Cabinet file. A single cabinet file that stores multiple compressed files. These files are commonly used in software installation and to reduce the file size and the associated download time for Web content.

A file format that is used for the storage of public key certificates.

The file name extension for files that contain device information or scripts to control hardware operations.

A service that is part of Microsoft .NET Framework. .NET Passport includes a passport authentication protocol, and it provides the ability to map passport IDs to Active Directory accounts.

A file format that is used for the storage of public key certificates and their associated private keys.

An Institute of Electrical and Electronic Engineers (IEEE) standard for port-based network access control that provides authenticated network access to Ethernet networks and wireless 802.11 local area networks (LANs).

A resource record used to map a DNS domain name to a host Internet Protocol version 6 (IPv6) address on the network.

A security mechanism that determines which operations a user, group, service, or computer is authorized to perform on a computer or on a particular object, such as a file, printer, registry subkey, or directory service object.

An entry in an object's discretionary access control list (DACL) that grants permissions to a user or group. An ACE is also an entry in an object's system access control list (SACL) that specifies the security events to be audited for a user or group.

A list of security protections that apply to an entire object, a set of the object's properties, or an individual property of an object. There are two types of access control lists: discretionary and system.

A phone number that subscribers can dial to reach online services.

A data structure that contains the security identifier (SID) for a security principal, SIDs for the groups that the security principal belongs to, and a list of the security principal's privileges (also called user rights) on the local computer.

A Windows security feature that locks a user account if a number of failed logon attempts occur within a specified amount of time, based on security policy lockout settings. Locked accounts cannot log on.

In auditing, a group of events that are logged when a user logs on to a computer that uses another computer to validate the user account. Events in this event category are logged on the computer that validates the user account.

In auditing, a group of events that are logged when user or group account information is modified.

A message transmitted to indicate that data has been received correctly. The Transmission Control Protocol (TCP) requires that the recipient acknowledge successful receipt of data. Such acknowledgments (ACKs) generate additional network traffic, decreasing the rate at which data passes but increasing reliability. To reduce the impact on performance, most hosts send an acknowledgment for every other segment or when a specified time interval has passed.

For Message Queuing, a message class that indicates that a message arrived or was retrieved by the target application (a positive acknowledgment), or that an error occurred before the original message could be retrieved (a negative acknowledgment). These messages are sent to administration queues on the source computer.

Describes the window or icon that you are currently using or that is currently selected. The operating system always applies the next keystroke or command you choose to the active window. Windows or icons on the desktop that are not selected are inactive.

An application programming interface (API) built into a variety of Windows operating systems, including Windows 2000, Windows XP, and products in the Windows Server 2003 family. Active Accessibility allows an accessibility aid (or other Active Accessibility client) to collect meaningful information from an application's user interface and convey that information to the user. For example, Microsoft Active Accessibility allows a screen reader to convey to the user that an application is displaying a pop-up message asking whether to save or discard file changes. Because Active Accessibility reduces the need for application-specific code, it reduces overall maintenance costs and allows software developers to innovate in their user interface without sacrificing compatibility with accessibility aids.

A feature in Microsoft Internet Security and Acceleration (ISA) Server that retrieves files for Web pages that are accessed frequently.

Dynamic content, such as a stock ticker, a weather map, or news, that is usually updated from the World Wide Web or a channel.

The Windows-based directory service. Active Directory stores information about objects on a network and makes this information available to users and network administrators. Active Directory gives network users access to permitted resources anywhere on the network using a single logon process. It provides network administrators with an intuitive, hierarchical view of the network and a single point of administration for all network objects.

The tool that is used to install and remove Active Directory.

The synchronization of Active Directory partition replicas between domain controllers. Replication automatically copies the changes that originate on a writable directory partition replica to all other domain controllers that hold the same directory partition replica. More specifically, a destination domain controller pulls these changes from the source domain controller.

A directory service model and a set of Component Object Model (COM) interfaces. ADSI enables Windows applications and Active Directory clients to access several network directory services, including Active Directory. ADSI is supplied as a software development kit (SDK).

An administrative tool used by an administrator to perform day-to-day Active Directory administration tasks. The tasks that can be performed with this tool include creating, deleting, modifying, moving, and setting permissions on objects stored in the directory. Examples of objects in Active Directory are organizational units, users, contacts, groups, computers, printers, and shared file objects.

A primary Domain Name System (DNS) zone that is stored in Active Directory so that it can use multimaster replication and Active Directory security features.

A partition from which an x86-based computer starts up. The active partition must be a primary partition on a basic disk. If you use Windows exclusively, the active partition can be the same as the system volume.

The volume from which the computer starts up. The active volume must be a simple volume on a dynamic disk. You cannot mark an existing dynamic volume as the active volume, but you can upgrade a basic disk containing the active partition to a dynamic disk. After the disk is upgraded to dynamic, the partition becomes a simple volume that is active.

A set of technologies that allows software components to interact with one another in a networked environment, regardless of the language in which the components were created.

A reusable software component that can be used to incorporate ActiveX technology.

A unique identifier that identifies a network node to other nodes on the network. Also known as the net address or MAC address.

A resource record (RR) used to map a DNS domain name to a host Internet Protocol version 4 (IPv4) address on the network.

A predefined grouping of Internet addresses that defines a network of a certain size. The range of numbers that can be assigned for the first octet in the IP address is based on the address class. Class-based IP addressing has been superceded by Classless Interdomain Routing (CIDR).

The addresses within a DHCP scope range of addresses that are available for leased distribution to clients.

In TCP/IP, a protocol that uses broadcast traffic on the local network to resolve a logically assigned Internet Protocol version 4 (IPv4) address to its physical hardware or media access control (MAC) layer address.

In asynchronous transfer mode (ATM), ARP is used two different ways. For classical IPv4 over ATM (CLIP), ARP is used to resolve addresses to ATM hardware addresses. For ATM LAN emulation (LANE), ARP is used to resolve Ethernet/802.3 or Token Ring addresses to ATM hardware addresses.

A set of application programming interfaces (APIs) developed by Microsoft that allows software developers to create applications that use up to 64 GB of physical nonpaged memory in a 32-bit virtual address space on 32-bit platforms. This technology allows for windowed views to this physical memory from within the application's virtual address space.

A relationship formed between selected neighboring Open Shortest Path First (OSPF) routers for the purpose of exchanging routing information. When the link state databases of two neighboring routers are synchronized, the routers are said to be adjacent. Not every pair of neighboring routers becomes adjacent.

For Message Queuing, a queue that stores acknowledgment messages.

Alerts that relate to server and resource use. They notify users about problems in areas such as security and access, user sessions, server shutdown due to power loss (when an uninterruptible power supply (UPS) is available), directory replication, and printing. When a computer generates an administrative alert, a message is sent to a predefined list of users and computers.

Logon information that is used to identify a member of an administrative group. Groups that use administrative credentials include Administrators, Domain Admins, and DNS Admins. Most system-wide or domain-wide tasks require administrative credentials.

In the Windows Server 2003 family, a person who is responsible for setting up and managing local computers, stand-alone servers, member servers, or domain controllers. An administrator sets up user and group accounts, assigns passwords and permissions, and helps users with networking problems. Administrators can be members of the Administrators group on local computers or servers. A person who is a member of the Administrators group on a local computer or server has full access to that computer or server and can assign access control rights to users as necessary.

Administrators can also be members of the Domain Admins group on domain controllers and have full control over user and computer accounts residing in that domain.

On a local computer, the first account that is created when you install an operating system on a new workstation, stand-alone server, or member server. By default, this account has the highest level of administrative access to the local computer, and it is a member of the Administrators group.

In an Active Directory domain, the first account that is created when you set up a new domain by using the Active Directory Installation Wizard. By default, this account has the highest level of administrative access in a domain, and it is a member of the Administrators, Domain Admins, Domain Users, Enterprise Admins, Group Policy Creator Owners, and Schema Admins groups.

On a local computer, a group whose members have the highest level of administrative access to the local computer. Examples of administrative tasks that can be performed by members of this group include installing programs; accessing all files on the computer; auditing access control; and creating, modifying, and deleting local user accounts.

In an Active Directory domain, a group whose members have the highest level of administrative access in the domain. Examples of administrative tasks that can be performed by members of this group include setting domain policy; assigning and resetting domain user account passwords; setting up and managing domain controllers; and creating, modifying, and deleting domain user accounts.

An open industry specification that defines power management on a wide range of mobile, desktop, and server computers and peripherals. ACPI is the foundation for the OnNow industry initiative that allows system manufacturers to deliver computers that start at the touch of a keyboard. ACPI design is essential to take full advantage of power management and Plug and Play.

For Network Load Balancing, the method used to associate client requests to cluster hosts. When no affinity is specified, all network requests are load balanced across the cluster without respect to their source. Affinity is implemented by directing all client requests from the same IP address to the same cluster host.

An application that runs on a Simple Network Management Protocol (SNMP) managed device. The agent application is the object of management activities. A computer running SNMP agent software is also sometimes referred to as an agent.

A service used by the server and other services to notify selected users and computers of administrative alerts that occur on a computer. The Alerter service requires the Messenger service.

In cryptography, a mathematical process that is used in cryptographic operations such as the encryption and digital signing of data. An algorithm is commonly used with a cryptographic key to enhance security.

The smallest amount of disk space that can be allocated to hold a file. All file systems used by Windows organize hard disks based on allocation units. The smaller the allocation unit size, the more efficiently a disk stores information. If you do not specify an allocation unit size when formatting the disk, Windows picks default sizes based on the size of the volume. These default sizes are selected to reduce the amount of space that is lost and the amount of fragmentation on the volume. Also called a cluster.

A standard single-byte character encoding scheme used for text-based data. ASCII uses designated 7-bit or 8-bit number combinations to represent either 128 or 256 possible characters. Standard ASCII uses 7 bits to represent all uppercase and lowercase letters, the numbers 0 through 9, punctuation marks, and special control characters used in U.S. English. Most current x86-based systems support the use of extended (or "high") ASCII. Extended ASCII allows the eighth bit of each character to identify an additional 128 special symbol characters, foreign-language letters, and graphic symbols.

An authentication mechanism by which users who are able to connect to an Internet site without credentials are assigned to the IUSR_ComputerName account and granted the access rights that are assigned to that account.

An authentication mechanism that does not require user accounts and passwords. Anonymous authentication grants remote users the identity IUSR_ComputerName. Anonymous authentication is used on the Internet to grant visitors restricted access to predefined public resources.

A text file used to automate Setup or other installation processes. Using this text file, you can provide custom answers to Setup-related questions. Typically, you must point the Setup program to use the answer file at the same time Setup is started. Answer files can only be used on applications and operating systems that support them.

Client software that is shipped with all Macintosh computers and with Apple Computer server software. Macintosh computers can use their AppleShare client software to connect to computers running Services for Macintosh.

A network control protocol defined within Point-to-Point Protocol (PPP). ATCP allows clients to connect to a Windows server by running PPP over AppleTalk. ATCP negotiates the AppleTalk parameters to use during the PPP session.

The presentation-layer protocol that manages access to remote files in an AppleTalk network.

The extended AppleTalk Internet model designed by Apple Computer that supports multiple zones within a network and extended addressing capacity.

The set of network protocols on which AppleTalk network architecture is based. The AppleTalk Protocol is installed with Services for Macintosh to help users access resources on a network.

The layer of AppleTalk Phase 2 protocols that delivers data to its destination on the network.

A process that uses Software Installation (an extension of Group Policy) to assign programs to groups of users. The programs appear on the users' desktop when they log on.

An Active Directory directory partition that stores application-specific data that can be dynamic (subject to Time to Live restrictions). Application directory partitions can store any type of object except security principals and are not replicated to the global catalog. The replication scope of an application directory partition can be configured to include any set of domain controllers in the forest.

A feature of Windows Server 2003, Enterprise Edition, and Windows Server 2003, Datacenter Edition. Application memory tuning can be enabled on computers with between 2 gigabytes (GB) and 4 GB of physical RAM, and it allows applications running on these computers to address 3 GB of virtual memory instead of the 2 GB normally allocated to each application process. Also known as 4-gigabyte tuning (4GT).

A set of routines that an application uses to request and carry out lower-level services performed by a computer's operating system. These routines usually carry out maintenance tasks such as managing files and displaying information.

A router that is attached to multiple areas. ABRs maintain separate topological databases for each area.

A form of data transmission in which information is sent and received at irregular intervals, one character at a time. Because data is received at irregular intervals, the receiving modem must be signaled to let it know when the data bits of a character begin and end. This is done by means of start and stop bits.

A high-speed, connection-oriented protocol used to transport many different types of network traffic. ATM packages data in a 53-byte, fixed-length cell that can be switched quickly between logical connections on a network.

The layer of the asynchronous transfer mode (ATM) protocol stack that parses data into the payload portion of the ATM cell for transport across an ATM network.

For files, information that indicates whether a file is read-only, hidden, ready for archiving (backing up), compressed, or encrypted, and whether the file contents should be indexed for fast file searching.

In Active Directory, a property of an object. For each object class, the schema defines which attributes an instance of the class must have and which additional attributes it might have.

Data that is recorded in the event log when specified system, application, and security-related events take place. Audit entries provide valuable data about system operations that can be used to identify system use and to diagnose system behavior.

Enhanced logging capabilities that monitor and manage the growth and size of log files used by DHCP on an ongoing daily basis.

Policy that determines the security events to be reported to the network administrator.

The process that tracks the activities of users by recording selected types of events in the security log of a server or a workstation.

The process for verifying that an entity or object is who or what it claims to be. Examples include confirming the source and integrity of information, such as verifying a digital signature or verifying the identity of a user or computer.

A header that provides authentication, integrity, and anti-replay for the entire packet (the Internet Protocol (IP) header and the data payload carried in the packet).

The protocol by which an entity on a network proves its identity to a remote entity. Typically, identity is proved with the use of a secret key, such as a password, or with a stronger key, such as the key on a smart card. Some authentication protocols also implement mechanisms to share keys between client and server to provide message integrity or privacy.

Describes a DNS server that hosts a primary or secondary copy of a DNS zone.

In Backup, a type of restore operation performed on an Active Directory domain controller in which the objects in the restored directory are treated as authoritative, replacing (through replication) all existing copies of those objects.

The process that determines what a user is permitted to do on a computer system or network.

A database that stores Authorization Manager policy.

The process of adding static routes to the routing table automatically. When you configure an interface to use auto-static update mode, the router sends a request to other routers and inherits routes. The routes are saved in the routing table as auto-static routes and are kept even if the router is restarted or the interface goes down. Auto-static updates are supported in Routing Information Protocol (RIP) for Internet Protocol (IP) and in RIP for Internetwork Packet Exchange (IPX), but they are not available for use with Open Shortest Path First (OSPF).

A tape or disk library with an automatic mechanism, such as a robotic arm, that loads and unloads media into a drive or drives without manual intervention from the user. Automated libraries are sometimes known as autoloaders, changers, jukeboxes, media changers, and robotic libraries.

A feature that helps you recover a system that will not start. To use Automated System Recovery, you must first use the Automated System Recovery Preparation Wizard (part of Backup). This wizard backs up the partition used by the operating system, but it does not back up other partitions, such as program or data partitions. Those partitions must be backed up using Backup or other standard routines.

The replication of files and directories between computers as performed automatically by the File Replication service (FRS). In a domain distributed file system, FRS provides automatic file and directory replication between targets. The user configures automatic replication through the DFS administration tool. Files in a stand-alone distributed file system must be replicated between targets manually or by using other utilities.

A TCP/IP feature in Windows XP and products in the Windows Server 2003 family that automatically configures a unique IP address from the range 169.254.0.1 through 169.254.255.254 and a subnet mask of 255.255.0.0 when the TCP/IP protocol is configured for dynamic addressing and a DHCP server is not available. The APIPA range of IP addresses is reserved by the Internet Assigned Numbers Authority (IANA), and IP addresses within this range are not used on the Internet.

A group of routers exchanging routing information by using a common routing protocol.

A router that exchanges routing information with routers that belong to other autonomous systems. The ASBR then advertises external routes throughout the autonomous system. ASBRs can be internal or area border routers, and they might or might not be connected to the backbone.

A level of service provided by applications, services, or systems. Highly available systems have minimal downtime, whether planned or unplanned. Availability is often expressed as the percentage of time that a service or system is available, for example, 99.9 percent for a service that is down for 8.75 hours a year.

An asynchronous transfer mode (ATM) service type that supports available-bit-rate traffic, minimum guaranteed transmission rate, and peak data rates. ABR also allows bandwidth allocation depending on availability, and it uses flow control to communicate bandwidth availability to the end node.

A single channel of an Integrated Services Digital Network (ISDN) line that is used to carry either voice or data information. ISDN Basic Rate Interface (BRI) has 2 B-channels. ISDN Primary Rate Interface (PRI) in North America has 23 B-channels. ISDN Primary Rate Interface (PRI) in Europe has 23 B-channels. Also called bearer channel.

In Open Shortest Path First (OSPF), an area common to all other OSPF areas that is used as the transit area for inter-area traffic and for distributing routing information between areas. The backbone must be contiguous.

In Open Shortest Path First (OSPF), a router that is connected to the backbone area. This includes routers that are connected to more than one area (area border routers (ABRs)). However, backbone routers do not have to be ABRs. Routers that have all networks connected to the backbone are internal routers.

A program that runs while the user is working on another task. The computer's microprocessor assigns fewer resources to background programs than foreground programs.

A duplicate copy of a program, a disk, or data, made either for archiving purposes or for safeguarding valuable files from loss in case the active copy is damaged or destroyed. Some application programs automatically make backup copies of data files, maintaining both the current version and the preceding version.

A domain controller running Windows NT Server 4.0 or earlier that receives a read-only copy of the directory database for the domain. The directory database contains all account and security policy information for the domain.

A logical collection of data-storage media that has been reserved for use by Microsoft Windows Backup. Backup uses Removable Storage to control access to specific media within a library.

A type of local or global group that contains the user rights you need to back up and restore files and folders. Members of the Backup Operators group can back up and restore files and folders regardless of ownership, permissions, encryption, or auditing settings.

A collection of files, folders, and other data that has been backed up and stored in a file or on one or more tapes.

A summary of the files and folders that have been saved in a backup set.

A type that determines which data is backed up and how it is backed up. There are five backup types: copy, daily, differential, incremental, and normal.

The data transfer capacity of a transmission medium.

In digital communications, the transfer capacity expressed in bits per second (bps) or megabits per second (Mbps). For example, Ethernet accommodates a bandwidth of 10,000,000 bps or 10 Mbps.

In analog communications, the difference between the highest and lowest frequencies in a specific range. For example, an analog telephone line accommodates a bandwidth of 3,000 hertz (Hz), the difference between the lowest (300 Hz) and highest (3,300 Hz) frequencies that it can carry.

A Point-to-Point Protocol (PPP) control protocol that is used on a multiprocessing connection to dynamically add and remove links.

A precedence ranking that determines the order in which the threads of a process are scheduled for the processor. Use Task Manager to view and change base priorities.

For Message Queuing, a property that specifies the queue's priority in a public queue. You can set the base priority from -32,768 to 32,767; the default priority is 0. Private queues do not support base priority. Message Queuing routes and delivers messages first by base priority, then by message priority.

An authentication mechanism that is supported by most browsers, including Internet Explorer. Basic authentication encodes user name and password data before transmitting it over the network. Note that encoding is not the same as encryption. Also known as plaintext authentication.

A physical disk that can be accessed by MS-DOS and all Windows-based operating systems. Basic disks can contain up to four primary partitions, or three primary partitions and an extended partition with multiple logical drives. If you want to create partitions that span multiple disks, you must first convert the basic disk to a dynamic disk by using Disk Management or the Diskpart.exe command-line tool.

On x86-based computers, the set of essential software routines that test hardware at startup, start the operating system, and support the transfer of data among hardware devices. The BIOS is stored in read-only memory (ROM) so that it can be executed when you turn on the computer. Although critical to performance, the BIOS is usually invisible to computer users.

A storage method in MS-DOS and Windows for primary partitions, extended partitions, and logical drives.

A primary partition or logical drive that resides on a basic disk.

An ASCII (unformatted text) file that contains one or more operating system commands. A batch program's file name has a .cmd or .bat extension. When you type the file name at the command prompt, or when the batch program is run from another program, its commands are processed sequentially. Also called batch files.

The speed at which a modem communicates. Baud rate refers to the number of times the condition of the line changes. This is equal to bits per second only if each signal corresponds to one bit of transmitted data.

Modems must operate at the same baud rate in order to communicate with each other. If the baud rate of one modem is set higher than that of the other, the faster modem usually alters its baud rate to match that of the slower modem.

An implementation of Domain Name System (DNS) written and ported to most available versions of the UNIX operating system. The Internet Software Consortium maintains the BIND software.

A base-2 number system in which values are expressed as combinations of two digits, 0 and 1.

A configuration file used by DNS servers running under versions of the Berkeley Internet Name Domain (BIND) software implementation. The BIND boot file is a text file, Named.boot, where individual lines in the file list boot directives used to start a service when the DNS server is started. By default, Microsoft DNS servers use DNS service parameters stored in the registry, but they allow the use of a BIND boot file as an alternative for reading boot configuration settings.

A database in Novell NetWare 3.x that contains organizational and security information about users and groups.

A process by which software components and layers are linked together. When a network component is installed, the binding relationships and dependencies for the components are established. Binding allows components to communicate with each other.

The smallest unit of information handled by a computer. One bit expresses a 1 or a 0 in a binary numeral, or a true or false logical condition. A group of 8 bits makes up a byte, which can represent many types of information, such as a letter of the alphabet, a decimal digit, or other character. Also known as a binary digit.

The number of bits transmitted every second, used as a measure of the speed at which a device, such as a modem, can transfer data.

A password that does not contain any characters. Also called a null password.

In Group Policy, the method of preventing a child container from inheriting the policy settings from all parent containers. Block inheritance does not apply to Group Policy object (GPO) links that are enforced.

The process of starting or resetting a computer. When first turned on (cold boot) or reset (warm boot), the computer runs the software that loads and starts the computer's operating system, which prepares it for use.

The system files needed to start Windows. The boot files include Ntldr and Ntdetect.com.

A service that runs on a Remote Installation Services (RIS) server that acts on client boot requests. The display name of BINLSVC is Remote Installation.

A process in which a computer that is starting (booting) creates a log file that records the loading of each device and service. The log file is called Ntbtlog.txt, and it is saved in the systemroot directory.

The partition that contains the Windows operating system and its support files. The boot partition can be, but does not have to be, the same as the system partition.

