|
|
Based on the lockout security policy, a user will be denied access, or locked out, after a predefined number of failed logon attempts. The duration of the lockout is also set in the lockout security policy.
An entry in the access control list (ACL) that includes a security ID (SID) and an access rights list. When the SID is matched, access rights are granted or denied.
An object's owner controls whether access to the object is allowed or disallowed. For this purpose, each object has an ACL that comprises access control entries (ACE). Also known as the discretionary access control list (DACL), the ACL is the portion of the security descriptor that enforces permissions associated with an object. (The other components of the security descriptor are the object's creator [otherwise known as its owner], its group [a POSIX compliance element that relates to the "primary group"], and the system access control list, or SACL, which regulates auditing.)
An industry power management specification used by Windows 2000 Plug and Play hardware management.
The part of the Quality of Service (QoS) network management feature that defines who shares shared network resources and how they are used. It also regulates subnet bandwidth.
Microsoft Corporation's advanced directory service that is shipped with Windows 2000 Server versions. See Chapters 5 and 6 for information about directory concepts and Active Directory's capabilities.
The partition from which the operating system starts; it must be the primary partition on a basic disk. On Windows 2000 systems, the active partition can also be the system volume. If Windows 2000 is dual-booted with earlier Microsoft operating systems, all start-up files for both operating systems must reside on the active partition.
An umbrella term for Microsoft technologies that permit applications developers to create Web-interactive content.
A printed circuit board or hardware chip set that permits network connections between computers. Also known as a network card.
Three levels of address class exist based on IP numbers: A, B, and C. For additional information, see Chapter 12.
As part of the TCP/IP suite, this protocol provides resolution between IP and MAC addresses.
As defined by Windows 2000, a member of the Administrators group, with full control over a specific computer or domain.
An API that permits applications on Windows 9x, Windows NT, and Windows 2000 to interface with networked directory services.
A computer or network device that runs SNMP (the Simple Network Management Protocol) and provides information about its location and configuration.
A routine that can be called by an application to carry out requests of other applications or the operating system. An example is the display-handling routines available from the Win32 API.
The default network protocol for Apple Macintosh computer systems. Windows 2000 Server provides connectivity to AppleTalk clients.
A system of encryption that uses mathematically related public and private encryption keys. The private key remains confidential; the public key is passed out freely. To encrypt a message, a sender uses the receiver's public key. The receiver can then decrypt the message with the corresponding private key.
Transmission of data at irregular intervals. Start and stop bits signal when each character has been received.
A communication protocol that transmits fixed-length 53-byte packets. It is generally viewed as a rapid method of data communication.
In terms of files, designation of a file as read-only, archival, encrypted, or compressed. In terms of Active Directory schema, definition of the features of the object class.
The process of matching a user's logon name and password against Windows 2000 security files. For standalone computers, it is carried out on the local system. For network logon, it is conducted by an Active Directory domain controller.
A form of object resolution used by the Backup tool in which specified objects are replaced.
A predefined user group whose members have authority to perform backup of data regardless of the object's attribute.
In digital communications terms, the bits-per-second (bps) transfer rate. In analog communications, a range between high and low frequencies.
The hard drive that contains the primary partition, extended partitions, and logical drives. It can also access MS-DOS.
A form of a text-based (ASCII) script that invokes other applications or batch programs. It uses the extension .cmd or .bat.
Used by Windows NT Server 4.0 or earlier as a subordinate domain controller to the Primary Domain Controller, the BDC contains read-only copies of information such as the domain's security account manager (SAM). It is used in a Windows 2000 domain when the domain is configured in mixed mode.
The system used in personal computers to check hardware, for basic operating system startup, and to initiate data communications. It is stored in Read-Only Memory (ROM).
The smallest unit of information used by personal computers. It is expressed as a 1 or 0 to designate true or false.
A measure of communication speed based on character transfer. A character is defined as 8 bits. In a typical asynchronous environment, an additional start and stop bit is added.
Files required to initiate a Windows 2000 operating system, for example, Ntldr and Ntdetect.com.
A process that occurs automatically with system startup and saves information regarding boot activities. It is stored in the root directory as an ASCII file called Ntldr.txt.
The location of Windows 2000 operating system and support files. It has to be located in the same partition used for initial booting that contains Ntldr and Ntdetect.com.
Part of the TCP/IP used by diskless workstations or devices like network printers.
