Windows Glossary
Access Control Entry (ACE) - An entry in an access control list (ACL) that defines the level of access for a group or user.
Access Control List (ACL) - A set of data associated with a file, directory or other resource that defines the permissions users or groups have for accessing it. In Active Directory, the ACL is a list of access control entries (ACEs) stored with the object it protects. In Windows NT, an ACL is stored as a binary value, called a security descriptor.
Account Lockout - A security feature that disables a user account if failed logons exceed a specified number in a specified period of time. Locked accounts cannot log on and must be unlocked by an administrator.
Active Directory - In Windows 2000 server, Active Directory replaces the Windows NT collection of directory functions with an integrated implementation that includes DNS, DHCP, the Lightweight Directory Access Protocol (LDAP), and Kerberos.
Active Server Pages - A specification for dynamically created Web pages that contain either Visual Basic or Jscript code. When a user requests such a page, the script is executed on a server and the page is transmitted to a user as an HTML document.
ActiveX - A loosely defined set of technologies that allows software components to interact with each other in a networked environment.
ActiveX Control - A set of rules for how ActiveX technologies are used to create applets.
Address - Precise location where a piece of information is stored in memory or on disk. Also, the unique identifier for a node on a network. On the Internet, the code by which an individual user is identified. The format is username@hostname, where username is your user name, logon name, or account number, and hostname is the name of the computer or Internet provider you use. The host name may be a few words strung together with periods.
Address Resolution Protocol (ARP) - A TCP/IP and AppleTalk protocol that provides IP-address-to-MAC address resolution for IP packets.
Advanced Configuration and Power Interface (ACPI) - An industry specification defining power management on a range of computer devices. ACPI compliance is necessary for devices to use the power management capabilities in Windows 2000.
Allocation Unit - The smallest unit of measure on a hard drive or logical volume. Also called a cluster.
Anonymous FTP - A way to use the FTP program to log on to another computer to copy files when you don't have an account on that computer. When you log on, enter anonymous as the user name and your address as the password. This gives you access to publicly available files. See FTP.
AppleTalk - Local area network architecture built into Macintosh computers to connect Macintosh computers and printers. A network with a Windows 2000 server and Macintosh clients can function as an AppleTalk network with the use of AppleTalk network integration (formerly Services for Macintosh).
Associate - To connect files having a particular extension to a specific program. When you double-click on a file with the extension, the associated program is opened, and the file you clicked on is opened. In Windows, associated file extensions are usually called registered file types.
Asynchronous Transfer Mode (ATM) - A network technology based on sending data in cells or packets of a fixed size. It is asynchronous in that the transmission of cells containing information from a particular user is not necessarily periodic.
Attribute - A characteristic. In Windows 2000 file management, it is information that shows whether a file is read-only, hidden, compressed, encrypted, ready to be backed up (archived) or should be indexed.
Audit Policy - Defines the type of security events to be logged. Can be defined on a server or an individual computer.
Authentication - Verification of identity of a user or computer process. In Windows 2000 and Windows NT, involves comparing the user's security identifier (SID) and password to a list of authorized users on a domain controller.
Backup Domain Controller (BDC) - In a Windows NT domain, a computer that stores a backup of the database which contains all the security and account information from the Primary Domain Controller (PDC). The database is regularly and automatically synchronized with the copy on the PDC. A BDC also authenticates logons and can be promoted to a PDC when necessary. In a Windows 2000 domain, backup domain controllers are not required; all domain controllers are peers, and all can perform maintenance on the directory. Windows NT 4.0 and 3.51 backup domain controllers can participate in a Windows 2000 domain when it is running in mixed mode.
Backup Media Pool - A logical set of back-up storage media used by Windows 2000 Backup.
Bandwidth - On a network, the transmission capacity of a communications channel stated in megabits per second (Mbps). For example, Ethernet has a bandwidth of 10 Mbps. Fast Ethernet has a bandwidth of 100 Mbps.
