or more threads. When a program runs, a Windows 2000 process is created.

A set of rules and conventions for sending information over a network. These rules govern the content, format, timing, sequencing, and error control of messages exchanged among network devices.

A set of quality assurance standards and mechanisms for data transmission, implemented in this version of Windows.

A fault-tolerant volume with data and parity striped intermittently across three or more physical disks. Parity is a calculated value that is used to reconstruct data after a failure. If a portion of a physical disk fails, Windows recreates the data that was on the failed portion from the remaining data and parity. You can create RAID-5 volumes only on dynamic disks, and you cannot mirror or extend RAID-5 volumes.

A type of microprocessor design that focuses on rapid and efficient processing of a relatively small set of instructions. RISC architecture limits the number of instructions that are built into the microprocessor, but optimizes each so it can be carried out very rapidly{bmct emdash.bmp}usually within a single clock cycle.

A method used to standardize and categorize fault-tolerant disk systems. RAID levels provide various mixes of performance, reliability, and cost. Some servers provide three of the RAID levels: Level 0 (striping), Level 1 (mirroring), and Level 5 (RAID-5).

A database repository for information about a computer's configuration. The registry contains information that Windows continually references during operation, such as:

• Profiles for each user.
• The programs installed on the computer and the types of documents each can create.
• Property settings for folders and program icons.
• What hardware exists on the system.
• Which ports are being used.

The registry is organized hierarchically as a tree and is made up of keys and their subkeys, hives, and value entries.

The part of a security ID (SID) that uniquely identifies an account or group within a domain.

Part of the integrated Routing and Remote Access service that provides remote networking for telecommuters, mobile workers, and system administrators who monitor and manage servers at multiple branch offices. Users with a computer running Windows and Network Connections can dial in to remotely access their networks for services such as file and printer sharing, electronic mail, scheduling, and SQL database access.

A Windows NT 4.0 service that provides remote networking for telecommuters, mobile workers, and system administrators who monitor and manage servers at multiple offices.

A message-passing facility that allows a distributed application to call services that are available on various computers on a network. Used during remote administration of computers.

The RPC subsystem for Windows NT and Windows 2000. The RPC subsystem includes the endpoint mapper and other RPC services.

NTFS file system objects that have a definable attribute containing user-controlled data and are used to extend functionality in the input/output (I/O) subsystem.

The process of copying data from a data store or file system to multiple computers to synchronize the data. Active Directory provides multimaster replication of the directory between domain controllers within a given domain. The replicas of the directory on each domain controller are writable. This allows updates to be applied to any replica of a given domain. The replication service automatically copies the changes from a given replica to all other replicas.

An official document of the Internet Engineering Task Force (IETF) that specifies the details for protocols included in the TCP/IP family.

Generally, any part of a computer system or network, such as a disk drive, printer, or memory, that can be allotted to a running program or a process.

For Device Manager, any of four system components that control how the devices on a computer work. These four system resources are interrupt request (IRQ) lines, direct memory access (DMA) channels, input/output (I/O) ports, and memory addresses.

For server clusters, a physical or logical entity that is capable of being managed by a cluster, brought online and taken offline, and moved between nodes. A resource can be owned only by a single node at any point in time.

A dynamic-link library (DLL) containing an implementation of the Resource application programming interface (API) for a specific type of resource. The Resource DLL is loaded into the address space of its Resource Monitor.

A signaling protocol that allows the sender and receiver in a communication to set up a reserved highway for data transmission with a specified quality of service.

A ring transition or kernel-mode transition occurs when user-mode processes use application program interfaces (APIs) to switch their threads from user mode to kernel mode.

In a Windows environment, hardware that helps LANs and WANs achieve interoperability and connectivity, and can link LANs that have different network topologies (such as Ethernet and Token Ring). Routers match packet headers to a LAN segment and choose the best path for the packet, optimizing network performance.

In the Macintosh environment, routers are necessary for computers on different physical networks to communicate with each other. Routers maintain a map of the physical networks on a Macintosh internet (network) and forward data received from one physical network to other physical networks. Computers running the Server version of Windows with AppleTalk network integration can act as routers, and you can also use other routing hardware on a network with AppleTalk network integration.

A protocol used by routers to exchange information between routers on an IPX network and by hosts to determine the best router to use when forwarding IPX traffic to a remote IPX network.

See remote procedure call.

See Security Accounts Manager.

A description of the object classes and attributes stored in Active Directory. For each object class, the schema defines the attributes an object class must have, the additional attributes it may have, and the object class that can be its parent.

The Active Directory schema can be updated dynamically. For example, an application can extend the schema with new attributes and classes and use the extensions immediately. Schema updates are accomplished by creating or modifying the schema objects stored in Active Directory. Like every object in Active Directory, schema objects have an access control list, so only authorized users may alter the schema.

A type of program consisting of a set of instructions to an application or tool program. A script usually expresses instructions by using the application's or tool's rules and syntax, combined with simple control structures such as loops and if/then expressions. "Batch program" is often used interchangeably with "script" in the Windows environment.