An application that interprets HTTP communications and displays HTML output from the Internet or an intranet.
Shipped by default with Windows 2000 to incorporate a standard set of rights, these groups are provided so that rights can be easily applied to user accounts.
The issuer of digital certificates or the corporate authority that establishes and verifies public keys. See Chapter 10 for additional information about the public key infrastructure and Microsoft's implementation of CA.
Defined by the end user or the administrator, the number the server will call to connect with a remote client. It is often used for roaming users who want to limit hotel toll costs while connected to the home office server.
An object's distinguished name that is output without LDAP attribute tags such as DC= or CN=.
A certificate binds an encryption key with encrypted data. Certificates are digitally signed by certificate authorities.
A server-based script that initiates services, it is commonly used in association with Web services.
Part of a domain hierarchical tree. It shares the domain namespace, Global Catalog, and schema with all other domains in the tree. For example, if the child domain is called "sales" in the EntCert.com domain, its name is sales.EntCert.com.
Any system connected to or requesting services from another computer. That other computer is known as a server. At any given time, a computer can be a client or a server.
A group of computers that share a workload and perform redundant fault tolerance. If a member of a cluster fails, another member will assume the workload in a process known as failover.
Applications that conform to the cluster API. Not all applications are designed to work in a cluster environment. For additional information, see Chapter 17.
The programming model that permits object interoperability and reusability. Theoretically, COM components can be used by different applications and within varied operating system environments. Microsoft's Object Linking & Embedding (OLE) and ActiveX are based on COM. DCOM (Distributed Component Object Model) is the network variant of COM.
The character-based window in which supported MS-DOS utilities and certain scripts such as batch files are run.
The port that permits single-bit asynchronous data transmission. Also known as the serial port.
Created by the domain administrator, the account that identifies a unique computer in the domain.
Checks for errors in data transmission. Each transmission includes data and extra (redundant) error-checking values. CRC is used by communications protocols such as XMODEM and Kermit.
Code that performs authentication, encoding, and encryption services. It creates and destroys keys and their utilization. Windows-based applications gain access through the CryptoAPI.
The part of an object's security descriptor that defines who has permission to use, or is specifically denied access to, an object.
A Microsoft implementation of Interprocess Communication (IPC) that permits DDE-enabled applications to share data.
A code that communicates between Windows 2000 and hardware such as a modem, network card, and printer. Without it, a device is not recognized by Windows 2000. The Hardware Compatibility List (HCL) lists device drivers shipped with Windows 2000. Other drivers must be obtained from the hardware manufacturer.
Interfacing within the Executive, or kernel, mode of Windows 2000, it is an administrative tool used to control computer devices. It lists device properties and performs updates and further configuration.
The system of shared folders located on different servers that are linked into a single namespace, permitting transparent access to shared folders regardless of their location on the network.
An industry-standard networking protocol that provides TCP/IP-based networks with the ability to dynamically assign Internet Protocol (IP) addresses and eliminate address conflicts for the defined IP number range.
A connection that permits communication from a computer or network through telephone exchanges. It can be made through a modem, ISDN line, or X.25 network.
A backup of all files that have been added or modified since the last scheduled full or incremental backup. It does not set the Archival attribute, thereby marking the files as having been backed up.
A cryptographic standard that uses the Digital Signature Algorithm (DSA) to generate and verify signatures and SHA-1 as its message hash algorithm. DSA is a public-key cipher used to create digital signatures. It is not employed for data encryption.
The Active Directory has three partitions that are really directory subtrees, each of which has a separate replication schedule. The three partitions are the schema, the configuration, and actual objects.
The process of copying a database. Active Directory uses a multimaster replication model in which all domain controllers have read/write capacity and communicate changes to their peers through defined policies.
The network service that manages elements in the directory and permits users to locate objects based on definitions known as attributes.
The creation of a duplicate or mirrored version of a disk. Mirrored volumes must reside on different disks. In the event of a disk failure, access is obtained to the mirrored volume.
Defines the domain and related container(s) in which objects reside. See Chapter 5 for a discussion on naming conventions.
The collection of executable routines whose specific functions can be called by applications. As a specific function is needed, the application will locate and execute the required .dll file. DLLs are reusable.
An industry-standard service that works with TCP/IP networks, DNS is a hierarchical name service for host computers. It is used as a foundation technology by the Active Directory. DNS lists host names and IP addresses so that a computer can be located in either fashion.
