-
The directory service included with Windows Server 2003 that provides a single point of administration, authentication, and storage for user, group, and computer objects.
Active Directory (AD)
-
Contains the definition of all object classes and attributes use in the Active Directory Database.
Active Directory schema
-
Used to define the characteristics of an object class within Active Directory.
attributes
-
The ability to increase access to server resources and provide fail-safe services by linking two or more computer systems to they appear to function as though they are one. Only supported by Windows Server 2003 Enterprise and Datacenter editions.
Clustering
-
An LDAP component used to uniquely identify an object throughout the entire LDAP hierarchy by referring to the relative distinguished name, domain name, and container holding the object.
Distinguished Name (DN)
-
A logically structured organization of objects, such as users, computers, groups, and printers, that are part of a network and share a common directory database. They are defined by an administrator and administered as a unit with common rules and procedures.
Domain
-
A collection of Active Directory tress that do not necessarily share a contiguous DNS naming convention but do share a common global catalog and schema.
Forest
-
The first domain created within the Active Directory structure.
Forest Root Domain
-
An index of the objects and attributes used throughout the Active Directory structure. It contains a partial replica of every Windows Server 2003 domain within Active Directory, enabling users to find any object in the directory.
Global Catalog
-
The Windows Server 2003 feature that allows for policy creation that affects domain users and computers. Policies can be anything from desktop settings to application assignments to security settings and more.
Group Policy
-
An access protocol that defines how users can access or update directory service objects.
Lightweight Directory Access Protocol (LDAP)
-
A Windows Server 2003 system that has a computer account in a domain, but is not configured as a domain controller.
Member Server
-
A customizable management interface that can contain a number of management tools to provide a single, unified application for network administration.
Microsoft Management Console (MMC)
-
A replication model in which any domain controller accepts and replicates directory changes to any other domain controller. This differs from other replication models in which on computer stores and single modifiable copy of the directory an other computers store back-up copies.
Multimaster Replication
-
A collection of attributes that represtent items within Active Directory, such as users, groups, computers and printers.
Objects
-
Define which types of objects can be created within Active Directory, such as users, groups, and printers.
Object Classes
-
An Active Directory logical container used to organize objects within a single domain. Objects such as users, groups, computers, and other OUs can be stored in an OU container.
Organizational Unit (OU)
-
A collection of hard disks that act as a single unit for the purpose of providing fault tolerance or increasing performance.
Redundant Array of Independent Disks (RAID)
-
An LDAP component used to identify an object within the object's container.
Relative Distinguished Name (RDN)
-
The local security and account database on a Windows Server 2003 standalone or member server.
Security Accounts Manager (SAM) Database
-
A combination of one or more Internet Protocol (IP) subnets connected a high-speed connections.
Site
-
A low-bandwidth or unreliable/occasional connection between sites. It can be adjusted for replication availability, bandwidth costs, and replication frequency. they enable control over replication and logon traffic.
Site Link
-
Microsoft software that allows security patches and updates to be deployed from a centralized server.
Software Update Services (SUS)
-
A Windows Server 2003 service that allows a user to connect to an run applications on a server as if sitting at the server console.
Terminal Services
-
The ability to domains or forests to trust one another, even though they do not have a direct trust between them.
Transitive Trust
-
A user-account naming convention that includes both the user name and domain name in the format user@domain.com.
User Principle Name (UPN)
-
A logical group of computers characterized by a decentralized security and administration model.
- WorkgroupA program stored on a flash memory chip attached to the motherboard that establishes the initial communication between the components of the computer, such as the hard drive, CD-ROM, floppy disk, video, and memory.
- Basic Input/Output System (BIOS)
-
Software that includes the instructions necessary in order for an operating system to communicate with a hardware device.
Device Driver
-
A resource that allows hardware to access RAM directly without intervention of the system CPU.
Direct Memory Access (DMA) channels
-
A digital signature that Microsoft incorporates into driver and system files as a way to verify that the files and to ensure that they are not inappropriately overwritten.
Driver Signing
-
A utility use to identify unsigned system and driver files, that provides information such as the filename, location, modification date, and version number.