Binding - A software connection between a network card and a network transport protocol (such as TCP/IP).
Bootstrap Protocol (BOOTP) - Used on TCP/IP networks to enable a diskless workstation to learn its own IP address, the location of a BOOTP server on the network, and a file to be loaded into memory to boot the machine. This allows a computer to boot without a hard drive or a floppy disk.
Broadcasting - To simultaneously send a message to everyone on a network. See multicasting.
Browser Service - The service that maintains a current list of computers and provides the list to applications when needed. When a user attempts to connect to a resource in the domain, the browser service is contacted to provide a list of available resources. The lists displayed in My Network Places and Active Directory Users and Computers (among others) are provided by the browser service. Also called the computer browser service.
Certificate - A credential used to prove the origin, authenticity and purpose of a public key to the entity that holds the corresponding private key.
Certificate Authority (CA) - The service that accepts and fulfills certificate requests and revocation requests and may also manage the policy directed registration process a user completes to get a certificate.
Certificate Revocation List (CRL) - A digitally signed list published by a certificate authority of certificates that are no longer valid.
Child Domain - Domains located directly beneath another domain name (parent domain). For example, engineering.scribes.com is a child domain of scribes.com, the parent domain. Also called a sub domain.
Child Object - An object inside another object. For example, a file is a child object inside a folder, which is the parent object.
Cluster - A set of computers joined together in such as way that they behave as a single system. Clustering is used for load balancing as well as fault tolerance. Members of a cluster are referred to as nodes.
Cluster Service - The collection of software on each node that manages all cluster-specific activity.
Console Tree - The default left pane in a Microsoft Management Console (MMC) that shows the items contained in a console.
Container - An Active Directory object that has attributes and is part of the Active Directory namespace. Unlike other objects, it does not usually represent something concrete. It is a package for a group of objects and other containers.
Cross-link Trust - A transitive trust relationship between two Windows 2000 domains in different domain trees but within the same forest. Cross-link trusts must be explicitly created.
Daemon - A background program that runs unattended, gathering information or performing other tasks.
Delegation - Assigning administrative rights over a portion of the namespace to another user or group.
DHCP (Dynamic Host Configuration Protocol) - A TCP/IP protocol used to automatically assign TCP/IP addresses of network clients.
Directory Service - Provides the means for storing directory data and making this data available to network users and administrators. For example, Active Directory stores information about user accounts, such as names, passwords, phone numbers, and so on, and enables other authorized users on the same network to access this information.
Disk Quota - A limitation set by an administrator on the amount of disk space available to a user.
Distributed File System (DFS) - A file management system in which files may be located on separate computers but are presented to users as a single directory tree.
Distinguished Name - In the context of Active Directory, "distinguished" means the qualities that make the name distinct. The distinguished name identifies the domain that holds the object as well as the complete path through the container hierarchy used to reach the object. A typical DN might be CN=Mary Perez, OU=Research, DC=MegaIntl, DC=com. This DN identifies the "Mary Perez" user object in the MegaIntl.com domain.
DNS (Domain Name System or Service) - A service on TCP/IP networks (the Internet included) that translates domain names into IP addresses. This allows users to employ friendly names like FinanceServer or ourbusiness.com when querying a remote system, instead of an IP address such as 198.45.233.59.
DNS Name Servers - Servers that contain information about part of the Domain Name System database. These servers make computer names available to queries for name resolution across the Internet. Also called domain name servers.
Domain - A group of computers that share a security policy and a user account database. Not the same as an Internet domain. (See domain name).
Domain Controller - A server in a domain that accepts account logons and initiates their authentication.
Domain Local Group - A domain local group used on ACLs only in its own domain. A domain local group can contain users and global groups from any domain in the forest, universal groups, and other domain local groups in its own domain.
Domain Name - In Active Directory, the name given to a collection of networked computers that share a common directory. On the Internet, the unique text name that identifies a specific host. A machine may have more than one domain name, but a given domain name points to only one machine. Domain names are resolved to IP addresses by DNS name servers.