The volume that contains the Windows operating system and its support files. The boot volume can be, but does not have to be, the same as the system volume.

A CD-ROM that can be used to start a computer. An automated installation uses a bootable CD to start a computer.

A set of optional information types defined originally in RFC 1497 for use with BOOTP service and later supported by DHCP. In DHCP, these extensions form the legacy core set of client parameters available and supported by most standard DHCP and BOOTP servers.

A protocol used primarily on TCP/IP networks to configure diskless workstations. RFCs 951 and 1542 define this protocol. DHCP is a later boot configuration protocol that uses this protocol. The Microsoft DHCP service provides limited support for BOOTP service.

A routing protocol designed for use between autonomous systems. BGP is especially useful for detecting routing loops.

In Active Directory replication, a single server in a site that is designated to perform site-to-site replication for a specific domain and transport.

In a messaging system, a server that receives and forwards e-mail traffic at each end of a connection agreement, similar to the task a gateway performs.

An International Telecommunication Union - Telecommunication [Standardization Sector] (ITU-T) communication standard for high-speed networking that provides new services, including voice, video, and data on the same network.

The transmission of packets by an Internet Protocol version 4 (IPv4) host to all computers on the subnet.

An Internet Protocol version 4 (IPv4) address that is destined for all hosts on a particular network segment.

A multicast service on an emulated local area network (ELAN) that forwards broadcast, multicast, and initial unicast data traffic sent by a LAN emulation client (LEC).

A network message sent from a single computer that is distributed to all other devices on the same segment of the network as the sending computer.

A network that supports more than two attached routers and has the ability to address a single physical message to all of the attached routers (broadcast). Ethernet is an example of a broadcast network.

The process of creating and maintaining an up-to-date list of computers and resources on a network or part of a network by one or more designated computers running the Computer Browser service.

A region of random access memory (RAM) reserved for use with data that is temporarily held while waiting to be transferred between two locations, such as between an application's data area and an input/output device.

The default security groups installed with the operating system. Built-in groups have been granted useful collections of rights and built-in abilities.

In most cases, built-in groups provide all the capabilities needed by a particular user. For example, members of the built-in Backup Operators group can back up and restore files and folders. To provide a needed set of capabilities to a user account, assign it to the appropriate built-in group.

A communication line used for data transfer among the components of a computer system. A bus essentially allows different parts of the system to share data. For example, a bus connects the disk-drive controller, memory, and input/output ports to the microprocessor.

A special memory subsystem in which frequently used data values are duplicated for quick access.

A file used by DNS servers and clients to store responses to DNS queries. For Windows DNS servers, the cache file is named Cache.dns by default.

The process of temporarily storing recently accessed information in a special memory subsystem for quicker access.

A program that extracts information from DNS servers in response to client requests.

A DNS sever that does not host any DNS zones but that performs name resolution and stores the results in its cache.

The Network Control Protocol that negotiates the use of callback over PPP links.

The number that a remote access server uses to call back a user. This number can be preset by the administrator or specified by the user at the time of each call, depending on how the administrator configures the user's callback options. The callback number should be the number of the phone line to which the user's modem is connected.

A form of network security in which a remote access server calls a user back at a preset number after the user has made an initial connection and has been authenticated.

A string that specifies the called subscriber ID transmitted by the receiving fax machine when receiving an inbound fax. This string is usually a combination of the fax or telephone number and the name of the business. It is often the same as the transmitter subscriber ID.

A resource record used to map an alternate alias name to a primary canonical DNS domain name used in the zone.

An object's distinguished name presented with the root first and without the Lightweight Directory Access Protocol (LDAP) attribute tags (such as: CN=, DC=). The segments of the name are delimited with forward slashes (/). For example,

CN=MyDocuments,OU=MyOU,DC=Microsoft,DC=Com

is presented as

microsoft.com/MyOU/MyDocuments

in canonical form.

To assign a port to a printer. Documents that you print are sent to the printer through the captured port.

For Network Monitor, the process by which frames are copied.

A password that allows the user to capture statistics from the network and to display captured data.

A set of conditions that, when met, stop the capture or execute a program or command file to perform another type of action related to the capture.

A 32-bit PC Card.

A font contained in a plug-in cartridge and used to add fonts to laser, ink-jet, or high-end dot-matrix printers. Cartridge fonts are distinguished both from internal fonts, which are contained in read-only memory (ROM) in the printer and are always available, and from downloadable (soft) fonts, which reside on disk and which can be sent to the printer as needed.

A network configuration in which hubs are connected to other hubs.

For Indexing Service, a collection of all index information and stored properties for a particular group of file system directories. By default, Indexing Service indexes the System and Web catalogs on your hard drive.

A digital document that is commonly used for authentication and to secure information on open networks. A certificate securely binds a public key to the entity that holds the corresponding private key. Certificates are digitally signed by the issuing certification authority (CA), and they can be issued for a user, a computer, or a service.

A document maintained and published by a certification authority that lists certificates that have been revoked.

A software service that issues certificates for a particular certification authority (CA). It provides customizable services for issuing and managing certificates for the enterprise. Certificates can be used to provide authentication support, including secure e-mail, Web-based authentication, and smart-card authentication.

A permanent storage where certificates, certificate revocation lists, and certificate trust lists are stored.

A Windows construct that specifies the format and content of certificates based on their intended usage. When requesting a certificate from a Windows enterprise certification authority (CA), certificate requestors can select from a variety of certificate types that are based on certificate templates.

A signed list of root certification authority certificates that an administrator considers reputable for designated purposes, such as client authentication or secure e-mail.

An entity responsible for establishing and vouching for the authenticity of public keys belonging to subjects (usually users or computers) or other certification authorities. Activities of a certification authority can include binding public keys to distinguished names through signed certificates, managing certificate serial numbers, and certificate revocation.

A model of trust for certificates in which certification paths are created by means of the establishment of parent-child relationships between certification authorities.

An unbroken chain of trust, consisting of certificates from trusted certification authorities, from a specific certificate to the root certification authority in a certification hierarchy.

A challenge-response authentication protocol for Point-to-Point Protocol (PPP) connections described in RFC 1994. It uses the industry-standard MD5 hashing algorithm to hash the combination of a challenge string issued by the authenticating server and the user's password in the response.

A feature that tracks changes to NTFS volumes, including additions, deletions, and modifications. The change journal exists on the volume as a sparse file.

A path or link through which noncontrol information passes between two devices. A single Basic Rate Interface (BRI) connection, for example, has one physical connection but two channels for exchanging information between devices. This is often called a bearer channel, implying a channel that carries information.

On the Internet, a Web site designed to deliver content from the Internet to your computer, similar to subscribing to a favorite Web site.

A display mode in which the monitor can display letters, numbers, and other text characters, but no graphical images or character formatting (italics, superscript, and so on).

For DNS and Active Directory, a domain located in the namespace tree directly beneath another domain (the parent domain). For example, example.microsoft.com would be a child domain of the parent domain microsoft.com. Also known as a subdomain.

An object that resides in another object. A child object implies relation. For example, a file is a child object that resides in a folder, which is the parent object.

The Macintosh desk accessory with which users select the network server and printers they want to use.

A collection of files, some of which contain PostScript information. When a Macintosh computer sends a print job to a PostScript printer, the printer uses a Chooser Pack to interpret PostScript commands in the print job.

The method of forming a hidden message. The cipher is used to transform a readable message called plaintext (also sometimes called cleartext) into an unreadable, scrambled, or hidden message called ciphertext. Only someone with a secret decoding key can convert the ciphertext back into its original plaintext.

A technology in which a connection is established by closing a switch, for example, by dialing a telephone. This creates a circuit in which all the information transmitted over the connection follows the same route to the destination. The circuit is dedicated to the connection until it is closed.

A category of objects that share a common set of characteristics. Each object in the directory is an instance of one or more classes in the schema.

A unicast IP address that ranges from 1.0.0.1 through 127.255.255.254. The first octet indicates the network, and the last three octets indicate the host on the network. Class-based IP addressing has been superceded by Classless Interdomain Routing (CIDR).

A unicast IP address that ranges from 128.0.0.1 through 191.255.255.254. The first two octets indicate the network, and the last two octets indicate the host on the network. Class-based IP addressing has been superceded by Classless Interdomain Routing (CIDR).

Specifies that Network Load Balancing direct multiple requests from the same TCP/IP Class C address range to the same cluster host.

A unicast IP address that ranges from 192.0.0.1 to 223.255.255.254. The first three octets indicate the network, and the last octet indicates the host on the network. Network Load Balancing provides optional session support for Class C IP addresses (in addition to support for single IP addresses) to accommodate clients that make use of multiple proxy servers at the client site. Class-based IP addressing has been superceded by Classless Interdomain Routing (CIDR).

A proposed Internet standard, described in RFC 2225, that allows Internet Protocol (IP) communication directly on the asynchronous transfer mode (ATM) layer, bypassing an additional protocol (such as Ethernet or Token Ring) in the protocol stack.

An IP address and routing management method that allocates IP addresses in a way that reduces the number of routes stored on any individual router, while also increasing the number of available IP addresses. CIDR replaces class-based IP address allocation.

To turn off an option by removing the X or check mark from a check box. You clear a check box by clicking it, or by selecting it and then pressing the SPACEBAR.

Passwords that are not scrambled, thus making them more susceptible to network sniffers.

Any computer or program connecting to, or requesting the services of, another computer or program. Client can also refer to the software that enables the computer or program to establish the connection.

For a local area network (LAN) or the Internet, a computer that uses shared network resources provided by another computer (called a server).

The ability of client computers to connect to a server or resource, for example, a file on a server or a cluster resource.

A Windows-based application that can display and store linked or embedded objects. For distributed applications, the application that imitates a request to a server application.

A method of authentication by which the client in a client-server communication proves its identity to the server.

A service request from a client computer to a server computer or a cluster of server computers.

A service included that allows clients to make direct connections to resources on computers running NetWare 2.x, 3.x, 4.x, or 5.x server software by using the Internetwork Packet Exchange (IPX) protocol only. This service is included with Windows XP Professional and the Windows Server 2003 family.

A system service that supports ClipBook Viewer, which allows pages to be seen by remote ClipBooks.

In data storage, the smallest amount of disk space that can be allocated to hold a file. All file systems used by Windows organize hard disks based on clusters, which consist of one or more contiguous sectors. The smaller the cluster size, the more efficiently a disk stores information. If no cluster size is specified during formatting, Windows picks defaults based on the size of the volume. These defaults are selected to reduce the amount of space that is lost and the amount of fragmentation on the volume. Also called an allocation unit.

In computer networking, a group of independent computers that work together to provide a common set of services and present a single-system image to clients. The use of a cluster enhances the availability of the services and the scalability and manageability of the operating system that provides the services.

The adapter that, when using multiple network adapters in each host of a Network Load Balancing cluster, handles the network traffic for cluster operations (the traffic for all hosts in the cluster). This adapter is programmed with the host's cluster IP address.

An application that configures a cluster and its nodes, groups, and resources. Cluster Administrator can run on any member of the trusted domain regardless of whether the computer is a cluster node.

A software component that implements the Cluster Administrator extension application programming interface (API) for allowing Cluster Administrator to configure a new resource type.

A collection of functions that are implemented by the cluster software and used by a cluster-aware client or server application, a cluster management application, or a Resource DLL. The Cluster API is used to manage the cluster, cluster objects, and the cluster database.

A full Internet name for the Network Load Balancing cluster (for example, cluster.microsoft.com). This name is used for the cluster as a whole and should be the same for all hosts in the cluster.

The Network Load Balancing cluster's IP address in standard Internet dotted notation (for example, w.x.y.z). The address is a virtual IP address used to address the cluster as a whole, and it should be the IP address that maps to the full Internet name that you specify for the cluster. In a Network Load Balancing cluster, this address must be set identically for all hosts in the cluster.

An optionally enabled trace record of Cluster service events on a node. Not synonymous with quorum log.

The network (media access control) address for the network adapter that is to be used for handling client-to-cluster traffic in a Network Load Balancing cluster.

The essential software component that controls all aspects of server cluster operation and manages the cluster database. Each node in a server cluster runs one instance of the Cluster service.

Storage where one or more attached disks hold data used either by server applications running on the cluster or by applications for managing the cluster. Each disk on the cluster storage is owned by only one node of the cluster. The ownership of disks moves from one node to another when the disk group fails over or moves to the other node.

An application that can run on a cluster node and that can be managed as a cluster resource. Cluster-aware applications use the Cluster API to receive status and notification information from the server cluster.

An application that can run on a cluster node and be managed as a cluster resource but that does not support the Cluster API.

An alternative to using Cluster Administrator to administer clusters from the command prompt. You can also call Cluster.exe from command scripts to automate many cluster administration tasks.

Multidimensional color space consisting of the cyan, magenta, yellow, and black intensities that make up a given color. Commercial color printing devices generally use this system of four-color process inks.

The descriptive relative distinguished name for the schema object.

A means of providing support for character sets and keyboard layouts for different countries or regions. A code page is a table that relates the binary character codes used by a program to keys on the keyboard or to characters on the display.

Hardware that can convert audio or video signals between analog and digital forms (coder/decoder), hardware or software that can compress and uncompress audio or video data (compression/decompression), or the combination of coder/decoder and compression/decompression. Generally, a codec compresses uncompressed digital data so that the data uses less memory.

The particular range of colors that a device is able to produce. A device such as a scanner, monitor, or printer can produce a unique range of colors, which is determined by the characteristics of the device itself.

Process of producing accurate, consistent color among a variety of input and output devices. A color management system (CMS) maps colors between devices such as scanners, monitors, and printers; transforms colors from one color space to another (for example, RGB to CMYK); and provides accurate on-screen or print previews.

A profile that contains the data needed for translating the values of a color gamut. This data includes information about color, hue, saturation, and brightness.

A set of three values that defines how a color can be represented on computer devices such as monitors, scanners, and printers. For example, in the LAB color space, the terms luminance or whiteness (L), redness-greenness (A), and yellowness-blueness (B) are used; in the HVC system, the terms are hue (H), value (V), and chroma (C). Color space refers to the three-dimensional space that is defined by the respective values, such as L, A, and B.

Software that supports distributed applications that use Hypertext Transfer Protocol (HTTP) to communicate through Internet Information Services (IIS).

A window displayed on the desktop used to interface with the MS-DOS operating system. MS-DOS commands are typed at an entry point identified by a blinking cursor.

Groups that appear in the program list on the Start menu for all users who log on to the computer. Only administrators can create or change common groups.

A port on a computer that allows asynchronous communication of one byte at a time. Also called a serial port.

Operating parameters, such as bits per second (bps) and modem type, that apply to serial ports on a computer.

A name that identifies groups of Simple Network Management Protocol (SNMP) hosts. This name is placed in SNMP messages that are sent between SNMP-managed devices such as servers running Windows Server 2003 and SNMP management stations. Typically, all hosts belong to Public, which is the standard name for a common community of all SNMP hosts.

A 32-bit protected-mode file system that controls access to the contents of CD-ROM drives.

An object-based programming model designed to promote software interoperability; it allows two or more applications or components to easily cooperate with one another, even if they were written by different vendors, at different times, in different programming languages, or if they are running on different computers running different operating systems. OLE technology and ActiveX are both built on top of COM.

A protocol used in the negotiation process in a Point-to-Point Protocol (PPP) connection. CCP is one type of Network Control Protocol. Network Control Protocols are used to establish and configure different network protocol parameters for Internet Protocol (IP), Internetwork Packet Exchange (IPX), and NetBIOS Extended User Interface (NetBEUI).

An account that is stored in Active Directory and that uniquely identifies a computer in a domain. A computer account uses the same name as the computer joining the domain.

A service that maintains an up-to-date list of computers that share resources on your network and that supplies the list to programs that request it. The Computer Browser service is used to view a list of available network resources.

A component you can use to view and control many aspects of the computer configuration. Computer Management combines several administration utilities into a single console tree, providing easy access to a local or remote computer's administrative properties and tools.

A unique name of up to 15 uppercase characters that identifies a computer to the network. The name cannot be the same as any other computer or domain name in the network.

For Message Queuing, the storage size limit for messages on a computer, based on the total size of the messages. When a computer quota is reached, Message Queuing can no longer send messages to that computer until one or more messages are removed from queues. Message Queuing enforces the computer quota before it enforces the queue quota on a computer.

The practice of using a computer to control one or more telephone and communications functions.

For DHCP, an optional server-side mechanism for detecting if a scope IP address is in use on the network. When enabled, the DHCP server will ping an address first before offering that address to clients, and then it will briefly await a response. If the pinged address responds, a conflict is registered and that address is not offered to clients obtaining a lease from the server.

To assign a drive letter, port, or computer name to a shared resource so that you can use it.

A user who has access to a computer or a resource across the network.

A user's status when a telephone connection has been established but authentication has not yet taken place. The user may be trying to prove security clearance, or the system may be idle. If this condition occurs, followed by the Waiting for Call phase, then the user was unable to provide a correct user name or password. If this phase is repeated, followed by the Waiting for Call phase, an unauthorized attempt to access the network may be under way.

An Active Directory object that represents a replication connection from one domain controller to another. The connection object is a child of the replication destinations NTDS Settings object and identifies the replication source server, contains a replication schedule, and specifies a replication transport. Connection objects are created automatically by the Knowledge Consistency Checker (KCC), but they can also be created manually. Automatically generated connections must not be modified by the user unless they are first converted into manual connections.

A set of conditions and profile settings that network administrators use to specify how Internet Authentication Service (IAS) servers handle incoming authentication and accounting request messages.

A type of network protocol that requires an end-to-end virtual connection between the sender and receiver before communicating across the network.

A network protocol in which a sender broadcasts traffic on the network to an intended receiver without first establishing a connection to the receiver.

For Message Queuing, an application that enables Message Queuing computers to communicate with computers that use other messaging systems.

For Message Queuing, a queue created on servers running a connector application. You can use the connector application to exchange messages with computers that are running other message-queuing products.

A framework for hosting administrative tools, such as Microsoft Management Console (MMC). A console is defined by the items in its console tree, which might include folders or other containers, World Wide Web pages, and other administrative items. A console has windows that can provide views of the console tree and the administrative properties, services, and events that are acted on by the items in the console tree.

The left pane in Microsoft Management Console (MMC) that displays the items contained in the console. The items in the console tree and their hierarchical organization determine the capabilities of a console.

An asynchronous transfer mode (ATM) service type that supports constant bandwidth allocation. This service type is used for voice and video transmissions that require little or no cell loss and rigorous timing controls during transmission.

The ability to specify that a service or computer account can perform Kerberos delegation to a limited set of services.

An object that can logically contain other objects. For example, a folder is a container object.

The process of stabilizing a system after changes occur in the network. For routing, if a route becomes unavailable, routers send update messages throughout the network, reestablishing information about preferred routes.

For Network Load Balancing, a process by which hosts exchange messages to determine a new, consistent state of the cluster and to elect the default host. During convergence, a new load distribution is determined for hosts that share the handling of network traffic for specific Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) ports.

A backup that copies all selected files but does not mark each file as having been backed up (in other words, the archive attribute is not cleared). Copying is useful if you want to back up files between normal and incremental backups because copying does not affect these other backup operations.

A duplicate of the media master that Remote Storage copies to a different tape or disk. Copy sets are typically used for backup purposes.

A loop that happens when a link in a network goes down and routers on the network update their routing tables with incorrect hop counts. For example, a loop can develop if the link to Router C goes down. Router B then advertises that the link is down and that it has no route to C. Because Router A has a route to C with a metric of 2, it responds to Router B and sends its link to C. Router B then updates its table to include a link with metric 3, and the routers continue to announce and update their links to C until they reach the number 16. This is a count to infinity.

In Task Manager, the total processor time, in seconds, used by a process since it started.

In Task Manager, the percentage of time that a process used the CPU since the last update. This percentage is displayed in Task Manager on the Processes tab, under the CPU column heading.

A feature of shadow copy backups that ensures all files are backed up, regardless of their state.

Specifies the file format Dr. Watson will use to store the information. The Full format contains the entire memory space of the program, as well as the program image itself, the handle table, and other information that will be useful to the debugger. The Mini format may include the full memory and handle table, or it may simply contain information about a single thread. The Windows NT 4.0-compatible Full format provides you with the opportunity to use older tools to analyze the dump file. Crash Dump Type is only available when you have selected the Create Crash Dump File check box.

Errors caused by the failure of a cyclic redundancy check. A CRC error indicates that one or more characters in the data packet received were found garbled on arrival.

A set of information that includes identification and proof of identification that is used to gain access to local and network resources. Examples of credentials are user names and passwords, smart cards, and certificates.

An optional extension in an X.509 v3 certificate that identifies how information is obtained. Also, a directory entry or other distribution source for certificate revocation lists.

An object in which Active Directory stores information about directory partitions and external directory services. An example of an external directory service is another LDAP-compliant directory.

An application programming interface (API) that is provided as part of Microsoft Windows. CryptoAPI provides a set of functions that allows applications to encrypt or digitally sign data in a flexible manner while providing protection for the user's sensitive private key data. Actual cryptographic operations are performed by independent modules known as cryptographic service providers (CSPs).

A mathematical value that is a result of a calculation involving a cryptographic algorithm and a cryptographic key. Also known as an integrity check value (ICV) or a message integrity code (MIC).

The code that performs authentication, encoding, and encryption services that Windows-based applications access through CryptoAPI. A CSP is responsible for creating keys, destroying them, and using them to perform a variety of cryptographic operations. Each CSP provides a different implementation of the CryptoAPI. Some provide stronger cryptographic algorithms, while others use hardware components, such as smart cards.

The processes, art, and science of keeping messages and data secure. Cryptography is used to enable and ensure confidentiality, data integrity, authentication (entity and data origin), and nonrepudiation.

Typically, files with extensions that have been created for special kinds of files. Custom file types are not tracked by the system registry.

A separate channel of an Integrated Services Digital Network (ISDN) line that is used for ISDN signaling. For ISDN Basic Rate Interface (BRI), the D-channel is 16 kilobits per second (Kbps). For ISDN Primary Rate Interface (PRI), the D-channel is 64 Kbps. Also called data channel.

A backup that copies all selected files that have been modified the day the daily backup is performed. The backed-up files are not marked as having been backed up (in other words, the archive attribute is not cleared).

One of two types of hardware that are connected by an RS-232-C serial connection, the other being a Data Terminal Equipment (DTE) device. A DCE is an intermediary device that often transforms input from a DTE before sending it to a recipient. A modem, for example, is a DCE that modulates data from a microcomputer (DTE) and sends it along a telephone connection.