File Signature Verification
-
A set of instructions telling the operating system which devices start and drivers to load when a computer starts.
Hardware Profile
-
A legacy 16-bit bus architecture that does not support the Plug and Play standard.
Industry Standard Architecture (ISA)
-
Dedicated memory areas that are allocated for the purpose of transferring information between a computer and a hardware device.
Input/Output (I/O) ranges
-
Resource used by hardware devices to gain the attention of the system processor.
Interrupt Request (IRQ) lines
-
Devices that do not follow the Plug and Play standard, such as older Industry Standard Architecture.
Legacy Devices
-
Memory ranges allocated for the purpose of communication between a hardware device and operating system.
Memory Address range
-
Disk space, in the form of a file (pagefile.sys), for use when memory requirements exceed the available RAM.
paging file
-
A set of specifications originally developed by Intel that enables a system to automatically detect hardware and configure driver and resource settings.
Plug and Play
-
A device built into electrical equipment or a separate device that provides immediate battery power to equipment during a power failure or brownout.
uninterrupted power supply (UPS)
-
Disk storage used to extend the capacity of the physical RAM installed in the computer.
virtual memory
-
The main listing of hardware devices that have been certified to the function with Windows Server 2003, and officially carry the "Designated for Windows Server 2003" logo.
- Windows Server CatalogAn active directory MMC tool that allows you to create various objects such as OUs, user accounts, groups, computers, and contacts.
- Active Directory Users and Computers
-
The process by which a user's identity is validated, which is subsequently used to grand or deny access to network resources.
authentication
-
A command-line utility that can be used to import and export data to and from Active Directory in a comma-separated file format.
CSVDE
-
An operating system running Windows NT 4.0 or earlier.
down-level operating system
-
A command-line utility used to add objects to Active Directory
DSADD
-
A command-line utility used to modify Active Directory objects.
DSMOD
-
A command-line utility used to move or rename Active Directory objects.
DSMOVE
-
A command-line utility used to delete Active Directory objects.
DSRM
-
Enables the centralized management of user desktop settings, desktop and domain security, and the deployment and management of software throughout your network.
Group Policy
-
The process by which a user provides their user name and password to be authenticated from the Log On to Windows dialog box.
interactive authentication
-
The primary authentication protocol used in Active Directory domain environments.
Kerberos version 5 (Kerberos v5)
-
An Active Directory domain controller that stores the directory database containing all users and passwords.
Key Distribution Center (KDC)
-
A command-line utility that can be used to import and export data to and from Active Directory using the LDAP Interchange Format File format.
LDIFDE
-
A user profile stored on a particular computer that doesn't follow a user across the network.
local profile
-
A user profile with settings that are not changed when a user logs off.
mandatory profile
-
The process by which a network resource or service confirms the identity of a user.
network authentication
-
The challenge-response protocol that is used for authentication purposes with operating systems running Windows NT 4.0 or earlier.
NT LAN Manager (NTLM)
-
A user profile stored on a centralized server that follows a user across a network.
roaming profile
-
A kerberos ticket granted by a KDC allowing a client to gain access to a network resource or service.
service ticket
-
A ticket passed to a client system by the KDC once successful authentication occurs.
ticket-granting ticket (TGT)
-
An object that is stored in Active Directory that represents all of the information that defines a physical user who has access permissions to the network.
user account
-
A special user account configured with settings that can be copied in order to simplify the creation of user accounts with common settings.
user account template
-
The desktop and environment settings associated with a particular user account.
- user profileA group that is only used for e-mail.
- Distribution Group
-
The level at which a Windows Server 2003 domain is configured, such as Windows 2000 mixed mode, Windows 2000 native mode, or Windows Server 2003
Domain Functional Level
-
A group that can only be assigned permission to a resource available in the domain in which it is created. However, group membership can come from any domain within the forest. Created on domain controllers within the domain.
Domain Local Group
-
A group that is mainly used for organizing other objects into administrative units. A global group can be assigned permissions to any resources in any domain within the forest. The main limitation of a global group is that it can only contain members of the same domain in which it is created.
Global Group
-
A container object that is used to organize a collection of users, computers, contacts, or other groups into a single object reference.
