H

h-node

A NetBIOS node type that uses a hybrid of b-node and p-node to register and resolve NetBIOS names to IP addresses. An h-node computer uses a server query first and reverts to broadcasts only if direct queries fail. Windows 2000-based computers are h-node by default.

HAL

See hardware abstraction layer.

half-duplex

A system capable of transmitting information in only one direction at a time over a communications channel. See also duplex; full-duplex.

handle

In the user interface, an interface added to an object that facilitates moving, sizing, reshaping, or other functions pertaining to an object. In programming, a pointer to a pointer--that is, a token that lets a program access a resource identified.

hard affinity

A mechanism by which a thread can only run on a set of processors.

hardware abstraction layer (HAL)

A thin layer of software provided by the hardware manufacturer that hides, or abstracts, hardware differences from higher layers of the operating system. Through the filter provided by the HAL, different types of hardware all look alike to the rest of the operating system. This allows Windows NT and Windows 2000 to be portable from one hardware platform to another. The HAL also provides routines that allow a single device driver to support the same device on all platforms. The HAL works closely with the kernel.

Hardware Compatibility List (HCL)

A list of the devices supported by Windows 2000, available from the Microsoft Web site.

hardware failure

A malfunction of a physical component, such as a disk head failure or memory error.

hardware inventory

The automated process that Systems Management Server uses to gather detailed information about the hardware in use on client computers in a Systems Management Server site.

hardware malfunction message

A character-based, full-screen error message displayed on a blue background. It indicates the microprocessor detected a hardware error condition from which the system cannot recover.

hardware router

A router that performs routing as a dedicated function and has specific hardware designed and optimized for routing.

hardware type

A classification for similar devices. For example, Imaging Device is a hardware type for digital cameras and scanners.

hash

See message digest; message digest function.

hash function

See message digest; message digest function.

Hash Message Authentication Code (HMAC)

A mechanism for ensuring the data integrity of online communications that uses cryptographic message digest functions to provide online integrity checking of data that is transmitted. HMAC can be used with any iterative cryptographic message digest function, for example, MD5, SHA-1, in combination with a secret shared key. The cryptographic strength of HMAC depends on the properties of the underlying message digest function. HMAC is also called Hash-based Message Authentication Code algorithm. See also message digest; message digest function.

hash message authentication code-secure hash algorithm (HMAC-SHA)

An algorithm developed by the National Institute of Standards and Technology as described in FIPS PUB 180-1. The SHA process is closely modeled after MD5. SHA uses 79, 32-bit constants during the computation, which results in a 160-bit key that is used for integrity check.

hashing algorithm

See message digest; message digest function.

HCL

See Hardware Compatibility List.

header error check (HEC)

The fifth byte in the ATM cell header used to detect and correct errors in the ATM header.

heartbeat

In a server cluster or Network Load Balancing cluster, a periodic message sent between nodes to detect system failure of any node.

heartbeat thread

A thread initiated by the Windows NT Virtual DOS Machine (NTVDM) process that interrupts every 55 milliseconds to simulate a timer interrupt.

hexadecimal

A base-16 number system whose numbers are represented by the digits 0 through 9 and the letters A (equivalent to decimal 10) through F (equivalent to decimal 15).

hierarchical namespace

A namespace, such as the DNS namespace or Active Directory namespace, that is hierarchically structured and provides rules that allow the namespace to be partitioned. See also namespace; flat namespace; noncontiguous namespace.

hierarchical routing infrastructure

A routing infrastructure where groups of network IDs can be represented as a single routing table entry through route summarization. The network IDs in a hierarchical internetwork have a network/subnet/sub-subnet structure.

hierarchical storage management (HSM)

A technology that automates storage management and lowers storage costs by automatically migrating infrequently accessed files from local storage to remote storage and recalling the files upon user demand.

high availability

The ability to keep an application or service operational and usable by clients most of the time.

high performance file system (HPFS)

The file system designed for the OS/2 version 1.2 operating system.

hop count

The value in the Transport Control field that indicates the number of IPX routers that have processed the IPX packet.

host

A Windows 2000 computer that runs a server program or service used by network or remote clients. For Network Load Balancing, a cluster consists of multiple hosts connected over a local area network.

host address

See host ID.