An encryption algorithm that uses a 56-bit key and maps a 64-bit input block to a 64-bit output block. The key appears to be a 64-bit key, but one bit in each of the eight bytes is used for odd parity, resulting in 56 bits of usable key.

One of two forks (resource fork and data fork) that make up each Macintosh file. The data fork holds most of the file's information and is shared between Macintosh and personal computer clients.

A property of secure communications that allows a computer to verify that data has not been modified in transit from its source. For example, Internet Protocol security (IPSec)-protected data contains a cryptographic checksum that incorporates a secret key that is known only to the IPSec peers that are communicating. An intermediate node can modify the data, but without knowledge of the secret key, the node cannot recompute a correct cryptographic checksum.

An address that uniquely identifies a node on a network. Every network adapter has a DLC address or DLC identifier (DLCI). Some network protocols, such as Ethernet and Token Ring, use DLC addresses exclusively. Other protocols, such as TCP/IP, use a logical address at the OSI Network layer to identify nodes.

However, all network addresses must eventually be translated to DLC addresses. In TCP/IP networks, this translation is performed by the Address Resolution Protocol (ARP).

A property of secure communications that allows a computer to verify that data originated from a valid source. For example, IPSec-protected data contains a cryptographic checksum that incorporates a secret key that is known only to the IPSec peers that are communicating. An invalid source can send data, but without knowledge of the secret key, the source cannot compute a correct cryptographic checksum.

In the RS-232-C hardware standard, any device, such as a remote access server or client, that has the ability to transmit information in digital form over a cable or a communications line.

A state in which the sending computer is transmitting characters faster than the receiving computer can accommodate them. If this problem persists, reduce the bits-per-second (bps) rate.

One packet, or unit, of information that includes relevant delivery information, such as the destination address, that is sent through a packet-switching network.

A Windows Support Tool that analyzes the state of domain controllers in a forest or enterprise and provides detailed information about how to identify abnormal behavior in a system. Domain controllers are identified and tested according to directives entered by the user at the command line. Also known as Domain Controller Diagnostic Tool.

Dcdiag executes tests in the following functional areas of the system:

• Connectivity
• Replications
• Topology integrity
• Check Naming Context (NC) head security descriptors
• Check net logon rights
• Locator get domain controller
• Intersite health
• Check roles
• Trust verification

For Message Queuing, a queue that stores nontransactional messages that are undeliverable or expired. These queues store failed messages on the computer on which the message expired. Messages in these queues are written to disk and are therefore recoverable.

A program designed to aid in detecting, locating, and correcting errors in another program by allowing the programmer to step through the program, examine the data, and monitor conditions such as the values of variables.

The network adapter that, when using multiple network adapters in each host of a Network Load Balancing cluster, handles network traffic not related to cluster operations (the traffic for individual hosts on the network). This adapter is programmed with the host's dedicated IP address.

A communications channel that connects two or more geographic locations. Dedicated connections are private or leased lines, rather than public lines.

The IP address of a Network Load Balancing host used for network traffic that is not associated with the Network Load Balancing cluster (for example, Telnet access to a specific host within the cluster). This IP address is used to individually address each host in the cluster and therefore should be unique for each host.

In some dialog boxes, the command button that is selected or highlighted when the dialog box is initially displayed. The default button has a bold border, indicating that it will be chosen automatically if you press ENTER. You can override a default button by clicking Cancel or another command button.

The host with the highest host priority for which a drainstop command is not in progress. After convergence, the default host handles all of the network traffic for Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) ports that are not otherwise covered by port rules.

In the Macintosh environment, the physical network on which the processes of a server reside as nodes and on which the server appears to users. The default network of the server must be one to which that server is attached. Only servers on AppleTalk Phase 2 internets have default networks.

The printer to which a computer sends documents if you select the Print command without first specifying which printer you want to use with a program. You can have only one default printer; it should be the printer you use most often.

For software restriction policies, the default setting that defines whether software in a Group Policy object (GPO) is allowed to run. Exceptions can be made to the default security level by means of software restriction policies rules.

The position of a User object in the file system of a Novell Directory Services (NDS) tree on a Novell NetWare network. The default tree and context is the default logon location in an NDS tree for a Microsoft Windows computer that is running Client Service for NetWare.

The profile that serves as a basis for all user profiles. Every user profile begins as a copy of the default user profile.

The zone to which all Macintosh clients on the network are assigned by default.

The process of rewriting parts of a file to contiguous sectors on a hard disk to increase the speed of access and retrieval.

In Active Directory, defragmentation rearranges how the data is written in the directory database file to compact it.

A method of authentication by which a trusted server (or service) is enabled to act as the client when it connects to third-tier application resources.

An assignment of administrative responsibility to a user, computer, group, or organization.

For Active Directory, an assignment of responsibility that allows users without administrative credentials to complete specific administrative tasks or to manage specific directory objects. Responsibility is assigned through membership in a security group, the Delegation of Control Wizard, or Group Policy settings.

For DNS, an assignment of responsibility for a DNS zone. Delegation occurs when a name server (NS) resource record in a parent zone lists the DNS server that is authoritative for a child zone.

A document that lists certificates that have been revoked after the last full certificate revocation list (CRL) has been published. Delta CRLs are maintained and published by a certification authority (CA), and they are normally much smaller than a full CRL.

A connection, typically using a circuit-switched wide area network link, that is initiated when data needs to be forwarded. The demand-dial connection is typically terminated when there is no traffic.

Routing that makes dial-up connections to connect networks based on need. For example, a branch office with a modem that dials and establishes a connection only when there is network traffic from one office to another.

An attack in which an attacker exploits a weakness or a design limitation of a network service to overload or halt the service, so that the service is not available for use. This type of attack is typically started to prevent other users from using a network service such as a Web server or a file server.

A relationship of reliance between two resources that makes it necessary for them to run in the same group on the same node. For example, an application is dependent on the disks that contain its data resources.

A diagram for visualizing the dependency relationships between resources.

For Message Queuing, a computer that requires synchronous access to a Message Queuing server to perform all standard message queuing operations, such as sending and receiving messages and creating queues.

All the subkeys that appear when a key in the registry is expanded. A descendent key is the same as a subkey.

The on-screen work area on which windows, icons, menus, and dialog boxes appear.

A design that appears across your desktop. You can create your own pattern or select a pattern provided by Windows.

The document into which a package or a linked or embedded object is being inserted. For an embedded object, this is sometimes also called the container document.

The right pane in Microsoft Management Console (MMC) that displays details for the selected item in the console tree. The details can be a list of items or they can be administrative properties, services, and events that are acted on by a snap-in.

Any piece of equipment that can be attached to a network or computer, for example, a computer, printer, joystick, adapter, or modem card, or any other peripheral equipment. Devices normally require a device driver to function with Windows.

For Windows licensing, electronic equipment such as computers, workstations, terminals, and handheld computers that can access or use the services of Windows operating systems, including file sharing, print sharing, remote access, and authentication.

A conflict that occurs when the same system resources have been allocated to two or more devices. System resources include interrupt request (IRQ) lines, direct memory access (DMA) channels, input/output (I/O) ports, and memory addresses.

A program that enables a specific device, such as a modem, network adapter, or printer, to communicate with the operating system. Although a device might be installed on your system, Windows cannot use the device until you have installed and configured the appropriate driver. Device drivers load automatically (for all enabled devices) when a computer is started, and thereafter they run invisibly.

An administrative tool that you can use to manage the devices on your computer. Using Device Manager, you can view and change device properties, update device drivers, configure device settings, and uninstall devices.

An element in the Distributed File System (DFS) namespace that lies below the root and maps to one or more targets, each of which corresponds to a shared folder or another DFS root.

A namespace consisting of a root and many links and targets. The namespace starts with a root that maps to one or more root targets. Below the root are links that map to their own targets. The Distributed File System (DFS) namespace provides the user with a logical view of distributed network shares.

The combination of a Distributed File System (DFS) root and a DFS link. An example of a DFS path is \\server\dfs\a\b\c\link, where \\server\dfs is the DFS root, and \a\b\c\ is the DFS link.

The starting point of the Distributed File System (DFS) namespace. The root is often used to refer to the namespace as a whole. A root maps to one or more root targets, each of which corresponds to a shared folder on a server.

The overall logical hierarchy of the Distributed File System (DFS), including elements such as roots, links, shared folders, and replica sets, as depicted in the DFS administrative console. This is not to be confused with the DFS namespace, which is the logical view of shared resources seen by users.

A message sent by the DHCP server to a client to acknowledge and complete a client's request for leased configuration. This message will contain a committed IP address for the client to use for a stated period of time along with other optional client parameters. The DHCP acknowledgment message name is DHCPACK.

A special reserved option type used by DHCP clients to optionally identify membership in a specific DHCP option class, either a vendor or user class. For vendor class identification, hardware vendors can choose to predefine specific identifier values; for example, to identify a client's hardware configuration. For user class identification, values can be defined administratively to identify a logical group of DHCP clients, such as all clients in a particular building and floor location.

Any network-enabled device that supports the ability to communicate with a DHCP server for the purpose of obtaining dynamic leased IP configuration and related optional parameters information.

An alternate static configuration option for TCP/IP network connections that provides simplified computer migration between networks.

A message sent by a DHCP client to the DHCP server to decline the offer of an IP address on the network. This message is used when the client detects a potential conflict because the IP address is found to be already in use on the network. The DHCP decline message name is DHCPDECLINE.

A reserved DHCP message type used by computers on the network to request and obtain information from a DHCP server for use in their local configuration. When this message type is used, the sender is already externally configured for its IP address on the network, which may or may not have been obtained using DHCP. The DHCP information message name is DHCPINFORM.

A message sent by a DHCP server to a client to indicate that the IP address that the client requested is not correct for the local IP network served by the DHCP server. This message is most often used when the client computer was moved to a new location, but it could also indicate that the client's lease with the server has expired. The DHCP negative acknowledgment message name is DHCPNAK.

A message used by DHCP servers to offer the lease of an IP address to a DHCP client when it starts on the network. When this message is used, a client can receive more than one offer if multiple DHCP servers are contacted during the DHCP discovery phase, but the client will typically select the first address it is offered. The DHCP offer message name is DHCPOFFER.

Address configuration parameters that a DHCP service assigns to clients. Most DHCP options are predefined, based on optional parameters defined in Request for Comments (RFC) 1542, although extended options can be added by vendors or users.

A message sent by clients to the DHCP server to indicate release of its leased IP address. The client uses this message to cancel its currently active lease. You can perform address release manually using the ipconfig /release command at a command prompt. The DHCP release message name is DHCPRELEASE.

A message sent by clients to the DHCP server to request or renew lease of its IP address. The client uses this message under the following conditions:

• To select and request a lease from a specific DHCP server when lease offers were made simultaneously from several different servers.
• To confirm a previously leased IP address after the client system is restarted.
• To extend the current IP address lease for the client.

The DHCP request message name is DHCPREQUEST.

A computer running the Microsoft DHCP service that offers dynamic configuration of IP addresses and related information to DHCP-enabled clients.

A service that enables a computer to function as a DHCP server and configure DHCP-enabled clients on a network. DHCP runs on a server, enabling the automatic, centralized management of IP addresses and other TCP/IP configuration settings for network clients.

A resource type that provides DHCP services from a cluster.

The agent program or component responsible for relaying Dynamic Host Configuration Protocol (DHCP) and bootstrap protocol (BOOTP) broadcast messages between a DHCP server and a client across an Internet Protocol (IP) router. A DHCP relay agent supports DHCP/BOOTP message relay as defined in RFCs 1541 and 2131. The DHCP Relay Agent service is managed using the Routing and Remote Access service.

The country code, area code, and specific dialing requirements for the place you are dialing from. Once you have created a dial location, you can select it to apply the dialing requirements to all your calls. To change dialing locations, select or create a different one.

Settings in a remote access policy that permit or deny access to remote access clients.

The connection to your network if you use a device that uses the telephone network. This includes modems with a standard telephone line, ISDN cards with high-speed ISDN lines, or X.25 networks.

If you are a typical user, you might have one or two dial-up connections, for example, to the Internet and to your corporate network. In a more complex server situation, multiple network modem connections might be used to implement advanced routing.

A standard dial-up connection, such as telephone and Integrated Services Digital Network (ISDN) lines. Also called switched circuit.

A backup that copies files created or changed since the last normal or incremental backup. It does not mark files as having been backed up (in other words, the archive attribute is not cleared). If you are performing a combination of normal and differential backups, restoring files and folders requires that you have the last normal as well as the last differential backup.

Saved copies of changed data that can be applied to an original volume to generate a volume shadow copy.

A cryptographic mechanism that allows two parties to establish a shared secret key without having any preestablished secrets between them. Diffie-Hellman is frequently used to establish the shared secret keys that are used by common applications of cryptography, such as Internet Protocol security (IPSec). It is not normally used for data protection.

An authentication mechanism that hashes user name, password, and other data before transmitting it over the network.

A means for originators of a message, file, or other digitally encoded information to bind their identity to the information. The process of digitally signing information entails transforming the information, as well as some secret information held by the sender, into a tag called a signature. Digital signatures are used in public key environments, and they provide nonrepudiation and integrity services.

A standard that uses the Digital Signature Algorithm (DSA) for its signature algorithm and Secure Hash Algorithm (SHA-1) as its message hash algorithm. DSA is a public-key cipher that is used only to generate digital signatures and cannot be used for data encryption.

A special communication line that uses modulation technology to maximize the amount of data that can be sent over copper wires. DSL is used for connections from telephone switching stations to a subscriber rather than between switching stations.

A type of optical disc storage technology. A digital video disc (DVD) looks like a CD-ROM disc, but it can store greater amounts of data. DVDs are often used to store full-length movies and other multimedia content that requires large amounts of storage space.

A link between the input/output (I/O) ports of two computers created with a single cable rather than a modem or other interfacing devices. In most cases, a direct cable connection is made with a null modem cable.

For Microsoft networking, the sending of file and print sharing traffic using the Server Message Block (SMB) protocol (also known as the Common Internet File System (CIFS) protocol) without the use of network basic input/output system (NetBIOS). Direct hosting for the Microsoft redirector (the Workstation service) and file server (the Server service) is supported over both TCP/IP and Internetwork Packet Exchange (IPX). Although direct hosting may be more efficient, a direct hosting client can connect only to a direct hosting server.

Memory access that does not involve the microprocessor. DMA is frequently used for data transfer directly between memory and a peripheral device such as a disk drive.

An information source that contains information about users, computer files, or other objects. In a file system, a directory stores information about files. In a distributed computing environment (such as a Windows domain), the directory stores information about objects such as printers, fax servers, applications, databases, and other users.

The physical storage for each replica of Active Directory. Also called the store.

A contiguous subtree of Active Directory that is replicated as a unit to other domain controllers in the forest that contain a replica of the same subtree. In Active Directory, a single domain controller always holds at least three directory partitions: schema (class and attribute definitions for the directory), configuration (replication topology and related metadata), and domain (subtree that contains the per-domain objects for one domain). Domain controllers running Windows Server 2003 can also store one or more application directory partitions.

Both the directory information source and the service that makes the information available and usable. A directory service enables the user to find an object when given any one of its attributes.

The physical storage for Active Directory directory partition replicas on a specific domain controller. The store is implemented using the Extensible Storage Engine.

An extension of the Microsoft Windows operating system. DirectX technology helps games and other programs use the advanced multimedia capabilites of your hardware.

A bit that is used to mark modified data in a cache so that the modifications may be carried over to primary memory.

For Windows file systems, a bit that is used to indicate that the file system is in an inconsistent and possibly corrupted state. When it is set, the file system's dirty bit triggers the chkdsk command to run when the computer is restarted.

To make a device nonfunctional. For example, if you disable a device in a hardware configuration, you cannot use the device when your computer uses that hardware configuration. Disabling a device frees the resources that were allocated to the device.

The part of an object's security descriptor that grants or denies specific users and groups permission to access the object. Only the owner of an object can change permissions granted or denied in a DACL; thus, access to the object is at the owner's discretion.

A storage device that is attached to a computer.

Information in the Windows registry on assigned drive letters, simple volumes, striped volumes, mirrored volumes, spanned volumes, and RAID-5 volumes. You can change the disk configuration by using Disk Management.

A set of software processes that maintains a backup copy of a volume at all times. Each mirror of a volume resides on a different disk; ideally, each disk has its own controller. If one mirror becomes unavailable (due to a disk failure, for example), you can use the other mirror to gain access to the volume's data.

To remove a removable tape or disc from a drive.

A password that allows the user to open only previously saved capture (.cap) files.

A name that uniquely identifies an object by using the relative distinguished name for the object, plus the names of container objects and domains that contain the object. The distinguished name identifies the object as well as its location in a tree. Every object in Active Directory has a distinguished name. A typical distinguished name might be

CN=MyName,CN=Users,DC=Microsoft,DC=Com

This identifies the MyName user object in the microsoft.com domain.

The Microsoft Component Object Model (COM) specification that defines how components communicate over Windows-based networks. Use the DCOM Configuration tool to integrate client/server applications across multiple computers. DCOM can also be used to integrate robust Web browser applications.

A service that allows system administrators to organize distributed network shares into a logical namespace, enabling users to access files without specifying their physical location and providing load sharing across network shares.

A group that is used solely for e-mail distribution and that is not security-enabled. Distribution groups cannot be listed in discretionary access control lists (DACLs) used to define permissions on resources and objects. Distribution groups can be used only with e-mail applications (such as Microsoft Exchange) to send e-mail to collections of users. If you do not need a group for security purposes, create a distribution group instead of a security group.

A client computer that queries DNS servers in an attempt to resolve DNS domain names. DNS clients maintain a temporary cache of resolved DNS domain names.

DNS extensions that use digital signatures to provide data authentication and integrity to compliant DNS resolvers and applications.

A server that maintains information about a portion of the DNS database and that responds to and resolves DNS queries.

For DNS, a character string that represents a domain name. The DNS suffix shows where a host is located relative to the DNS root, specifying a host’s location in the DNS hierarchy. Usually, the DNS suffix describes the latter portion of a DNS name, following one or more of the first labels of a DNS name.

In a DNS database, a contiguous portion of the DNS tree that is administered as a single, separate entity by a DNS server. The zone contains resource records for all the names within the zone.

A unit for housing a portable computer that contains a power connection, expansion slots, and connections to peripherals, such as a monitor, printer, full-sized keyboard, and mouse. The docking station turns the portable computer into a desktop computer.

Any self-contained piece of work created with an application program and, if saved on disk, given a unique file name by which it can be retrieved.

In Active Directory, a collection of computer, user, and group objects defined by the administrator. These objects share a common directory database, security policies, and security relationships with other domains.

In DNS, any tree or subtree within the DNS namespace. Although the names for DNS domains often correspond to Active Directory domains, DNS domains should not be confused with Active Directory domains.

A person who is a member of the Domain Admins group. Domain administrators can create, delete, and manage all objects that reside within the domain in which they are administrators. They can also assign and reset passwords and delegate administrative authority for network resources to other trusted users.

In an Active Directory forest, a server that contains a writable copy of the Active Directory database, participates in Active Directory replication, and controls access to network resources. Administrators can manage user accounts, network access, shared resources, site topology, and other directory objects from any domain controller in the forest.

An algorithm running in the context of the Net Logon service that enables a client to locate a domain controller. Locator can find domain controllers by using DNS or network basic input/output system (NetBIOS) names. The DNS service (SRV) resource records registered by Locator on behalf of domain controllers are also known as domain controller locator (Locator) resource records.

An implementation of Distributed File System (DFS) in which DFS topological information is stored in Active Directory. Because this information is made available on multiple domain controllers in the domain, domain DFS provides fault tolerance for any distributed file system in the domain.

The functional level of an Active Directory domain that has one or more domain controllers running Windows Server 2003. The functional level of a domain can be raised to enable new Active Directory features that will apply to that domain only. There are four domain functional levels: Windows 2000 mixed, Windows 2000 native, Windows Server 2003 interim, and Windows Server 2003. The default domain functional level is Windows 2000 mixed. When the domain functional level is raised to Windows 2000 native, Windows Server 2003 interim, or Windows Server 2003, advanced domain-wide Active Directory features are available.

The parent/child tree structure of domains.

A security or distribution group that can contain universal groups, global groups, other domain local groups from its own domain, and accounts from any domain in the forest. Domain local security groups can be granted rights and permissions on resources that reside only in the same domain where the domain local group is located.

The name given by an administrator to a collection of networked computers that share a common directory. Part of the DNS naming structure, domain names consist of a sequence of name labels separated by periods.

A hierarchical, distributed database that contains mappings of DNS domain names to various types of data, such as IP addresses. DNS enables the location of computers and services by user-friendly names, and it also enables the discovery of other information stored in the database.

The database structure used by DNS.

A domain controller that holds the domain naming operations master role in Active Directory. The domain naming master controls the addition or removal of domains in the forest. At any time, the domain naming master role can be assigned to only one domain controller in the forest.

The parent DNS domain name that is used to root either a zone or a resource record within a zone. This name is joined to the end of unqualified or relative domain names to form a fully qualified domain name (FQDN) within the zone. In DNS Manager, the domain of origin will correspond to Zone name as it appears in the Add Zone Wizard or the name that appears in the Parent domain name field for any resource records created within the zone.

A DFS namespace, for which the configuration information is stored in Active Directory. The path to access the root or a link starts with the host domain name. A domain root can have multiple root targets, which offer fault tolerance and load sharing at the root level.

For DNS, an optional parent domain name that can be appended to the end of a relative domain name used in a name query or host lookup. The domain suffix can be used to complete an alternate fully qualified DNS domain name to be searched when the first attempt to query a name fails.

In DNS, the inverted hierarchical tree structure that is used to index domain names. Domain trees are similar in purpose and concept to the directory trees used by computer filing systems for disk storage. For example, when numerous files are stored on disk, directories can be used to organize the files into logical collections. When a domain tree has one or more branches, each branch can organize domain names used in the namespace into logical collections.

In Active Directory, a hierarchical structure of one or more domains, connected by transitive, bidirectional trusts, that forms a contiguous namespace. Multiple domain trees can belong to the same forest.

The standard used to measure screen and printer resolution, expressed as the number of dots that a device can display or print per linear inch. The greater the number of dots per inch, the better the resolution.

The case-insensitive handling of DNS domain names. Windows DNS servers use downcasing to convert any uppercase letters used in domain names to equivalent lowercase letters. For example, the name HOST.example.Microsoft.com would be downcased to host.example.microsoft.com.