An enhanced version of DNS that permits the dynamic registration of hosts.
The Active Directory manages a hierarchical infrastructure of networked computers with the domain as the foundation. A domain comprises computer systems and network resources that share a logical security boundary and can store more than 17 terabytes in the Active Directory's database. Although a domain can cross physical locations, it maintains its own security policies and security relationships with other domains. Domains are sometimes created to define functional boundaries such as an administrative unit (e.g., marketing versus engineering). They are also viewed as groups of resources or servers that use a common domain name known as a namespace.
A server that contains a copy of the Active Directory. All domain controllers are peers and maintain replicated versions of the Active Directory for their domains. The domain controller plays an important role in both the logical and the physical structures of the Active Directory. It organizes all the domain's object data in a logical and hierarchical data store. It also authenticates users, provides responses to queries about network objects, and replicates directory services. The physical structure provides the means to transmit this data through well-connected sites.
A security or distribution group. It may contain universal groups, global groups, and accounts from any domain in the domain tree or forest.
The Active Directory model that involves connection of one or more domains into hierarchical trust relationships. Domain trees and forests are created as part of this model. Also included are subadministrative structures known as organizational units.
The name used by DNS to identify a computer, host, or network device. It is made up of a preface identifier (like "EntCert" or "Microsoft") and a suffix (like "com," "gov," "net," etc.) separated by a dot. The namespace is the database structure used by DNS for names.
One of the several operations masters, this domain controller is responsible for adding and removing domain controllers from the forest.
When multiple domains share one schema, security trust relationships, and a Global Catalog, a domain tree is created, defined by a common and contiguous namespace. For example, all domains with the ending namespace of EntCert.com belong to the EntCert domain tree. A domain tree is formed through the expansion of child domains like Sales.EntCert.com or Research.EntCert.com. In this example, the root domain is EntCert.com.
An extension to NTFS that permits users to secure files through encryption.
A documentation service that organizes a variety of events into lists that describe them and underscores whether they are normal or abnormal.
Permissions that are automatically set on an object or those that are set by the object's owner.
An extension of the Point-to-Point Protocol (PPP) that provides remote user access authentication. Authentication schemes supported by EAP include dial-up using Kerberos V5, one-time passwords, and public key authentication using smart cards and certificates. EAP can be used with dial-up, PPTP, and L2TP clients. It offers security against brute-force or dictionary attacks and greater protection against password guessing than other authentication methods, such as CHAP.
The process of reestablishing cluster node responsibilities when the original failure has been corrected. It is used in clustering environments.
The process of handing over responsibility to another node when a failure occurs. It is used in clustering environments.
An extension of FAT introduced with Windows 98. Although FAT32 is supported in Windows 2000, it is still an older file system that limits many operating system features.
The ability of a system to ensure data integrity in the event of hardware failures. It is most closely associated with clustering.
A file system used in MS-DOS and earlier versions of Windows. Although FAT is supported by Windows 2000, it has many limitations, especially regarding security and storage.
A protocol used in TCP/IP networks to transmit files across the network.
A system used to secure a computer or enterprise from unauthorized external access; usually includes a combination of software and hardware.
Trust relationships can be formed between domain trees with different namespaces, thus creating a domain forest. Forests allow the formation of an enterprise with different domain names such as EntCert.com and unint.com. All trees in the forest share a number of attributes, including a Global Catalog, configuration, and schema. A forest simply is a reference point between trees and does not have its own name.
As data is stored on a disk, files may be divided and located in a number of physical locations. As files are so distributed, the disk is said to be fragmented. Unless defragmentation programs are run, this can cause system performance loss.
MA database that is designed for two primary functions. First, it is a domain controller that stores object data and manages queries on locating objects according to their most common attributes. Second, it provides data that permits network logon. In single-domain-controller environments, the Active Directory and the GC reside on the same server.
A collection of users, computers, and other groups. It is the method by which rights and other characteristics can be assigned to multiple users.
The Group Policy is an administrative mechanism for defining and managing the way objects are used by users and computers.
The code that identifies a device or component through the use of a 16-byte value.
A layer of code that separates the hardware interface from the kernel and Executive Services.
A one-way mathematical function (hash algorithm) that is applied to data to secure it. Also known as a message digest.
A portion of the Registry that appears as a file on the hard disk. It is edited by the Registry Editor.
The directory accessible by a user for the storage and manipulation of her files. Every user has a home directory, whose default location can be set by the administrator.
