E

EAP

See Extensible Authentication Protocol.

EAP type

A specific EAP authentication scheme. Once the use of EAP is determined, the specific EAP type must be negotiated and performed.

EFS

See Encrypting File System.

election datagram

A specific datagram generated by computers on Microsoft networks to initiate elections in the browser system.

embedded object

Information created in another application that has been pasted inside a document. When information is embedded, you can edit it in the new document by using toolbars and menus from the original program. When you double-click the embedded icon, the toolbars and menus from the program used to create the information appear. Embedded information is not linked to the original file. If you change information in one place, it is not updated in the other. See also linked object.

emergency repair disk (ERD)

A disk, created by the Backup utility, that contains copies of three of the files stored in the %SystemRoot%/Repair folder, including Setup.log that contains a list of system files installed on the computer. This disk can be used during the Emergency Repair Process to repair your computer if it will not start or if your system files are damaged or erased.

emulated local area network (ELAN)

A logical network initiated by using the mechanisms defined by LAN emulation. This could include ATM and previously attached end stations.

emulator modules

Software components that allow applications written to NetBIOS and Windows Sockets interfaces to connect to the Transport Driver Interface.

enable

To make a device functional. For example, if a device in your hardware configuration settings is enabled the device is available for use when your computer uses that hardware configuration.

encapsulating security payload (ESP)

An IPSec protocol that provides confidentiality, in addition to authentication, integrity, and anti-replay. ESP can be used alone, in combination with AH, or nested with the Layer Two Tunneling Protocol (L2TP). ESP does not normally sign the entire packet unless it is being tunneled-ordinarily, just the data payload is protected, not the IP header.

encapsulation

See tunneling.

encrypted data recovery agent account

An account that can be used to decrypt a file encrypted by using the Encrypting File System (EFS) if the file owner's decryption key becomes unavailable.

encrypted password

A password that is scrambled. Encrypted passwords are more secure than plaintext passwords, which are susceptible to network sniffers.

Encrypting File System (EFS)

A new feature in Windows 2000 that protects sensitive data in files that are stored on disk using the NTFS file system. It uses symmetric key encryption in conjunction with public key technology to provide confidentiality for files. It runs as an integrated system service, which makes EFS easy to manage, difficult to attack, and transparent to the file owner and to applications.

encryption

The process of disguising a message or data in such a way as to hide its substance.

Encryption Control Protocol (ECP)

The Network Control Protocol for negotiating the use of encryption over PPP links. ECP is documented in RFC 1968.

encryption key

A bit string that is used in conjunction with an encryption algorithm to encrypt and decrypt data. See also public key; private key; symmetric key.

end system

A network device without the ability to forward packets between portions of a network. See also host.

end-to-end encryption

Data encryption between the client application and the server hosting the resource or service being accessed by the client application.

Enhanced Integrated Drive Electronics (EIDE)

An extension of the IDE standard, EIDE is a hardware interface standard for disk drive designs that houses control circuits in the drives themselves. It allows for standardized interfaces to the system bus, while providing for advanced features, such as burst data transfers and direct data access.

enterprise certification authority

A Windows 2000 certification authority that is fully integrated with Active Directory. See also certification authority; stand-alone certification authority.

entry

The lowest level element in the registry. Entries appear in the right pane of a Registry Editor window. Each entry consists of an entry name, its data type and its value.

They store the actual configuration data that affects the operating system and programs that run on the system. As such, they are different from registry keys and subkeys, which are containers.

environment variable

A string consisting of environment information, such as a drive, path, or filename, associated with a symbolic name that can be used by Windows NT and Windows 2000. Use the System option in Control Panel or the set command from the command prompt to define environment variables.

ephemeral ports

Ports in the range from 1024 - 5000.

error detection

A technique for detecting when data is lost during transmission. This allows the software to recover lost data by requesting that the transmitting computer retransmit the data.

event

Any significant occurrence in the system or an application that requires users to be notified or an entry to be added to a log.