A set of characters stored on disk and sent (downloaded) to a printer's memory when needed for printing a document. Downloadable fonts are most commonly used with laser printers and other page printers, although many dot-matrix printers can accept some of them. Also called soft fonts.

To move an item on the screen by selecting the item and then pressing and holding down the mouse button while moving the mouse. For example, you can move a window to another location on the screen by dragging its title bar.

For Network Load Balancing, a command that disables new traffic handling for the rule whose port range contains the specified port. All ports specified by the port rule are affected.

For Network Load Balancing, a command that disables all new traffic handling on the specified hosts. The hosts then enter draining mode to complete existing connections.

While draining, hosts remain in the cluster and stop their cluster operations when there are no more active connections. To terminate draining mode, explicitly stop cluster mode with the stop command, or restart new traffic handling with the start command. To drain connections from a specific port, use the drain command.

An area of storage that is formatted with a file system and has a drive letter. The storage can be a floppy disk, a CD, a hard disk, or another type of disk. You can view the contents of a drive by clicking its icon in Windows Explorer or My Computer.

The naming convention for disk drives on IBM and compatible computers. Drives are named by letter, beginning with A, followed by a colon.

In the Macintosh environment, a folder for which you have the Make Changes permission but not the See Files or See Folders permission. You can copy files into a drop folder, but you cannot see what files and subfolders the drop folder contains.

A computer configuration that can start two different operating systems.

A system capable of transmitting information in both directions over a communications channel.

A hardware or software component that allows a digital video disc (DVD) drive to display movies on your computer screen.

A disk storage device that uses digital video disc (DVD) technology. A DVD drive reads both CD-ROM and DVDs; however, you must have a DVD decoder to display DVD movies on your computer screen.

A data type that is composed of hexadecimal data with a maximum allotted space of 4 bytes.

A form of interprocess communication (IPC) implemented in the Microsoft Windows family of operating systems. Two or more programs that support dynamic data exchange (DDE) can exchange information and commands.

A physical disk that provides features that basic disks do not, such as support for volumes that span multiple disks. Dynamic disks use a hidden database to track information about dynamic volumes on the disk and other dynamic disks in the computer. You convert basic disks to dynamic by using the Disk Management snap-in or the DiskPart command-line tool. When you convert a basic disk to dynamic, all existing basic volumes become dynamic volumes.

A TCP/IP service protocol that offers dynamic leased configuration of host IP addresses and distributes other configuration parameters to eligible network clients. DHCP provides safe, reliable, and simple TCP/IP network configuration, prevents address conflicts, and helps conserve the use of client IP addresses on the network.

DHCP uses a client/server model where the DHCP server maintains centralized management of IP addresses that are used on the network. DHCP-supporting clients can then request and obtain lease of an IP address from a DHCP server as part of their network boot process.

The use of routing protocols to update routing tables. Dynamic routing responds to changes in the internetwork topology.

A storage method in Windows that allows disk and volume management without requiring operating system restart.

An update to the Domain Name System (DNS) standard that permits DNS clients to dynamically register and update their resource records in zones.

A volume that resides on a dynamic disk. Windows supports five types of dynamic volumes: simple, spanned, striped, mirrored, and RAID-5. A dynamic volume is formatted by using a file system, such as file allocation table (FAT) or NTFS, and has a drive letter assigned to it.

An operating system feature that allows executable routines (generally serving a specific function or set of functions) to be stored separately as files with .dll extensions. These routines are loaded only when needed by the program that calls them.

Overall permissions that a user or group has on an object, taking into account group membership as well as inheritance from the parent object.

On Itanium-based computers, a portion on a GUID partition table (GPT) disk that is formatted with the file allocation table (FAT) file system and contains the files necessary to start the computer. Every Itanium-based computer must have at least one GPT disk with an EFI system partition. The EFI system partition serves the same purpose as the system volume found on x86-based computers.

Information created in another program that has been pasted inside your document. When information is embedded, you can edit the information in the new document using toolbars and menus from the original program.

To edit the embedded information, double-click it and the toolbars and menus from the program used to create the information appear. Embedded information is not linked to the original source. If you change information in one place, it is not updated in the other.

A logical ATM network that emulates the services of an Ethernet or Token Ring LAN.

To make a device functional. For example, if a device in your hardware configuration settings is enabled, the device is available for use when your computer uses that hardware configuration.

A file that prints at the highest possible resolution for your printer. An EPS file may print faster than other graphical representations. Some Windows-based and non-Windows-based graphical programs can import EPS files.

An Internet Protocol security (IPSec) protocol that provides confidentiality, in addition to authentication, integrity, and anti-replay. ESP can be used alone, in combination with Authentication Header (AH), or nested with the Layer Two Tunneling Protocol (L2TP). ESP does not normally sign the entire packet unless it is being tunneled. Ordinarily, just the data payload is protected, not the IP header.

The method used to pass data from one protocol over a network within a different protocol. Data from one protocol is wrapped with the header of a different protocol. Encapsulation is described in RFC 1483.

A path or link through which encrypted information passes between two devices. This information typically includes the primary message content, not session configuration information.

A password that is scrambled. Encrypted passwords are more secure than plaintext passwords, which are susceptible to network sniffers.

A feature in this version of Windows that enables users to encrypt files and folders on an NTFS volume disk to keep them safe from access by intruders.

The process of disguising a message or data in such a way as to hide its substance.

In Group Policy Management console (GPMC), to force the Group Policy object (GPO) links of the parent container to take precedence over the GPO links of the child containers. By default, the GPO links that are closest to the user or computer (links to the child container) have higher precedence than GPO links higher up (links to the parent container). Enforcement causes GPOs that are linked in parent containers to take precedence instead. In operating systems in the Windows Server 2003 family without GPMC, No Override is used instead of Enforce.

A standard that can be used with high-capacity hard disks, floppy disk drives, and tape drives to allow these devices to communicate with a computer at high speeds.

A certification authority (CA) that is fully integrated with Active Directory.

A feature of Windows Server 2003, Enterprise Edition, and Windows Server 2003, Datacenter Edition, that allows you to run applications that take advantage of large amounts of physical memory. Enterprise Memory Architecture supports two types of memory enhancement: application memory tuning, also known as 4-gigabyte tuning (4GT), and Physical Address Extension (PAE) X86.

The lowest level element in the registry. Entries appear in the details pane of a Registry Editor window. Each entry consists of an entry name, its data type, and its value. Entries store the configuration data that affects the operating system and the programs that run on the system. As such, they are different from registry subtrees, keys, and subkeys, which are containers.

A string consisting of environment information, such as a drive, path, or file name, associated with a symbolic name that can be used by Windows. You use System in Control Panel or the set command from the command prompt to define environment variables.

A technique for detecting when data is lost during transmission. This allows the software to recover lost data by notifying the transmitting computer that it needs to retransmit the data.

Any significant occurrence in the system or an application that requires users to be notified or an entry to be added to a log.

A service that records events in the system, security, and application logs. The Event Log service is located in Event Viewer.

The process of recording an audit entry in the audit trail whenever certain events occur, such as services starting and stopping or users logging on and off and accessing resources.

A component you can use to view and manage event logs, gather information about hardware and software problems, and monitor security events. Event Viewer maintains logs about program, security, and system events.

In the Macintosh environment, one of the user categories to which you assign permissions for a folder. Permissions granted to everyone apply to all users who use the server, including guests.

A small range of one or more IP addresses within a DHCP scope excluded from the DHCP service. Exclusion ranges ensure that these scope addresses will never be offered to clients by the DHCP server.

Type of memory that can be added to IBM personal computers. The use of expanded memory is defined by the Expanded Memory Specification (EMS), which supports memory boards containing RAM that can be enabled or disabled by software.

A socket in a computer, designed to hold expansion boards and connect them to the system bus.

For DNS, the number of seconds that DNS servers operating as secondary masters for a zone will use to determine if zone data should be expired when the zone is not refreshed and renewed.

Object permissions that are defined when the object is created, specifically assigned, or changed by the owner of the object.

For Message Queuing, a message that uses fewer resources and is faster than a recoverable message. However, because express messages are mapped to memory, they are lost if the computer storing them fails.

Memory beyond one megabyte in 80286, 80386, 80486, and Pentium computers.

A type of partition that you can create only on basic master boot record (MBR) disks. Extended partitions are useful if you want to create more than four volumes on a basic MBR disk. Unlike primary partitions, you do not format an extended partition with a file system and then assign a drive letter to it. Instead, you create one or more logical drives within the extended partition. After you create a logical drive, you format it and assign it a drive letter. An MBR disk can have up to four primary partitions or three primary partitions, one extended partition, and multiple logical drives.

An extension to the Point-to-Point Protocol (PPP) that allows for arbitrary authentication mechanisms to be employed for the validation of a PPP connection.

In computers with the Intel Itanium processor, the interface between a computer's firmware, hardware, and the operating system. EFI defines a new partition style called GUID partition table (GPT). EFI serves the same purpose for Itanium-based computers as the basic input/output system (BIOS) found in x86-based computers. However, it has expanded capabilities that provide a consistent way to start any compatible operating system and an easy way to add EFI drivers for new bootable devices without the need to update the computer's firmware.

A meta-markup language that provides a format for describing structured data. This facilitates more precise declarations of content and more meaningful search results across multiple platforms. In addition, XML enables a new generation of Web-based data viewing and manipulation applications.

The association of a file name extension with a Macintosh file type and file creator. By creating extension-type associations, you can choose which program starts automatically when you open a file with a particular extension. Services for Macintosh has many predefined extension-type associations.

A 4-byte hexadecimal number used for addressing and routing purposes on NetWare networks. The external network number is associated with physical network adapters and networks.

A trust that is manually created between two Active Directory domains that are located in different forests or between an Active Directory domain and a Windows NT 4.0 or earlier domain. External trusts are nontransitive and one-way.

A limited subset of computers or users on a public network, typically the Internet, that can access an organization's internal network. For example, the computers or users might belong to a partner organization.

The process of moving resources, either individually or in a group, back to their preferred node after the node has failed and come back online.

Parameters that an administrator can set using Cluster Administrator that affect failback operations.

A state that applies to a resource or a node in a cluster. A resource or a node is placed in the failed state after an unsuccessful attempt has been made to bring it online.

In server clusters, the process of taking resource groups offline on one node and bringing them online on another node. When failover occurs, all resources within a resource group fail over in a predefined order; resources that depend on other resources are taken offline before, and are brought back online after, the resources on which they depend.

Parameters that an administrator can set, using Cluster Administrator, that affect failover operations.

A derivative of the file allocation table (FAT) file system. FAT32 supports smaller cluster sizes and larger volumes than FAT, which results in more efficient space allocation on FAT32 volumes.

The ability of computer hardware or software to ensure data integrity when hardware failures occur. Fault-tolerant features appear in many server operating systems and include mirrored volumes, RAID-5 volumes, and server clusters.

A system service that provides fax services to local and remote network clients. Fax services include receiving faxes and faxing documents, fax wizard messages, and e-mail messages.

A standard entitled Security Requirements for Cryptographic Modules. FIPS 140-1 (1994) and FIPS 140-2 (2001) describe government requirements for hardware and software cryptomodules used in the U.S. government.

A file system used by MS-DOS and other Windows operating systems to organize and manage files. The file allocation table is a data structure that Windows creates when you format a volume by using FAT or FAT32 file systems. Windows stores information about each file in the file allocation table so that it can retrieve the file later.

A small block of memory temporarily assigned by a computer's operating system to hold information about a file that has been opened for use. An FCB typically contains such information as the file's identification, its location on disk, and a pointer that marks the user's current (or last) position in the file.

A four-character sequence that identifies which program was used to create a file. With Services for Macintosh, you can associate file name extensions with file creators and file types to specify which program starts automatically when you open a file with a particular extension.

A pseudo-random cryptographic key that Encrypting File System (EFS) uses to encrypt a file. The FEK is encrypted by the public key of the user performing the encryption, and it is typically different for each encrypted file.

One of two subfiles of a Macintosh file. When Macintosh files are stored on a computer running Services for Macintosh, each fork is stored as a separate file. Each fork can be independently opened by Macintosh users.

A service that provides multimaster file replication for designated directory trees between designated servers running Windows Server 2003. The designated directory trees must be on disk partitions formatted with the version of NTFS used with the Windows Server 2003 family. FRS is used by Distributed File System (DFS) to automatically synchronize content between assigned replicas and by Active Directory to automatically synchronize content of the system volume information across domain controllers.

A service that allows users of Macintosh computers to store, access, and share files on servers running Services for Macintosh. Also called MacFile.

In a server cluster, any folder that has an associated File Share resource and is managed by the Cluster service. The file share can fail over from one node to another, but to the end user, the folder looks like a regular folder that remains in one location. Multiple users can access a file share.

A file share accessible by a network path that is supported as a cluster resource by a Resource DLL.

In an operating system, the overall structure in which files are named, stored, and organized. NTFS, FAT, and FAT32 are types of file systems.

An area of physical memory that holds frequently used pages. It allows applications and services to locate pages rapidly and reduces disk activity.

A member of the TCP/IP suite of protocols, used to copy files between two computers on the Internet. Both computers must support their respective FTP roles: one must be an FTP client and the other an FTP server.

In the Windows environment, a designation of the operational or structural characteristics of a file. The file type identifies the program, such as Microsoft Word, that is used to open the file. File types are associated with a file name extension. For example, files that have the .txt or .log extension are of the Text Document type and can be opened using any text editor.

In the Macintosh environment, a four-character sequence that identifies the type of a Macintosh file. The Macintosh Finder uses the file type and file creator to determine the appropriate desktop icon for that file.

For Indexing Service, software that extracts content and property values from a document to index them.

For Internet Protocol security (IPSec), a specification of Internet Protocol (IP) traffic that provides the ability to trigger security negotiations for a communication based on the source, destination, and type of IP traffic.

For Internet Information Services (IIS), a feature of Internet Server Application Programming Interface (ISAPI) that allows preprocessing of requests and postprocessing of responses, permitting site-specific handling of Hypertext Transfer Protocol (HTTP) requests and responses.

In IP and Internetwork Packet Exchange (IPX) packet filtering, a definition in a series of definitions that indicates to the router the type of traffic allowed or disallowed on each interface.

For Network Load Balancing, the method by which network traffic inbound to a cluster is handled by the hosts within the cluster. Traffic can either be handled by a single server, load balanced among the hosts within the cluster, or disabled completely.

A combination of hardware and software that provides a security system, usually to prevent unauthorized access from outside to an internal network or intranet. A firewall prevents direct communication between network and external computers by routing communication through a proxy server outside the network. The proxy server determines whether it is safe to let a file pass through to the network. Also called a security-edge gateway.

Software routines and low-level input/output instructions stored in read-only memory (ROM). Unlike random-access memory (RAM), read-only memory stays intact even in the absence of electrical power.

A graphic design applied to a collection of numbers, symbols, and characters. A font describes a certain typeface, along with other qualities such as size, spacing, and pitch.

A plug-in unit available for some printers that contains fonts in several styles and sizes. As with downloadable fonts, printers using font cartridges can produce characters in sizes and styles other than those created by the fonts built into it.

The program that runs in the active window (the uppermost window with the highlighted title bar). The foreground program responds to commands issued by the user.

A computer that uses another message queuing system but, through a connector application, can exchange messages with computers that run Message Queuing.

An object in a domain that represents a security principal that exists in a trusted domain located in a different forest. Foreign security principals are necessary for users in a domain to access resources that exist in a different forest.

One or more Active Directory domains that share the same class and attribute definitions (schema), site and replication information (configuration), and forest-wide search capabilities (global catalog). Domains in the same forest are linked with two-way, transitive trust relationships.

The functional level of an Active Directory forest that has one or more domain controllers running Windows Server 2003. The functional level of a forest can be raised to enable new Active Directory features that will apply to every domain in the forest. There are three forest functional levels: Windows 2000, Windows Server 2003 interim, and Windows Server 2003. The default forest functional level is Windows 2000. When the forest functional level is raised to Windows Server 2003 interim or Windows Server 2003, advanced forest-wide Active Directory features are available.

The first domain created in a new forest. The forest-wide administrative groups, Enterprise Admins and Schema Admins, are located in this domain. As a best practice, new domains are created as children of the forest root domain.

A trust between two Windows Server 2003 forests that forms trust relationships between every domain in both forests. A forest trust can be created only between the forest root domains in each forest. Forest trusts are transitive, and they can be one-way or two-way. An administrator must manually establish a forest trust, unlike an automatically established trust, such as a parent-child trust.

The specification of physical characteristics such as paper size (that is, letter or legal) and printer area margins of paper or other print media. For example, by default, the Letter form has a paper size of 8.5 inches by 11 inches and does not reserve space for margins.

A family of security products including PCMCIA-based cards, compatible serial port devices, combination cards (such as FORTEZZA/Modem and FORTEZZA/Ethernet), server boards, and others. FORTEZZA is a registered trademark held by the U.S. National Security Agency.

A DNS query for a DNS name.

A DNS server designated by other internal DNS servers to be used to forward queries for resolving external or offsite DNS domain names.

The scattering of parts of the same disk file over different areas of the disk. Fragmentation occurs as files on a disk are deleted and new files are added. It slows disk access and degrades the overall performance of disk operations, although usually not severely.

In synchronous communication, a package of information transmitted as a single unit from one device to another.

The way in which a network type, such as Ethernet, formats data to be sent over a network. When multiple frame types are allowed for a particular network type, the packets are structured differently and are, therefore, incompatible. All computers on a network must use the same frame type to communicate. Also called frame format.

A logical collection of unused data-storage media that can be used by applications or other media pools. When media are no longer needed by an application, they are returned to a free media pool so that they can be used again.

Available space that you use to create logical drives within an extended partition.

In communications, a computer that is located between communications lines and a main (host) computer and used to relieve the host of tasks related to communications; sometimes considered synonymous with communications controller. A front-end processor is dedicated entirely to handling transmitted information, including error detection and control; receipt, transmission, and possibly encoding of messages; and management of the lines running to and from other devices.

A fully qualified domain name (FQDN). The full computer name is a concatenation of the computer name (for example, client1) and the primary DNS suffix of the computer (for example, reskit.com.). The same computer could be identified by more than one FQDN. However, it has only one full computer name.

An access control entry (ACE) that assigns all applicable rights to a file system or directory service object.

A user's complete name, usually consisting of the last name, first name, and middle initial. The full name is information that Local Users and Groups or Active Directory Users and Computers can maintain as part of the information identifying and defining a user account.

The standard query type supported by all DNS servers to update and synchronize zone data when the zone has been changed. When a DNS query is made using AXFR as the specified query type, the entire zone is transferred as the response.

A system capable of simultaneously transmitting information in both directions over a communications channel.

A DNS name that has been stated to indicate its absolute location in the domain namespace tree. In contrast to relative names, an FQDN has a trailing period (.) to qualify its position to the root of the namespace (host.example.microsoft.com.).

A dedicated device (or a set of services running on a dedicated computer) that routes network traffic and enables communication between different networking protocols. A gateway is a multiprotocol Internet Protocol (IP) router that translates between different transport protocols or data formats.

Objects from the Graphics Device Interface (GDI) library of application programming interfaces (APIs) for graphics output devices. In Task Manager, the number of GDI objects currently used by a process.

An application that is supported as a cluster resource by a Resource DLL.

A Windows service that is supported as a cluster resource by a Resource DLL.

In an Active Directory network, a normal user account in a user's domain. Most user accounts are global accounts. If there are multiple domains in the network, it is best if each user in the network has only one user account in only one domain, and each user's access to other domains is accomplished through the establishment of domain trust relationships.

In Microsoft Provisioning System, the Exchange server maintains a list of global catalogs, and it maintains a load balance across global catalogs.

A directory database that applications and clients can query to locate any object in a forest. The global catalog is hosted on one or more domain controllers in the forest. It contains a partial replica of every domain directory partition in the forest. These partial replicas include replicas of every object in the forest, as follows: the attributes most frequently used in search operations and the attributes required to locate a full replica of the object.

In Microsoft Provisioning System, the Exchange server maintains a list of global catalogs, and it maintains a load balance across global catalogs.

A security or distribution group that can contain users, groups, and computers from its own domain as members. Global security groups can be granted rights and permissions for resources in any domain in the forest.

A 16-byte value generated from the unique identifier on a device, the current date and time, and a sequence number. A GUID is used to identify a particular device or component.

In DNS, queries to resolve delegation name server (NS) resource records that do not have corresponding glue address (A) resource records in the same zone.

In DNS, a delegation resource record used for locating the authoritative DNS servers for a delegated zone. These records are used to glue zones together and provide an effective delegation and referral path for other DNS servers to follow when resolving a name.

A display mode in which lines and characters on the screen are drawn pixel by pixel. Graphics mode displays images by grouping individual dots into shapes, such as the arrowhead of a mouse pointer. It can also preview character formatting, such as boldface and italics, as it will appear in print.

An Address Resolution Protocol (ARP) Request frame sent by a host for the host's own Internet Protocol version 4 (IPv4) address when the TCP/IP protocol obtains addressing information. Gratuitous ARPs are used to check for duplicate IPv4 addresses on the subnet. If the host receives a reply to the gratuitous ARP request from another host or computer, it detects a conflict for its configured IPv4 address and will not use it.

A collection of users, computers, contacts, and other groups. Groups can be used as security or as e-mail distribution collections. Distribution groups are used only for e-mail. Security groups are used both to grant access to resources and as e-mail distribution lists.

A collection of user accounts. By making a user account a member of a group, you give the related user all the rights and permissions granted to the group.

The groups to which a user account belongs. Permissions and rights granted to a group are also provided to its members. In most cases, the actions a user can perform in Windows are determined by the group memberships of the user account to which the user is logged on.

The infrastructure within Active Directory directory service that enables directory-based change and configuration management of user and computer settings, including security and user data. You use Group Policy to define configurations for groups of users and computers. With Group Policy, you can specify policy settings for registry-based policies, security, software installation, scripts, folder redirection, remote installation services, and Internet Explorer maintenance. The Group Policy settings that you create are contained in a Group Policy object (GPO). By associating a GPO with selected Active Directory system containers—sites, domains, and organizational units—you can apply the GPO's policy settings to the users and computers in those Active Directory containers. To create an individual GPO, use the Group Policy Object Editor. To manage Group Policy objects across an enterprise, you can use the Group Policy Management console.

An optional tool that unifies and centralizes administration of Group Policy.

A collection of Group Policy settings. GPOs are essentially the documents created by the Group Policy Object Editor. GPOs are stored at the domain level, and they affect users and computers that are contained in sites, domains, and organizational units. In addition, each computer has exactly one group of policy settings stored locally, called the local Group Policy object.

