Rush Computer Systems Logo
Home | Search | Services | Rates | Login
Business Computer Services, Websites, Networks, and Internet Security


Glossary of Terms

Glossary

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

.

.adm
The file name extension for Administrative Templates files.
.msi
The file name extension for Windows Installer package files.

1

10BaseT
An 802.3 Ethernet specification that defines how data is carried through category 3, 4, or 5 twisted pair cable.

3

3270
A class of IBM Systems Network Architecture terminal and related protocol used to communicate with IBM mainframe host systems.
3DES
An encrypting algorithm that processes each data block three times, using a unique key each time. 3DES is much more difficult to break than straight DES. It is the most secure of the DES combinations, and therefore slower in performance.

5

5250
A class of IBM Systems Network Architecture terminal and related protocol used to communicate with AS/400 host systems.

8

802.1p
A protocol that supports the mapping of RSVP signals to Layer 2 signals using 802.1p priority markings to enable the prioritization of traffic across Layer 2 devices, such as switches, on a network segment. IEEE 802 refers to the Layer 2 technology used by LANs including the data-link layer and the media access control layer.
88 class
A class defined before 1993 not required to fall into one of the structural, abstract, or auxiliary categories. This type of class is specified by a value of 0 in the objectClass category.

A

A resource record
See address (A) resource record.
AAL
See ATM Adaptation Layer.
abstract classes
Templates used only to derive new Structural classes. Abstract classes cannot be instantiated in the directory.
access control
The security mechanism in Windows NT and Windows 2000 that determines which objects a security principal can use and how the security principal can use them. See also authorization; security principal.
access control entry (ACE)
An entry in an access control list (ACL) containing the security ID (SID) for a user or group and an access mask that specifies which operations by the user or group are allowed, denied, or audited. See also access control list; access mask; security descriptor.
access control list (ACL)
A list of security protections that apply to an entire object, a set of the object's properties, or an individual property of an object. There are two types of access control lists: discretionary and system. See also access control entry; discretionary access control list; security descriptor; system access control list.
access mask
A 32-bit value that specifies the rights that are allowed or denied in an access control entry (ACE) of an access control list (ACL). An access mask is also used to request access rights when an object is opened. See also access control entry.
access privileges
Permissions set by Macintosh users that allow them to view and make changes to folders on a server. By setting access privileges (called permissions when set on a computer running Windows 2000 Server), administrators control which Macintosh computers can use folders on a volume.
access token
A data structure containing security information that identifies a user to the security subsystem on a computer running Windows 2000 or Windows NT. Access tokens contain a user's security ID, the security IDs for groups that the user belongs to, and a list of the user's privileges on the local computer. See also privilege; security ID.
accessibility
The quality of a system incorporating hardware or software to engage a flexible, customizable user interface, alternative input and output methods, and greater exposure of screen elements to make the computer usable by people with cognitive, hearing, physical, or visual disabilities.
Accessibility Wizard
An interactive tool that makes it easier to set up commonly used accessibility features by specifying options by type of disability, rather than by numeric value changes.
account domain
A Windows NT domain that holds user account data. Also known as a master domain.
account lockout
A Windows 2000 security feature that locks a user account if repeated failed logon attempts occur within a specified amount of time, based on security policy lockout settings. (Locked accounts cannot log on.)
ACE
See access control entry.
ACL
See access control list.
ACPI
See Advanced Configuration and Power Interface.
active cluster member
A node that is running and participating in cluster operations.
Active Directory
The directory service included with Windows 2000 Server. It stores information about objects on a network and makes this information available to users and network administrators. Active Directory gives network users access to permitted resources anywhere on the network using a single logon process. It provides network administrators with an intuitive hierarchical view of the network and a single point of administration for all network objects. See also directory; directory service.
Active Directory Connector (ADC)
A synchronization agent in Windows 2000 Server, Windows 2000 Advanced Server, and Windows 2000 Enterprise Server that provides an automated way of keeping directory information consistent between directories. Without the ADC, you would have to manually enter new data and updates in both directory services.
Active Directory data model
A model derived from the LDAP data model. The directory holds objects that represent entities of various sorts, described by attributes. The objects and classes of objects that can be stored in the directory are defined in the schema. For each class of objects, the schema defines what attributes an instance of the class must have, what additional attributes it may have, and what class can be its parent. See also attribute; LDAP; schema.
Active Directory Installation wizard
A Windows 2000 Server tool that allows the following during Setup: installation of Active Directory, creation of trees in a forest, replication of an existing domain, installation of Kerberos authentication software, and promotion of servers to domain controllers.
Active Directory replication
Synchronization of directory partition replicas between Windows 2000 domain controllers. Directory partition replicas are writable on each domain controller, except for Global Catalog replicas. Replication automatically copies the changes from a specified directory partition replica to all other domain controllers that hold the same directory partition replica. More specifically, a server called the "destination" pulls changes from another server called the "source". See also directory partition; File Replication service; multimaster replication; replication.