Group
-
A group that can be used to define permission on a resource object.
Security Group
-
A group that can be assigned permissions to any resource in any domain within the forest. These groups can consist of ANY user group object except for local groups.
Universal Group
-
The default domain function level for a Windows Server 2003 Active Directory domain. Supports Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 domain controllers
Windows 2000 mixed
-
A domain functional level that suports both Windows 2000 Server and Windows Server 2003 domain controllers.
Windows 2000 native
-
A domain function level that supports Windows Server 2003 domain controllers only.
Windows 2003 Server
-
This change is supported as long as the global group is not a member of any other global groups.
Global to Universal
-
This change is supported as long as the domain local group does not have any other domain local groups as members.
Domain local to Universal
-
This change is supported as long as the universal gropu does not have any other universal groups as a member.
Universal to global
-
This change is supported as long as the universal group is not a member of any other universal groups.
- Universal to domain localAn entry in an object's discretionary access control list (DACL) that grants permissions to a user or group. It is also an entry in an object's system access control list (SACL) that specifies the security events to be audited for a user or group.
- Access Control Entry (ACE)
-
Hidden shared folders created for the purpose of allowing administrators to access the root of partitions and other system folders remotely.
Administrative Shares
-
A predefined Microsoft Management Console (MMC) application that allows administration of a variety of computer-related tasks on the local computer or a remote computer.
Computer Management Console
-
A part of the security descriptor of an object that contains a list of user or group references that have been allowed or denied permissions to the resource.
Discretionary Access Control List (DACL)
-
The Windows Server 2003 utility used to manage disk partitions and volumes.
Disk Management
-
The permissions that actually apply to a user or group based on the different permissions of the user or groups they are members of on a particular resource.
Effective Permissions
-
A file system supported in Windows Server 2003 but traditionally associated with MS-DOS operating system. It can be used on partitions or volumes of up to 4 GB in size.
FAT
-
A derivative of another file system that supports partition sizes up to 2 TB, but provides less security features of the latest file system.
FAT32
-
The native file system of Windows Server 2003, provides better availability and performance than previous file systems, while also providing the ability to configure local security permissions, compression, encryption and more.
NTFS
-
A data resource container that has been made available over ]the network to authorized network clients.
Shared Folder
-
A more granular set of NTFS permissions that allows an administrator a higher degree of control over the abilities assigned to users or groups for a particular resource.
Special NTFS Permissions
-
The permissions available on the Security tab of an NTFS file or folder.
Standard NTFS Permissions
-
The partition from which an operating system begins the boot process. Typlically drive C: is configured as it.
Active Partition
-
In Windows Server 2003, a partitioned disk that can have up to four partitions and that uses logical drive designations. This type of disk is compatible with MS-DOS, Windows 3.x, Windows 95, Windows 98, Windows XP, Windows NT, Windows 2000, and Windows Server 2003
Basic Disk
-
A process by which fragmented files are rearranged into contiguous areas of disk space, improving file access performance.
Defragmenting
-
An MMC Snap-in user to manage and monitor disks, volumes, and partitions.
Disk Management
-
A disk in Windows Server 2003, that does not use traditional partitioning, meaning there are no restrictions on the number of volumes that can be set up on one disk or the ability to extend volumes onto additional physical disks.
Dynamic Disk
-
A partition on a basic disk that is created from unpartitioned free space, and is not formatted with a file system.
Extended Partition
-
Techniques that employ hardware and software to provide assurance against equipment failures, computer service interruptions, and data loss.
Fault Tolerance
-
A normal and gradual process in which files become divided into different areas of disk space in a volume, resulting in slower file access.
Fragmented
-
Dedicated and formatted portions of disk space created within an extended partition on a basic disk.
Logical Drives
-
A fault-tolerant disk strategy in which a volume on one dynamic disk has it's contents mirrored to a second dynamic disk.
Mirrored volume
-
A partition or volume accessible via an empty folder or an existing NTFS partition. Often implemented to circumvent the need to assign the volume or partition of a drive letter.
Mounted Driver
-
A dedicated portion of a basic disk that is potentially bootable, and formatted with a file system. A basic Disk can support a maxium of four of these.