A text-based markup language interpreted by Web browsers to format and output file contents.
A method of providing security and authentication for dial-in connections.
Microsoft Corporation's software that maintains and configures Internet services. It includes Web, Network News Transfer Protocol (NNTP), file transfer protocol (FTP), and Simple Mail Transfer Protocol (SMTP) services.
Storage of only those files that are new or that have been modified since the last full backup and marking them as having been backed up.
One of the operations masters, this domain controller manages group-to-user references as changes within group membership occur. This data is then replicated to the other domain controllers.
The messenger protocol in the TCP/IP suite. It is responsible for addressing and sending TCP packets.
A unique, logical set of numbers that identifies each host computer or node in a TCP/IP network. It is a 32-bit number divided into four decimal numbers from 0 to 255, with the numbers separated by periods. An example of an IP address is 111.111.111.111.
The process used to create and manage site topology for Active Directory replication.
A distributed network service that supplies session tickets and temporary session keys used by Kerberos.
The MIT-developed authentication protocol used by Windows 2000 to verify a user's encrypted password so that he can achieve logon rights.
Windows Server 2003 uses a nonconfigurable microkernel that provides basic operating system functions. The microkernel dispatches and controls threads serving as the heart of the operating system.
One mode in which an operating system operates. The kernel mode manages such services as security, I/O, device drivers, and HAL—that is, generally those things that are not directly involved with users or the Win32 subsystem. Also known as the Executive mode.
A group of computers, printers, and other devices situated in a relatively small area that are linked for communications.
A network protocol used by the Active Directory to locate objects within a Windows 2000 domain. As an industry standard, it also permits some directory service interoperability.
Accounts created for users who want access only to the local computer. The Active Directory is not aware of local accounts, and network logon cannot occur through a local account.
A group used to assign permissions to local users for the specific computer in which the group resides.
The process in which the user provides a name and password that are passed to Windows 2000 for authentication. Logon scripts are read to provide unique user environments.
The first file on an NTFS volume, it contains information about folders and files on that volume.
The booting process starts by initiating the MBR data structure. If this sector is corrupted, booting will not occur.
A Microsoft feature that allows messages between applications to be queued and distributed across the network, even to systems that may be offline. Message Queuing provides guaranteed message delivery and priority-based messaging.
The MMC provides administrative tools with a consistent interface. An administrator can create one or more MMCs and add to it the administrative tools desired. An MMC can also be distributed to other administrators.
An environment that exists when domain-level domain controllers have not be promoted to the Active Directory and still run the Windows 2000 MMC (Microsoft Management Console).
The original Microsoft operating system. Many of its utilities are available on Windows 2000 and are accessible from the command prompt.
The replication process that replaces the Windows NT replication model in which a Primary Domain Controller (PDC) writes updates to Backup Domain Controllers (BDC). With Windows 2000, all domain controllers have read and write capability so that they all share the same data.
Windows 2000 permits system configuration so that more than one operating system can be booted from the computer. For example, for reasons of legacy application support, it may be necessary to configure a system with both MS-DOS and Windows 2000 boot capability. Multiple boots present some security risks and are not highly recommended.
A group of names of objects that occupy one network or system, and defined by conventions such as the Domain Name System (DNS), Fully Qualified Domain Name (FQDN), distinguished names (DN), and User Principle Names (UPN)s used by the Active Directory to locate users, hosts, and objects throughout the domain.
The mode in which all domain controllers are running Windows 2000 Server and have been converted from mixed mode. Windows NT 4.0 BDCs are no longer allowed to participate in Active Directory replication or to perform administrative functions.
A hardware circuit board that interfaces between the computer system and the shared network media. Each network interface card, supporting the TCP/IP protocol suite, must obtain a unique IP address to communicate with other interface cards on the network.
A driver that allows the protocol driver to communicate with the network adapter card. A driver is programmed with vendor-specific and model-specific hardware requirements for each type of card. This driver must be found from among the Windows 2000 drivers or retrieved from the network adapter's vendor.
A subset of the TCP/IP suite that allows clients to read and post news messages to a news site. It allows readers to follow conversation threads.
Restoration of Active Directory from a directory backup. The restored directory is not given the same priority as current domain controller information.
An object that may not contain another object—for example, a leaf object, such as a file.
Sections of the computer's RAM that are not paged to disk. Data stored in them is always available for quick read and write operations.