host group

The set of hosts listening for IP multicast traffic sent to a specific multicast group address.

host ID

A number used to identify an interface on a physical network bounded by routers. The host ID should be unique to the network.

host name

The name of a computer on a network. In the Windows 2000 Server Resource Kit, host name is used to refer to the first label of a fully qualified domain name. See also Hosts file.

host priority

For Network Load Balancing, a host's precedence for handling default network traffic for TCP and UDP ports. It is used if a host within the cluster goes offline, and determines which host within the cluster will assume responsibility for the traffic previously handled by the offline host. See also User Datagram Protocol (UDP).

host route

A route to a specific internetwork address (network ID and host ID). Instead of making a routing decision based on just the network ID, the routing decision is based on the combination of network ID and host ID. Host routes allow intelligent routing decisions to be made for each internetwork address. Host routes are typically used to create custom routes to control or optimize specific types of internetwork traffic. For IP routing tables, a host route has a netmask of 255.255.255.255.

Hosts

See Hosts file.

Hosts file

A local text file in the same format as the 4.3 Berkeley Software Distribution (BSD) UNIX/etc/hosts file. This file maps host names to IP addresses. In Windows 2000, this file is stored in the \%SystemRoot%\System32\Drivers\Etc folder. See also systemroot.

hot keys

A Windows feature that allows quick activation of specified accessibility features through a combination of keys pressed in unison.

HTML

See Hypertext Markup Language.

HTTP

See Hypertext Transfer Protocol.

hub

A network-enabled device joining communication lines at a central location, providing a common connection to all devices on the network.

hub-and-spoke

A WINS server configuration that uses a central "hub" as a point of contact for many outlying WINS server "spokes" to improve convergence time.

Hypertext Markup Language (HTML)

A simple markup language used to create hypertext documents that are portable from one platform to another. HTML files are simple ASCII text files with embedded codes (indicated by markup tags) to indicate formatting and hypertext links. HTML is used for formatting documents on the World Wide Web.

Hypertext Transfer Protocol (HTTP)

The protocol used to transfer information on the World Wide Web. An HTTP address (one kind of Uniform Resource Locator [URL]) takes the form: http://www.microsoft.com.

I

ICMP router discovery

See router discovery.

ideal processor

A processor associated with a thread containing a default value assigned by the system, or specified by the program developer in the application code. In Windows 2000, the scheduler favors running a thread on the ideal processor that is assigned to the thread as part of the soft affinity algorithm.

idempotent

An initialization subroutine that completes an action only once, even if the routine is called more than once.

IKE

See Internet Key Exchange.

illegal address

A duplicate address that conflicts with a public IP address already assigned by the InterNIC to other organizations.

impersonation

A circumstance that occurs when Windows NT or Windows 2000 allows one process to take on the security attributes of another.

impersonation token

An access token that has been created to capture the security information of a client process, allowing a service to "impersonate" the client process in security operations. See also access token; primary token.

import media pool

A repository where Removable Storage puts media when it recognizes the on-media identifier (OMID), but does not have the media cataloged in the current Removable Storage database.

imported state

A state that indicates media whose label types are recognized by Removable Storage, but whose label IDs are not cataloged by Removable Storage.

in-addr.arpa domain

A special top-level DNS domain reserved for reverse mapping of IP addresses to DNS host names. See also reverse lookup; top-level domains.

inaccessible state

A state that indicates that a side of a multi-cartridge drive is in a drive, but is not in the accessible state.

inactive cluster member

In a server cluster, a node that is not running.

incompatible state

A state that indicates that media are not compatible with the library in which they were classified. This media should be immediately ejected from the library hardware unit.

incremental zone transfer (IXFR)

An alternate query type that can be used by some DNS servers to update and synchronize zone data when a zone is changed. When incremental zone transfer is supported between DNS servers, servers can keep track of and transfer only those incremental resource record changes between each version of the zone. See also full zone transfer (AXFR); zone; zone transfer.

independent software vendors (ISVs)

A third-party software developer; an individual or an organization that independently creates computer software.

index key

A sequence of attributes from a database table, whose value uniquely identifies each row in the table. Also called a key segment.

indirect delivery

The delivery of an IP packet by an IP node to an intermediate router.

infrared (IR)

Light that is beyond red in the color spectrum. While the light is not visible to the human eye, infrared transmitters and receivers can send and receive infrared signals. See also Infrared Data Association; infrared device; infrared port.