Domain Naming Master - The one domain controller assigned to control the addition or removal of domains in a forest. See operations master.
Downlevel - Term used to describe Microsoft services for clients, servers, and networks prior to Windows 2000.
Dynamic Data Exchange (DDE) - Communication between processes implemented in the Windows family of operating systems. When programs that support DDE are running at the same time they can exchange data by means of conversations. Conversations are two-way connections between two applications that transmit data alternately.
Dynamic Link Library (DLL) - A program module that contains executable code and data that can be used by various programs. The program uses the DLL only when the program is active and is unloaded when the program closes.
Enterprise - Term used to encompass all of a business operation including all remote offices and branches.
Environment Variable - A string of environment information such as a drive, path, or filename associated with a symbolic name. The System option in the Control Panel or the Set command from the command prompt can be used to define environment variables.
Ethernet - A local area network protocol developed by Xerox Corporation in 1976. Ethernet supports data transfer rates of 10 Mbps and uses a bus topology and thick or then coaxial, fiber-optic, or twisted-pair cabling. A newer version of Ethernet called Fast Ethernet supports data transfer rates of 100 Mbps and an even newer version Gigabit Ethernet supports data transfer rates of 1000 Mbps.
Extended Partition - A nonbootable portion of the hard drive that can be subdivided into logical drives. There can be only a single extended partition per hard drive, but it can be divided into multiple logical drives.
File Allocation Table (FAT) - A file system consisting of a table that keeps track of the size and location of files on a hard drive.
Firewall - A protective filter for messages and logons. An organization connected directly to the Internet uses a firewall to prevent unauthorized access into their network. See proxy server.
Folder Redirection - An option in Group Policy to place user's special folders such as My Documents on a network server.
Forest - A group of one or more Active Directory trees that trust each other via two-way transitive trusts. All trees in a forest share a common schema, configuration, and global catalog. When a forest contains multiple trees, the trees do not form a contiguous namespace. Unlike trees, a forest does not need a distinct name.
FTP (File Transfer Protocol) - A method of transferring one or more files from one computer to another over a network or telephone line. Because FTP has been implemented on a variety of systems, it's a simple way to transfer information between usually incongruent systems such as a PC and a mini-computer.
Fully Qualified Domain Name (FQDN) - A domain name that includes the names of all network domains leading back to the root so as to clearly indicate location in the domain namespace tree. An example of a FQDN would be accts.finance.dataflointl.com or sales.europe.microsoft.com.
Gateway - A device used to connect networks using dissimilar protocols so that information can be passed from one to another.
Global Catalog - Contains a full replica of all directory objects in its host domain plus a partial replica of all directory objects in every domain in the forest. A global catalog contains information about all objects in the all domains in the forest, so finding information in the directory doesn't require unnecessary queries across domains. A single query to the global catalog produces the information about where the object can be found.
Global Group - A group that can be used in its own domain and in trusting domains. However, it can contain user accounts and other global groups only from its own domain.
Globally Unique Identifier (GUID) - Part of the identifying mechanism generated by Active Directory for each object in the directory. If a user or computer object is renamed or moved to a different name, the security identifier (SID), relative distinguished name, and distinguished name will change but the globally unique identifier will remain the same.
Group Policy - Setting of rules for computers and users in Windows 2000. Includes the registry-based policy found in Windows NT Server 4.0, but is also able to store policies for file deployment, application deployment, logon/logoff scripts and startup/shutdown scripts, domain security, Internet Protocol Security (IPSec), and so on.
Group Policy Object (GPO) - A collection of policies stored in two locations: a Group Policy container (GPC) and a Group Policy template (GPT). The GPC is an Active Directory object that stores version information, status information, and other policy information (for example, application objects). The GPT is used for file-based data and stores software policy, script, and deployment information. The GPT is located on the system volume folder of the domain controller.
