.adm

The file name extension for Administrative Templates files.

.msi

The file name extension for Windows Installer package files.

1

10BaseT

An 802.3 Ethernet specification that defines how data is carried through category 3, 4, or 5 twisted pair cable.

3

3270

A class of IBM Systems Network Architecture terminal and related protocol used to communicate with IBM mainframe host systems.

3DES

An encrypting algorithm that processes each data block three times, using a unique key each time. 3DES is much more difficult to break than straight DES. It is the most secure of the DES combinations, and therefore slower in performance.

5

5250

A class of IBM Systems Network Architecture terminal and related protocol used to communicate with AS/400 host systems.

8

802.1p

A protocol that supports the mapping of RSVP signals to Layer 2 signals using 802.1p priority markings to enable the prioritization of traffic across Layer 2 devices, such as switches, on a network segment. IEEE 802 refers to the Layer 2 technology used by LANs including the data-link layer and the media access control layer.

88 class

A class defined before 1993 not required to fall into one of the structural, abstract, or auxiliary categories. This type of class is specified by a value of 0 in the objectClass category.

A

A resource record

See address (A) resource record.

AAL

See ATM Adaptation Layer.

abstract classes

Templates used only to derive new Structural classes. Abstract classes cannot be instantiated in the directory.

access control

The security mechanism in Windows NT and Windows 2000 that determines which objects a security principal can use and how the security principal can use them. See also authorization; security principal.

access control entry (ACE)

An entry in an access control list (ACL) containing the security ID (SID) for a user or group and an access mask that specifies which operations by the user or group are allowed, denied, or audited. See also access control list; access mask; security descriptor.

access control list (ACL)

A list of security protections that apply to an entire object, a set of the object's properties, or an individual property of an object. There are two types of access control lists: discretionary and system. See also access control entry; discretionary access control list; security descriptor; system access control list.

access mask

A 32-bit value that specifies the rights that are allowed or denied in an access control entry (ACE) of an access control list (ACL). An access mask is also used to request access rights when an object is opened. See also access control entry.

access privileges

Permissions set by Macintosh users that allow them to view and make changes to folders on a server. By setting access privileges (called permissions when set on a computer running Windows 2000 Server), administrators control which Macintosh computers can use folders on a volume.

access token

A data structure containing security information that identifies a user to the security subsystem on a computer running Windows 2000 or Windows NT. Access tokens contain a user's security ID, the security IDs for groups that the user belongs to, and a list of the user's privileges on the local computer. See also privilege; security ID.

accessibility

The quality of a system incorporating hardware or software to engage a flexible, customizable user interface, alternative input and output methods, and greater exposure of screen elements to make the computer usable by people with cognitive, hearing, physical, or visual disabilities.

Accessibility Wizard

An interactive tool that makes it easier to set up commonly used accessibility features by specifying options by type of disability, rather than by numeric value changes.

account domain

A Windows NT domain that holds user account data. Also known as a master domain.

account lockout

A Windows 2000 security feature that locks a user account if repeated failed logon attempts occur within a specified amount of time, based on security policy lockout settings. (Locked accounts cannot log on.)

ACE

See access control entry.

ACL

See access control list.

ACPI

See Advanced Configuration and Power Interface.

active cluster member

A node that is running and participating in cluster operations.

Active Directory

The directory service included with Windows 2000 Server. It stores information about objects on a network and makes this information available to users and network administrators. Active Directory gives network users access to permitted resources anywhere on the network using a single logon process. It provides network administrators with an intuitive hierarchical view of the network and a single point of administration for all network objects. See also directory; directory service.

Active Directory Connector (ADC)

A synchronization agent in Windows 2000 Server, Windows 2000 Advanced Server, and Windows 2000 Enterprise Server that provides an automated way of keeping directory information consistent between directories. Without the ADC, you would have to manually enter new data and updates in both directory services.