Either a one-way or a two-way trust that does not support transitivity. If A trusts B and B trusts C, then A does not trust C.
During backup, the archive attribute is set on all files that have been backed up. Incremental backups then back up files that have been updated since the last normal backup.
The record that identifies authoritative DNS name servers for a domain.
The most advanced file system for Windows 2000-supported special file/folder permissions, auditing, file encryption, and large volumes.
The authentication mechanism for Windows NT and down-level versions of Windows. It is supported in Windows 2000 to authorize these earlier systems.
An instantiation of a class definition. Typical objects include files and folders. In the Active Directory, user accounts, computers, and containers are all examples of objects. An object such as a user account has associated attributes like name, telephone, and title.
Open Database Connectivity is based on the Call Level Interface (CLI) for implementing common Structured Query Language (SQL) statements when access is desired for different database implementations.
In Object Linking and Embedding technology, portions of documents, spreadsheets, or graphics are either linked to another document or embedded and copied. Linking objects allows changes to an object to be reflected in the link. Embedding or copying the object creates two separate objects, and changes in one object will not be reflected in the other.
A list of files and folders that have been backed up using the Backup utility on the local drive.
A list of files and folders that have been backed up, using the Backup utility, to a medium other than the local drive.
In a one-way trust relationship, one domain trusts another, but the second domain does not trust the first. This type of trust is nontransitive.
A unique role that is performed by a single domain controller, as discussed in Chapter 5.
The symbol or character used to make string matches and comparisons when performing searches.
A subcategory of a domain used to provide more granular control over the application of Group Policies and the delegation of administrative authority.
A collection of binary data used to communicate information over networks. The packet definition is limited to the network layer (OSI layer 3) and above. Data link layer information is considered frame information.
The section of a data packet that appears first. It contains the source, destination, and size of data contained in the packet.
The interruption that occurs when a process cannot find needed memory from RAM. If it must retrieve memory paged to the disk, a hard page fault occurs. When a process cannot access needed memory from RAM because of resource demands from another process, a soft page fault occurs.
A hidden file on the hard disk that stores paged data. Paging file information is accessed when a hard page fault occurs. RAM and paging files make up the virtual memory space.
A physical disk may be divided into as many as four partitions that appear to be separate disk drives to the user.
The sector of a computer's hard disk that contains information necessary to read disks and load the operating system during startup.
The route marked by a disk volume, folders, and a file name that are ordered to identify a particular file or folder in the directory's hierarchy. Domain names and host names may also be used to identify objects—for example, \\Entcert.com\Documents\username\Address Book.
The domain controller designated in Windows 2000 to function as the operations master that handles PDC responsibilities for down versions of Windows NT and handles all Group Policy modifications and updates.
In this type of licensing, each client is given a license to access a given server, and all licensed clients may access the server at once.
This type of licensing dedicates licenses to a given number of clients. Any client may use an available license, but no more then the number of client licenses may access the server at one time.
The ability of a user to access an object. Permissions are assigned to users and security groups and govern access privileges and actions that may be performed on an object.
A facility that automatically detects hardware components so that the correct driver may be loaded for further communication with the device.
The protocol designed to provide serial encapsulation of IP/IPX/AppleTalk protocols over remote access connections.
A protocol that supports two endpoints of a tunnel, allowing encapsulated data to travel between them. Encryption and authentication supported by the tunneling protocol create a virtual private network (VPN) through the tunnel to give users secure access to corporate networks over the Internet or an intranet.
A record that permits the reverse mapping of an IP address to a host name. PTR records can be found in reverse lookup zones.
Policies that determine the look and feel of the desktop environment, user profile locations, application availability, security settings, and logon/logoff scripts.
The closest Internet remote access point for a traveling user that permits the use of a local telephone number. Once the user dials in to an ISP's POP, she can establish access to her corporate network without long-distance phone charges.
The interface of two hardware devices. It can be a serial (COM) port, a parallel (LPT) port, a Universal Serial Bus (USB) port, and any other communication port on the computer.
Usually a communication protocol's port number used by the service. For example, HTTP servers usually listen for communication on TCP port 80.
A rule that determines the action taken when traffic attempts to send or receive on a given port.
A set of standards drafted by the Institute of Electrical and Electronic Engineers (IEEE) that define various aspects of an operating system, including programming interface, security, networking, and graphical interface. Programs that adhere to the POSIX standard can be easily ported from one system to another.