The Microsoft Management Console (MMC) snap-in that is used to edit Group Policy objects (GPOs).

A method of applying settings in a Group Policy object (GPO) to an Active Directory container (site, domain, or organizational unit). Linking a GPO applies the settings of that GPO to the users and computers in a site, domain, or organizational unit and, by default, to the users and computers in all child containers.

The subtrees of the Group Policy Object Editor that allow a security administrator to manually configure security levels assigned to a Group Policy object (GPO) or local computer policy.

A user who does not have a user account or who does not provide a password.

A built-in account used to log on to a computer running Windows when a user does not have an account on the computer or domain or in any of the domains trusted by the computer's domain.

The portion of Setup that uses a graphical user interface (GUI).

A disk-partitioning scheme that is used by the Extensible Firmware Interface (EFI) in Itanium-based computers. GPT offers more advantages than master boot record (MBR) partitioning because it allows up to 128 partitions per disk, provides support for volumes up to 18 exabytes in size, allows primary and backup partition tables for redundancy, and supports unique disk and partition IDs (GUIDs).

The International Telecommunication Union - Telecommunication (ITU-T) standard for packet-based multimedia communications.

A system capable of transmitting information in only one direction at a time over a communications channel.

In the user interface, an interface added to an object that facilitates moving, sizing, reshaping, or other functions pertaining to an object. In programming, a pointer to a pointer, that is, a token that lets a program access an identified resource.

In Task Manager, the number of object handles in a process's object table.

A series of signals acknowledging that communication can take place between computers or other devices. A hardware handshake is an exchange of signals over specific wires (other than the data wires), in which each device indicates its readiness to send or receive data. A software handshake consists of signals transmitted over the same wires used to transfer data, as in modem-to-modem communications over telephone lines.

A hardware list that Microsoft compiled for specific products, including Windows 2000 and earlier versions of Windows. The list for a specific product, such as Windows 2000, includes the hardware devices and computer systems that are compatible with that version of the product. For products in the Windows Server 2003 family, you can find the equivalent information on the Windows Catalog Web site.

A feature available on some tape devices that automatically compresses the data that is being stored on the device. This is usually an option that is turned on or off in a backup program.

Resource settings that have been allocated for a specific device. Each device on your computer has a hardware configuration, which can consist of interrupt request (IRQ) lines, direct memory access (DMA), an input/output (I/O) port, or memory address settings.

A type of digital video disc (DVD) decoder that allows a DVD drive to display movies on your computer screen. A hardware decoder uses both software and hardware to display movies.

Data that describes the configuration and characteristics of specific computer equipment. This information can be used to configure computers for using peripheral devices.

A classification for similar devices. For example, Imaging Device is a hardware type for digital cameras and scanners.

A fixed-size result that is obtained by applying a one-way mathematical function (sometimes called a hash algorithm) to an arbitrary amount of data. If there is a change in the input data, the hash changes. The hash can be used in many operations, including authentication and digital signing. Also called a message digest.

An algorithm that produces a hash value of some piece of data, such as a message or session key. With a good hash algorithm, changes in the input data can change every bit in the resulting hash value; for this reason, hashes are useful in detecting any modification in a data object, such as a message. Furthermore, a good hash algorithm makes it computationally infeasible to construct two independent inputs that have the same hash. Typical hash algorithms include MD2, MD4, MD5, and SHA-1. Also called a hash function.

A mechanism for message authentication using cryptographic hash functions. HMAC can be used with any iterative cryptographic hash function (for example, MD5 and SHA-1) in combination with a secret shared key. The cryptographic strength of HMAC depends on the properties of the underlying hash function.

The fifth byte in the asynchronous transfer mode (ATM) cell header used to detect and correct errors in the ATM header.

A message that is sent at regular intervals by one computer on a Network Load Balancing cluster or server cluster to another computer within the cluster to detect communication failures.

An internetwork with servers and workstations running different operating systems, such as Microsoft Windows, Apple Macintosh, or Novell NetWare, using a mix of different transport protocols.

A base-16 number system represented by the digits 0 through 9 and the uppercase or lowercase letters A (equivalent to decimal 10) through F (equivalent to decimal 15).

For server clusters, the restarting of a failed application or the dispersion of the work to remaining computers when a computer or application in the server cluster fails.

A chart consisting of horizontal or vertical bars, the widths or heights of which represent the values of certain data.

A file in which the system stores a portion of the registry (named for their resemblance to the cellular structure of a beehive). A hive is backed by a single file and a .log file, which are in either the systemroot\System32\Config folder or the systemroot\Profiles\username folder.

By default, most hive files (Default, SAM, Security, and System) are stored in the systemroot\System32\Config folder. The systemroot\Profiles folder contains the user profile for each user of the computer. Because a hive is a file, it can be moved from one system to another. However, you must use the Registry Editor, Regedit.exe, to edit the file.

A folder (usually on a file server) that administrators can assign to individual users or groups. Administrators use home folders to consolidate user files onto specific file servers for easy backup. Home folders are used by some programs as the default folder for the Open and Save As dialog boxes. Sometimes referred to as home directories.

The value in the Transport Control field that indicates the number of Internetwork Packet Exchange (IPX) routers that have processed the IPX packet.

Any device on a TCP/IP network that has an Internet Protocol (IP) address. Examples of hosts include servers, workstations, network-interface print devices, and routers. Sometimes used to refer to a specific network computer that is running a service used by network or remote clients.

For Network Load Balancing, a cluster consists of multiple hosts connected over a local area network (LAN).

The domain in which a DFS namespace has been configured.

The portion of the IP address that identifies a computer within a particular network ID.

The DNS name of a device on a network. These names are used to locate computers on the network. To find another computer, its host name must either appear in the Hosts file or be known by a DNS server. For most Windows-based computers, the host name and the computer name are the same.

For Network Load Balancing, a host's precedence for handling default network traffic for TCP and UDP ports. It is used if a host within the cluster goes offline, and it determines which host within the cluster will assume responsibility for the traffic previously handled by the offline host.

The server on which a root target is located.

A local text file in the same format as the 4.3 Berkeley Software Distribution (BSD) UNIX /etc/hosts file. This file maps host names to IP addresses, and it is stored in the \%Systemroot%\System32\Drivers\Etc folder.

A common connection point for devices in a network. Typically used to connect segments of a local area network (LAN), a hub contains multiple ports. When data arrives at one port, it is copied to the other ports so that all segments of the LAN can see the data.

A mode in which the Address Resolution Protocol/multicast address resolution service (ARP/MARS) provides asynchronous transfer mode (ATM) addresses to requesting clients in the form of a multicast server (MCS) list value. In this mode, ARP/MARS acts as a multicast server, providing active forwarding of all multicast and broadcast traffic destined for IP addresses contained within the ranges specified in the list.

The position of a color along the color spectrum. For example, green is between yellow and blue. This attribute can be set using Display in Control Panel.

A simple markup language used to create hypertext documents that are portable from one platform to another. HTML files are simple ASCII text files with codes embedded (indicated by markup tags) to denote formatting and hypertext links.

The protocol used to transfer information on the World Wide Web. An HTTP address (one kind of Uniform Resource Locator (URL)) takes the following form: http://www.microsoft.com.

A person or entity that must be verified by means of authentication, based on criteria such as a password or a certificate.

Institute of Electrical and Electronics Engineers, founded in 1963. IEEE is an organization composed of engineers, scientists, and students, best known for developing standards for the computer and electronics industry.

A standard for high-speed serial devices such as digital video and digital audio editing equipment.

A server-instance designation used with Internet Information Services (IIS) that supports the WWW and FTP services. IIS server instances are supported as cluster resources by a Resource DLL. IIS Server Instance resources can have dependencies on IP Address resources, Network Name resources, and Physical Disk resources. Access information for server instances does not fail over.

The name of a process as displayed in Task Manager.

A circumstance that occurs when Windows allows one process to take on the security attributes of another.

An access token that captures the security information of a client process, allowing a service to "impersonate" the client process in security operations.

A logical collection of data-storage media that has not been cataloged by Removable Storage. Media in an import media pool is cataloged as soon as possible so that they can be used by an application.

A special top-level DNS domain reserved for reverse mapping of IP addresses to DNS host names.

A connection between two computers that relies on a standard network, such as a local area network (LAN) or the Internet, and standard remote administration tools, such as Remote Desktop or Telnet. An in-band connection can only be used to manage computers remotely if both the local and remote computers are in a functional state and accessible on the network.

A group whose members can create incoming, one-way forest trusts to the forest-root domain. For example, members of this group residing in forest A can create a one-way incoming forest trust from forest B. This one-way incoming forest trust allows users in forest A to access resources that are located in forest B. Members of this group are assigned the permission Create Inbound Forest Trust on the forest-root domain. This group has no default members.

A backup that copies only those files created or changed since the last normal or incremental backup. It marks files as having been backed up (in other words, the archive attribute is cleared). If you use a combination of normal and incremental backups to restore your data, you will need to have the last normal backup and all incremental backup sets.

In DNS, a zone transfer request involving only incremental resource record changes between each version of the zone. An IXFR contrasts with a full zone transfer (AXFR) request for all resource records.

A computer with Message Queuing installed that can host queues and store messages locally. Independent clients do not require synchronous access to a Message Queuing server to send and receive messages, but they can use Message Queuing servers with routing enabled for efficient message routing.

Software that provides search functions for documents stored on disk, allowing users to search for specific document text or properties.

Light that is beyond red in the color spectrum. While the light is not visible to the human eye, infrared transmitters and receivers can send and receive infrared signals.

The industry organization of computer, component, and telecommunications vendors who establish the standards for infrared communication between computers and peripheral devices, such as printers.

A computer, or a computer peripheral such as a printer, that can communicate by using infrared light.

Wireless file transfer between a computer and another computer or device using infrared light.

A direct or incoming network connection to a remote access server using an infrared port.

An optical port on a computer that enables communication with other computers or devices by using infrared light, without cables. Infrared ports can be found on some portable computers, printers, and cameras.

A domain controller that holds the infrastructure operations master role in Active Directory. The infrastructure master updates the group-to-user reference whenever group memberships change and replicates these changes across the domain. At any time, the infrastructure master role can be assigned to only one domain controller in each domain.

In security, a mechanism that allows a specific access control entry (ACE) to be copied from the container where it was applied to all children of the container. Inheritance can be used to manage access to a whole subtree of objects in a single update operation.

In Active Directory, the ability to build new object classes from existing object classes. The new object is defined as a subclass of the original object class. The original object class becomes a superclass of the new object. A subclass inherits the attributes of the superclass, including structure rules and content rules.

In Group Policy, a mechanism that allows policy settings in Group Policy objects (GPOs) that are linked to parent containers to be applied to objects in child containers.

Permissions on an object that are automatically inherited from its parent object. Inherited permissions cannot be modified.

In Disk Management, the process of detecting a disk or volume and assigning it a status (for example, healthy) and a type (for example, dynamic).

A Regional and Language Options setting that specifies the combination of the language entered and the keyboard layout, Input Method Editor (IME), speech-to-text converter, or other device used to enter it. Formerly known as input locale.

A program used to enter the thousands of different characters in written Asian languages with a standard 101-key keyboard. An IME consists of both an engine that converts keystrokes into phonetic and ideographic characters and a dictionary of commonly used ideographic words. As the user enters keystrokes, the IME engine attempts to identify which character or characters that the keystrokes should be converted into.

A channel through which data is transferred between a device and the microprocessor. The port appears to the microprocessor as one or more memory addresses that it can use to send or receive data.

When referring to software, to add program files and folders to your hard disk and related data to your registry so that the software runs properly. Installing contrasts with upgrading, where existing program files, folders, and registry entries are updated to a more recent version.

When referring to hardware, to physically connect the device to your computer, to load device drivers onto your computer, and to configure device properties and settings.

A type of disk-drive interface in which the controller electronics reside on the drive itself, eliminating the need for a separate adapter card. IDE offers advantages such as look-ahead caching to increase overall performance.

A limited set of Simple Network Management Protocol (SNMP) functions included in the asynchronous transfer mode (ATM) specification for the ATM user network interface (UNI).

A digital phone line used to provide higher bandwidth. ISDN in North America is typically available in two forms: Basic Rate Interface (BRI) consists of 2 B-channels at 64 kilobits per second (Kbps) and a D-channel at 16 Kbps; Primary Rate Interface (PRI) consists of 23 B-channels at 64 Kbps and a D-channel at 64 Kbps. An ISDN line must be installed by the phone company at both the calling site and the called site.

A queuing mechanism used to optimize slow (low-capacity) network interfaces by reducing latency. In particular, it is designed for interfaces that forward traffic to modem links, Integrated Services Digital Network (ISDN) B-channels, and sub-T1 links.

A configuration setting that enables negotiation of authentication protocols in Internet Information Services (IIS).

A set of change and configuration management features based on Active Directory that enables management of user and computer data and settings, including security data. IntelliMirror also provides limited ability to deploy software to Windows 2000 and later workstations or servers.

A dialog box that requires a response from the user. Intermediary devices such as a security host require such a dialog box as an added layer of security between the client and the remote access server. In such dialog boxes, the user types an access code or a user name and password on the remote access terminal screen.

A local logon process to a computer, when the user types information in the Log On to Windows dialog box that is displayed by the computer's operating system or inserts a smart card.

A private network that connects nodes in a cluster.

A device other than a modem or X.25 PAD, located between a network connection and the remote access server. This device is typically a modem-pool switch or security host and requires either a static or interactive dialog box between the client and itself.

A 4-byte hexadecimal number used for addressing and routing purposes. The internal network number identifies a virtual network inside a computer. The internal network number must be unique to the IPX internetwork. Also called virtual network number.

For Message Queuing, a queue that stores various types of administrative messages, or an interim queue for storing and forwarding messages in transit to a destination queue. Internal private queues are not displayed in Microsoft Management Console (MMC) snap-ins, and they cannot be deleted.

A router for which all the networks that it is connected to belong in the same area.

Digits dialed before the country code to access the international phone service. The actual digits depend on the country or region in which you are dialing an international number. For example, in the United States of America, the prefix for international dialing is 011. To dial from the United States of America to Honduras, which has the country code 504, you would dial: (011) (504) (000) 000-0000

The sector of the International Telecommunication Union (ITU) responsible for telecommunication standards. ITU-T replaces the Comite Consultatif International Telegraphique et Telephonique (CCITT). Its responsibilities include standardizing modem design and operations, and standardizing protocols for networks and facsimile transmission. ITU is an international organization within which governments and the private sector coordinate global telecom networks and services.

internet. Two or more network segments connected by routers. Another term for internetwork.

Internet. A worldwide network of computers. If you have access to the Internet, you can retrieve information from millions of sources, including schools, governments, businesses, and individuals.

An address for a resource on the Internet that is used by Web browsers to locate Internet resources. An Internet address typically starts with a protocol name, followed by the name of the organization that maintains the site; the suffix identifies the kind of organization it is. For example, the address http://www.yale.edu/ provides the following information:

• http: This Web server uses the Hypertext Transfer Protocol.
• www: This site is on the World Wide Web.
• edu: This is an educational institution.

The Microsoft implementation of a Remote Authentication Dial-In User Service (RADIUS) server and proxy, which provides authentication and accounting for network access.

A required maintenance protocol in the TCP/IP suite that reports errors and allows simple connectivity. ICMP is used by the Ping tool to perform TCP/IP troubleshooting.

An open community of network designers, operators, vendors, and researchers concerned with the evolution of Internet architecture and the smooth operation of the Internet. Technical work is performed by working groups organized by topic areas (such as routing, transport, and security) and through mailing lists. Internet standards are developed in IETF Requests for Comments (RFCs), which are a series of notes that discuss many aspects of computing and computer communication, focusing on networking protocols, programs, and concepts.

A protocol used by Internet Protocol version 4 (IPv4) hosts to report their multicast group memberships to any immediately neighboring multicast routers.

A name known by a DNS service that includes a list of the specific addresses of systems that have registered the name.

Software services that support Web site creation, configuration, and management, along with other Internet functions. Internet Information Services include Network News Transfer Protocol (NNTP), File Transfer Protocol (FTP), and Simple Mail Transfer Protocol (SMTP).

A protocol that establishes the security association and shared keys necessary for two parties to communicate by using Internet Protocol security (IPSec).

The protocol that uses the Hypertext Transfer Protocol (HTTP) to send print jobs to printers throughout the world. Windows 2000, Windows XP, and the Windows Server 2003 family support Internet Printing Protocol (IPP) version 1.0.

A routable protocol in the TCP/IP protocol suite that is responsible for IP addressing, routing, and the fragmentation and reassembly of IP packets.

The extension of local area network multicasting technology to a TCP/IP network. Hosts send and receive multicast datagrams, the destination fields of which specify IP host group addresses rather than individual IP addresses. A host indicates that it is a member of a group by means of the Internet Group Management Protocol (IGMP).

A set of industry-standard, cryptography-based protection services and protocols. IPSec protects all protocols in the TCP/IP protocol suite and Internet communications by using Layer Two Tunneling Protocol (L2TP).

An application programming interface (API) that resides on a server computer for initiating software services tuned for Windows operating systems.

In Microsoft Provisioning System, ISAPI resides on the Web server.

A company that provides individuals or companies access to the Internet and the World Wide Web. An ISP provides a telephone number, a user name, a password, and other connection information so users can connect their computers to the ISP's computers. An ISP typically charges a monthly or hourly connection fee.

A network protocol native to NetWare that controls addressing and routing of packets within and between local area networks (LANs). IPX does not guarantee that a message will be complete (no lost packets).

Transport protocols used in Novell NetWare networks, which together correspond to the combination of TCP and IP in the TCP/IP protocol suite. Windows implements IPX through NWLink.

A request for attention from the processor. When the processor receives an interrupt, it suspends its current operations, saves the status of its work, and transfers control to a special routine known as an interrupt handler, which contains the instructions for dealing with the particular situation that caused the interrupt.

A signal sent by a device to get the attention of the processor when the device is ready to accept or send information. Each device sends its interrupt requests over a specific hardware line. Each device must be assigned a unique IRQ number.

Hardware lines over which devices can send signals to get the attention of the processor when the device is ready to accept or send information. Each device must have a unique IRQ line.

A service that supports transports for asynchronous, site-to-site messaging. Each transport serves two major roles: send/receive and topology queries (such as, what are the various sites connected by this transport, and at what cost?). The intersite messaging services shipped in Windows are remote procedure call (RPC) and Simple Mail Transfer Protocol (SMTP) (mail).

In Active Directory, the replication of directory partition updates between sites. Intersite replication occurs between bridgehead servers that store the same domain or application directory partition. One bridgehead server per domain or application directory partition and per replication transport is designated automatically in each site. If two sites have no domains or application directory partitions in common, a bridgehead server in each site replicates both the configuration and schema directory partitions between the two sites.

An Active Directory process that runs on one domain controller in a site that considers the cost of intersite connections, checks if previously available domain controllers are no longer available, and checks if new domain controllers have been added. The Knowledge Consistency Checker (KCC) process then updates the intersite replication topology accordingly.

In Active Directory, the replication of directory partition updates that occurs between two or more domain controllers that store the same domain or application directory partition and that reside within the same site.

For Internet Protocol version 4 (IPv4), a 32-bit address used to identify a node on an IPv4 internetwork. Each node on the IP internetwork must be assigned a unique IPv4 address, which is made up of the network ID, plus a unique host ID. This address is typically represented with the decimal value of each octet separated by a period (for example, 192.168.7.27). You can configure the IP address statically or dynamically by using Dynamic Host Configuration Protocol (DHCP).

For Internet Protocol version 6 (IPv6), an identifier that is assigned at the IPv6 layer to an interface or set of interfaces and that can be used as the source or destination of IPv6 packets.

A 32-bit number in dotted decimal format that represents an Internet Protocol (IP) address and is supported as a cluster resource by a Resource DLL provided with Windows.

Configuration policy that defines which traffic Internet Protocol security (IPSec) examines, how that traffic is secured and encrypted, and how IPSec peers are authenticated.

An Intel microprocessor that uses explicitly parallel instruction set computing and 64-bit memory addressing.

Itanium-based refers to systems or platforms that are based on the Itanium processor. Itanium 2-based refers to systems or platforms that are based on the Itanium 2 processor. Itanium architecture-based refers to systems or platforms that are based on the Itanium and Itanium 2 processors.

A query made to a DNS server for the best answer the server can provide without seeking further help from other DNS servers. Also called a nonrecursive query.

A system-level structure that allows processes to be grouped together and managed as a single unit.

For Message Queuing, a queue where journal messages are stored.

For Message Queuing, a property that specifies the cumulative limit for journal messages in a journal queue. The limit is based on cumulative journal message size. When a journal queue's quota is reached, messages are no longer stored.

A physical location on a hard disk that points to data located at another location on your hard disk or another storage device. Junction points are created when you create a mounted drive. You can also create a junction point using the linkd command.

An authentication mechanism used to verify user or host identity. The Kerberos V5 authentication protocol is the default authentication service. Internet Protocol security (IPSec) can use the Kerberos protocol for authentication.

A highly privileged mode of operation where program code has direct access to all memory, including the address spaces of all user-mode processes and applications, and to hardware. Also known as supervisor mode, protected mode, or Ring 0.

In Registry Editor, a folder that appears in the left pane of the Registry Editor window. A key can contain subkeys and entries. For example, Environment is a key of HKEY_CURRENT_USER.

In IP security (IPSec), a value used in combination with an algorithm to encrypt or decrypt data. Key settings for IPSec are configurable to provide greater security.

A network service that supplies session tickets and temporary session keys used in the Kerberos V5 authentication protocol.

The arrangement that accommodates the special characters and symbols used in different languages. Keyboard layouts affect which characters appear when you press the keys on your keyboard. After you change your keyboard layout, the characters that appear on your screen may no longer correspond to the characters that are printed on your keyboard keys.

A built-in process that runs on all domain controllers and generates the replication topology for the Active Directory forest. At specified intervals, the KCC reviews and makes modifications to the replication topology to ensure propagation of data either directly or transitively.

In DNS, each part of a DNS domain name that represents a node in the domain namespace tree. For example, the three labels example, microsoft, and com make up the DNS domain name example.microsoft.com. Each label used in a DNS name cannot exceed 63 octets, 255 bytes including the terminating dot, for the fully qualified domain name (FQDN).

A group of software components that allows asynchronous transfer mode (ATM) to work with legacy networks and applications. With LANE, you can run your traditional local area network (LAN)-aware applications and protocols on an ATM network without modification. LANE makes the ATM protocol layers appear to be an Ethernet or Token Ring LAN to overlying protocols and applications. LANE provides an intermediate step between fully exploiting ATM and not using ATM at all.