Infrared Data Association (IrDA)

A networking protocol used to transmit data created by infrared devices. Infrared Data Association is also the name of the industry organization of computer, component, and telecommunications vendors who establish the standards for infrared communication between computers and peripheral devices, such as printers. See also infrared; infrared device; infrared port.

infrared device

A computer, or a computer peripheral such as a printer, that can communicate using infrared light. See also infrared.

infrared port

An optical port on a computer that enables communication with other computers or devices by using infrared light, without cables. Infrared ports can be found on some portable computers, printers, and cameras. See also infrared device.

infrastructure master

The domain controller holding the infrastructure master role for the group's domain that is responsible for updating the cross-domain group-to-user reference to reflect the user's new name. The infrastructure master updates these references locally and uses replication to bring all other replicas of the domain up--to--date. If the infrastructure master is unavailable, these updates are delayed. See also Active Directory; domain controller; multimaster replication; operations master; replication.

inheritance

The ability to build new object classes from existing object classes. The new object is defined as a subclass of the original object. The original object becomes a superclass of the new object. A subclass inherits the attributes of the superclass, including structure rules and content rules.

inode

A UNIX system data structure that contains unique identifying information about a file.

input filter

A filter that defines the incoming traffic on a given interface that is allowed to be routed or processed by the router.

input/output (I/O) port

A channel through which data is transferred between a device and the microprocessor. The port appears to the microprocessor as one or more memory addresses that it can use to send or receive data.

insertion point

The place where text will be inserted when typed. The insertion point usually appears as a flashing vertical bar in an application's window or in a dialog box.

install

When referring to software, to add program files and folders to your hard disk and related data to your registry so that the software will run properly. "Installing" contrasts with "upgrading," where existing program files, folders, and registry entries are updated to a more recent version. When referring to hardware, to physically connect the device to your computer, to load device drivers onto your computer, and to configure device properties and settings. See also device driver; registry.

instantaneous counter

A type of counter that displays the most recent measurement taken by the Performance console.

integrated local management interface (ILMI)

A set of functions used to exchange configuration data in an ATM network. The ATM Call Manager in Windows ATM Services uses ILMI for many tasks, such as exchanging ATM addresses. By default, the ATM Call Manager uses ILMI on all ATM network adapters.

Integrated Services Digital Network (ISDN)

A type of phone line used to enhance WAN speeds. ISDN lines can transmit at speeds of 64 or 128 kilobits per second, as opposed to standard phone lines, which typically transmit at 28.8 kilobits per second. An ISDN line must be installed by the phone company at both the server site and the remote site. See also wide area network (WAN).

Integrated Services over slow links (ISSLOW)

A queuing mechanism used to optimize slow (low capacity) network interfaces by reducing latency. In particular, it is designed for interfaces that forward traffic to modem links, ISDN B- channels, and sub-T1 links.

integrity

A basic security function of cryptography. Integrity provides verification that the original contents of information have not been altered or corrupted. Without integrity, someone might alter information or the information might become corrupted, but the alteration can go undetected. For example, an Internet Protocol security property that protects data from unauthorized modification in transit, ensuring that the data received is exactly the same as the data sent. Hash functions sign each packet with a cryptographic checksum, which the receiving computer checks before opening the packet. If the packet-and therefore signature-has changed, the packet is discarded. See also cryptography; authentication; confidentiality; nonrepudiation.

IntelliMirror

A set of Windows 2000 features used for desktop change and configuration management. When IntelliMirror is used in both the server and client, the users' data, applications, and settings follow them when they move to another computer.

interface

In networking, a logical device over which packets can be sent and received. In the Routing and Remote Access administrative tool, it is a visual representation of the network segment that can be reached over the LAN or WAN adapters. Each interface has a unique name. See also network adapter; local area network (LAN); routing; wide area network (WAN).