Hive - One of five sections of the registry on the hard disk. Each hive is a discrete body of keys, subkeys and values that record configuration information for the computer. Each hive is a file and can be moved from one system to another but can be edited only by using Registry Editor.
Host - Any device on the network that uses TCP/IP. Also, a computer on the Internet you may be able to log on to. You can use FTP to get files from a host computer and use other programs (such as Telnet) to make use of the host computer.
HOSTS File - A local ASCII text file that maps host names to IP addresses. Each line represents one host, starting with the IP address, one or more spaces, and then the host's name.
HTML (Hypertext Markup Language) - A system used for writing pages for the World Wide Web. HTML allows text to include codes that define fonts, layout, embedded graphics, and hypertext links.
HTTP (Hypertext Transfer Protocol) - The method by which World Wide Web pages are transferred over the network.
Hypertext - A system of writing and displaying text that enables the text to be linked in multiple ways, available at several levels of detail. Hypertext documents can also contain links to related documents, such as those referred to in footnotes. Hypermedia can also contain pictures, sounds, and/or video.
Intellimirror - A suite of technologies that provides for redundant copies of data to be stored on both client and server.
ICMP (Internet Control Message Protocol - A protocol used to report problems encountered with the delivery of data, such as an unreachable host or unavailable port. Also used to send a request packet to determine if a host is available. The receiving host sends back a packet if it is alive and functioning. See ping.
Internet - The vast collection of interconnected networks that all use TCP/IP and that evolved from ARPANET of the late 1960s and early 1970s. The Internet connects roughly 70,000 independent networks into a vast, global network.
Internet Explorer - Microsoft's Windows-based, WinSock-compliant program for browsing the World Wide Web.
IP (Internet Protocol) - The transport layer protocol used as a basis of the Internet. IP enables information to be routed from one network to another in packets and then reassembled when they reach their destination.
IP Number of IP Address - A four-part number separated by periods (for example, 165.113.245.2) that uniquely identifies a machine on the Internet. Every machine on the Internet has a unique IP number; if a machine does not have an IP number, it is not really on the Internet. Most machines also have one or more domain names that are easier for people to remember.
IPng or IPv6 - Short for Internet Protocol next generation, a new version of the Internet Protocol. The official name of IPng is IPv6 where the v6 stands for version 6. The current version of IP is version 4, also known as IPv4. IPng is an evolutionary upgrade and will co-exist with v4 for some time.
IPSec. Internet Protocol Security - An IETF Internet standard for creating virtual private networks.
IPX/SPX - Transport protocols used in Novell NetWare networks.
IRC (Internet Relay Chat) - A system that enables Internet users to talk with each other in real time over the Internet.
Java - An advanced programming language similar to C and C++ used in Web Pages to provide animation and other advanced features that make a Web Page unique.
Kerberos - An identity-based security system that authenticates users at logon. It works by assigning a unique key, called a ticket, to each user who logs on to the network. The ticket is then embedded in messages to identify the sender of the message. The Kerberos protocol is the primary authentication mechanism in the Windows 2000 operating system.
Kernel - The part of the executive that manages the processor. The kernel performs thread scheduling and dispatching, interrupt and exception handling, and multiprocessor synchronization.
LAN (Local Area Network) - A group of connected computers, usually located close to one another (such as the same building or floor of the building) so that data can be passed among them.
Lightweight Directory Access Protocol (LDAP) - A protocol used to access a directory service. LDAP is a simplified version of the Directory Access Protocol (DAP), which is used to gain access to X.500 directories. LDAP is the primary access protocol for Active Directory.
Listserv - A family of programs that manage Internet mailing lists by distributing messages posted to the list, adding and deleting members automatically.
LMHOSTS File - An ASCII text file like HOSTS but used to associate IP addresses to host names inside a network. To remember which is which, remember LMHOSTS as LAN Manager HOSTS.
Logon (also Login) - Can be a noun or a verb. As a noun, it's the account name used to gain access to a computer system. Unlike a password, the logon name is not a secret. As a verb, it means the act of entering into a computer system; for example, "Logon to the network and read your email."