Event Log

The file in which event logging entries are recorded.

event logging

The Windows 2000 process of recording an audit entry in the audit trail whenever certain events occur, such as services starting and stopping or users logging on and off and accessing resources. You can use Event Viewer to review Services for Macintosh events as well as Windows 2000 events.

event types

Errors, basic actions with time stamps or device problems.

everyone category

In the Macintosh environment, one of the user categories to which permissions for a folder are assigned. Permissions granted to everyone apply to all users who use the server, including guests.

expire interval

For DNS, the number of seconds that DNS servers operating as secondary masters for a zone use to determine if zone data should be expired when the zone is not refreshed and renewed. See also zone.

explicit trust relationship

A trust relationship from Windows NT in which an explicit link is made in one direction only. Explicit trusts can also exist between Windows NT domains and Windows 2000 domains, and between forests.

export

In NFS, to make a file system available by a server to a client for mounting.

Extended Industry Standard Architecture (EISA)

A 32-bit bus standard introduced in 1988 by a consortium of nine computer-industry companies. EISA maintains compatibility with the earlier Industry Standard Architecture (ISA) but provides for additional features.

extended partition

A portion of a basic disk that can contain logical drives. To have more than four volumes on your basic disk, you need to use an extended partition. Only one of the four partitions allowed per physical disk can be an extended partition, and no primary partition needs to be present to create an extended partition. You can create extended partitions only on basic disks. See also basic disk; logical drive; partition; primary partition; unallocated space.

Extensible Authentication Protocol (EAP)

An extension to PPP that allows for arbitrary authentication mechanisms to be employed for the validation of a PPP connection.

Extensible Storage Engine

The Active Directory database engine. ESE (Esent.dll) implements a transacted database system, which means that it uses log files to ensure that committed transactions are safe.

extension-type association

The association of an MS-DOS file name extension with a Macintosh file type and file creator. Extension-type associations allow users of the personal computer and Macintosh versions of the same program to share the same data files on the server. Services for Macintosh has many predefined extension-type associations.

external namespace

A public namespace that anyone on the Internet can view.

external network number

A 4-byte hexadecimal number used for addressing and routing purposes. The external network number is associated with physical network adapters and networks. To communicate with each other, all computers on the same network that use a given frame type must have the same external network number. All external network numbers must be unique to the IPX internetwork. See also internal network number; Internetwork Packet Exchange (IPX).

external reference

In Active Directory, knowledge about a referral location that is external to the forest. Virtual containers and foreign containers are external references.

external route

A route that is not within an OSPF autonomous system.

external trust relationship

A manually--created trust relationship between Windows 2000 domains that are in different forests or between a Windows 2000 domain and a domain whose domain controller is running Windows NT 4.0 or earlier.

extinction interval

A WINS database value that establishes how long entries linger in the released and tombstoned states.

extranet

A limited subset of computers or users on a public network, typically the Internet, that are able to access an organization's internal network. Typically the computers or users belong to partner organizations.

eye-gaze pointing device

An input device that uses vision to control an on-screen cursor that allows users to press on-screen buttons in dialog boxes, to choose menu items, and select cells or text.

F

factoring attack

An attack on a public key encryption algorithm in which the attacker tries all possible factors to discover the private key of a public/private key pair. This attack is similar to the key search attack that can be conducted on symmetric key encryption algorithms, but the number of possible factors varies depending on the public key algorithm.

failback (v., fail back)

In a server cluster, the moving of a failed-over group to the next node on the group's Preferred Owners list. See also failover; node; resource.

failover (v., fail over)

In a server cluster, the means of providing high availability. Upon failure, either of a resource in a group or of the node where the group is online, the Cluster service takes the group offline on that node, and then brings it online on another node. See also node; resource.

fast zone transfer

A form of zone transfer in which more than one resource record can be sent in one message.

FAT

See file allocation table.

FAT32

A derivative of the file allocation table file system. FAT32 supports smaller cluster sizes than FAT, which results in more efficient space allocation on FAT32 drives. See also file allocation table (FAT); NTFS file system.

fault tolerance

The assurance of data integrity when hardware failures occur. On the Windows NT and Windows 2000 platforms, fault tolerance is provided by the Ftdisk.sys driver.

FDDI

See Fiber Distributed Data Interface.