Interior Gateway Routing Protocol (IGRP)

A distance vector IP routing protocol developed by Cisco Systems, Inc.

intermediate system

A network device with the ability to forward packets between portions of a network. Bridges, switches, and routers are examples of intermediate systems.

internal namespace

A private namespace that is only used by users within an organization.

internal network number

A 4-byte hexadecimal number used for addressing and routing purposes. The internal network number identifies a virtual network inside a computer. The internal network number must be unique to the IPX internetwork. Internal network number is also called virtual network number. See also external network number; Internetwork Packet Exchange (IPX).

Internet

A worldwide public TCP/IP internetwork consisting of thousands of networks, connecting research facilities, universities, libraries, and private companies.

internet

Two or more network segments connected by routers. Another term for internetwork. With TCP/IP, an internet can be created by connecting two or more IP networks to a multihomed computer running either Windows 2000 Server or Windows 2000 Professional. IP forwarding must be enabled to route between attached IP network segments.

Internet address class

The original Internet design of dividing the IP address space into defined classes to accommodate different sizes of networks. Address classes are no longer used on the modern Internet. See Class A IP address, Class B IP address, and Class C IP address.

Internet Assigned Numbers Authority (IANA)

An organization that delegates IP addresses and their allocation to organizations such as the InterNIC.

Internet Control Message Protocol (ICMP)

A required maintenance protocol in the TCP/IP suite that reports errors and allows simple connectivity. ICMP is used by the Ping tool to perform TCP/IP troubleshooting.

Internet Engineering Task Force (IETF)

An open community of network designers, operators, vendors, and researchers concerned with the evolution of Internet architecture and the smooth operation of the Internet. Technical work is performed by working groups organized by topic areas (such as routing, transport, and security) and through mailing lists. Internet standards are developed in IETF Requests for Comments (RFCs), which are a series of notes that discuss many aspects of computing and computer communication, focusing on networking protocols, programs, and concepts.

Internet Group Management Protocol (IGMP)

A protocol in the TCP/IP protocol suite that is responsible for the management of IP multicast group membership.

Internet Information Services (IIS)

Software services that support Web site creation, configuration, and management, along with other Internet functions. Internet Information Services include Network News Transfer Protocol (NNTP), File Transfer Protocol (FTP), and Simple Mail Transfer Protocol (SMTP). See also File Transfer Protocol (FTP); Network News Transfer Protocol (NNTP); Simple Mail Transfer Protocol (SMTP).

Internet Key Exchange (IKE)

A protocol that establishes the security association and shared keys necessary for two parties to communicate with Internet Protocol security.

internet layer

A layer of the TCP/IP DARPA model that is responsible for addressing, packaging, and routing functions.

Internet Multicast Backbone

The portion of the Internet that supports multicast routing and forwarding of Internet-based IP multicast traffic. The MBone structure consists of a series of multicast-enabled islands, collections of contiguous networks, connected together using tunnels. Multicast traffic is passed from one island to another by tunneling - encapsulating the IP multicast packet with an additional IP header addressed from one router in a multicast island to another router in another multicast island.

Internet Protocol (IP)

A routable protocol in the TCP/IP protocol suite that is responsible for IP addressing, routing, and the fragmentation and reassembly of IP packets.

Internet Protocol Control Protocol (IPCP)

The Network Control Protocol for IP-based PPP connections. IPCP negotiates IP-based parameters to dynamically configure a TCP/IP-based PPP peer across a point-to-point link. IPCP is documented in RFCs 1332 and 1877.

Internet Protocol security (IPSec)

A set of industry-standard, cryptography-based protection services and protocols. IPSec protects all protocols in the TCP/IP protocol suite and Internet communications using L2TP. See also Layer Two Tunneling Protocol (L2TP).

Internet Protocol security policy

Enforces Internet Protocol security by specifying which security services are used to protect data, and for whom Internet Protocol security Management is used to administer Internet Protocol security policies. See also Internet Protocol Security.

internet router

A device that connects networks and directs network information to other networks, usually choosing the most efficient route through other routers. See also router.

Internet service provider (ISP)

A company that provides individuals or companies access to the Internet and the World Wide Web. An ISP provides a telephone number, a user name, a password and other connection information so users can connect their computers to the ISP's computers. An ISP typically charges a monthly and/or hourly connection fee.

internetwork

At least two network segments connected using routers.

internetwork address

The combination of the network ID and the host ID that uniquely identifies a host on an internetwork. An example is an IP address, which contains a network ID and a host ID.