Logon or Logoff Script - Typically a batch file set to run when a user logs on or logs off a system. A logon used to configure a user's initial environment. A logoff script is used to return a system to some predetermined condition. Either script can be assigned to multiple users individually or through Group Policy.
MAC (Media Access Control) Address - A unique 48-bit number assigned to network interface cards by the manufacturer. MAC addresses are used for mapping in TCP/IP network communication.
Member Server - A computer running Windows 2000 server or Windows NT Server that is not a domain controller. Member servers can be dedicated to serving up files or printer services or some other function. A member server does not verify logons or maintain a security database.
Mirror. 1 - Two partitions on two hard drives configured so that each will contain identical data to the other. If one drive fails, the other contains the data and processing can continue.
Mirror. 2 - An FTP server that provides copies of the same files as another server. Some FTP servers are so popular that other servers have been set up to mirror them and spread the FTP load to more than one site.
Mixed Mode - A domain in which domain controllers running both Windows 2000 and earlier versions of Windows NT co-exist. In mixed mode, the domain features from previous versions of Windows NT Server are still enabled, while some Windows 2000 features are disabled. Windows 2000 Server domains are installed in mixed mode by default. In mixed mode the domain may have Windows NT 4.0 backup domain controllers present. Nested groups are not supported in mixed mode.
Modem (MOdulator + DEModulator) - A device that connects between a computer and a telephone line to allow the computer to talk to other computers through the system. Modems convert the computer's digital signals into analog waves that can be transmitted over standard voice telephone lines. Modem speeds are measured in bits per second (bps) -- also sometimes expressed as kilobits (thousands of bits) per second (Kbps). For example, 28.8 Kbps and 28,800 bps are the same thing - 28,800 bits per second.
Multicasting - Simultaneously sending a message to more than one destination on a network. Distinguished from broadcasting in that multicasting send to only selected recipients.
Multi-master Replication - A feature of Active Directory, multi-master replication automatically propagates every object (such as users, groups, computers, domains, organization units, security policies, and so on) created on any domain controller to each of the other participating domain controllers. All domain controllers contain the same directory data so the domain is not dependent on a single source for directory information.
Multitasking - Computer legerdemain by which tasks are switched in and out of the processor so quickly that it appears they are all happening at once. The success of a multitasking system depends on how well the various tasks are isolated from one another.
Multithreading - The simultaneous process of several threads inside the same program. Because several threads can be processed in parallel, one thread does not have to finish before another one can start. (See thread)
Name Resolution - The process of mapping a name into its corresponding address.
Namespace - A name or group of names defined according to a naming convention; any bounded area in which a given name can be resolved. The Active Directory is primarily a namespace, as is any directory service. The Internet uses a hierarchical namespace that partitions names into categories known as top-level domains such as .com, .edu, and .gov.
Native Mode - The condition of a domain when all domain controllers have been upgraded to Windows 2000 and the administrator has enabled native mode operation. See mixed mode.
NetBEUI (NetBIOS Extended User Interface) - A small and fast protocol that requires little memory but can't be routed. Remote locations linked by routers can't use NetBEUI to communicate.
Netlogon Service - Accepts logon requests from any client and provides authentication from the Security Account Manager database of accounts.
Network - Two or more computers connected to share resources.
Newsgroup - On the Internet, a distributed bulletin board system about a particular topic. Usenet News (also known as Netnews) is a system that distributes thousands of newsgroups to all parts of the Internet.
NNTP (Network News Transfer Protocol) - A protocol defined for distribution, inquiry, retrieval, and posting of news articles on the Internet.
Node - A location on a tree structure with links to one or more items below it. On a LAN, a device that can communicate with other devices on the network. In clustering, a computer running Windows 2000 Advanced Server that is a member of a cluster.
NTFS (New Technology File System) - The native file system for Windows 2000 and Windows NT. Supports long file names, a variety of permissions for sharing files and a transaction log that allows the completion of any incomplete file-related tasks if the operating system is interrupted.