Fiber Distributed Data Interface (FDDI)

A type of network media designed to be used with fiber-optic cabling. See also LocalTalk; Token Ring.

FIFO

First in, first out.

file allocation table (FAT)

A file system based on a file allocation table (FAT) maintained by some operating systems, including Windows NT and Windows 2000, to keep track of the status of various segments of disk space used for file storage.

file creator

A four-character sequence that tells the Macintosh Finder the name of the program that created a file. In Services for Macintosh, extension-type associations can be created that map personal computer file name extensions to Macintosh file creators and file types. These associations allow both Windows and Macintosh users to share the same data files on the server. See also extension-type association.

File Replication service

A multithreaded replication engine that allows simultaneous replication of files between different computers. File Replication service replaces the LMRepl service that is used in Microsoft Windows NT.

file server

A server that provides organization-wide access to files, programs, and applications.

File Server for Macintosh

A Services for Macintosh service that allows Macintosh clients and Windows clients to share files. Also called MacFile.

file system

In an operating system, the overall structure in which files are named, stored, and organized. NTFS, FAT, and FAT32 are types of file systems.

File Transfer Protocol (FTP)

A protocol that defines how to transfer files from one computer to another over the Internet. FTP is also a client/server application that moves files using this protocol.

filter

In IPSec, a rule that provides the ability to trigger security negotiations for a communication based on the source, destination, and type of IP traffic. See also search filter.

Filter Actions

An IPSec negotiation policy that sets the security requirements for the IPSec SA, or Phase 2 of the communication. These requirements are specified in a list of security methods contained in the filter action, including which algorithms, security protocols, and key properties are to be used.

filtering mode

For Network Load Balancing, the method by which network traffic inbound to a cluster is handled by the hosts within the cluster. Traffic can either be handled by a single server, load balanced among the hosts within the cluster, or disabled completely. See also server.

FilterKeys

A Windows 2000 accessibility feature that allows people with physical disabilities to adjust keyboard response time. See also BounceKeys; RepeatKeys; SlowKeys.

filters

In IP and IPX packet filtering, a series of definitions that indicate to the router the type of traffic allowed or disallowed on each interface.

finite state machine

A computer, or operating system, in which a set of inputs determine not only the set of outputs but also the internal state of a computer, so that processing is optimized.

FIPS 140-1

A standard entitled "Security Requirements for Cryptographic Modules." FIPS 140-1 describes government requirements that hardware and software cryptomodules must meet for Sensitive, but Unclassified (SBU) use. FIPS 140-1 is also called Federal Information Processing Standard 140-1.

firewall

A combination of hardware and software that provides a security system, usually to prevent unauthorized access from outside to an internal network or intranet. A firewall prevents direct communication between network and external computers by routing communication through a proxy server outside of the network. The proxy server determines whether it is safe to let a file pass through to the network. A firewall is also called a security-edge gateway.

flat namespace

A namespace that is unstructured and cannot be partitioned, such as the network basic input/output system (NetBIOS) namespace. In a flat namespace, every object must have a unique name. See also namespace; hierarchical namespace; noncontiguous namespace.

flat routing infrastructure

A routing infrastructure where each network segment is represented individually by a network route in the routing table. The network IDs in a flat routing infrastructure have no network/subnet structure and cannot be summarized.

Flexible Single Master Operations (FSMO)

Active Directory operations that are not permitted to occur at different places in the network at the same time. Each role controls another specific set of directory changes. For each role, only the domain controller holding that role can make the associated directory changes. For example, Active Directory performs schema updates to prevent conflicts in a single-master fashion. Only one domain controller in the entire forest, the domain controller holding the schema master role, accepts updates to schema objects. An administrator can shift the schema master role from one domain controller to another as the need arises, but at any moment only one domain controller holds the schema master role.

flow

A stream of data sent or received by a host. Also called network traffic.