Internetwork Packet Exchange (IPX)

A network protocol native to NetWare that controls addressing and routing of packets within and between LANs. IPX does not guarantee that a message will be complete (no lost packets). See also Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX).

Internetwork Packet Exchange Control Protocol (IPXCP)

The Network Control Protocol for IPX-based PPP connections. IPXCP negotiates IPX-based parameters to dynamically configure an IPX-based PPP peer across a point-to-point link. IPXCP is documented in RFC 1552.

Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX)

Transport protocols used in Novell NetWare and other networks.

internetwork-level broadcasts

Broadcast packets with a special destination internetwork address that informs the router that the packet is to be forwarded to all other network segments except the network segment on which it was received.

interprocess communication (IPC)

A series of components used by both the programs and processes of networked computers. IPC allows client and server computers to communicate with other computers.

interprocess interrupt

A high Interrupt-Request Level (IRQL) interrupt that can send an interrupt from one processor to another, allowing processors to communicate.

interrupt avoidance

A feature of device adapters that allows a processor to continue processing interrupts without new interrupts being queued until all pending interrupts are complete.

interrupt moderation

A feature of device adapters that allows a processor to process interrupts more efficiently by grouping several interrupts to a single hardware interrupt.

interrupt request (IRQ)

A signal sent by a device to get the attention of the processor when the device is ready to accept or send information. Each device sends its interrupt requests over a specific hardware line, numbered from 0 to 15. Each device must be assigned a unique IRQ number.

interrupt request (IRQ) lines

Hardware lines over which devices can send signals to get the attention of the processor when the device is ready to accept or send information. Interrupt request (IRQ) lines are numbered from 0 to 15. Each device must have a unique IRQ line.

intranet

A network within an organization that uses Internet technologies and protocols, but is available only to certain people, such as employees of a company. An intranet is also called a private network.

inventory

Information that Systems Management Server inventory client agents collect for each client in a site. The inventory can include hardware and software information and collected files, depending on the administrator-defined configuration.

IP

See Internet Protocol.

IP address

A 32-bit address used to identify a node on an IP internetwork. Each node on the IP internetwork must be assigned a unique IP address, which is made up of the network ID, plus a unique host ID. This address is typically represented with the decimal value of each octet separated by a period (for example, 192.168.7.27). In Windows 2000, the IP address can be configured manually or dynamically through DHCP. See also Dynamic Host Configuration Protocol (DHCP); node.

IP Filter List

A list of filters. Each describes a particular subset of network traffic to be secured, both for inbound and outbound traffic.

IP multicast group

See host group.

IP router

A system connected to multiple physical TCP/IP networks that can route or deliver IP packets between the networks. See also packet; router; routing; Transmission Control Protocol/Internet Protocol.

IP source routing

The practice of specifying the list of router interfaces corresponding to the path through an IP internetwork that a packet must travel. IP source routing is used in network testing and debugging situations.

IP-in-IP interface

A logical interface that sends IP packets in IP-in-IP tunneled mode.

IP-in-IP tunnels

A tunneling technology used to forward information between endpoints that are acting as a bridge between portions of an IP internetwork that have differing capabilities. A typical use for IP-in-IP tunnels is the forwarding of IP multicast traffic from one area of the intranet to another area of the intranet, across a portion of the intranet that does not support multicast forwarding or routing.

IP/DNS-compatible Locator

See domain controller locator.

IPSec

See Internet Protocol security.

IPSec driver

A driver that uses the IP Filter List from the active IPSec policy to watch for outbound IP packets that must be secured and inbound IP packets that need to be verified and decrypted.

IPSec Policy Agent Service

A Windows 2000 mechanism that retrieves the IPSec policy information and passes it to the other IPSec mechanisms that require the information in order to perform security services.

IPX packet filtering

Filtering that provides a way to precisely define the type of IPX traffic allowed to cross a router.