Object - An object is a particular set of attributes that represents something concrete, such as a user, a printer, or an application. The attributes hold data describing the thing that is identified by the directory object. Attributes of a user might include the user's given name, surname, and e-mail address. The classification of the object defines which types of attributes are used. For example, the objects classified as "users" might allow the use of attribute types like "common name," "telephone number," and "e-mail address," while the object class "organization" allows for attribute types like "organization name" and "business category." An attribute can take one or more values, depending on its type.
Object Identity - Every object in Active Directory has a unique identity. Objects can be moved or renamed, but their identity never changes. Objects are known internally by their identity, not their current name. An object's identity is a Globally Unique Identifier (GUID), which is assigned by the Directory System Agent (DSA) when the object is created. The GUID is stored in an attribute, object GUID, that is part of every object. The object GUID attribute can't be modified or deleted. When storing a reference to an Active Directory object in an external store (for example, a database), you should use the object GUID because, unlike a name, it won't change.
Operations Master - Active Directory operations that are single-master, that is, not permitted to occur at different places in the network at the same time. Examples of these operations include the primary domain controller emulator, schema modification, domain naming, and the relative identifier (RID) allocator.
Organizational Unit (OU) - A container object in Active Directory used to separate computers, users, and other resources into logical units. An organizational unit is the smallest entity to which Group Policy can be applied.
Packet - The basic unit of information sent over a network. Each packet contains the destination address, the sender's address, error-control information, and data. The size and format of a packet depends on the protocol being used.
Page - A document, or collection of information, available via the World Wide Web. A page may contain text, graphics, video, and/or sound files. Also, a portion of memory that the virtual memory manager can swap to and from a hard drive.
Paging - A virtual memory operation in which pages are transferred from memory to disk when memory becomes full. When a thread accesses a page that's not in memory, a page fault occurs and the memory manager uses page tables to find the page on disk and then loads the page into memory.
Peer-to-Peer - A network in which two or more machines can communicate with each other without the need for any intermediary device. On a peer-to-peer network, a computer can be both a client and a server.
Ping - A network management tool that checks to see if another computer is alive and functioning. It sends a short message to which the other computer automatically responds. If the other computer does not respond to the ping, you usually cannot establish communications.
Point of Presence (POP) - A physical site in a geographic area where a network access provider, such as MCI, has equipment to which users connect. The local telephone company's central office in a particular area is also sometimes referred to as their POP for that area.
Post Office Protocol (POP) - A system by which a mail server on the Internet lets you access your mail and download it to a PC or Macintosh. Most people refer to this protocol with its version number (POP2, POP3, and so on) to avoid confusing it with Point of Presence.
PPP (Point-to-Point Protocol) - A protocol that provides router-to-router and host-to-network connections over a telephone line (or a network link that acts like a telephone line). Similar to SLIP.
Primary Domain Controller (PDC) - In a Windows NT domain, the server that authenticates domain logons, and maintains the security policy and master database for a domain. In Windows 2000, one of the domain controllers in each domain is identified as the PDC for compatibility with downlevel clients and servers.
Primary Partition - A portion of the hard drive that's been marked as a potentially bootable logical drive by an operating system. DOS can support only a single primary partition, but Windows NT and Windows 2000 can support multiple ones. There can be only four primary partitions on any hard drive.
Profile - Loaded by the system when a user logs on, defines a user's environment including network settings, printer connections, desktop settings, and program items.
Proxy Server - A server that receives Internet Web requests from clients, retrieves the Web pages, and forwards them to clients. Proxy servers can dramatically improve performance for groups of users by caching retrieved pages. Proxy servers also provide a security purpose by shielding the IP addresses of internal clients.
Public Key Cryptography - A method of secure transmission in which two different keys are used - a public key for encrypting data and a private key for decrypting data.
Quality of Service (QoS) - A set of standards for assuring the quality of data transmission on a network.