Active Directory data model

A model derived from the LDAP data model. The directory holds objects that represent entities of various sorts, described by attributes. The objects and classes of objects that can be stored in the directory are defined in the schema. For each class of objects, the schema defines what attributes an instance of the class must have, what additional attributes it may have, and what class can be its parent. See also attribute; LDAP; schema.

Active Directory Installation wizard

A Windows 2000 Server tool that allows the following during Setup: installation of Active Directory, creation of trees in a forest, replication of an existing domain, installation of Kerberos authentication software, and promotion of servers to domain controllers.

Active Directory replication

Synchronization of directory partition replicas between Windows 2000 domain controllers. Directory partition replicas are writable on each domain controller, except for Global Catalog replicas. Replication automatically copies the changes from a specified directory partition replica to all other domain controllers that hold the same directory partition replica. More specifically, a server called the "destination" pulls changes from another server called the "source". See also directory partition; File Replication service; multimaster replication; replication.

Active Directory Service Interfaces (ADSI)

A set of high-level programming interfaces that provide a single, consistent, open set of interfaces that enables Windows 2000, Windows NT, Windows 98 and Windows 95 client applications to access several network directory services, including Active Directory. ADSI provides the means for client applications of directory services to use one set of interfaces to communicate with any namespace that provides an ADSI implementation (provider)

Active Directory Users and Computers

An administrative tool designed to perform day-to-day Active Directory administration tasks. These tasks include creating, deleting, modifying, moving, and setting permissions on objects stored in the directory. These objects include organizational units, users, contacts, groups, computers, printers, and shared file objects. See also object; permissions.

Active Directory--integrated zone

A primary zone stored in Active Directory. See also zone.

active partition

The partition from which the computer starts. The active partition must be a primary partition on a basic disk. If you are using Windows 2000 exclusively, the active partition can be the same as the system partition. If you are using Windows 2000 and Windows 98 or earlier, or MS-DOS, the active partition must contain the startup files for both operating systems.

active/active

The cluster configuration of an application in which the application runs on all nodes at the same time. See also active/passive.

active/passive

The cluster configuration of an application in which the application runs on only one node at a time. See also active/active.

ActiveX

A set of technologies that enables software components to interact with one another in a networked environment, regardless of the language in which the components were created.

ActiveX control

A reusable software component that incorporates ActiveX technology.

ADC

See Active Directory Connector (ADC).

additional domain controller

When installing Active Directory, a domain controller that is being added to an existing Windows 2000 domain.

address

In Systems Management Server, addresses are used to connect sites and site systems. Senders use addresses to send instructions and data to other sites.

address (A) resource record

A resource record used to map a DNS domain name to a host IP address on the network. See also resource record.

address class

See internet address class.

address pool

A group of IP addresses in a scope. Pooled addresses are then available for dynamic assignment by a DHCP server to DHCP clients.

Address Resolution Protocol (ARP)

In TCP/IP, a protocol that uses broadcast traffic on the local network to resolve a logically assigned IP address to its physical hardware or media access control layer address. In ATM the ARP protocol is used two different ways. For classical IP over ATM, ARP is used to resolve addresses to ATM hardware addresses. For ATM LAN emulation, ARP is used to resolve Ethernet/802.3 or Token Ring addresses to ATM hardware addresses. See also media access control; Transmission Control Protocol/Internet Protocol.

adjacency

A relationship formed between selected neighboring OSPF routers for the purpose of exchanging routing information. When the link state databases of two neighboring routers are synchronized, the routers are said to be adjacent. Not every pair of neighboring routers becomes adjacent. See also link state database.

administrative template (.adm file)

A text file used by the Group Policy console as a source to generate the user interface for Group Policy settings an administrator can set. Windows NT 4.0 used an earlier version of .adm files to generate user interface for registry-based System Policy settings in the System Policy Editor.

admission control

The service used to administratively control network resources on shared network segments.

ADSI

See Active Directory Service Interfaces.

ADSI provider

COM objects that implement ADSI for a particular namespace (for example, an LDAP namespace such as Active Directory).

ADSL

See Asymmetric Digital Subscriber Line.