The domain controller that contains the writeable version of the user accounts database for Windows NT 4.0 domains and down-level versions. Only a PDC can exist for a Windows NT 4.0 domain. BDCs contain read-only versions of the database.
Up to four primary partitions may be created on a disk and act as a reference point for booting the system.
The application on a print server that handles print jobs and distributes them to corresponding printers.
The driver that allows the operating system to interface with a particular printer designated by a vendor and printer model.
Text fonts contained in nonvolatile memory on a printer. The printer is capable of printing only these font types.
One or more printers attached to a print server that are assigned print jobs based on current load.
A key owned by one user or computer that is not accessible to any other party. It has a corresponding public key that may be used to decrypt data encrypted by the private key. The public key can also be used to encrypt data that can be decrypted only by the private key.
An application or program that has associated dynamic memory, static memory, and program memory space. Threads can also be created in the process's memory space.
A unique number that identifies a process that is easily accessible from the Task Manager.
A standard for interpreting data transmitted from one process to another. Some protocols, such as the Internet Protocol, allow routing over the Internet, and some, such as the Transfer Control Protocol, guarantee packet delivery via a connection.
A key owned by a user or computer that is accessible to other parties. It has a corresponding private key that may be used to decrypt data encrypted by the public key. It can also be used to encrypt data that can be decrypted only by the private key.
An asymmetric key technology that uses private and public keys to exchange information.
Methods and strategies for distributing public and private keys for secure communication, authentication, and integrity of data.
The attempts to guarantee bandwidth and delivery of IP packets using protocols implemented by Windows 2000.
A fault-tolerant strategy implemented by Windows 2000 using three or more dynamic volumes to protect data. Parity information is stored along with protected data across several disks. When one disk fails, the data may be reconstructed from what's left of it and the parity information.
The volatile memory used by the system's microprocessor; it is lost when the computer loses power or is turned off. It provides the fastest memory accesses (Reads/Writes) available to the system.
The nonvolatile memory, which is not lost when the system's power is turned off and is not modified frequently or quickly. Most ROM is not modifiable by the system.
A user account that is provided a recovery key for decrypting files using the Encrypted File System (EFS). Usually this is the Administrator account.
The system console that allows basic disk access, format ability, and some repair abilities. It is started from the Windows 2000 recovery disks or directly from the command prompt using the Winnt32.exe /cmdcons command.
A temporary storage for deleted files and folders. Once it has been emptied, data is lost and disk space is freed.
A storage system that categorizes six levels of disk fault tolerance (0–5). Windows 2000 implements striping (0), mirroring (1), and Raid-5 (5).
The database that contains application and operating system configuration information; it can be viewed and modified using the regedit.exe command.
The Windows 2000 DNS server has a couple of boot options: registry settings and boots with settings contained in the text file.
A subset of an object's full distinguished name, usually the CN, or common name, portion.
An identification number that relates to a specific domain controller. A domain controller requests relative IDs from the relative ID master. A combination of the domain ID and retrieved relative IDs forms a security ID, which is then assigned to identify users, security groups, and computers in the domain.
One domain controller, the master, is assigned the responsibility to generate relative IDs for all domain controllers in the domain.
The host name portion of the Fully Qualified Domain Name used in DNS naming. For example, in ahost@domainname.com the relative name is ahost.
Ability of users outside the intranet to dial in for access or use a network interface attached to the Internet.
A protocol used by many ISPs to authenticate, authorize, and provide accounting for users who access their corporate intranets using tunneling protocols.
A message-passing facility that allows a distributed application to call services from other computers in the system.
The process of copying data to provide redundancy and object availability. A multimaster replication screen is used so that all domain controllers have the same information and read/write capability.
The configuration of replication, by which information is shared between pairs of domain controllers. The KCC automatically generates the topology of a site. An administrator establishes replication between sites.
A network server designed to support connectivity and interoperability. It analyzes network addresses in a packet and then passes the packet along. Routers make packet-forwarding decisions.
Records that associate addresses to other data. They are defined by RFC 1035 and used by DNS.
A partial list of an object's security descriptor. It defines which events are to be audited per user or group.
As part of the option menu system accessed by pressing F8 during the initial boot phase of a system, safe mode loads Windows 2000 with minimal services. It provides an environment in which a system that will not normally boot can be corrected and repaired. Safe mode can be launched in its default manner, from the command prompt or with networking services.