RADIUS (Remote Authentication Dial-In User Service) - A security authentication system used by many Internet Service Providers. A user connects to the ISP and enters a username and password. This information is verified by a RADIUS server, which then authorizes access to the ISP system.
RAID (Redundant Array of Inexpensive Drives) - A range of disk management and striping techniques to implement fault-tolerance.
Relative Distinguished Name (RDN) - Active Directory uses the concept of a relative distinguished name (RDN), which is the part of the distinguished name that is an attribute of the object itself. In the following example, the RDN of the user object is CN=Mary Perez. The RDN of the parent object is OU=Research. Example: CN=Mary Perez, OU=Research, DC=MegaIntl, DC=com.
Relative Identifier (RID) - The part of the security identifier (SID) that is unique to each object.
Remote Access Service (RAS) - Allows users to connect from remote locations and access their networks for file and printer sharing and email. The computer initiating the connection is the RAS client; the answering computer is the RAS host.
Remote Installation Service - Allows the installation of client systems without visiting each client.
Replication - Enables the contents of a directory, designated as an export directory, to be copied to other directories, called import directories, on network computers.
Requests for Comments (RFC) - An evolving collection of material that details the functions within the TCP/IP family of protocols. Some RFCs are official documents of the IETF (Internet Engineering Task Force), defining the standards of TCP/IP and the Internet, while others are simply proposals trying to become standards, and other fall somewhere in between. Some are tutorial in nature, while others are quite technical.
Router - A special-purpose computer (or software package) that handles the connection between two or more networks. Routers look at the destination addresses of the packets passing through them and decide which route to use to send them.
Schema - A definition of the object classes and attributes that can be stored in Active Directory. Like other objects in Active Directory, schema objects have an Access Control List to limit alterations to authorized users only.
Schema Master - The single domain controller assigned to track all updates to a schema within a forest.
Scope - IN DHCP, the range of IP addresses available to be leased to DHCP clients by the DHCP service. In groups, scope describes where in the network permissions can be assigned to the group.
Security Accounts Manager (SAM) - Manager of user account information including group membership. A logon service of both Windows 2000 and Windows NT.
Security ID (SID) - A unique number assigned to every computer, group, and user account on a Windows 2000 and Windows NT network. Internal processes in the OS refer to an account's SID rather than a name. A deleted SID is never reused.
Server - A computer that provides a service to other computers on a network. A file server for example, provides files to client machines.
Site - In Active Directory, an area of one or more well-connected subnets. When users logon to a site, clients use Active Directory servers in the same site. See well-connected.
SLIP (Serial Line Internet Protocol) - A protocol used to run IP over serial lines or telephone lines using modems. Rapidly being replaced by PPP (Point-to-Point Protocol).
SMTP (Simple Mail Transfer Protocol) - A protocol used to transfer e-mail messages between computers.
Smart Card - A credit card-sized device that securely stores user credentials such as passwords, certificates, public and private keys, and other types of personal information.
Snap-in - A tool that can be added to a console supported by the Microsoft Management Console. A snap-in extension can be added to extend the function of a snap-in.
Socket - An endpoint to a connection. Two sockets form a complete path for a bi-directional pipe for incoming and outgoing data between networked computers. The Windows Sockets API is a networking API for programmers writing for the Windows family of products.
Subdomain - A domain in the DNS namespace that is located directly under another domain. See child domain.
Subnet - The portion of a TCP/IP network in which all devices share a common prefix. For example, all devices with an IP address that starts with 198 are on the same subnet. IP networks are divided using a subnet mask.
Subtree - A subtree is any unbroken path in a tree, including all of the members of any containers in that path.
Superscope - A collection of scopes grouped into a single administrative whole. Grouping scopes together into a superscope makes it possible to have more than one logical subnet on a physical subnet.
Systemroot - The path and folder where the Windows 2000 system files are located. The value %systemroot% can be used in paths to replace the actual location. To identify the systemroot folder on a computer, type %systemroot% at a command prompt.