Advanced Configuration and Power Interface (ACPI)

An open industry specification that defines power management on a wide range of mobile, desktop, and server computers and peripherals. ACPI is the foundation for the OnNow industry initiative that allows system manufacturers to deliver computers that will start at the touch of a keyboard. ACPI design is essential to take full advantage of power management and Plug and Play in Windows 2000. Check the manufacturer's documentation to verify that a computer is ACPI-compliant. See also Plug and Play.

Advanced Peer-to-Peer Networking (APPN)

An upgrade to IBM Systems Network Architecture that supports distributed session control services and dynamic routing, avoiding dependencies on centralized mainframe network services.

Advanced Program-to-Program Communication (APPC)

An IBM Systems Network Architecture communications method that uses the LU 6.2 protocol to establish, manage, and terminate network communication between programs in a distributed computing environment.

Advanced Program-to-Program Communication File Transfer Protocol (AFTP)

A file transfer protocol used in IBM host systems, the IBM Advanced Program-to Program Communications equivalent to the TCP/IP File Transfer Protocol.

advertise

In Windows 2000 and Systems Management Server, to make a program available to members of a collection (group).

advertisement

In Systems Management Server, a notification sent by the site server to the client access points (CAPs) specifying that a software distribution program is available for clients to use. In Windows 2000, the Software Installation snap-in generates an application advertisement script and stores this script in the appropriate locations in Active Directory and the Group Policy object.

affinity mask

A value that contains bits for each processor on the system, defining which processors a process or thread can use.

agent

An application that runs on a Simple Network Management Protocol (SNMP) managed device. The agent application is the object of management activities. A computer running SNMP agent software is also sometimes referred to as an agent.

algorithm

A rule or procedure for solving a problem. Internet Protocol security uses cryptographically-based algorithms to encrypt data.

alias

An additional name that can be used to access a specific port.

all-ones subnet

The subnet for which all the bits in the subnet portion of the subnetted network ID are set to 1.

all-subnets directed broadcast address

The broadcast address designed to reach all subnets of a subnetted class-based IP network ID.

all-zeros subnet

The subnet for which all the bits in the subnet portion of the subnetted network ID are set to 0.

allocate

To mark media for use by an application. Media in the available state may be allocated.

allocated state

A state that indicates media are in use and assigned to application media pools.

alternative input devices

Input devices for users who cannot use standard input devices, such as a mouse or a keyboard.

ambiguous name resolution

In an LDAP search, the process of searching for a string value in a set of attributes by using one filter of the form (ANR=string). A defined set of attributes is available for ANR searches, and when the (ANR=string) filter is encountered, the filter is expanded to include a search of every attribute in the ANR set.

answer file

A text file that you can use to provide automated input for unattended installation of Windows 2000. This input includes parameters to answer the questions required by Setup for specific installations. In some cases, you can use this text file to provide input to wizards, such as the Active Directory Installation wizard, which is used to add Active Directory to Windows 2000 Server through Setup. The default answer file for Setup is known as Unattend.txt.

anti-replay

A feature for preventing replay attacks. See also replay attack.

AppleTalk

The Apple Computer network architecture and network protocols. A network that has Macintosh clients and a computer running Windows 2000 Server with Services for Macintosh functions as an AppleTalk network.

AppleTalk Control Protocol (ATCP)

The Network Control Protocol for AppleTalk-based PPP connections. ATCP negotiates AppleTalk-based parameters to dynamically configure an AppleTalk-based PPP peer across a point-to-point link.

AppleTalk Phase 2

The extended AppleTalk Internet model designed by Apple Computer that supports multiple zones within a network and extended addressing capacity. See also AppleTalk.