Flowspec

A traffic parameter that specifies the type of QoS requested. Flowspec is used to set parameters in the QoS packet scheduler.

folder redirection

A Group Policy option that allows you to redirect designated folders to the network.

font

A graphic design applied to a collection of numbers, symbols, and characters. A font describes a certain typeface along with other qualities such as size, spacing, and pitch.

foreground boost

A mechanism that increases the priority of a foreground application.

forest

A collection of one or more Windows 2000 Active Directory trees, organized as peers and connected by two-way transitive trust relationships between the root domains of each tree. All trees in a forest share a common schema, configuration, and Global Catalog. When a forest contains multiple trees, the trees do not form a contiguous namespace.

form

Specifies the paper size (such as letter or legal) assigned to a tray on a printer. A form defines physical characteristics such as paper size and printer area margins of the paper or other print media.

FORTEZZA

A family of security products, including PCMCIA-based cards, compatible serial port devices, combination cards (such as FORTEZZA/Modem and FORTEZZA/Ethernet), server boards, and others. FORTEZZA is a registered trademark held by the National Security Agency.

forward lookup

In DNS, a query process in which the friendly DNS domain name of a host computer is searched to find its IP address. In DNS Manager, forward lookup zones are based on DNS domain names and typically hold host address (A) resource records.

forwarder

A DNS server designated by other internal DNS servers to be used to forward queries for resolving external or offsite DNS domain names.

forwarding address

A field in a routing table entry that indicates the address to which a packet is forwarded. The forwarding address can be a physical address or an internetwork address.

forwarding IP address

The IP address to which a packet is being forwarded based on the destination IP address and the contents of the IP routing table.

fractional T1

A T1 line that consists of 23 B channels and 1 D channel. The single D channel is used for clocking purposes.

fragment offset

A field in the Internet Protocol (IP) header that is used to reconstruct the fragmented IP payload. The fragment offset indicates the position of the fragment relative to the original IP payload.

fragmentation

The scattering of parts of the same disk file over different areas of the disk. Fragmentation occurs as files on a disk are deleted and new files are added. It slows disk access and degrades the overall performance of disk operations, although usually not severely. See also defragmentation.

fragmentation and reassembly

The process used by the Internet Protocol (IP) to fragment an IP datagram into smaller packets that are reassembled by the destination host.

frame

In synchronous communication, a package of information transmitted as a single unit from one device to another. Frame is a term most often used with Ethernet networks. A frame is similar to the packet used on other networks. See also packet.

free space

Available space that is used to create logical drives within an extended partition. See also extended partition; logical drive; unallocated space.

front-end processor (FEP)

A dedicated computer that controls communications between an IBM mainframe and the network devices that communicate with it, offloading communication processing overhead from the mainframe.

FSMO

See Flexible Single Master Operations, (pronounced "fizmo")

FSMO role owner

The computer where an operation is allowed to occur is called the "FSMO role owner" for that operation. When a new FSMO role owner is selected the replication system handles synchronous transfer of FSMO role ownership and the data the FSMO protects.

FTP

See File Transfer Protocol.

full computer name

A type of FQDN. The fully qualified domain name is also known as the full computer name. The same computer could be identified by more than one FQDN. However, only the FQDN that is a concatenation of the host name and the primary DNS suffix is a full computer name.

full replica

A read and write replica of a directory partition that contains all attributes of all objects in the partition. Every domain controller has three full replicas: domain, schema, and configuration directory partitions. A full replica is also called a master replica. See also partial replica.

full zone transfer (AXFR)

The standard query type supported by all DNS servers to update and synchronize zone data when the zone is changed. When a DNS query is made using AXFR as the specified query type, the entire zone is transferred as the response. See also incremental zone transfer (IXFR); zone; zone transfer.

full-duplex

A system capable of simultaneously transmitting information in both directions over a communications channel. See also duplex; half-duplex.

fully qualified domain name (FQDN)

A DNS domain name that has been stated unambiguously so as to indicate with absolute certainty its location in the domain namespace tree. For example, client1.reskit.com. The FQDN is also known as a full computer name.

G

garbage collection interval

A measurement of time indicating how often a domain controller examines its database for expired tombstones that can be collected.

gateway

A device connected to multiple physical TCP/IP networks, capable of routing or delivering IP packets between them. A gateway translates between different transport protocols or data formats (for example, IPX and IP) and is generally added to a network primarily for its translation ability. See also IP address; IP router.