TCP/IP (Transmission Control Protocol/Internet Protocol) - The protocol that networks use to communicate with each other on the Internet.
Telnet - The command and program used to logon from one Internet site to another. The Telnet command/program gets you to the "login" prompt of another host.
Terminal - A device that allows you to send commands to another computer. At a minimum, this usually means a keyboard and a display screen and some simple circuitry. Usually you will use terminal software in a personal computer -- the software pretends to be ("emulates") a physical terminal and allows you to type commands to another computer.
Thread - An executable entity that belongs to one (and only one) process. In a multitasking environment, a single program can contain several thread, all running at the same time.
Transitive Trust - The standard trust between Windows 2000 domains in a domain tree or forest. Transitive trusts are always two-way. When a domain joins a domain tree or forest, a transitive trust is established automatically.
Tree - A tree in Active Directory is just an extension of the idea of a directory tree. It's a hierarchy of objects and containers that demonstrates how objects are connected, or the path from one object to another. Endpoints on the tree are usually objects.
Trojan Horse - A destructive program designed to disguise itself as a benign application. Unlike viruses, Trojan horses do not replicate themselves but can be just as dangerous.
Trust Relationship - A security term meaning that one workstation or server trusts a domain controller to authenticate a user logon on its behalf. More commonly, it means a domain controller trusts a domain controller in another domain to authenticate a logon.
Universal Group - A group that can be used anywhere is a domain tree or forest. Members can come from any domain and rights can permissions can be assigned at any domain. Universal groups are available only when the domain is in native mode.
Universal Naming Convention (UNC) - A PC format for indicating the location of resources on a network. UNC uses the following format: \\server\shared_resource_path So to identify the Example.txt file in the Sample folder on the server named Ample, the UNC would be \\ample\sample\example.txt
UNIX - A computer operating system designed to be used by many computer users at the same time (it is "multi-user") with TCP/IP built in. It is the most common operating system for servers on the Internet.
URL (Uniform Resource Locator) - The standard way to give the address of any resource on the Internet that is part of the World Wide Web. For example, http://www.capecod.net/~fcollege/index.htm. The most common way to use a URL is to enter it into a Web browser program, such as Microsoft Internet Explorer or Netscape(r) Navigator.
User Account - A user's access to a network. Each user account has a unique user name and security ID.
User Profiles - Information and restrictions about user accounts. See profile.
VRML (Virtual Reality Markup Language) - A system used for writing pages for the World Wide Web. VRML allows your Web Page to include codes that define animations and 3D graphics.
Viewer - A program used by Gopher, WAIS, or WWW client programs to show files with contents other than text. You use a viewer to display graphics or video files, or to play sound files.
WAN (Wide Area Network) - Any Internet or network that covers an area larger than a single building or campus.
Well-connected - Sufficiently fast and reliable for the needs of Active Directory clients and servers. The definition of "sufficiently fast and reliable" for a particular network depends on the work being done on the specific network.
Windows Socket (WinSock) - Windows Sockets is a standard way for Windows-based programs to work with TCP/IP. You can use WinSock if you use SLIP to connect to the Internet.
WINS (Windows Internet Name Service) - A name resolution service that converts computer names to IP addresses in a routed environment.
WWW (World Wide Web) - A hypermedia-based system for accessing information on the Internet.
Workstation - In Windows NT, a computer running the Windows NT Workstation operating system. In a wider context, used to describe any powerful computer optimized for graphics or computer aided design (CAD) or any of a number of other functions requiring high performance.
X.500 - A standard for a directory service established by the International Telecommunications Union (ITU). The same standard is also published by the International Standards Organization / International Electrotechnical Commission (ISO/IEC). The X.500 standard defines the information model used in the directory service. All information in the directory is stored in entries, each of which belongs to at least one object class. The actual information in an entry is determined by attributes that are contained in that entry.
Zone - A part of the DNS namespace that consists of a single domain or a domain and subdomains managed by as a single, separate entity.