An authoritative DNS server for a zone that is used as a source for replication of the zone to other servers. Secondary masters update their zone data only by transferring zone data from other DNS servers. They do not have the ability to perform zone updates.

A Windows service used during the logon process. SAM maintains user account information, including groups to which a user belongs.

A data structure that contains security information associated with a protected object. Security descriptors include information about who owns the object, who can access it and in what way, and what types of access will be audited.

A data structure of variable length that identifies user, group, and computer accounts. Every account on a network is issued a unique SID when the account is first created. Internal processes in Windows refer to an account's SID rather than the account's user or group name.

A file-sharing protocol designed to allow networked computers to transparently access files that reside on remote systems over a variety of networks. The SMB protocol defines a series of commands that pass information between computers. SMB uses four message types: session control, file, printer, and message.

A program, routine, or process that performs a specific system function to support other programs, particularly at a low (close to the hardware) level. When services are provided over a network, they can be published in Active Directory, facilitating service-centric administration and usage. Some examples of services are the Security Accounts Manager service, File Replication service, and Routing and Remote Access service.

See shell (sh).

To make resources, such as folders and printers, available to others.

Any device, data, or program that is used by more than one other device or program. For Windows, shared resources refer to any resource that is made available to network users, such as folders, files, printers, and named pipes. A shared resource can also refer to a resource on a server that is available to network users.

A command-line POSIX tool that contains a large subset of Korn shell functionality (though no variable arrays).

A member of the TCP/IP suite of protocols that governs the exchange of electronic mail between message transfer agents.

A network protocol used to manage TCP/IP networks. In Windows, the SNMP service is used to provide status information about a host on a TCP/IP network.

A dynamic volume made up of disk space from a single dynamic disk. A simple volume can consist of a single region on a disk or multiple regions of the same disk that are linked together. You can extend a simple volume within the same disk or onto additional disks. If you extend a simple volume across multiple disks, it becomes a spanned volume. You can create simple volumes only on dynamic disks. Simple volumes are not fault tolerant, but you can mirror them to create mirrored volumes.

A standard high-speed parallel interface defined by the American National Standards Institute (ANSI). A SCSI interface is used for connecting microcomputers to peripheral devices such as hard disks and printers, and to other computers and local area networks (LANs).

A type of tool you can add to a console supported by Microsoft Management Console (MMC). A stand-alone snap-in can be added by itself; an extension snap-in can only be added to extend the function of another snap-in.

A dynamic volume consisting of disk space on more than one physical disk. You can increase the size of a spanned volume by extending it onto additional dynamic disks. You can create spanned volumes only on dynamic disks. Spanned volumes are not fault tolerant and cannot be mirrored.

In UNIX, the defined receiver of error messages about a process. By default, the standard error goes to the terminal.

In UNIX, the defined source of input for a process. By default, standard input comes from the terminal.

In UNIX, the defined receiver for output from a process. By default, the standard output goes to the terminal.

Routes in the routing table that are permanent. Static routes are manually configured by a network administrator. They change only if the network administrator changes them. If the routing protocol is configured to support auto-static routes (automatically added static routes), then the router can issue a request to a protocol to get an update of routing information on a specific interface. The results of such an update are then converted and kept as static routes.

A widely accepted standard database sublanguage used in querying, updating, and managing relational databases.

A 32-bit value that enables the recipient of IP packets to distinguish the network ID and host ID portions of the IP address. Typically, subnet masks use the format 255.x.x.x.

Transmission Control Protocol.

See Transport Driver Interface.

An application programming interface (API) used by communications programs to work with telephony and network services. Communications programs like HyperTerminal and Phone Dialer use TAPI to dial, answer, and route telephone calls on conventional telephony devices, including PBXs, modems, and fax machines. TAPI 3.0 also provides Internet Protocol (IP) telephony support, which Phone Dialer and other programs use to transmit, route, and control real-time audio and video signals over IP-based networks such as the Internet.

A terminal-emulation protocol that is widely used on the Internet to log on to network computers. Telnet also refers to the application that uses the Telnet protocol for users who log on from remote locations.

A type of object within a process that runs program instructions. Using multiple threads allows concurrent operations within a process and enables one process to run different parts of its program on different processors simultaneously. A thread has its own set of registers, its own kernel stack, a thread environment block, and a user stack in the address space of its process.

A set of identification data for a security principle, issued by a domain controller for purposes of user authentication. Two forms of tickets in Windows are ticket-granting tickets (TGTs) and service tickets.

A Kerberos V5 service provided by the Kerberos V5 Key Distribution Center (KDC) service that issues service tickets that allow users to authenticate to services in a domain.

A credential issued to a user by the Kerberos Key Distribution Center (KDC) when the user logs on. The user must present the TGT to the KDC when requesting session tickets for services. Because a TGT is normally valid for the life of the user's logon session, it is sometimes called a user ticket.

Command-line POSIX tool which changes the modification date of files.