Gateway Service for NetWare

A service that creates a gateway in which Microsoft clients can access NetWare core protocol networks, such as NetWare file and print services, through a Windows 2000 server.

generic Quality of Service

A method by which a TCP/IP network can offer Quality of Service guarantees for multimedia applications. Generic Quality of Service allocates different bandwidths for each connection on an as-needed basis.

geographical domain

A type of domain named by using the 2-character country/region codes established under (ISO) 3166 of the International Organization of Standardization.

Gigabit Ethernet

The Ethernet standard that transmits data at 1billion bits per second or more.

Global Catalog

A domain controller that contains a partial replica of every domain directory partition in the forest as well as a full replica of its own domain directory partition and the schema and configuration directory partitions. The Global Catalog holds a replica of every object in Active Directory, but each object includes a limited number of its attributes. The attributes in the Global Catalog are those most frequently used in search operations (such as a user's first and last names) and those attributes that are required to locate a full replica of the object. The Global Catalog enables users and applications to find objects in Active Directory given one or more attributes of the target object, without knowing what domain holds the object. The Active Directory replication system builds the Global Catalog automatically. The attributes replicated into the Global Catalog include a base set defined by Microsoft. Administrators can specify additional properties to meet the needs of their installation.

global group

For Windows 2000 Server, a group that can be used in its own domain, in member servers and in workstations of the domain, and in trusting domains. In all those places a global group can be granted rights and permissions and can become a member of local groups. However, a global group can contain user accounts only from its own domain. See also group; local group.

globally unique identifier (GUID)

A 16-byte value generated from the unique identifier on a device, the current date and time, and a sequence number. A GUID is used to identify a particular device or component.

glue record

A record indicating the IP address of a server when delegating authority for a zone from one name server to another.

governsID

The object identifier that uniquely identifies the classSchema objects.

graphical user interface (GUI)

A display format, like that of Windows, that represents a program's functions with graphic images such as buttons and icons. GUIs allow a user to perform operations and make choices by pointing and clicking with a mouse.

gratuitous ARP

An ARP Request frame sent by a host for the host's own IP address when the TCP/IP protocol obtains addressing information. Gratuitous ARPs are used to check for duplicate IP addresses on the subnet.

group

A collection of users, computers, contacts, and other groups. Groups can be used as security or as e-mail distribution collections. Distribution groups are used only for e-mail. Security groups are used both to grant access to resources and as e-mail distribution lists. In a server cluster, a group is a collection of resources, and the basic unit of failover. See also domain local group; global group; native mode; universal group.

group account

A collection of user accounts. By making a user account a member of a group, the user obtains all the rights and permissions granted to the group. See also user account.

group address

An IP multicast address in the Class D range of 224.0.0.0 to 239.255.255.255 as defined by setting the first four high order bits of the IP address to 1110.

group memberships

The groups to which a user account belongs. Permissions and rights granted to a group are also provided to its members. In most cases, the actions a user can perform in Windows 2000 are determined by the group memberships of the user account to which the user is logged on. See also group.

group name

A unique name identifying a local group or a global group to Windows 2000. A group's name cannot be identical to any other group name or user name in its own domain or computer. See also global group; local group.

Group Policy

An administrator's tool for defining and controlling how programs, network resources, and the operating system operate for users and computers in an organization. In an Active Directory environment, Group Policy is applied to users or computers on the basis of their membership in sites, domains, or organizational units.

Group Policy object

A collection of Group Policy settings. Group Policy objects are the documents created by the Group Policy snap-in. Group Policy objects are stored at the domain level, and they affect users and computers contained in sites, domains, and organizational units. Each Windows 2000-based computer has exactly one group of settings stored locally, called the local Group Policy object.

Group Policy Security Settings

The subtrees of the Group Policy console that allow a security administrator to manually configure security levels assigned to a Group Policy object or local computer policy.

guest

A Services for Macintosh user who does not have a user account or who does not provide a password. When a Macintosh user assigns permissions to everyone, these permissions are given to the guests and users of that group.

guest account

A built-in account used to log on to a computer running Windows 2000 when a user does not have an account on the computer or domain or in any of the domains trusted by the computer's domain.

GUI mode

The portion of Setup that uses a graphical user interface (GUI).