The client on an emulated local area network (ELAN) that performs data forwarding, address resolution, and other control functions. The LEC resides on end stations in an ELAN.

The service that assigns individual local area network emulation (LANE) clients to particular emulated local area networks (ELANs) by directing them to the LAN emulation server (LES).

The central control point for an emulated local area network (ELAN). LES enables LAN emulation (LANE) clients to join the ELAN, and it resolves local area network (LAN) addresses to asynchronous transfer mode (ATM) addresses.

A hardware configuration that is available by pressing F8 during startup. If the current hardware settings prevent the computer from starting, Last Known Good Configuration can allow you to start the computer and examine the configuration. When Last Known Good Configuration is used, later configuration changes are lost.

In Active Directory replication, the delay between the time an update is applied to a given replica and the time it is applied to some other replica. Sometimes referred to as propagation delay.

An industry-standard Internet tunneling protocol that provides encapsulation for sending Point-to-Point Protocol (PPP) frames across packet-oriented media. For IP networks, L2TP traffic is sent as User Datagram Protocol (UDP) messages. In Microsoft operating systems, L2TP is used in conjunction with Internet Protocol security (IPSec) as a virtual private network (VPN) technology to provide remote access or router-to-router VPN connections. L2TP is described in RFC 2661.

A virtual private network (VPN) connection method that provides session authentication, address encapsulation, and strong encryption of private data between remote access servers and clients. L2TP provides address encapsulation and user authentication, and Internet Protocol security (IPSec) provides computer authentication and encryption of the L2TP session.

A draft Internet standard for a file format that can be used to perform batch operations on directories that conform to Lightweight Directory Access Protocol (LDAP) standards.

The length of time for which a DHCP client can use a dynamically assigned IP address configuration. Before the lease time expires, the client must either renew or obtain a new lease with DHCP.

A data-storage system, usually managed by Removable Storage. A library consists of removable media (such as tapes or discs) and a hardware device that can read from or write to the media. There are two major types of libraries: robotic libraries (automated multiple-media, multidrive devices) and stand-alone drive libraries (manually operated, single-drive devices). A robotic library is also called a jukebox or changer.

The primary access protocol for Active Directory. LDAP is an industry-standard protocol, established by the Internet Engineering Task Force (IETF), that allows users to query and update information in a directory service. Active Directory supports both LDAP version 2 and LDAP version 3.

A service on a print server that receives print jobs from Line Printer Remote (LPR) tools that are running on client computers.

A connectivity tool that runs on client computers and that is used to print files to a computer running a Line Printer Daemon (LPD) server.

A map of an area maintained by Open Shortest Path First (OSPF) routers. It is updated after any change in the network topology. The link state database is used to compute Internet Protocol (IP) routes, which must be computed again after any change in the topology.

An object that is inserted into a document but still exists in the source file. When information is linked, the new document is updated automatically if the information in the original document changes. If you want to edit the linked information, double-click it. The toolbars and menus from the original program will appear. If the original document is on your computer, changes that you make to the linked information will also appear in the original document.

A local text file that maps network basic input/output (NetBIOS) names (commonly used for computer names) to IP addresses for hosts that are not located on the local subnet. In this version of Windows, this file is stored in the systemroot\System32\Drivers\Etc folder.

A technique used by Windows Clustering to scale the performance of a server-based program (such as a Web server) by distributing its client requests across multiple servers within the cluster. Each host can specify the load percentage that it will handle, or the load can be equally distributed across all the hosts. If a host fails, Windows Clustering dynamically redistributes the load among the remaining hosts.

A Network Load Balancing parameter that specifies the relative amount of load-balanced network traffic that the host handles for the associated port rule. Allowed values range from 0 (zero) to 100. To prevent a host from handling any network traffic, set the load weight to 0 (zero).

A communications network connecting a group of computers, printers, and other devices located within a relatively limited area (for example, a building). A LAN enables any connected device to interact with any other on the network.

The computer that you are currently logged on to as a user. More generally, a local computer is a computer that you can access directly without using a communications line or a communications device, such as a network adapter or a modem.

A security group that can be granted rights and permissions on only resources on the computer on which the group is created. Local groups can have any user accounts that are local to the computer as members, as well as users, groups, and computers from a domain to which the computer belongs.

A printer that is directly connected to one of the ports on a computer.

A protected subsystem that authenticates and logs users on to the local computer. In addition, the LSA maintains information about all aspects of local security on a computer (collectively known as the local security policy), and it provides various services for translation between names and identifiers.

Security information about all aspects of local security on a computer. The local security policy identifies who is assigned privileges and what security auditing is to be performed.

A service that performs a specific operating system function for other local processes on the computer.

A predefined local account that is used to start a service and provide the security context for that service. The name of the account is NT AUTHORITY\LocalService. The Local Service account has limited access to the local computer and Anonymous access to network resources.

For the Windows Server 2003 family, NTFS file system disk volumes used as primary data storage. Such disk volumes can be managed by Remote Storage by copying infrequently accessed files to remote (secondary) storage.

A predefined local account that is used to start a service and provide the security context for that service. The name of the account is NT AUTHORITY\System. This account does not have a password, and any password information that you supply is ignored. The Local System account has full access to the system, including the directory service on domain controllers. Because the Local System account acts as a computer on the network, it has access to network resources.

A computer-based record about an authorized user that is created automatically on the computer the first time a user logs on to a workstation or server computer.

The Apple networking hardware built into every Macintosh computer. LocalTalk includes the cables and connector boxes that connect components and network devices that are part of the AppleTalk network system. Formerly known as AppleTalk Personal Network.

A file that stores messages generated by an application, service, or operating system. These messages are used to track the operations performed. For example, Web servers maintain log files listing every request made to the server. Log files are usually plain text (ASCII) files and often have a .log extension.

In Backup, a file that contains a record of the date the tapes were created and the names of files and directories successfully backed up and restored. The Performance Logs and Alerts service also creates log files.

A volume that you create within an extended partition on a basic master boot record (MBR) disk. Logical drives are similar to primary partitions, except that you are limited to four primary partitions per disk, whereas you can create an unlimited number of logical drives per disk. A logical drive can be formatted and assigned a drive letter.

A group of Internet Protocol (IP) hosts that belong to the same IP subnet.

The software interface between the operating system and the printer in Windows. While a printer is the device that does the actual printing, a logical printer is its software interface on the print server. This software interface determines how a print job is processed and how it is routed to its destination (to a local or network port, to a file, or to a remote print share). When you print a document, it is spooled (or stored) on the logical printer before it is sent to the printer itself.

In auditing, a group of events that are logged when a user attempts to log on to or log off from a computer.

User rights that are assigned to a user and that specify the ways in which a user can log on to a system. An example of a logon right is the right to log on to a system remotely.

A file, typically a batch file, that runs automatically every time a user logs on to a computer or network. It can be used to configure a user's working environment whenever a user logs on, and it allows an administrator to influence a user's environment without managing all aspects of it. A logon script can be assigned to one or more user accounts.

A sequence of directory names that specifies the location of the logon script. When a user logs on, the authenticating computer locates the specified logon script (if one has been assigned to that user account) by following that computer's local logon script path (usually systemroot\System32\Repl\Import\Scripts).

Digits dialed before the area or city code to access a long distance phone service. For example, in the United States of America, you dial a 1 before the area or city code: (1) (206) 000-0000. The actual digits depend on the country/region or phone service. Area codes and long distance operators are not used in all countries/regions.

A folder name or file name longer than the 8.3 file name standard (up to eight characters followed by a period and an extension of up to three characters) of the file allocation table (FAT) file system. This version of Windows supports file names up to 255 characters and automatically translates long names of files and folders to 8.3 names for MS-DOS and Windows 3.x users. In a Macintosh environment, users can assign names up to 31 characters, excluding colons, to files and folders.

An advanced Group Policy setting that is useful in certain closely managed environments, such as laboratories, classrooms, public kiosks, and reception areas. You can find the setting and its description in the Group Policy console tree under Computer Configuration\Administrative Templates\System\Group Policy. The full name of this setting is User Group Policy loopback processing mode.

A form of domain name checking DNS uses that examines characters in DNS names for valid American National Standards Institute (ANSI) character compliance. However, loose name checking does not check for compliance with DNS naming requirements and valid character usage for Internet host names, as specified in RFC 1123, Requirements for Internet Hosts - Applications and Support.

For RFC compliance, DNS domain names will use name labels made up only of valid uppercase and lowercase letters, number characters, and hyphens (A through Z, a through z, 0 through 9, and -) separated by periods.

The brightness of a color based on a scale from black to white on your monitor.

A service model that requires specific computers and services be used to complete a task. If a user must connect to a specific computer to access a service, then that service is considered machine-centric.

Storage space on the server used for folders and files of Macintosh users. A Macintosh-accessible volume is equivalent to a shared folder for Windows users. Each Macintosh-accessible volume on a computer running Services for Macintosh will correspond to a folder. Both Windows users and Macintosh users can be given access to files located in a folder that is designated as both a shared folder and a Macintosh-accessible volume.

Folder and volume permissions that are similar to the access privileges used on a Macintosh.

A cluster configuration that has two or more nodes and that is configured so that the nodes may or may not be attached to one or more cluster storage devices. The cluster configuration data is stored on multiple disks across the cluster, and the Cluster service makes sure that this data is kept consistent across the different disks. There are advantages and limitations for each cluster configuration (single node server cluster, single quorum device server cluster, and majority node set server cluster).

The Macintosh-style privilege that allows you to change the contents of folders for which you have this privilege. If you have the Make Changes privilege, you can modify, rename, move, create, and delete files in folders for which you have that privilege. When Services for Macintosh translates Macintosh-style privileges into Windows permissions, you are granted Write and Delete permissions for any folders for which you have the Make Changes privilege.

Any program that is created to do intentional harm to or compromise the security of a computer. Examples of malicious programs include trojan horses and computer viruses.

A person who has legitimate access to a system and poses a security threat to it, such as someone who tries to elevate their user rights to gain access to unauthorized data.

A security attack in which an attacker intercepts and possibly modifies data that is transmitted between two users. The attacker pretends to be the other person to each user. In a successful man-in-the-middle attack, the users are unaware that there is an attacker between them, intercepting and modifying their data. Also referred to as a bucket brigade attack.

A local NTFS file system 5.0 volume whose disk space is managed by Remote Storage. Remote Storage frees up disk space by automatically moving infrequently accessed files to a remote storage device.

Software components that include utilities for network management and monitoring, along with services that support client dialing and the updating of client phone books. Also included is the Simple Network Management Protocol (SNMP).

A set of objects that represent various types of information about a device, used by Simple Network Management Protocol (SNMP) to manage the device. Because different network management services are used for different types of devices and protocols, each service has its own set of objects.

A network-enabled host running Simple Network Management Protocol (SNMP) management software. This software requests information from SNMP agents. Also called a management console.

A user profile that is not updated when the user logs off. It is downloaded to the user's desktop each time the user logs on, and it is created by an administrator and assigned to one or more users to create consistent or job-specific user profiles. Only members of the Administrators group can change profiles.

To translate one value into another. In virtual memory systems, a computer might map a virtual address into a physical address.

The first sector on a hard disk, which begins the process of starting the computer. The MBR contains the partition table for the disk and a small amount of executable code called the master boot code.

An NTFS system file on NTFS-formatted volumes that contains information about each file and folder on the volume. The MFT is the first file on an NTFS volume.

An authoritative DNS server for a zone. Master servers can vary and are one of two types (either primary or secondary masters), depending on how the server obtains its zone data.

To enlarge a window to its largest size by clicking the Maximize button (at the right of the title bar), or by pressing ALT+SPACEBAR and then pressing X.

The period of time a password can be used before the system requires the user to change it.

A hash algorithm that creates a 128-bit hash value and was developed by RSA Data Security, Inc.

A hash algorithm that creates a 128-bit hash value and was developed by RSA Data Security, Inc.

An industry-standard one-way, 128-bit hashing scheme, developed by RSA Data Security, Inc., and used by various Point-to-Point Protocol (PPP) vendors for encrypted authentication. A hashing scheme is a method for transforming data (for example, a password) in such a way that the result is unique and cannot be changed back to its original form. The Challenge Handshake Authentication Protocol (CHAP) uses challenge-response with one-way MD5 hashing on the response. In this way, you can prove to the server that you know your password without actually sending the password over the network.

Any fixed or removable objects that store computer data. Examples include hard disks, floppy disks, tapes, and compact discs.

The address that is used for communication between network adapters on the same subnet. Each network adapter has an associated MAC address.

The original set of files that are copied to a tape or disk from local storage. Remote Storage can make up to three copies of the media master on different storage media. Each copy of the media master is called a copy set.

A logical collection of removable media that have the same management policies. Media pools are used by applications to control access to specific tapes or discs within libraries managed by Removable Storage.

A feature that, when it detects a network cable connection failure, removes the bound protocols from the failed network adapter until the cable connection is reestablished. Without these bound protocols, the network interface connected through the failed network adapter is not available for cluster communication.

A server that is joined to a domain but is not a domain controller. Member servers typically function as file servers, application servers, database servers, Web servers, certificate servers, firewalls, or remote access servers.

A portion of computer memory that can be allocated to a device or used by a program or the operating system. Devices are usually allocated a range of memory addresses.

In Task Manager, the current working set of a process, in kilobytes. The current working set is the number of pages currently resident in memory. On the Task Manager Processes tab, the column heading is Mem Usage.

In Task Manager, the change in memory, in kilobytes, used since the last update.

For Message Queuing, a unit of information sent between computers running Message Queuing. The message can contain text or binary data as defined by the sending application. All messages, including status messages, are stored in queues on Message Queuing computers.

An algorithm that ensures the quality of a block of data.

A message queuing and routing system for Windows that enables distributed applications running at different times to communicate across heterogeneous networks and with computers that may be offline. Message Queuing provides guaranteed message delivery, efficient routing, security, and priority-based messaging. Formerly known as MSMQ.

A resource type that can use Message Queuing in a cluster.

For Message Queuing (formerly known as MSMQ), a computer that can provide message queuing, routing, and directory services to client computers. Message Queuing servers can be used to:

• Provide message routing and session concentration for independent clients
• Provide message routing between sites over routing links
• Create queues and store messages for dependent clients
• Access information in Active Directory (if installed on a Windows domain controller)

The application programming interface (API) for which Active Directory provides support for backward compatibility with Microsoft Exchange applications. New applications should use Active Directory Service Interfaces (ADSI) for accessing Active Directory.

A service that sends and receives messages sent by administrators or by the Alerter service.

Data about data. For example, the title, subject, author, and size of a file constitute the file's metadata.

A number used to indicate the cost of a route in the Internet Protocol (IP) routing table that enables the selection of the best route among possible multiple routes to the same destination.

A data-compression standard that allows modems to increase throughput by compressing data before transmission. Data can be compressed with a ratio of up to 2:1. MNP5 sometimes expands data that has already been compressed, resulting in poorer performance in those cases. If you have an MNP5 modem, do not turn on modem compression and software compression at the same time. To turn on MNP5 compression, you must also turn on MNP4 error control.

An industry-standard communication protocol that allows modems to automatically retransmit corrupted data, assuring that only error-free data passes through the modem. MNP2 and MNP3 standards are included in MNP4.

A transaction manager that coordinates transactions that span multiple resource managers, such as Message Queuing and Microsoft SQL Server. MS DTC is automatically installed when Message Queuing is installed.

A framework for hosting administrative tools called snap-ins. A console might contain tools, folders or other containers, World Wide Web pages, and other administrative items. These items are displayed in the left pane of the console, called a console tree. A console has one or more windows that can provide views of the console tree. The main MMC window provides commands and tools for authoring consoles. The authoring features of MMC and the console tree itself might be hidden when a console is in User Mode.

A 128-bit key or 40-bit key encryption algorithm using RSA RC4. MPPE provides for packet confidentiality between the remote access client and the remote access or tunnel server, and it is useful where Internet Protocol security (IPSec) is not available. MPPE 40-bit keys are used to satisfy current North American export restrictions. MPPE is compatible with Network Address Translation.

A required partition on every GUID partition table (GPT) disk. System components can allocate portions of the MSR partition into new partitions for their own use. For example, when you convert a basic GPT disk to dynamic, the system allocates a portion of the MSR partition to be used as the Logical Disk Manager (LDM) metadata partition. The MSR partition varies in size based on the size of the GPT disk. For disks smaller than 16 GB, the MSR partition is 32 MB. For disks larger than 16 GB, the MSR partition is 128 MB. The MSR partition is not visible in Disk Management, and you cannot store data on the MSR partition or delete it.

The setup that specifies the type of Musical Instrument Digital Interface (MIDI) device you are using, the channel and patch settings needed to play MIDI files, and the port your device is using.

To reduce a window to a button on the taskbar by clicking the Minimize button (at the right of the title bar), or by pressing ALT+SPACEBAR and then pressing N.

The fewest characters a password can contain.

In DNS, a default Time to Live (TTL) value that is set in seconds and used with all resource records in a zone. This value is set in the start of authority (SOA) resource record for each zone. By default, the DNS server includes this value in query responses. It is used to inform recipients how long they can store and use resource records, which are provided in the query answer, before they must expire the stored records data. When TTL values are set for individual resource records, those values override the minimum TTL.

One of the two volumes that make up a mirrored volume. Each mirror of a mirrored volume resides on a different disk. If one mirror becomes unavailable (due to a disk failure, for example), Windows can use the remaining mirror to gain access to the volume's data.

A fault-tolerant volume that duplicates data on two physical disks. A mirrored volume provides data redundancy by using two identical volumes, which are called mirrors, to duplicate the information contained on the volume. A mirror is always located on a different disk. If one of the physical disks fails, the data on the failed disk becomes unavailable, but the system continues to operate in the mirror on the remaining disk. You can create mirrored volumes only on dynamic disks on computers running the Windows 2000 Server or Windows Server 2003 families of operating systems. You cannot extend mirrored volumes.

In a Windows 2000 domain, the default domain mode setting. Mixed mode enables Windows NT-based backup domain controllers to coexist with Windows 2000-based domain controllers. Mixed mode does not support universal groups or the nesting of groups. You can change the domain mode setting to native mode when all Windows NT-based domain controllers are removed from a domain.

In Windows Server 2003 domains, mixed mode is referred to as Windows 2000 mixed, and it is one of three domain functional levels available.

A device that enables computer information to be transmitted and received over a telephone line. The transmitting modem translates digital computer data into analog signals that can be carried over a telephone line. The receiving modem translates the analog signals back to digital form.

A technique used to reduce the number of characters transmitted without losing data content. The transmitting modem compresses the data and the receiving computer or modem decompresses the data back to its original state.

Protocols that determine how modems convert digital data into analog signals that can be transmitted over telephone lines.

Initially, Bell created modulation standards used in the United States, and the CCITT created international recommendations. The ITU-T (formerly called the CCITT) now makes recommendations generally adopted by modem manufacturers both internationally and in the United States. The ITU-T V series recommendations (such as V.34 and V.90) define data communication over the telephone network. The suffixes -bis and -ter (for example, V.32bis) indicate later versions.

To place a removable tape or disc into a drive.

A drive attached to an empty folder on an NTFS volume. Mounted drives function the same as any other drive, but are assigned a label or name instead of a drive letter. The mounted drive's name is resolved to a full file system path instead of just a drive letter. Members of the Administrators group can use Disk Management to create mounted drives or reassign drive letters.

An operating system used on all personal computers and compatibles. As with other operating systems, it translates user keyboard input into operations the computer can perform. MS-DOS can be easily accessed by using the command prompt, while MS-DOS-based programs can be accessed through the use of shortcuts on the desktop.

A program that is designed to run with MS-DOS and therefore may not be able to take full advantage of all Windows features.

The message queuing and routing system for Windows NT 4.0, Windows 95, and Windows 98. For Windows 2000, Windows XP, and the Windows Server 2003 family, this feature is called Message Queuing.

A character set that may consist of both one-byte and two-byte characters. A multibyte-character string may contain a mixture of single-byte and double-byte characters. Windows Server 2003 DNS uses the Unicode Transformation Format 8 (UTF-8) encoding scheme described in RFC 2044 to interpret and transform multibyte characters into single-byte characters of 8-bit length.

An extension to the DHCP protocol standard used to support dynamic assignment and configuration of IP multicast addresses on TCP/IP-based networks.

A service for resolving multicast IP addresses to the asynchronous transfer mode (ATM) addresses of the clients that have joined that multicast group. MARS can work in conjunction with the multicast server (MCS) and clients to distribute multicast data through point-to-multipoint connections.

An Internet Protocol (IP) datagram sent to a select multicast group of hosts. Each datagram is sent from a single host source for transmission and delivery to multiple host destinations using the Class D IP address reserved for a specified multicast group.

A protocol used by Internet Protocol version 6 (IPv6) hosts to report their multicast group memberships to any immediately neighboring multicast routers.

A type of media access control address used by multiple, networked computers to receive the same incoming network frames concurrently. Network Load Balancing uses multicast MAC addresses to efficiently distribute incoming network traffic to cluster hosts.

A range of multicast group IP addresses in the Class D address range that are available to be leased or assigned to multicast DHCP clients by DHCP.

A service that manages zero or more multicast groups and distributes multicast data sent to it by clients of those multicast groups through point-to-multipoint connections.

The process of sending a message simultaneously to more than one destination on a network.

A computer that has multiple network adapters or that has been configured with multiple IP addresses for a single network adapter.

The combination of two or more physical communications links' bandwidth into a single logical link to increase your remote access bandwidth and throughput by using remote access Multilink. Based on the Internet Engineering Task Force (IETF) standard RFC 1990, Multilink combines analog modem paths, Integrated Services Digital Network (ISDN) B-channels, and mixed analog and digital communications links on both your client and server computers. This increases your Internet and intranet access speed and decreases the amount of time you are connected to a remote computer.

A replication model in which any domain controller accepts and replicates directory changes. This model differs from single-master replication models, in which one domain controller stores the single modifiable copy of the directory and other domain controllers store backup copies.

Playing audio and video immediately as it is downloaded from a network, rather than storing it in a file first.

A computer configuration that runs two or more operating systems.

A protocol that enables routing over Internet Protocol (IP) and Internetwork Packet Exchange (IPX) networks by connecting local area networks (LANs) or by connecting LANs to wide area networks (WANs).