ISDN

See Integrated Services Digital Network.

isMemberOfPartialAttributeSet

A Boolean value that defines whether the attribute is replicated to the Global Catalog (in the Global Catalog has a value of TRUE, not in the Global Catalog is FALSE).

isSingleValued

A Boolean value that specifies whether the attribute is single-valued (TRUE) or multivalued (FALSE). Default is FALSE if this value is not set.

iteration

A method of resolving a name request from a client. When using iteration, the DNS server might not provide the requested name. If the DNS server is authoritative for the requested name, it returns the name. If not, the server returns a list of the NS and A resource records of servers with names similar to the name requested, but it does not attempt to contact those servers. The client can continue the name search by contacting the recommended servers. The alternative method is recursive resolution.

iterative name query

See iterative query.

iterative query

A query made to a DNS server in which the requester instructs the server that it expects the best answer the server can provide without seeking further help from other DNS servers to assist in answering the query. Iterative queries are also called non-recursive queries. See also iteration; recursion; referral.

IXFR

See incremental zone transfer.

J

job object

A feature in the Win32 API set that makes it possible for groups of processes to be managed with respect to their processor usage and other factors.

join latency

The time it takes for the first member of an IP multicast host group on a subnet to begin receiving group traffic.

K

Kerberos authentication protocol

An authentication mechanism used to verify user or host identity. The Kerberos v5 authentication protocol is the default authentication service for Windows 2000. Internet Protocol security and the QoS Admission Control Service use the Kerberos protocol for authentication. See also Internet Protocol security (IPSec); NTLM authentication protocol; QoS Admission Control Service.

kernel

The core of layered architecture that manages the most basic operations of the operating system and the computer's processor for Windows NT and Windows 2000. The kernel schedules different blocks of executing code, called threads, for the processor to keep it as busy as possible and coordinates multiple processors to optimize performance. The kernel also synchronizes activities among Executive-level subcomponents, such as I/O Manager and Process Manager, and handles hardware exceptions and other hardware-dependent functions. The kernel works closely with the hardware abstraction layer.

kernel mode

A highly privileged mode of operation where program code has direct access to all memory, including the address spaces of all user-mode processes and applications, and to hardware. Kernel mode is also known as supervisor mode, protected mode, or Ring 0.

key

A secret code or number required to read, modify, or verify secured data. Keys are used in conjunction with algorithms to secure data. Windows 2000 automatically handles key generation. For the registry, a key is an entry in the registry that can contain both subkeys and entries. In the registry structure, keys are analogous to folders, and entries are analogous to files. In the Registry Editor window, a key appears as a file folder in the left pane. In an answer file, keys are character strings that specify parameters from which Setup obtains the needed data for unattended installation of the operating system.

key attack

See key search attack.

Key Distribution Center (KDC)

A network service that supplies session tickets and temporary session keys used in the Kerberos authentication protocol. In Windows 2000, the KDC runs as a privileged process on all domain controllers. The KDC uses Active Directory to manage sensitive account information such as passwords for user accounts. See also Kerberos authentication protocol; session ticket.

key exchange

Confidential exchange of secret keys online, which is commonly done with public key cryptography. See also public key cryptography.

key management

Secure management of private keys for public key cryptography. Windows 2000 manages private keys and keeps them confidential with CryptoAPI and CSPs. See also private key; CryptoAPI; cryptographic service provider.

key management server (KM server)

A secure mail management service for Microsoft Exchange Service.

key pair

A private key and its related public key. See also public/private key pair.

key search attack

An attack to find a secret password or a symmetric encryption key by trying all possible passwords or keys until the correct password or key is discovered. Also called a brute force attack.

keyboard filters

Special timing and other devices that compensate for erratic motion tremors, slow response time, and other mobility impairments.

kilobit

A data unit equal to 1,000 bits.

kilobits per second (Kbps)

Data transfer speed, as on a network, measured in multiples of 1,000 bits per second.

Knowledge Consistency Checker (KCC)

A built-in process that runs on all domain controllers and generates the replication topology for the Active Directory forest. At specified intervals, the KCC reviews and makes modifications to the replication topology to ensure propagation of data either directly or transitively.

knowledge reference

In Active Directory, knowledge about the existence and location of directory partitions in the forest, including the names of the directory partitions and what server is holding read-only copies (partial directory partitions stored on Global Catalogs) and/or writable copies (full directory partitions). See also external reference.

Korn shell (ksh)

A command shell which provides the following functionality:

file input and output redirection

command line editing using vi

command history

integer arithmetic

pattern matching and variable substitution

command name abbreviation (aliasing)

built-in commands for writing shell programs.