A protected subsystem of Windows 2000 and Windows NT that maintains the Security Account Manager database. The Active Directory supplants SAM in domain environments.
A framework of definitions that establishes the type of objects available to the Active Directory. The definitions are divided into object classes and attributes. Attributes are divided into two types: those that must exist and those that may exist. For example, the schema defines a user object class as having the user's name as a required attribute and the user's physical location or job description as an optional attribute. Attributes help distinguish an object from other objects. They are defined to include the Object Name, Object Identifier (OID), Syntax, and optional information.
A domain controller that functions as an operations master to manage schema changes and replicate them to other domain controllers.
A program that executes a series of instructions. The Windows Scripts Hosting facility permits the launching of a variety of scripts. Batch programs (with .bat or .cmd extensions) are scripts.
A secure extension to the industry-standard mail protocol.
A protocol for securing network communication using public and private keys.
A set of data attached to an object. It specifies the permissions granted to users and groups and defines the security events to be audited.
A resource record employed in a zone to register and locate TCP/IP services.
A protocol used on the Internet to transfer mail. It can relay mail across transport service environments.
A TCP/IP–based network management protocol that transports information and commands between management programs. The SNMP agent sends status data. SNMP defines the form and meaning of the messages exchanged.
In Active Directory, the basic units of the physical network structure. A site comprises one or more IP subnets that are tied together by high-speed, reliable connections. It is the administrator's responsibility to design sites that ensure the greatest network performance.
An application that is added to the Microsoft Management Console and conforms to its standard API.
The range of volumes in which data is stored. If one of the disks in the volume fails, all the data is lost.
A 32-bit value that distinguishes the TCP/IP network ID portion of the IP address from the host ID portion. TCP/IP hosts use the subnet mask to determine whether a destination host is located on a local or remote network.
The section of the hard drive that contains the configuration files necessary to boot Windows 2000.
The portion of the backup that archives the system configuration used for emergency recovery.
A shared directory that stores the server's copy of the public files, which are replicated among all domain controllers.
An applications programming interface that allows data/fax/voice calls by programs including HyperTerminal, Dial-up Networking, Phone Dialer, and other communications.
One of the most common networking protocols on the Internet. It includes a suite of applications and standards for intercomputer communication and conventions for connecting networks and routing traffic.
An application that supports traditional multiuser environments for Windows 2000. An application run on a server can be displayed and interfaced from a client computer. Microsoft supplies Terminal Services for its Windows products. Terminal Services for other environments like UNIX or Macintosh are available from third-party vendors.
A nonsecure TCP/IP file transfer protocol. Its use is generally discouraged.
Part of the public key infrastructure, a service that authorizes the granting of certificates.
A type of object within a process that executes the program instructions. Multiple threads permit the running of concurrent operations within a process.
A two-way trust relationship established between domain trees and forests. Assuming a user has permission, a transitive trust relationship permits access to objects anywhere in the tree or forest.
A program that appears to perform one function but executes other functions, generally to the detriment of the user or computer system.
Relationship between domains that allows exchange of authentication and permissions. A trust relationship allows users and global groups access to another user account's database. With trust relationships, a user who has only one user account in one domain can potentially access the entire network. All domains in a tree or forest automatically establish two-way trust relationships. In addition, explicit one-way trusts can be established between two single domains.
A convention for naming files and other resources that begins with two backslashes (\).
An address that uniquely identifies a location on the Internet. A URL for a World Wide Web site is preceded with http:// and can contain more detail, such as the name of a page of hypertext, usually identified by a suffix of .html or .htm.
The collection of a user's properties, including a unique name and password, that allows her access to a system.
The portion of the operation system that works to facilitate use and application integrity and interaction.
The file that defines the configuration data for a user, including desktop settings, persistent network connections, and application settings.
Designation of the activities a user is permitted to perform. Many user rights are established through membership in security and distribution groups.
An extended private network that involves authentication and encryption of data across public networks.
A Microsoft service that maps computer names to IP addresses. It is used by earlier versions of Windows and is supplanted by Windows 2000/.NET Server use of DNS and DHCP.
A collection of Windows 2000 and other computers that are interconnected but do not belong to a domain.
A set of standards that define a distributed directory service. The standards are developed and supported by the International Standards Organization (ISO).
A subtree of the DNS database. It is administered as a single DNS server. This administrative unit can consist of one domain or more than one child domain.
 |
|
|
| Top |