AppleTalk Protocol

The set of network protocols on which the AppleTalk network architecture is based. The AppleTalk Protocol stack must be installed on a computer running Windows 2000 Server so that Macintosh clients can connect to it. See also AppleTalk.

application assignment

A process that uses Software Installation (an extension of Group Policy) to assign programs to groups of users. The programs appear on the users' desktop when they log on.

application layer

The layer at which applications access network services. This layer represents the services that directly support applications, such as software for file transfers, database access, and e-mail.

application media pool

A data repository that determines which media can be accessed by which applications and that sets the policies for that media. There can be any number of application media pools in a Removable Storage system. Applications create application media pools.

application programming interface (API)

A set of routines that an application uses to request and carry out lower-level services performed by a computer's operating system. These routines usually carry out maintenance tasks such as managing files and displaying information.

APPN

See Advanced Peer-to-Peer Networking.

APPN domain

An APPN network node and the other physical unit (PU) type 2.1 nodes attached to it.

area

A group of contiguous networks within an OSPF autonomous system. OSPF areas reduce the size of the link state database and provide the ability to summarize routes. See also autonomous system; link state database.

area border router (ABR)

A router that is attached to multiple areas. Area border routers maintain separate link state databases for each area. See also link state database.

ARP

See Address Resolution Protocol.

ARP cache

A table of IP addresses and their corresponding media access control address. There is a separate ARP cache for each interface.

assigned applications

Applications that are assigned to users or computers by an administrator using the Software Installation snap-in an extension to Group Policy. Assigned applications are always available to users or computers managed by a Group Policy object. User-assigned applications appear to be installed on a user's computer and can be installed by selecting the software from the Start menu, or selecting a shortcut on the desktop. Applications assigned to a computer are installed when the computer is turned on.

assigning

In Windows 2000 and Systems Management Server, to deploy a program to members of a collection (group), where acceptance of the program is mandatory.

Asymmetric Digital Subscriber Line (ADSL)

A high-bandwidth digital transmission technology that uses existing phone lines and also allows voice transmissions over the same lines. Most of the traffic is transmitted downstream to the user, generally at rates of 512 Kbps to about 6 Mbps.

asymmetric key algorithm

See public-key algorithm.

Asynchronous Transfer Mode (ATM)

A high-speed connection-oriented protocol used to transport many different types of network traffic.

ATCP

AppleTalk Control Protocol.

ATM

See Asynchronous Transfer Mode.

ATM adaptation layer (AAL)

The layer of the ATM protocol stack that parses data into the payload portion of the ATM cell for transport across an ATM network. See also Asynchronous Transfer Mode (ATM).

atomic transaction

In Active Directory, database transactions that are either completed in full or are not applied at all. If for any reason an error occurs and a transaction is unable to complete all of its steps, the system is returned to the state it was in before the transaction was started.

atomic update

In a server cluster, the means by which the cluster registry key is replicated to all nodes. If any part of an atomic update on a node fails, all of it fails. In Active Directory, the method of updating an Active Directory attribute. An LDAP directory server processes each update request as an atomic action: The request either is committed and all its effects are durable, or it is terminated and has no effect. In Active Directory replication, the scope of an atomic update is the object. All of the attribute changes made to an object that are replicated at the same time are applied together atomically.

attribute (object)

In Active Directory, an attribute describes characteristics of an object and the type of information an object can hold. For each object class, the schema defines what attributes an instance of the class must have and what additional attributes it might have.

attributeID

The object identifier that is the unique name of an attribute.

attributes (file)

Information that indicates whether a file is read-only, hidden, ready for archiving (backing up), compressed, or encrypted, and whether the file contents should be indexed for fast file searching.

attributeSyntax

The syntax object identifier for this attribute.

auditing

To track the activities of users by recording selected types of events in the security log of a server or a workstation.

augmentative communication devices

Add-on software and hardware that can help users with disabilities control a computer by using assistive technology. Examples are speech recognition systems and screen readers.

authentication

A basic security function of cryptography. Authentication verifies the identity of the entities that communicate over the network. For example, the process that verifies the identity of a user who logs on to a computer either locally, at a computer's keyboard, or remotely, through a network connection. See also cryptography; confidentiality; integrity; Kerberos authentication protocol; nonrepudiation; NTLM authentication protocol.

