Terms and Terminology's

Glossary of Terms

Quick Reference Guide

SA	Search Flag	Server	Session	Site	SMTP
Spooling	Stop Error	Stream	Sub Class	Switch	System Policy

Click on the Corresponding Letters to Reference More

A - C

C - F

E- K

L- M

N - O

P - Q

T - Z

SA

See Security Association.

SAP table

The service and IPX internetwork address information is collected in a database called a SAP table by IPX routers and Novell NetWare servers.

scalability

A measure of how well a computer, service, or application can expand to meet increasing performance demands. For server clusters, the ability to incrementally add one or more systems to an existing cluster when the overall load of the cluster exceeds its capabilities.

scaling

The process of adding processors to a system to achieve higher throughput.

scavenging

The process of cleaning and removing extinct or outdated name data from the WINS database.

schema

The universe of objects that can be stored in the directory is defined in the schema. For each object class, the schema defines what attributes an instance of the class must have, what additional attributes it may have, and what object class can be a parent of the current object class.

The Active Directory schema is implemented as a set of object class instances stored in the directory. This is very different than many directories which have a schema but store it as a text file read at startup. Storing the schema in the directory has many advantages. For example, user applications can read it to discover what objects and properties are available.

The Active Directory schema can be updated dynamically. That is, an application can extend the schema with new attributes and classes and use the extensions immediately. Schema updates are accomplished by creating or modifying the schema objects stored in the directory. Like every object in the Active Directory, schema objects are protected by ACLs, so only authorized users may alter the schema.

schema cache

All changes made to Active Directory are validated first against the schema. For performance reasons, this validation takes place against a version of the schema that is held in memory on the domain controllers. This "in-memory version," called the schema cache, is updated automatically after the on-disk version has been updated. The schema cache provides mapping between attribute identifiers, such as a database column identifier or a MAPI identifier, and the in-memory structures that describe those attributes. The schema cache also provides lookups for class identifiers to get in-memory structures describing those classes.

schema master role

The domain controller that holds the schema master role is the only domain controller that can perform write operations to the directory schema. Those schema updates are replicated from the schema master to all other domain controllers in the forest.

schemaIDGUID

A GUID that uniquely identifies the attribute. It is recommended that you generate your own GUID for each attribute so that all installations of your schema extension use the same schemaIDGUID to refer to the attribute. If no value is specified, Active Directory generates a GUID.

script

A type of program consisting of a set of instructions to an application or utility program. A script usually expresses instructions by using the application's or utility's rules and syntax, combined with simple control structures such as loops and if/then expressions. "Batch program" is often used interchangeably with "script" in the Windows environment.

search base

In an LDAP search, the distinguished name of the search base object, which defines the location in the directory from which to begin searching.

search filter

An argument in an LDAP search that allows certain entries in the subtree and excludes others. Filters allow you to define search criteria and give you better control to achieve more effective and efficient searches.

search scope

Defines how deep to search within the search base. Base, or zero levels, searches the base object only (a read of that object). One level searches objects immediately subordinate to the base object, but not including the base object itself. Subtree searches the entire subtree of which the base distinguished name is the topmost object, including that base object. Also called a deep search.

searchFlags

An integer value that contains bit flags. The attribute is indexed if the least significant bit is set to 1, or non-indexed if the bit is zero. The searchFlags property of each property's attributeSchema object defines whether a property is indexed (indexed has a value of 1; nonindexed is 0).

The four currently defined bits for this attribute are as follows:

1 = Index over attribute only;

2 = Index over container and attribute;

4 = Add this attribute to the Ambiguous Name Resolution (ANR) set (should be used in conjunction with 1);

8 = Preserve this attribute on logical deletion (that is, make this attribute available on tombstones).

second-level domain

A domain in the Domain Name System (DNS) that is immediately under a top--level domain.

secondary server

An authoritative DNS server for a zone that is used as a source for replication of the zone to other servers. Secondary masters only update their zone data by transferring zone data from other DNS servers and do not have the ability to perform zone updates. See also master server; zone transfer.

secondary storage

A storage device used to store data that has been migrated from managed volumes. Secondary storage includes the part of the hard disk that is used for a migration staging area.

secondary zone

A copy of the zone that must be replicated from a server containing the primary zone.

secret key

An encryption key that two parties share with each other and with no one else. See also symmetric key encryption.

secure dynamic update

The process by which a secure dynamic update client submits a dynamic update request to a DNS server, and the server attempts the update only if the client can prove its identity and has the proper credentials to make the update. See also dynamic update.

secure electronic transaction (SET)

A standard protocol that is used for securing online credit card payments that are made over the Internet.