Primary Partition
-
A fault-tolerant disk strategy that consists of creating a single volume across anywhere between three and 32 dynamic disks. It's volumes use disk striping with parity to allow the volume to remain accessible in the event that a single disk with the volume should fail.
RAID-5 Volume
-
Disk performance and fault tolerance strategies that can be implemented on a Windows Server 2003 system with multiple hard disks installed.
Redundant Array of Independent Disks (RAID)
-
A dedicated and formatted portion of disk space on a dynamic disk.
Simple Volume
-
Dedicated and formatted space on between two and 32 dynamic disks that is treated like a single volume.
Spanned Volume
-
Dedicated and formatted space on between two and 32 dynamic disks that is treated as a single logical volume, which data striped across the disks in the volume in 64KB blocks.
Striped Voume
-
An interface on a Windows network print client that works with a local software application, such as Microsoft Word, and a local printer driver to format a file to be sent to a local printer or network print server.
Graphics Device Interface (GDI)
-
A specification supported by Windows Server 2003 that allows printer to be managed from a Web browser, and print jobs to be sent to a printer using the HTTP protocol.
Internet Printer Protocol (IPP)
-
A printer, such as a laser printer, physically attached to a port on the local computer.
Local Print Device
-
A printing device, such as a laser printer, connected to a print server through a network.
Network Print Device
-
Client computer or application that generates a print job.
Print Client
-
Files that contain information that Windows Server 2003 uses to convert raw print commands to a language that the printer understands.
Print Driver
-
A stack of lineup of all requested print jobs waiting to be sent from the spooler to the printer.
Printer Queue
-
The computer in which the printers and print drivers are located. This is usually where you set up and configure the shared printing system.
Print Server
-
A configuration object in Windows Server 2003 that controls the connection to the print device.
Printer
-
Security permissions that allow an administrator to control access to printer resources, in manner similar to NTFS permissions.
Printer Permissions
-
Consists of a single printer that is connected to a number of print devices.
Printer Pool
-
Configuring multiple printers to print to the same print device. One printer is then configured to print before any of the other printers by adjusting the priority setting from 1 (lowest priority) to 99 (highest priority).
Printer Priorities
-
An Active Directory object that represents a link to or direct information on how to use or connect to the shared resource.
Published
-
A data type often used for printing MS-DOS, Windows 3.x, and UNIX print files.
RAW
-
In the Windows 95, 98, Me, NT, 2000, XP, and 2003 environment, a group of DLLs, information files, and programs that process print jobs for printing.
spooler
-
A data type used for printing text files formatted using the ANSI standard that employs values between 0 and 255 to represent characters, numbers, and symbols.
TEXT
-
A controller for the ActiveX scripting engines provided in both Windows-based and command-line versions.
Windows Script Host (WSH)
-
The name of the GPO that is linked to the domain container in Active Directory; used primarily for configuration of domain-wide password policies.
Default Domain Policy
-
The name of the default GPO that is linked to the domain controllers OU. Used primarily for configuration of policy settings that are only to be applied ot the domain controllers in the domain (i.e. auditing)
Domain Controllers Policy
-
A Group Policy feature that enables you to redirect the contents of the Application Data, Desktop, My Documents, My Pictures, and Start menu folders from a user's profile to a network location.
Folder redirection
-
A uniquie 128-bit number assigned to the object when it is created.
globally unique identifier (GUID)
-
This utility can be used to discover Group Policy-related problems and to illustrate which GPO's were applied to a user or computer. It also lists all group memberships of the user or computer being analyzed.
GPRESULT
-
Enables the centralized management of user desktop settings, desktop and domain security, and the deployment and management of software throughout your network.
Group Policy
-
An Active Directory container that stores information about the GPO and includes a version number that is used by other domain controllers to ensure that they have the latest information.
Group Policy Container (GPC)
-
An Active Directory object that is configured to apply Group Policy and linked to either the site, domain or OU level.
Group Policy Object (GPO)
-
This contains the data that makes up the Group Policy. The template includes all the settings, administrative templates, security settings, software installation settings, scripts and so forth.