A set of networking protocols widely used on the Internet that provides communications across interconnected networks of computers with diverse hardware architectures and various operating systems. TCP/IP includes standards for how computers communicate and conventions for connecting networks and routing traffic.

In the Windows NT and Windows 2000 networking model, a common interface for network layer components. The TDI is not a single program, but a protocol specification to which the upper bounds of transport protocol device drivers are written. It allows software components above and below the transport layer to be mixed and matched without reprogramming.

A protocol that defines how data should be presented to the next receiving layer in the Windows NT and Windows 2000 networking model and packages the data accordingly. The transport protocol passes data to the network adapter driver through the Network Driver Interface Specification (NDIS) interface and to the redirector through the Transport Driver Interface (TDI).

A logical relationship established between domains to allow pass-through authentication, in which a trusting domain honors the logon authentications of a trusted domain. User accounts and global groups defined in a trusted domain can be given rights and permissions in a trusting domain, even though the user accounts or groups don't exist in the trusting domain's directory.

A server or router that terminates tunnels and forwards traffic to the hosts on the target network.

A character encoding standard developed by the Unicode Consortium that represents almost all of the written languages of the world. The Unicode character repertoire has multiple representation forms, including UTF-8, UTF-16, and UTF-32. Most Windows interfaces use the UTF-16 form.

An international standard character set reference that is part of the Unicode standard. The most widely held existing version of the UCS standard is UCS-2, which specifies 16-bit character values currently accepted and recognized for use to encode most of the world's languages.

An address that uniquely identifies a location on the Internet. A URL for a World Wide Web site is preceded with http://, as in the fictitious URL http://www.example.microsoft.com/. A URL can contain more detail, such as the name of a page of hypertext, usually identified by the file name extension .html or .htm.

A device connected between a computer and a power source to ensure that electrical flow is not interrupted. UPS devices use batteries to keep the computer running for a period of time after a power failure. UPS devices usually provide protection against power surges and brownouts as well.

A convention for naming files and other resources beginning with two backslashes (\), indicating that the resource exists on a network computer. UNC names conform to the \\SERVERNAME\SHARENAME syntax, where SERVERNAME is the server's name and SHARENAME is the name of the shared resource. The UNC name of a directory or file can also include the directory path after the share name, with the following syntax: \\SERVERNAME\SHARENAME\DIRECTORY\FILENAME.

An external bus that supports Plug and Play installation. Using USB, you can connect and disconnect devices without shutting down or restarting your computer. You can use a single USB port to connect up to 127 peripheral devices, including speakers, telephones, CD-ROM drives, joysticks, tape drives, keyboards, scanners, and cameras. A USB port is usually located on the back of your computer near the serial port or parallel port.

A powerful, multiuser, multitasking operating system initially developed at AT&T Bell Laboratories in 1969 for use on minicomputers. UNIX is considered more portable, that is, less computer-specific, than other operating systems because it is written in C language. Newer versions of UNIX have been developed at the University of California at Berkeley and by AT&T.

A file that contains configuration information for a specific user, such as desktop settings, persistent network connections, and application settings. Each user's preferences are saved to a user profile that Windows uses to configure the desktop each time a user logs on.

A form of encoding and decoding that allows binary files to be sent as e-mail. A binary file, such as a program or image, cannot be sent directly over the Internet by e-mail. To send such a file, you must first encode it to hide the control characters. This encoding can be accomplished by converting the binary file to a text file. UUEncoding carries out this conversion, and UUDecoding regenerates the original file.

In programming, a named storage location capable of containing a certain type of data that can be modified during program execution.

System environment variables are defined by Windows 2000 Server and are the same no matter who is logged on to the computer. Administrator group members can add new variables or change the values, however.

User environment variables can be different for each user of a particular computer. They include any environment variables you want to define or variables defined by your applications, such as the path where application files are located.

A logical grouping of hosts on one or more LANs that allows communication to occur between hosts as if they were on the same physical LAN.

A method for sending voice over a LAN, a WAN, or the Internet using TCP/IP packets.

A partition consisting of disk space on one or more physical disks that was created with Windows NT 4.0 or earlier. You can delete volume sets only with Windows&nsbsp;2000 or Windows XP. To create new volumes that span multiple disks, use spanned volumes on dynamic disks.

A tunnel that is initiated by the client. It tunnels PPP over IP from the client to the tunnel server, then the data is forwarded to the target host by the tunnel server.

Word count. Command-line POSIX tool that returns the number of bytes, words, and lines in files.

A communications network connecting geographically separated computers, printers, and other devices. A WAN allows any connected device to interact with any other on the network.

A software service that dynamically maps IP addresses to computer names (NetBIOS names). This allows users to access resources by name instead of requiring them to use IP addresses that are difficult to recognize and remember. WINS servers support clients running Windows NT 4.0 and earlier versions of Microsoft operating systems.

A resource type that provides Windows Internet Name Service (WINS) from a cluster.

A set of standards defining a distributed directory service, developed by the International Standards Organization (ISO).

There are no glossary terms that begin with this letter.

There are no glossary terms that begin with this letter.