Secure Sockets Layer (SSL)

A proposed open standard developed by Netscape Communications for establishing a secure communications channel to prevent the interception of critical information, such as credit card numbers. Primarily, it enables secure electronic financial transactions on the World Wide Web, although it is designed to work on other Internet services as well.

Secure/Multipurpose Internet Mail Extensions (S/MIME)

An extension of MIME to support secure mail. It enables message originators to digitally sign e-mail messages to provide proof of message origin and data integrity. It also enables messages to be transmitted in encrypted format to provide confidential communications. See also Multipurpose Internet Mail Extensions (MIME).

Security Accounts Manager (SAM)

A protected subsystem that manages user and group account information. In Windows NT 4.0, both local and domain security principals are stored by SAM in the registry. In Windows 2000, workstation security accounts are stored by SAM in the local computer registry, and domain controller security accounts are stored in Active Directory.

security administrator

A user who has been assigned the right to manage auditing and the security log. By default, this user right is granted to the Administrators group. See also auditing; system access control list (SACL); user rights.

security association (SA)

A set of parameters that defines the services and mechanisms necessary to protect Internet Protocol security communications. See also Internet Protocol security (IPSec).

security context

The security attributes or rules that are currently in effect. For example, the rules that govern what a user can do to a protected object are determined by security information in the user's access token and in the object's security descriptor. Together, the access token and the security descriptor form a security context for the user's actions on the object. See also access token; security descriptor.

security descriptor

A data structure that contains security information associated with a protected object. Security descriptors include information about who owns the object, who may access it and in what way, and what types of access will be audited. See also access control list; object.

security groups

Groups that can be used to administer permissions for users and other domain objects.

security ID (SID)

A data structure of variable length that uniquely identifies user, group, service, and computer accounts within an enterprise. Every account is issued a SID when the account is first created. Access control mechanisms in Windows 2000 identify security principals by SID rather than by name. See also relative ID; security principal.

security method

A process that determines the Internet Protocol security services, key settings, and algorithms that will be used to protect the data during the communication.

Security Parameters Index (SPI)

A unique, identifying value in the SA used to distinguish among multiple security associations existing at the receiving computer.

security principal

An account-holder, such as a user, computer, or service. Each security principal within a Windows 2000 domain is identified by a unique security ID (SID). When a security principal logs on to a computer running Windows 2000, the Local Security Authority (LSA) authenticates the security principal's account name and password. If the logon is successful, the system creates an access token. Every process executed on behalf of this security principal will have a copy of its access token. See also access token; security ID; security principal name.

security principal name

A name that uniquely identifies a user, group, or computer within a single domain. This name is not guaranteed to be unique across domains. See also security principal.

Security Reference Monitor

A subsystem that is the primary authority for enforcing access control on a computer running Windows 2000 or Windows NT.

security subsystem

See Local Security Authority (LSA).

security template

A physical file representation of a security configuration that can be applied to a local computer or imported to a Group Policy object in Active Directory. When you import a security template to a Group Policy object, Group Policy processes the template and makes the corresponding changes to the members of that Group Policy object, which can be users or computers.

seed router

In the Macintosh environment, a router which initializes and broadcasts routing information about one or more physical networks. This information tells routers where to send each packet of data. On an AppleTalk network, a seed router initially defines the network numbers and zones for a network. Services for Macintosh servers, and third-party hardware routers can function as seed routers.

seek time

The amount of time required for a disk head to position itself at the right disk cylinder to access requested data.

selective acknowledgement (SACK)

A Transmission Control Protocol (TCP) option that allows the receiver to re-request only the missing data from the sender.

sender

A Systems Management Server thread component that uses an existing connectivity system to communicate among sites. A sender manages the connection, ensures the integrity of transferred data, recovers from errors, and closes connections when they are no longer needed.

Sequenced Packet Exchange (SPX)

A transport layer protocol built on top of IPX.

SerialKeys

A Windows feature that uses a communications aid interface device to allow keystrokes and mouse controls to be accepted through a computer's serial port.

server

A computer that provides shared resources to network users.

Server Announcement

A specific datagram generated by computers on Microsoft networks to announce their presence on the network to master browsers.

server cluster

A cluster created and administered by the Cluster service and associated software (.exe and .dll files), between whose nodes the Cluster service provides failover support for applications running on the servers. The server cluster includes the hardware and the cluster configuration as well as the Cluster service. See also cluster; node.

Server Cluster API

The collection of functions that are implemented by the Cluster service and used by cluster-aware applications, cluster management applications, and resource DLLs. The Server Cluster API includes functions for managing server cluster objects and the cluster database.

Server Message Block (SMB)

A file-sharing protocol designed to allow networked computers to transparently access files that reside on remote systems over a variety of networks. The SMB protocol defines a series of commands that pass information between computers. SMB uses four message types: session control, file, printer, and message.