Group Policy Template
-
A file that contains all the information needed to install an application in a variety of configurations.
Microsoft Windows Installer Package (MSI)
-
A graphical utility included with Windows Server 2003 that enables you to review the aggregated Group Policy settings that apply to a domain user or computer.
Result Set of Policy (RSoP)
-
A text file that can be used by Group Policy to deploy an application; it has a number of limitations compared to an MSI file.
ZAP file
-
Active Directory permissions that control whether users or groups can read of modify the attributes associated with Active Directory objects.
Attribute-level Permissions
-
The Client software component of Software Update Services.
Automatic Updates Client
-
The wizard available in Active Directory Users and Computers to simplify the delegation of administrative authority.
Delegation of Control Wizard
-
The mode used to install a program that will be used in a Terminal Services environment.
Install Mode
-
The extension associated with a saved Microsoft Management Console File.
Management Saved Console (MSC)
-
Active Directory permissions that control the level to which a user can modify an object such as a user account.
object-level permissions
-
The client software used to connect to a server running Terminal Services or Remote Desktop for Administration
Remove Desktop Connection
-
A feature that allows administrators to remotely connect to the desktop of a Windows Server 2003 system for administrative purposes.
Remove Desktop for Administration
-
A feature that allows users to open certain administrative tools or issue commands using alternate credentials.
Secondary Logon
-
A server application designed to add control and flexibility over the deployment of security patches and hot fixes to client and server systems on a network.
Software update Services (SUS)
-
A Windows Server 2003 feature that allows users to connect to a Windows Server 2003 system and interact with applications as if sitting at the server console.
Terminal Services
-
The normal running mode for a Terminal Services environment.
User Mode
-
The Windows feature that allows operating systems to download service packs, patches and hot fixes them from Microsoft in an automated fashion rather than by manual download.
Windows Update
-
An II Authentication method that utilizes .NET Password user names and passwords.
.NET Passport Authentication
-
The name of a virtual directory, or the name used to hide the real name of a directory an to simplify the directory name that would be used to access the information.
Alias
-
Allows users to access a Web Site without having to provide a user name and password.
Anonymous access
-
Refers to determining weather a user has a valid user account with the proper permissions to access a resource such as a shared folder or Web site.
Authentication
-
Allows you to limit the network bandwidth that is available for Web and FTP connections to the server.
Bandwidth throttling
-
Prompts users for a user name and password to be able to access the Web resource. The user name and password are then transmitted using Base64 encoding.
Basic Authentication
-
An FTP server that responds to TCP/IP port 21 on all configured IP address of the server that are not assigned to another site.
Default FTP Site
-
A configured website that responds to TCP/IP port 80 on all unassigned IP addresses of the server. This Website is initially empty and may be used to create a custom Web site for your organization.
Default Web Site
-
Prompts users for a user name and password to be able to access the Web resource. The user name and password are hashed to prevent hackers from obtaining them.
Digest Authentication
-
Used to transfer files between two computers that are both running TCP/IP.
File Transfer Protocol (FTP)
-
The full qualified DNS name that is used to access a Web site on an IIS server.
Host Header
-
Does not ask the users for a password but rather uses the client's currently logged-on credentials to supply a challenge/response to the Web server.
Integrated Windows Authentication
-
A windows Server 2003 component that provides web-related services to an organization.
Internet Information Services (IIS)
-
IIS parameters that are configured on the server and are inheritable by all Web and FTP sites hosted on the server.
Master PRoperties
-
IIS 6.0 stores its configuration settings in a database referred to as the IIS metabase.
Metabase
-
This protocol is used to encrypt Web Traffic between a client and the Web server.
Secure Sockets Layer (SSL)
-
A connection-based protocol, which means a session is established between the two hosts before any data is transferred.
Transmission Control Protocol (TCP)
-
A mapping to a physical directory containing content to be included on a web site.
Virtual Directory
-
A unique web or ftp site that bhaves as if it were on it's own dedicated server.
Virtual Servers
-
A folder designed to be accessed from the Internet or an intranet using the HTTP or FTP protocols.
Web Folder
|
|