A serial interface standard that allows for the connection of music synthesizers, musical instruments, and computers. The MIDI standard is based partly on hardware and partly on a description of the way in which music and sound are encoded and communicated between MIDI devices. The information transmitted between MIDI devices is in a form called a MIDI message, which encodes aspects of sound, such as pitch and volume, as 8-bit bytes of digital information.

MIDI devices can be used for creating, recording, and playing back music. Using MIDI, computers, synthesizers, and sequencers can communicate with each other, either keeping time or actually controlling the music created by other connected equipment.

A folder that provides you with a convenient place to store documents, graphics, or other files you want to access quickly. When you save a file in a program such as WordPad or Paint, the file is automatically saved in My Documents, unless you choose a different folder.

The identifier of your computer on the network.

The process of having software translate between names that are easy for users to work with and numerical IP addresses, which are difficult for users but necessary for TCP/IP communications. Name resolution can be provided by software components such as DNS or WINS.

A service, such as that provided by WINS or DNS, that allows friendly names to be resolved to an address, or other specially defined resource data used to locate network resources of various types and purposes.

A resource record used in a zone to designate the DNS domain names for authoritative DNS servers for the zone.

A portion of memory that can be used by one process to pass information to another process, so that the output of one is the input of the other. The second process can be local (on the same computer as the first) or remote (on a networked computer).

A naming convention that defines a set of unique names for resources in a network. For DNS, a hierarchical naming structure that identifies each network resource and its place in the hierarchy of the namespace. For WINS, a flat naming structure that identifies each network resource using a single, unique name.

In Windows 2000 domains, the domain mode in which all domain controllers in a domain are running Windows 2000 and a domain administrator has switched the domain operation mode from mixed mode to native mode. Native mode supports universal groups and nesting of groups. In native mode, domain controllers running Windows NT 4.0 or earlier are not supported.

In Windows Server 2003 domains, native mode is referred to as Windows 2000 native, and it is one of three domain functional levels available.

In DNS, client caching of failed responses to a query. Negative caching improves the response time for successive queries for the same name.

A user-mode service that runs in the Windows security subsystem. The Net Logon service passes the user's credentials through a secure channel to the domain database and returns the domain security identifiers and user rights for the user. In addition, the Net Logon service performs a variety of other functions related to the user logon process, such as periodic password updates for computer accounts and domain controller discovery.

A network protocol native to Microsoft Networking. It is usually used in small, department-size local area networks (LANs) of 1 to 200 clients. NetBEUI can use Token Ring source routing as its only method of routing. NetBEUI is the Microsoft implementation of the NetBIOS standard.

A 16-byte name of a process using network basic input/output system (NetBIOS). The NetBIOS name is a name that is recognized by WINS, which maps the name to an IP address.

A tool that allows management of Windows domains and trust relationships from the command line.

A method DNS uses to give ordering and preference to IP addresses on the same network when a requesting client queries for a host name that has multiple host address (A) type resource records. This is designed so that the client program will attempt to connect to a host using the closest (and fastest) IP address available.

The file-sharing protocol that governs communications about resources (such as disk and printer), bindery, and Novell Directory Services (NDS) operations between server and client computers on a Novell NetWare network.

The device that accepts Point-to-Point Protocol (PPP) connections and places clients on the network that the NAS serves.

A device that connects your computer to a network. Sometimes called an adapter card or network interface card.

A device driver that works directly with the network adapter, acting as an intermediary between the adapter and the protocol driver.

An Internet Protocol (IP) translation process that allows a network with private addresses to access information on the Internet.

A person responsible for planning, configuring, and managing the day-to-day operation of the network. Also called a system administrator.

An application programming interface (API) that can be used by programs on a local area network (LAN). NetBIOS provides programs with a uniform set of commands for requesting the lower-level services required to manage names, conduct sessions, and send datagrams between nodes on a network.

A device that connects networks using the same communications protocols so that information can be passed from one network to the other. Also, a device that connects two local area networks (LANs), whether or not they use the same protocols. A network bridge operates at the ISO/OSI data-link layer.

A component you can use to gain access to network resources and functionality, whether you are physically at the network location or in a remote location. By using the Network Connections folder you can create, configure, store, and monitor connections. Formerly called Network and Dial-up Connections or Dial-Up Networking.

A protocol within the Point-to-Point Protocol (PPP) suite that negotiates the parameters of an individual local area network (LAN) protocol such as TCP/IP or Internetwork Packet Exchange (IPX).

A service that provides network transport and security for dynamic data exchange (DDE) conversations.

A Microsoft/3Com specification establishing a common shared interface for Microsoft operating systems to support protocol-independent transport of multiple network transport protocols (such as TCP/IP, NetBEUI, IPX/SPX, and AppleTalk). NDIS allows more than one transport protocol to be bound and to operate simultaneously over a single network adapter.

A service for distributed computing systems that provides a distributed file system, eliminating the need for keeping multiple copies of files on separate computers.

A device that connects networks using different communications protocols so that information can be passed from one network to the other. A network gateway both transfers information and converts it to a form that is compatible with the protocols being used by the receiving network.

A number used to identify the systems that are located on the same physical network bounded by routers. The network ID should be unique to the internetwork.

A service for distributed computing systems that provides a distributed database system for common configuration files.

A Windows network component that uses a distributed algorithm to load-balance Internet Protocol (IP) traffic across a number of hosts, helping to enhance the scalability and availability of mission-critical, IP-based services, such as Terminal Services, Web services, virtual private networking, and streaming media. It also provides high availability by detecting host failures and automatically redistributing traffic to the surviving hosts.

Up to 32 Web servers from which Network Load Balancing presents a single IP address to Web clients and among which Network Load Balancing distributes incoming Web requests.

The type of physical wiring and lower-layer protocols used for transmitting and receiving packets, for example, Ethernet, Fiber Distributed Data Interface (FDDI), and Token Ring.

The name of a device that exists on a network and is supported as a cluster resource by a Resource DLL provided with Windows.

A member of the TCP/IP suite of protocols used to distribute network news messages to NNTP servers and clients (newsreaders) on the Internet. NNTP is designed so that news articles are stored on a server in a central database, thus enabling a user to select specific items to read.

In the Macintosh environment, the routing address or range of addresses assigned to the physical network that AppleTalk Phase 2 routers use to direct information to the appropriate network. Also called network range and cable range.

A state in which one or more of the nodes in a cluster cannot communicate with the other cluster nodes.

A folder on a Web server. You can view files and folders on Web servers just as you would view files and folders on network servers. However, when you save a file to a network place, the file is saved on a Web server, not on your computer's hard disk. You can create network places by using the Add Network Place Wizard, which is located in My Network Places. Network places are available only on Web servers that support Web Extender Client (WEC), FrontPage extensions, and Distributed Authoring and Versioning (DAV) protocols.

A predefined local account that is used to start a service and provide the security context for that service. The name of the account is NT AUTHORITY\NetworkService. The Network Service account has limited access to the local computer and authenticated access (as the computer account) to network resources.

An interface that defines how switches in a network communicate with each other.

An IP address that includes a subnet bit-mask. Active Directory uses the subnet bit-mask to recognize sites and establish how replication of directory information will occur.

In Group Policy in the Windows Server 2003 family, to force the Group Policy object (GPO) links of the parent container to take precedence over the GPO links of the child containers. By default, the GPO links that are closest to the user or computer (links to the child container) have higher precedence than GPO links higher up (links to the parent container). Enforcement causes GPOs that are linked in parent containers to take precedence instead. In Group Policy Management console (GPMC), Enforce is used instead of No Override.

For tree structures, a location on the tree that can have links to one or more items below it.

For local area networks (LANs), a device that is connected to the network and is capable of communicating with other network devices.

For server clusters, a computer system that is an active or inactive member of a cluster.

Operating systems that are not Windows-brand operating systems.

A restore operation performed on an Active Directory domain controller in which the objects in the restored directory are not treated as authoritative. The restored objects are updated with changes held on other domain controllers in the domain.

An object that cannot logically contain other objects. For example, a file is a noncontainer object.

A namespace based on different DNS root domain names, such as that of multiple trees in the same forest.

A mode in which asynchronous transfer mode (ATM) Address Resolution Protocol/multicast address resolution service (ARP/MARS) does not forward multicast and broadcast traffic for multicast group clients. In this mode, the service returns a dynamic listing of ATM hosts currently registered for the multicast group address to requesting clients. Clients then use this list to initiate and establish their own point-to-multipoint virtual connections with each of the members in the multicast list.

Memory that cannot be paged to disk. Paging is the moving of infrequently used parts of a program's working memory from random access memory (RAM) to another storage medium, usually the hard disk.

Operating system memory that is never paged to disk. Paging is the moving of infrequently used parts of a program's working memory from RAM to another storage medium, usually the hard disk. In Task Manager, the amount of memory used by a process, in kilobytes.

A basic security function of cryptography that ensures that a party in a communication cannot falsely deny that a part of the communication occurred. Without nonrepudiation, someone can communicate and then later deny the communication or claim that the communication occurred at a different time.

A trust relationship in a multiple-domain environment that is restricted to just two domains. For example, if domain A has a nontransitive trust with domain B, and domain B trusts domain C, then there is no trust relationship between domain A and domain C. Nontransitive trusts can be one-way or two-way.

A backup that copies all selected files and marks each file as having been backed up (in other words, the archive attribute is cleared). With normal backups, you need only the most recent copy of the backup file or tape to restore all of the files. You usually perform a normal backup the first time you create a backup set.

The area on the taskbar to the right of the taskbar buttons. The notification area displays the time and can also contain shortcuts that provide quick access to programs, such as Volume Control and Power Options. Other shortcuts can appear temporarily, providing information about the status of activities. For example, the printer shortcut icon appears after a document has been sent to the printer and disappears when printing is complete.

A list maintained by the primary master for a zone of other DNS servers that should be notified when zone changes occur. The notify list is made up of IP addresses for DNS servers configured as secondary masters for the zone. When the listed servers are notified of a change to the zone, they will initiate a zone transfer with another DNS server and update the zone.

On networks running Novell NetWare 4.x and higher, a distributed database that maintains information about every resource on the network and that provides access to these resources.

A command-line tool used to diagnose DNS infrastructure.

An advanced file system that provides performance, security, reliability, and advanced features that are not found in any version of file allocation table (FAT). For example, NTFS guarantees volume consistency by using standard transaction logging and recovery techniques. If a system fails, NTFS uses its log file and checkpoint information to restore the consistency of the file system. NTFS also provides advanced features, such as file and folder permissions, encryption, disk quotas, and compression.

The settings that administrators apply to access control entries (ACEs) for managing access to files and folders under the NTFS file system. Take Ownership is an example of an NTFS permission.

A group of NetWare servers. Accounts used to create a gateway must belong to this group.

A challenge/response authentication protocol. The NTLM authentication protocol is supported in Windows 2000, Windows XP, and the Windows Server 2003 family, but it is not the default. It was the default authentication protocol for earlier versions of Windows.

Special cabling that eliminates the modem's need for asynchronous communications between two computers over short distances. A null modem cable emulates modem communication.

The Microsoft implementation of the Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX) protocol used on NetWare networks. NWLink allows connectivity between Windows-based computers and NetWare networks running IPX/SPX. NWLink also provides network basic input/output system (NetBIOS) functionality and the Routing Information Protocol (RIP).

An entity, such as a file, folder, shared folder, printer, or Active Directory object, described by a distinct, named set of attributes. For example, the attributes of a File object include its name, location, and size; the attributes of an Active Directory User object might include the user's first name, last name, and e-mail address.

For OLE and ActiveX, an object can also be any piece of information that can be linked to, or embedded into, another object.

In auditing, a group of events that are logged when an object, such as a file or folder, is accessed by means of an action for which auditing has been enabled. For example, object access events might be logged when a file is opened, modified, or deleted.

A distinct, named set of attributes that represents a specific type of entity stored in the directory, such as users, printers, or applications. The attributes include data describing the thing that is identified by the directory object. Attributes of a user might include the user's first name, last name, and e-mail address.

A number that identifies an object class or attribute. Object identifiers (OIDs) are organized into an industry-wide global hierarchy. An object identifier is represented as a dotted decimal string, such as 1.2.3.4, with each dot representing a new branch in the hierarchy. National registration authorities issue root object identifiers to individuals or organizations, who manage the hierarchy below their root object identifier.

A state that marks a component in a cluster as unavailable. A node in an offline state is either inactive or not running. Resources and groups also have an offline state.

For Message Queuing, a condition in which a computer that belongs to a domain is temporarily unable to communicate with a domain controller. This occurs when the computer itself is offline, all domain controllers in the site are offline, or when an attempt is made to access a remote computer and the remote computer is temporarily unable to query a domain controller for authentication.

A way to transfer and share information between applications by pasting information created in one application into a document created in another application, such as a spreadsheet or word processing file.

Information stored on a local disk drive. The on-disk catalog contains a list of files and folders that have been backed up in a backup set.

Information stored on backup storage media. The on-media catalog contains a list of files and folders that have been backed up in a backup set.

A trust relationship between two domains in which only one of the two domains trusts the other domain. For example, domain A trusts domain B, and domain B does not trust domain A. One-way trusts are often used to enable authenticated access to resource domains.

A state that marks a component in a cluster as available. When a node is online, it is an active member of the cluster and can own and run groups as well as honor cluster database updates, contribute votes to the quorum algorithm, and maintain heartbeats. Resources and groups also have an online state.

An application programming interface (API) that enables database applications to access data from a variety of existing data sources.

A routing protocol used in medium-sized and large networks. This protocol is more complex than Routing Information Protocol (RIP), but it allows better control and is more efficient in propagation of routing information.

A networking model introduced by the International Organization for Standardization (ISO) to promote multi-vendor interoperability. OSI is a seven-layered conceptual model consisting of the application, presentation, session, transport, network, data-link, and physical layers.

Outline fonts that are rendered from line and curve commands, and can be scaled and rotated. OpenType fonts are clear and readable in all sizes and on all output devices supported by Windows. OpenType is an extension of TrueType font technology.

A domain controller that has been assigned one or more special roles in an Active Directory domain. The domain controllers assigned these roles perform operations that are single-master (not permitted to occur at different places on the network at the same time). Examples of these operations include resource identifier allocation, schema modification, PDC emulation, adding and removing domains to and from the forest, and tracking changes to security principals across all domains in a forest.

In mathematics and in programming and computer applications, a symbol or other character indicating an operation that acts on one or more elements. You can use the following four operators in standard calculations:

/ divide
* multiply
- subtract
+ add

For Indexing Service, a word or character that specifies a relationship in a query.

An Active Directory container object used within domains. An organizational unit is a logical container into which users, groups, computers, and other organizational units are placed. It can contain objects only from its parent domain. An organizational unit is the smallest scope to which a Group Policy object (GPO) can be linked, or over which administrative authority can be delegated.

A company that typically purchases computer components from other manufacturers, uses the components to build a personal computer, preinstalls Windows onto that computer, and then sells the computer to the public.

A member of a mirrored volume or a RAID-5 volume that has failed due to a severe cause, such as a loss of power or a complete hard-disk head failure. When this happens, the fault-tolerant driver determines that it can no longer use the orphaned member and directs all new reads and writes to the remaining members of the fault-tolerant volume.

A file that is stored inside My Briefcase and not linked to any file outside My Briefcase. When you update files, the orphan file is not synchronized with any other file.

A protected-mode, virtual memory, multitasking operating system for personal computers based on the Intel 80286, 80386, i486, and Pentium processors. OS/2 can run most MS-DOS-based programs and can read all MS-DOS disks.

The client-side wizard that walks a user through the installation of an operating system or provides access to maintenance and troubleshooting utilities.

A connection between two computers that relies on a nonstandard network connection, such as a serial port connection, and nonstandard remote administration tools, such as Special Administration Console (SAC). An out-of-band connection is usually used only when a remote computer cannot access a network or is not in a functional state because of hardware or software failure.

In a Windows environment, the person who controls how permissions are set on objects and can grant permissions to others.

In the Macintosh environment, an owner is the user responsible for setting permissions for a folder on a server. A Macintosh user who creates a folder on the server automatically becomes the owner of the folder, and can then transfer ownership to someone else. Each Macintosh-accessible volume on the server also has an owner.

In the Macintosh environment, the user category to which you assign permissions for the owner of a folder or a Macintosh volume.

A network basic input/output system (NetBIOS) implementation that uses point-to-point communication with a WINS server to resolve names as IP addresses.

An icon that represents embedded or linked information. That information may consist of a complete file, such as a Paint bitmap, or part of a file, such as a spreadsheet cell. When you choose the package, the application used to create the object either plays the object (for example, a sound file) or opens and displays the object. If you change the original information, linked information is automatically updated. However, you must manually update embedded information.

An Open Systems Interconnection (OSI) network layer transmission unit that consists of binary information representing both data and a header containing an identification number, source and destination addresses, and error-control data.

Prevents certain types of network packets from either being sent or received. This can be employed for security reasons (to prevent access from unauthorized users) or to improve performance by disallowing unnecessary packets from going over a slow connection.

In network protocol communications, a specially reserved field of a defined bit length that is attached to the front of a packet for carry and transfer of control information. When the packet arrives at its destination, the field is then detached and discarded as the packet is processed and disassembled in a corresponding reverse order for each protocol layer.

A technology for breaking data into packets and then sending the packets over a network. Each packet has a header containing its source and destination, a sequence number to reassemble the information, a block of data content, and an error-checking code. The data packets may take different routes to their destination, where the original information is reassembled after the packets arrive. The international standard for packet switching networks is X.25.

A device that connects a non-X.25 device such as a modem to an X.25 packet switching network.

In virtual memory systems, a unit of data storage that is brought into random access memory (RAM), typically from a hard drive, when a requested item of data is not already in RAM.

The interrupt that occurs when software attempts to read from or write to a virtual memory location that is marked not present.

In Task Manager, page fault is the number of times data has to be retrieved from disk for a process because it was not found in memory. The page fault value accumulates from the time the process started.

In Task Manager, the change in the number of page faults since the last update.

A computer language that describes the arrangement of text and graphics on a printed page.

The system-allocated virtual memory that has been charged to a process and that can be paged. Paging is the moving of infrequently used parts of a program's working memory from random access memory (RAM) to another storage medium, usually the hard disk.

In Task Manager, the amount of system-allocated virtual memory, in kilobytes, used by a process.

A hidden file or files on the hard disk that Windows uses to hold parts of programs and data files that do not fit in memory. The paging file and physical memory, or random access memory (RAM), comprise virtual memory. Windows moves data from the paging file to memory as needed and moves data from memory to the paging file to make room for new data. Also known as a swap file.

The location (such as Upper Paper Tray or Envelope Feeder) of the paper at the printer.

The input/output connector for a parallel interface device. Printers are generally plugged into a parallel port.

For DNS and Active Directory, domains that are located in the namespace tree directly above other derivative domain names (child domains). For example, microsoft.com would be the parent domain for example.microsoft.com, a child domain.

An object in which another object resides. For example, a folder is a parent object in which a file, or child object, resides. An object can be both a parent and a child object. For example, a subfolder that contains files is both the child of the parent folder and the parent folder of the files.

A trust that is automatically established when a new domain (the child domain) is added, or becomes subordinate, to an existing domain (the parent domain). Parent-child trusts are transitive and two-way.

A calculated value that is used to reconstruct data after a failure. RAID-5 volumes stripe data and parity intermittently across a set of disks. When a disk fails, some server operating systems use the parity information together with the data on good disks to recreate the data on the failed disk.

In asynchronous communications, an extra bit used in checking for errors in groups of data bits transferred within or between computer systems. In modem-to-modem communications, a parity bit is often used to check the accuracy with which each character is transmitted.

A portion of a physical disk that functions as though it were a physically separate disk. After you create a partition, you must format it and assign it a drive letter before you can store data on it.

On basic disks, partitions are known as basic volumes, which include primary partitions and logical drives. On dynamic disks, partitions are known as dynamic volumes, which include simple, striped, spanned, mirrored, and RAID-5 volumes.

A portion of a hard disk partition that contains information about the disk's file system and a short machine language program that loads the Windows operating system.

A user authentication mechanism that uses standard Web technologies to enable single sign-on access to multiple Web resources.

A security measure used to restrict logon names to user accounts and access to computer systems and resources. A password is a string of characters that must be provided before a logon name or an access is authorized. A password can be made up of letters, numbers, and symbols, and it is case sensitive.

A simple, plaintext authentication scheme for authenticating Point-to-Point Protocol (PPP) connections. The user name and password are requested by the remote access server and returned by the remote access client in plaintext.

A collection of policy settings that define the password requirements for a Group Policy object (GPO).

A sequence of directory (or folder) names that specifies the location of a directory, file, or folder within the Windows directory tree. Each directory name and file name within the path must be preceded by a backslash (\). For example, to specify the path of a file named Readme.doc located in the Windows directory on drive C, type C:\Windows\Readme.doc.

A state that applies to a node in a cluster. The node is a fully active member in the cluster but cannot accept new resource groups (for example, a resource group cannot fail over or fail back to a paused node). You can administer and maintain a paused node.

A removable device, approximately the size of a credit card, that can be plugged into a Personal Computer Memory Card International Association (PCMCIA) slot in a portable computer. PCMCIA devices can include modems, network cards, and hard disk drives.

A domain controller that holds the PDC emulator operations master role in Active Directory. The PDC emulator services network clients that do not have Active Directory client software installed, and it replicates directory changes to any Windows NT backup domain controllers (BDCs) in the domain.

The PDC emulator handles password authentication requests involving passwords that have recently changed and not yet been replicated throughout the domain. At any time, the PDC emulator master role can be assigned to only one domain controller in each domain.

In Task Manager, the peak amount of physical memory resident in a process since it started.

A state that refers to a resource in a cluster when the resource is in the process of being brought online or taken offline.

A licensing mode that requires a separate device-based or user-based Client Access License (CAL) for each device or user that accesses a server running Windows Server 2003, regardless of the number of concurrent connections.

A licensing mode that requires a separate device-based or user-based Client Access License (CAL) for each concurrent connection to a server running Windows Server 2003.

A feature that detects when a predefined counter value rises above or falls below the configured threshold and notifies a user by means of the Messenger service.

In System Monitor, a data item that is associated with a performance object. For each counter selected, System Monitor presents a value corresponding to a particular aspect of the performance that is defined for the performance object.

In System Monitor, a logical collection of counters that is associated with a resource or service that can be monitored.

In System Monitor, a term used to distinguish between multiple performance objects of the same type on a computer.

An Internet Protocol (IP) network segment that contains resources, such as Web servers and virtual private network (VPN) servers, that are available to Internet users. Also known as screened subnet or demilitarized zone (DMZ).