Server service

A software component that provides RPC (remote procedure call) support and file, print, and Named Pipe sharing. See also Named Pipe; remote procedure call (RPC).

service

A program, routine, or process that performs a specific system function to support other programs, particularly at a low (close to the hardware) level. When services are provided over a network, they can be published in Active Directory, facilitating service-centric administration and usage.

service (SRV) resource record

A resource record used in a zone to register and locate well-known TCP/IP services. The SRV resource record is specified in RFC 2052 and is used in Windows 2000 to locate domain controllers for Active Directory service. See also resource record.

service access point

A logical address that allows a system to route data between a remote device and the appropriate communications support.

service level agreement (SLA)

A contract between your IT group and users that specifies what performance levels are acceptable for services, such as equipment replacement and network downtime.

service name

The name by which a port is known.

service ticket

See session ticket.

session

In the context of load balancing TCP/IP traffic, a set of client requests directed to a server. These requests can be invoked with multiple, possibly concurrent, TCP connections. The server program sometimes maintains state information between requests. To preserve access to the server state, Network Load Balancing needs to direct all requests within a session to the same cluster host when load balancing. See also client request; server; TCP/IP.

session key

A key used primarily for encryption and decryption. Session keys are typically used with symmetric encryption algorithms where the same key is used for both encryption and decryption. For this reason, session and symmetric keys usually refer to the same type of key. See also symmetric key encryption.

session layer

A network layer that allows two applications on different computers to establish, use, and end a session. This layer establishes dialog control between the two computers in a session, regulating which side transmits, as well as when and how long it transmits.

session ticket

A credential presented by a client to a service in the Kerberos authentication protocol. Because session tickets are used to obtain authenticated connections to services, they are sometimes called service tickets. See also Kerberos authentication protocol; Key Distribution Center (KDC).

sessions

A logical connection created between two hosts to exchange data. Typically, sessions use sequencing and acknowledgments to send data reliably.

share name

A name that refers to a shared resource on a server. Each shared folder on a server has a share name used by personal computer users to refer to the folder. Users of Macintosh computers use the name of the Macintosh-accessible volume that corresponds to a folder, which may be the same as the share name. See also Macintosh-accessible volume.

shared nothing

A scalability concept in clusters and SMP systems whereby a workload is partitioned among available hardware resources. These resources are used on the workload independently, without sharing of processors, disks, or other hardware resources.

shared printer

A printer that receives input from more than one computer. For example, a printer attached to another computer on the network can be shared so that it is available for many users. Also called a network printer.

shell

The command interpreter that is used to pass commands to the operating system.

Shiva Password Authentication Protocol (SPAP)

A two-way, reversible encryption mechanism for authenticating PPP connections employed by Shiva remote access servers.

short name

A valid MS-DOS or OS/2 8.3 file name (with up to 8 characters followed by a period and an extension of up to 3 characters) that a computer running Windows 2000 Server creates for every Macintosh folder name or file name on the server. Personal computer users refer to files on the server by their short names; Macintosh users refer to them by their long names. See also name mapping.

shortcut trust

A two-way trust relationship that is explicitly created between two Windows 2000 domains in the same forest. The purpose of a shortcut trust is to optimize the inter-domain authentication process by shortening the trust path. All shortcut trusts are transitive and must be created manually in each direction. See also domain tree; forest; transitive trust relationship.

ShowSounds

A global flag that instructs programs to display captions for speech and system sounds to alert users with hearing impairments or people who work in a noisy location such as a factory floor.

silent discard

When a packet is discarded and the sending host is not informed as to why the packet was discarded.

silent RIP

The capability of a computer to listen for and process Routing Information Protocol (RIP) announcements but without announcing its own routes.

Simple Mail Transfer Protocol (SMTP)

A protocol used on the Internet to transfer mail. SMTP is independent of the particular transmission subsystem and requires only a reliable, ordered, data stream channel.

Simple Network Management Protocol (SNMP)

A network management protocol installed with TCP/IP and widely used on TCP/IP and Internet Package Exchange (IPX) networks. SNMP transports management information and commands between a management program run by an administrator and the network management agent running on a host. The SNMP agent sends status information to one or more hosts when the host requests it or when a significant event occurs.

single point of failure

Any component in your environment that would block data or applications if it failed.

single-path routing infrastructure

A routing infrastructure where only a single path exists between any two network segments in the internetwork.

sip-and-puff device

An alternative input device that allows a user to operate a computer by breath control. For users who are unable to use standard input devices, such as a mouse or keyboard.