authentication

The IPSec process that verifies the origin and integrity of a message by assuring the genuine identity of each computer. Without strong authentication, an unknown computer and any data it sends is suspect. IPSec provides multiple methods of authentication to ensure compatibility with earlier systems running earlier versions of Windows, non-Windows-based systems, and shared computers.

authentication

In network access, the process by which the system validates the user's logon information. A user's name and password are compared against an authorized list. If the system detects a match, access is granted to the extent specified in the permissions list for that user. When a user logs on to an account on a computer running Windows 2000 Professional, the authentication is performed by the client. When a user logs on to an account on a Windows 2000 Server domain, authentication can be performed by any server of that domain. See also server; trust relationship.

Authentication Header (AH)

A header that provides authentication, integrity, and anti-replay for the entire packet (both the IP header and the data payload carried in the packet).

authenticator

A data structure used by one party to prove that another party knows a secret key. In the Kerberos authentication protocol, authenticators include timestamps, to prevent replay attacks, and are encrypted with the session key issued by the Key Distribution Center (KDC). See also Kerberos authentication protocol; Key Distribution Center; replay attack; secret key.

authoritative

In the Domain Name System (DNS), the use of zones by DNS servers to register and resolve a DNS domain name. When a DNS server is configured to host a zone, it is authoritative for names within that zone. DNS servers are granted authority based on information stored in the zone. See also zone.

authoritative restore

In Backup, a type of restore operation on a Windows 2000 domain controller in which the objects in the restored directory are treated as authoritative, replacing (through replication) all existing copies of those objects. Authoritative restore is applicable only to replicated System State data such as Active Directory data and File Replication service data. The Ntdsutil.exe utility is used to perform an authoritative restore. See also nonauthoritative restore; System State.

authorization

The process that determines what a user is permitted to do on a computer system or network. For remote access or demand-dial routing connections, the verification that the connection attempt is allowed. Authorization occurs after successful authentication. See also access control; authentication.

automated installation

To run an unattended setup using one or more of several methods such as Remote Installation Services, bootable CD, and Sysprep.

automatic file truncation

A process that converts premigrated files into a remote storage identifier or placeholder to reclaim space on the managed volume. Automatic file truncation is initiated on a managed volume whenever the amount of free space is less than the desired free space as defined by the administrator.

Automatic Private IP Addressing (APIPA)

A feature of Windows 2000 TCP/IP that automatically configures a unique IP address from the range 169.254.0.1 to 169.254.255.254 and a subnet mask of 255.255.0.0 when the TCP/IP protocol is configured for dynamic addressing and a Dynamic Host Configuration Protocol (DHCP) is not available.

Automation

A Component Object Model (COM) based technology that allows for interoperability among ActiveX components, including OLE components. Formerly referred to as OLE Automation. See also ActiveX; object linking and embedding.

autonomous system (AS)

A group of routers exchanging routing information by using a common routing protocol.

auxiliaryClass

A multivalued property that specifies the auxiliary classes from which this class inherits. For an existing classSchema object, values can be added to this property but not removed.

Each value is the lDAPDisplayName of a class. You must ensure that the class exists or will exist when the new class is written to the directory. If one of the classes does not exist, the classSchema object fails to be added to the directory.

The full set of auxiliary classes is the union of the systemAuxiliaryClass and auxiliaryClass on this class as well as the systemAuxiliaryClass and auxiliaryClass properties of all inherited classes.

availability

A measure of the fault tolerance of a computer and its programs. A highly available computer runs 24 hours a day, 7 days a week. See also fault tolerance.

available bit rate (ABR)

An ATM service type that supports available-bit-rate traffic, minimum guaranteed transmission rate, and peak data rates. ABR also allows bandwidth allocation depending on availability, and it uses flow control to communicate bandwidth availability to the end node.

available state

A state in which media can be allocated for use by applications.

averaging counter

A type of counter that measures a value over time and displays the average of the last two measurements over some other factor (for example, PhysicalDisk\Avg. Disk Bytes/Transfer).

AXFR

See full zone transfer.