A virtual circuit assigned to a preconfigured static route.

A rule associated with an object to regulate which users can gain access to the object and in what manner. Permissions are assigned or denied by the object's owner.

A secret identification code that is used to protect smart cards from misuse. The PIN is similar to a password and is known only to the owner of the card. The smart card can be used only by someone who possesses the smart card and knows the PIN.

A feature of x86-based servers that allows computers running Windows Server 2003, Enterprise Edition, and Windows Server 2003, Datacenter Edition, to support more than 4 gigabytes (GB) of physical memory. Physical Address Extension (PAE) allows up to 64 GB of physical memory to be used as regular 4-kilobyte (KB) pages and expands the number of bits that can be used by the kernel to address physical memory from 32 to 36.

A disk on a cluster storage device. Physical disks are supported as cluster resources by a Resource DLL.

The protection of critical data repositories and paths through the use of physical barriers. Physical barriers range in effectiveness and complexity from locked doors to multilayer access control systems involving proof of identity and explicit access permissions.

A utility that verifies connections to one or more remote hosts. The ping command uses Internet Control Message Protocol (ICMP) echo request and echo reply packets to determine whether a particular Internet Protocol (IP) system on a network is functional. Ping is useful for diagnosing IP network or router failures.

Short for picture element, one spot in a rectilinear grid of thousands of such spots that form an image produced on the screen by a computer or on paper by a printer. A pixel is the smallest element that display or print hardware and software can manipulate to create letters, numbers, or graphics. Also called a pel.

The Certification Request Syntax Standard, developed and maintained by RSA Data Security, Inc.

Personal Information Exchange Syntax Standard, developed and maintained by RSA Data Security, Inc. This standard primarily provides a format for storing keys or a certificate in a file.

The Cryptographic Message Syntax Standard. It is a general syntax, developed and maintained by RSA Data Security, Inc., for data to which cryptography may be applied, such as digital signatures and encryption. It also provides a syntax for disseminating certificates or certificate revocation lists.

Data that is not encrypted. Sometimes also called cleartext.

A font created by a series of dots connected by lines. Plotter fonts can be scaled to any size and are most often printed on plotters. Some dot-matrix printers also support plotter fonts.

A set of specifications developed by Intel Corporation that enables a computer to detect and configure a device automatically and install the appropriate device drivers.

The local access point for a network provider. Each POP provides a telephone number that allows users to make a local call for access to online services.

Basic dial telephone connections to the public switched network, without any added features or functions. Also called plain old telephone service.

An industry standard suite of protocols for the use of point-to-point links to transport multiprotocol datagrams. PPP is documented in RFC 1661.

Networking technology that supports multiprotocol virtual private networks (VPNs), enabling remote users to access corporate networks securely across the Internet or other networks by dialing into an Internet service provider (ISP) or by connecting directly to the Internet. PPTP tunnels, or encapsulates, Internet Protocol (IP), Internetwork Packet Exchange (IPX), or NetBIOS Extended User Interface (NetBEUI) traffic inside IP packets. This means that users can remotely run applications that depend on particular network protocols.

A DNS resource record used in a reverse lookup zone to map an IP address to a DNS name.

A process that, used with split horizon, improves Routing Information Protocol (RIP) convergence over simple split horizon by advertising all network IDs. However, the network IDs learned in a given direction are advertised with a hop count of 16, indicating that the network is unavailable.

The mechanism by which computer settings are configured automatically, as defined by the administrator. Depending on context, this can refer to Group Policy or Windows NT 4.0 System Policy.

The frequency the Resource Monitor checks that the resource is available and operating. There are two levels of polling: Looks Alive and Is Alive. The server cluster requests a more thorough check of the resource's state at each Is Alive interval than it does at each Looks Alive interval; therefore, the Is Alive polling interval is typically longer than the Looks Alive polling interval. You can specify the two polling intervals and a time-out value for resources.

A popular protocol used for receiving e-mail messages. This protocol is often used by Internet service providers (ISPs). POP3 servers allow access to a single Inbox in contrast to Internet Message Access Protocol (IMAP) servers, which provide access to multiple server-side folders.

A connection point on your computer where you can connect devices that pass data into and out of a computer. For example, a printer is typically connected to a parallel port (also called an LPT port), and a modem is typically connected to a serial port (also called a COM port).

A form of network access control that uses the physical characteristics of a switched local area network (LAN) infrastructure to authenticate devices that are attached to a LAN port and to prevent access to that port if the authentication process fails. This form of network access control is used in 802.1X authentication.

The method that Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) use to specify which program running on the system is sending or receiving the data.

For Network Load Balancing, a set of configuration parameters that determine the filtering mode to be applied to a range of ports.

A method that is used to identify services or programs that respond to service requests that are made over a network port.

An Institute of Electrical and Electronics Engineers (IEEE) standard that defines a set of operating-system services. Programs that adhere to the POSIX standard can be easily ported from one system to another. POSIX was based on UNIX system services, but it was created in a way that allows it to be implemented by other operating systems.

A node in a cluster that can run a specific resource. By default, all nodes appear as possible owners, so the resource can run on any node. In most cases, it is appropriate to use this default setting. If you want the resource to be able to fail over, at least two nodes must be designated as possible owners.

A page-description language (PDL), developed by Adobe Systems for printing on laser printers. PostScript offers flexible font capability and high-quality graphics. It is the standard for desktop publishing because it is supported by imagesetters, the high-resolution printers used by printing services for commercial typesetting.

Fonts that are defined in terms of the PostScript page-description language (PDL) rules and are intended to be printed on a PostScript-compatible printer. When a document displayed in a screen font is sent to a PostScript printer, the printer uses the PostScript version if the font exists. If the font doesn't exist but a version is installed on the computer, that font is downloaded to the printer. If there is no PostScript font installed in either the printer or the computer, the bit-mapped (raster) font is translated into PostScript and the printer produces text using the bit-mapped font. PostScript fonts are distinguished from bit-mapped fonts by their smoothness, detail, and faithfulness to standards of quality established in the typographic industry.

A printer that uses the PostScript page-description language (PDL) to create text and graphics on the output medium, such as paper or overhead transparency. Examples of PostScript printers include the Apple LaserWriter, the NEC LC-890, and the QMS PS-810.

A feature of an uninterruptible power supply (UPS) that removes spikes, surges, sags, and noise from the power supply.

A group whose members can manage accounts, resources, and applications that are installed on a workstation, stand-alone server, or member server. This group does not exist on domain controllers. Administrative tasks that can be performed by members of this group include creating local users and groups; modifying and deleting accounts that they have created; removing users from the Power Users, Users, and Guests groups; installing most applications; and creating and deleting file shares.

In Group Policy, the application hierarchy, based on the order in which Group Policy objects (GPOs) are applied. The GPO that is applied last takes precedence over all other objects.

A key that represents one of the main divisions of the registry. Each predefined key is displayed in a separate Registry Editor window, with the key's name appearing in the window's title bar. For example, HKEY_CLASSES_ROOT is a predefined key.

The node on which you prefer each group to run. For example, the static load balancing model performs best when groups are appropriately balanced between two nodes. When a node fails, the remaining node takes over the groups from the failed node, but performance is diminished. By setting those groups to fail back to their preferred server (the failed node), you automatically restore maximum performance when failback occurs. A group does not fail back if a preferred owner is not selected.

You will not always choose a preferred owner because it may not matter where the group resides; all that matters is that the group is still running on one of the two nodes. Or, the nodes may be equally capable of handling the load required to use some or all of the resources.

The NetWare server that you connect to by default when you log on to your computer. The preferred server validates your user credentials and is queried when you request information about resources available on the NetWare network.

A form of security in which a remote access server verifies users by calling them back at numbers supplied by the network administrator at the time user privileges are granted. Only a network administrator can change a preset callback number. This ensures that no one can borrow a user's password and connect to the server from a location other than the user's normal one.

An Internet Protocol security (IPSec) technology in which a shared, secret key is used for authentication in IPSec policy.

To create a computer account in Active Directory before an operating system has been installed on the computer that will use the account. Prestaging is a part of supporting Remote Installation Services (RIS) for the client computer, and it ensures smooth client installations because the newly installed client computer is immediately recognized as having an account in Active Directory. The computer account information must include the globally unique identifier (GUID), which RIS uses to identify the client computer. An administrator can also use prestaging to control which computers can be installed through RIS.

The hard disk drive that contains the system and boot partitions used to start Windows.

In a Windows NT domain, a domain controller running Windows NT Server 4.0 or earlier that authenticates domain logon attempts and updates user, computer, and group accounts in a domain. The PDC contains the master read-write copy of the directory database for the domain. A domain has only one PDC.

In a Windows 2000 or Windows Server 2003 domain, the PDC emulator master supports compatibility with client computers that are not running Windows 2000 or Windows XP Professional.

The group with which a Macintosh user usually shares documents stored on a server. You specify a user's primary group in the user's account. When a user creates a folder on the server, the user's primary group is set by default as the folder's associated group.

An authoritative DNS server for a zone that can be used as a point of update for the zone. Only primary masters have the ability to be updated directly to process zone updates, which include adding, removing, or modifying resource records that are stored as zone data. Primary masters are also used as the first sources for replicating the zone to other DNS servers.

A type of partition that you can create on basic disks. A primary partition is a portion of a physical disk that functions as though it were a physically separate disk. On basic master boot record (MBR) disks, you can create up to four primary partitions on a basic disk, or three primary partitions and an extended partition with multiple logical drives. On basic GUID partition table (GPT) disks, you can create up to 128 primary partitions. Also known as a volume.

A copy of the zone that is administered locally.

The security guideline that a user should have the minimum privileges necessary to perform a specific task. This helps to ensure that, if a user is compromised, the impact is minimized by the limited privileges held by that user. In practice, a user runs within the security context of a normal user. When a task requires additional privileges, the user can use a tool such as Run as to start a specific process with those additional privileges or to log on as a user with the necessary privileges.

The source code that contains both the data to be printed and the commands for print. Print jobs are classified into data types based on what modifications, if any, the spooler must make to the job for it to print correctly.

The component that, working in conjunction with the printer driver, receives and alters print jobs, as necessary, according to their data type to ensure that the jobs print correctly.

A computer that is dedicated to managing the printers on a network. The print server can be any computer on the network.

A service that enables Macintosh clients to send and spool documents to printers attached to a computer running Windows NT Server; Windows 2000 Server; or an operating system in the Windows Server 2003 family, excluding 64-bit editions, and that enables clients to send documents to printers anywhere on an AppleTalk network. Also known as MacPrint.

Software that accepts a document sent to a printer and then stores it on disk or in memory until the printer is ready for it.

Printer queues providing access to a network printer connected to the network by an IP address rather than by an individual name. Print spoolers are supported as cluster resources by a Resource DLL.

A device that puts text or images on paper or other print media. Examples are laser printers or dot-matrix printers.

The page-description language (PDL) developed by Hewlett-Packard for their laser and inkjet printers. Because of the widespread use of laser printers, this command language has become a standard in many printers.

A program designed to allow other programs to work with a particular printer without concerning themselves with the specifics of the printer's hardware and internal language. By using printer drivers that handle the subtleties of each printer, programs can communicate properly with a variety of printers.

Fonts residing in or intended for a printer. A printer font, usually located in the printer's read-only memory (ROM), can be internal, downloaded, or on a font cartridge.

The printer command language developed by Hewlett Packard that provides printer control at the print-job level. Using PJL commands, you can change default printer settings such as number of copies to print. PJL commands also permit switching printer languages between print jobs without action by the user. If bi-directional communication is supported, a PJL-compatible printer can send information such as printer model and job status to the print server.

Permissions that specify the type of access that a user or group has to a printer. The printer permissions are Print, Manage Printers, and Manage Documents.

A window that shows information about any pending print jobs for the printer. For each printer you have installed or to which you are connected, you can view information such as how many documents are waiting to be printed, who owns them, and how large they are. Also called the queue view.

The folder in Control Panel that contains the Add Printer Wizard and icons for all the printers installed on your computer.

Two or more identical printers that are connected to one print server and act as a single printer. In this case, when you print a document, the print job will be sent to the first available printer in the pool.

An automatic telephone switching system that enables users within an organization to place calls to each other without going through the public telephone network. Users can also place calls to outside numbers.

The secret half of a cryptographic key pair that is used with a public key algorithm. Private keys are typically used to decrypt a symmetric session key, digitally sign data, or decrypt data that has been encrypted with the corresponding public key.

A cluster network that supports only node-to-node communication.

The ATM Forum standard that defines the interface between asynchronous transfer mode (ATM) switches in a private network or a public network.

For Message Queuing, a queue that is not published in Active Directory and that can be accessed only by applications that have access to the full format name of the queue.

A Macintosh-accessible volume that is accessible by only one Macintosh user. For a volume to be a private volume, the permissions on its root directory must give the volume's owner all three permissions (Make Changes, See Files, and See Folders), while giving the primary group and everyone categories no permissions at all. When a private volume's owner uses the Chooser to view the volumes available on the server, the private volume is listed; however, no other users can see the private volume when viewing the volumes available on the server.

A user's right to perform a specific task, usually one that affects an entire computer system rather than a particular object. Privileges are assigned by administrators to individual users or groups of users as part of the security settings for the computer.

The virtual address space and the control information necessary for the execution of a program.

A numerical identifier that uniquely distinguishes a process while it runs. Use Task Manager to view PIDs.

A complete, self-contained set of computer instructions that you use to perform a specific task, such as word processing, accounting, or data management. Also called an application.

A file that provides information to Windows about how best to run MS-DOS-based programs. When you start an MS-DOS-based program, Windows looks for a PIF to use with it. PIFs contain such items as the name of the file, a start-up directory, and multitasking options.

A characteristic or parameter of a class of objects or devices. For example, properties of Microsoft Word files include Size, Created, and Characters.

For Indexing Service, a file that stores values for document properties.

A specific characteristic or parameter that defines a property. For example, property values of a specific Microsoft Word document could include Size = 10,000 bytes, Created = Jan 2, 1999, and Characters = 5,250.

The first sector of a GUID partition table (GPT) disk that is structured like the first sector of a master boot record (MBR) disk to prevent x86-based disk utilities from destroying GPT partitions. The Protective MBR contains one partition that reserves the entire space used on the disk by GPT partitions.

A set of rules and conventions for sending information over a network. These rules govern the content, format, timing, sequencing, and error control of messages exchanged among network devices.

A dynamic-link library (DLL) that identifies the protocols used to send a frame onto the network.

A firewall component that manages Internet traffic to and from a local area network (LAN) and that can provide other features, such as document caching and access control. A proxy server can improve performance by supplying frequently requested data, such as a popular Web page, and it can filter and discard requests that the owner does not consider appropriate, such as requests for unauthorized access to proprietary files.

The nonsecret half of a cryptographic key pair that is used with a public key algorithm. Public keys are typically used when encrypting a session key, verifying a digital signature, or encrypting data that can be decrypted with the corresponding private key.

A family of standards for public key cryptography that includes RSA encryption, Diffie-Hellman key agreement, password-based encryption, extended-syntax, cryptographic message syntax, private key information syntax, and certificate request syntax, as well as selected attributes. Developed, owned, and maintained by RSA Data Security, Inc.

A method of encryption that uses two encryption keys that are mathematically related. One key is called the private key and is kept confidential. The other is called the public key and is freely given out to all potential correspondents. In a typical scenario, a sender uses the receiver's public key to encrypt a message. Only the receiver has the related private key to decrypt the message. The complexity of the relationship between the public key and the private key means that, provided the keys are long enough, it is computationally infeasible to determine one from the other. Also called asymmetric encryption.

The laws, policies, standards, and software that regulate or manipulate certificates and public and private keys. In practice, it is a system of digital certificates, certification authorities, and other registration authorities that verify and authenticate the validity of each party involved in an electronic transaction. Standards for PKI are still evolving, even though they are being widely implemented as a necessary element of electronic commerce.

A cluster network that supports client-to-cluster communication (either with or without supporting node-to-node communication).

For Message Queuing, a queue that is published in Active Directory and replicated throughout a Windows enterprise. Public queues can, therefore, be located by any computer running Message Queuing within the enterprise.

Standard analog telephone lines, available worldwide.

A WINS component that requests replication of updated WINS database entries from its push partner.

A form of dialing that enters a phone number by means of pulse frequencies. The user typically hears a series of clicking sounds when dialing. Old-fashioned rotary dial phones use pulse dialing.

A WINS component that notifies its pull partner when updated WINS database entries are available for replication.

An extension of a standard certification authority (CA) that allows you to place certificate issuance constraints on subordinate CAs and to place usage constraints on the certificates that are issued by subordinate CAs.

A set of quality assurance standards and mechanisms for data transmission, implemented in this version of Windows.

For Indexing Service, a structured statement that specifies the documents you want to find. The simplest query is a single word.

A list of programs or tasks waiting for execution. In Windows printing terminology, a queue refers to a group of documents waiting to be printed. In NetWare and OS/2 environments, queues are the primary software interface between the application and print device; users submit documents to a queue. With Windows, however, the printer is that interface; the document is sent to a printer, not a queue.

For Message Queuing, the storage size limit for messages in public queues. When a queue quota is reached, Message Queuing can no longer send messages to that queue until one or more messages are removed from the queue. Message Queuing enforces the computer quota before it enforces the queue quota on a computer.

For Message Queuing, a globally unique identifier (GUID) specified by the application that created the queue.

A telephone-answering protocol in which incoming calls are answered with silence instead of a tone signal. Some telephone-switching systems use quiet answering. These switching systems expect the caller to provide another phone number, code, or extension after the quiet answer.

The log where the quorum resource stores data. This data is maintained by the clustering software. Also known as the recovery log or change log.

The quorum-capable resource selected to maintain the configuration data necessary for recovery of the cluster. This data contains details of all of the changes that have been applied to the cluster database. The quorum resource is generally accessible to other cluster resources so that any cluster node has access to the most recent database changes. By default there is only one quorum resource per cluster.

In a majority node set server cluster, the replication traffic between nodes in a cluster. This replication traffic contains the cluster configuration data and ensures that the cluster quorum information is kept in sync across all nodes.

The amount of disk space available to a user.

A fault-tolerant volume with data and parity striped intermittently across three or more physical disks. Parity is a calculated value that is used to reconstruct data after a failure. If a portion of a physical disk fails, Windows recreates the data that was on the failed portion from the remaining data and parity. You can create RAID-5 volumes only on dynamic disks on computers running the Windows 2000 Server or Windows Server 2003 families of operating systems. You cannot mirror or extend RAID-5 volumes. In Windows NT 4.0, a RAID-5 volume was known as a striped set with parity.

Memory that can be read from or written to by a computer or other devices. Information stored in RAM is lost when the computer is turned off.

Fonts that are stored as bitmaps. Raster fonts are designed with a specific size and resolution for a specific printer and cannot be scaled or rotated. If a printer does not support raster fonts, it will not print them. The five raster fonts are Courier, MS Sans Serif, MS Serif, Small, and Symbol. Also called bit-mapped fonts.

A socket that provides direct access to lower-level network protocols.

A semiconductor circuit that contains information that cannot be modified.

An Internet protocol for transporting real-time traffic over multicast and unicast network services.

A set of security principles, in a non-Windows networked environment, that are subject to Kerberos authentication.

An identifying prefix or suffix appended to a user name to enable appropriate routing and authentication during a remote logon process.

A trust between non-Windows Kerberos V5 realms, such as a UNIX realm, and Active Directory domains. Realm trusts can be transitive, nontransitive, one-way, or two-way.

A state used by DHCP clients to extend and renew their address lease when the current lease is close to expiring. In this state, the client broadcasts to the network to locate any DHCP server that can either renew or replace its currently leased configuration. The rebinding state begins when 87.5 percent of the client's lease time has elapsed.

The process of making the client lease information stored in the DHCP server database consistent with a duplicate copy of this same information stored in the Windows registry. Using the DHCP Microsoft Management Console (MMC), reconciliation helps restore or recover the contents of the DHCP server database file, Dhcp.mdb, located by default in the %Systemroot%\System32\Dhcp folder.

For Message Queuing, a message that can be recovered no matter which computer fails, but that uses more resources and is slower than an express message.

A person who is issued a public key certificate for the purpose of recovering user data that is encrypted with Encrypting File System (EFS).

A command-line interface that provides a limited set of administrative commands that are useful for repairing a computer.

A type of public key Group Policy object (GPO) used by Encrypting File System (EFS) that provides for one or more user accounts to be designated as recovery agents.

A query made to a DNS server in which the requester asks the server to assume the full workload and responsibility for providing a complete answer to the query. The DNS server will then use separate iterative queries to other DNS servers on behalf of the requester to assist in completing an answer for the recursive query.

One of the two process types (iterative and recursive) for DNS name resolution. In this process, a resolver (a DNS client) will request that a DNS server provide a complete answer to a query that does not include pointers to other DNS servers. When a client makes a query and requests that the server use recursive resolution to answer, it effectively shifts the workload of resolving the query from the client to the DNS server. If the DNS server supports and uses recursive resolution, it contacts other DNS servers as necessary (using iterative queries on behalf of the client) until it obtains a definitive answer to the query. This type of resolution allows the client resolver to be small and simple.

The place in which Windows stores deleted files. You can retrieve files you deleted in error, or you can empty the Recycle Bin to create more disk space.

A method used to standardize and categorize fault-tolerant disk systems. RAID levels provide various mixes of performance, reliability, and cost. Some servers provide three of the RAID levels: Level 0 (striping), Level 1 (mirroring), and Level 5 (RAID-5).

A list of targets, transparent to the user, that a client receives from Distributed File System (DFS) when the user is accessing a root or a link in the DFS namespace. The referral information is cached on the client for a time period specified in the DFS configuration.

A server that responds to requests for service from remote installation clients. It refers clients to other remote installation servers where they can install Windows desktop operating systems. The referral server does not directly host client computers for installing the operating system.

To update displayed information with current data.

An interval of time used by secondary masters of a zone to determine how often to check if their zone data needs to be refreshed. When the refresh interval expires, the secondary master checks with its source for the zone to see if its zone data is still current or if it needs to be updated using a zone transfer. This interval is set in the start-of-authority (SOA) resource record for each zone.

The frequency with which the video screen is retraced to prevent the image from flickering. The entire image area of most monitors is refreshed approximately 60 times per second.

Contiguous chunks of storage on a disk.

File types that are tracked by the system registry and are recognized by the programs you have installed on your computer.

A computer that is configured for an administrator to request and retrieve issued certificates on behalf of other users. An RA does not require that a certification authority be installed on the same computer.