site

A location in a network that holds Active Directory servers. A site is defined as one or more well-connected TCP/IP subnets. ("Well-connected" means that network connectivity is highly reliable and fast-for example, LAN speeds of 10 MM bits-per-second or greater) Because computers in the same site are close to each other in network terms, communication among them is reliable, fast, and efficient. Defining a site as a set of subnets allows administrators to configure Active Directory access and replication topology to take advantage of the physical network. When users log on to the network, Active Directory clients find Active Directory servers in the same site as the client. In Systems Management Server, site servers and client computers bounded by a group of subnets, such as an IP subnet or an IPX network number. See also domain controller locator; subnet; replication topology.

site link

An Active Directory object that represents a set of sites that can communicate at uniform cost through some intersite transport. For IP transport, a typical site link connects just two sites and corresponds to an actual WAN link. An IP site link connecting more than two sites might correspond to an ATM backbone connecting more than two clusters of buildings on a large campus, or several offices in a large metropolitan area connected via leased lines and IP routers. See also connection object; site link bridge.

site link bridge

An Active Directory object that represents a set of site links, all of whose sites can communicate via some transport. Typically a site link bridge corresponds to a router (or a set of routers) in an IP network. By default, the Knowledge Consistency Checker may form a route through any and all site links in a transitive manner. If this behavior is turned off, each site link represents its own distinct and isolated network. Sets of site links that can be treated as a single route are expressed through a site link bridge. Each bridge represents an isolated communication environment for network traffic.

site server

A computer running Windows NT Server on which Systems Management Server (SMS) site setup has been run. When SMS is installed on a computer, that computer is assigned the site server role. The site server, which hosts SMS components needed to monitor and manage an SMS site, typically performs several additional SMS roles, including component server, client access point, and distribution point.

slave

A server that does not attempt to resolve queries on its own. Instead, it sends all queries to forwarders. See also forwarder.

slow link processing

A configurable Group Policy processing mode that allows administrators to define which Group Policy settings will not be processed over slow network links.

SlowKeys

A Windows feature that instructs the computer to disregard keystrokes that are not held down for a minimum period of time, which allows the user to brush against keys without any effect. See also FilterKeys.

Small Computer System Interface (SCSI)

A standard high-speed parallel interface defined by the X3T9.2 committee of the American National Standards Institute (ANSI). A SCSI interface is used for connecting microcomputers to peripheral devices, such as hard disks and printers, and to other computers and local area networks.

Small Office/Home Office (SOHO)

An office with a few computers that can be considered a small business or part of a larger network.

smart card

A credit card-sized device that is used with a PIN number to enable certificate-based authentication and single sign-on to the enterprise. Smart cards securely store certificates, public and private keys, passwords, and other types of personal information. A smart card reader attached to the computer reads the smart card. See also authentication; certificate; nonrepudiation.

smart-card reader

A device that is installed in computers to enable the use of smart cards for enhanced security features. See also smart card.

SMTP

See Simple Mail Transfer Protocol.

sniffer

An application or device that can read, monitor, and capture network data exchanges and read network packets. If the packets are not encrypted, a sniffer provides a full view of the data inside the packet.

SNMP

See Simple Network Management Protocol.

SNMP Management Console

The interface through which a manager, either a user or a program, performs management activities.

SOA (start of authority) resource record

See start of authority (SOA) resource record.

socket

A bidirectional pipe for incoming and outgoing data between networked computers. The Windows Sockets API is a networking API used by programmers to create TCP/IP-based sockets programs.

soft affinity

A mechanism designed to optimize performance in a multiprocessor environment. Soft affinity favors scheduling threads on the processor in which they recently ran or the ideal processor for the thread. With soft affinity, the efficiency of the processor cache is higher because threads often run on the processor on which they previously ran. Soft affinity does not restrict a thread to run on a given processor.

software inventory

In Systems Management Server, the automated process that SMS uses to gather information about software on client computers.

software metering

In Systems Management Server, the process by which SMS monitors and manages the use of software applications to ensure compliance with software licensing agreements or to understand software usage.

software router

A router that is not dedicated to performing routing but performs routing as one of multiple processes running on the router computer.

software trap

In programming, an event that occurs when a microprocessor detects a problem with executing an instruction, which causes it to stop.

SoundSentry

A Windows feature that produces a visual cue, such as a screen flash or a blinking title bar instead of system sounds.

source routing

The practice of specifying the list of networks or routers in the network layer header to forward a packet along a specific path in an internetwork.

sparse file

A file that is handled in a way that requires less disk space than would otherwise be needed by allocating only meaningful non-zero data. Sparse support allows an application to create very large files without committing disk space for every byte.

speech synthesizer

An assistive device that produces spoken words, either by splicing together prerecorded words or by programming the computer to produce the sounds that make up spoken words.

split horizon

A route-advertising algorithm that prevents the advertising of routes in the same direction in which they were learned. Split horizon helps prevent routing loops. See also poison reverse.