Active Directory Service Interfaces (ADSI)
A set of high-level programming interfaces that provide a single, consistent, open set of interfaces that enables Windows 2000, Windows NT, Windows 98 and Windows 95 client applications to access several network directory services, including Active Directory. ADSI provides the means for client applications of directory services to use one set of interfaces to communicate with any namespace that provides an ADSI implementation (provider)
Active Directory Users and Computers
An administrative tool designed to perform day-to-day Active Directory administration tasks. These tasks include creating, deleting, modifying, moving, and setting permissions on objects stored in the directory. These objects include organizational units, users, contacts, groups, computers, printers, and shared file objects. See also object; permissions.
Active Directory--integrated zone
A primary zone stored in Active Directory. See also zone.
active partition
The partition from which the computer starts. The active partition must be a primary partition on a basic disk. If you are using Windows 2000 exclusively, the active partition can be the same as the system partition. If you are using Windows 2000 and Windows 98 or earlier, or MS-DOS, the active partition must contain the startup files for both operating systems.
active/active
The cluster configuration of an application in which the application runs on all nodes at the same time. See also active/passive.
active/passive
The cluster configuration of an application in which the application runs on only one node at a time. See also active/active.
ActiveX
A set of technologies that enables software components to interact with one another in a networked environment, regardless of the language in which the components were created.
ActiveX control
A reusable software component that incorporates ActiveX technology.
ADC
See Active Directory Connector (ADC).
additional domain controller
When installing Active Directory, a domain controller that is being added to an existing Windows 2000 domain.
address
In Systems Management Server, addresses are used to connect sites and site systems. Senders use addresses to send instructions and data to other sites.
address (A) resource record
A resource record used to map a DNS domain name to a host IP address on the network. See also resource record.
address class
See internet address class.
address pool
A group of IP addresses in a scope. Pooled addresses are then available for dynamic assignment by a DHCP server to DHCP clients.
Address Resolution Protocol (ARP)
In TCP/IP, a protocol that uses broadcast traffic on the local network to resolve a logically assigned IP address to its physical hardware or media access control layer address. In ATM the ARP protocol is used two different ways. For classical IP over ATM, ARP is used to resolve addresses to ATM hardware addresses. For ATM LAN emulation, ARP is used to resolve Ethernet/802.3 or Token Ring addresses to ATM hardware addresses. See also media access control; Transmission Control Protocol/Internet Protocol.
adjacency
A relationship formed between selected neighboring OSPF routers for the purpose of exchanging routing information. When the link state databases of two neighboring routers are synchronized, the routers are said to be adjacent. Not every pair of neighboring routers becomes adjacent. See also link state database.
administrative template (.adm file)
A text file used by the Group Policy console as a source to generate the user interface for Group Policy settings an administrator can set. Windows NT 4.0 used an earlier version of .adm files to generate user interface for registry-based System Policy settings in the System Policy Editor.
admission control
The service used to administratively control network resources on shared network segments.
ADSI
See Active Directory Service Interfaces.
ADSI provider
COM objects that implement ADSI for a particular namespace (for example, an LDAP namespace such as Active Directory).
ADSL
See Asymmetric Digital Subscriber Line.
Advanced Configuration and Power Interface (ACPI)
An open industry specification that defines power management on a wide range of mobile, desktop, and server computers and peripherals. ACPI is the foundation for the OnNow industry initiative that allows system manufacturers to deliver computers that will start at the touch of a keyboard. ACPI design is essential to take full advantage of power management and Plug and Play in Windows 2000. Check the manufacturer's documentation to verify that a computer is ACPI-compliant. See also Plug and Play.
Advanced Peer-to-Peer Networking (APPN)
An upgrade to IBM Systems Network Architecture that supports distributed session control services and dynamic routing, avoiding dependencies on centralized mainframe network services.
Advanced Program-to-Program Communication (APPC)
An IBM Systems Network Architecture communications method that uses the LU 6.2 protocol to establish, manage, and terminate network communication between programs in a distributed computing environment.
Advanced Program-to-Program Communication File Transfer Protocol (AFTP)
A file transfer protocol used in IBM host systems, the IBM Advanced Program-to Program Communications equivalent to the TCP/IP File Transfer Protocol.
advertise
In Windows 2000 and Systems Management Server, to make a program available to members of a collection (group).
advertisement
In Systems Management Server, a notification sent by the site server to the client access points (CAPs) specifying that a software distribution program is available for clients to use. In Windows 2000, the Software Installation snap-in generates an application advertisement script and stores this script in the appropriate locations in Active Directory and the Group Policy object.
affinity mask
A value that contains bits for each processor on the system, defining which processors a process or thread can use.
agent
An application that runs on a Simple Network Management Protocol (SNMP) managed device. The agent application is the object of management activities. A computer running SNMP agent software is also sometimes referred to as an agent.
algorithm
A rule or procedure for solving a problem. Internet Protocol security uses cryptographically-based algorithms to encrypt data.
alias
An additional name that can be used to access a specific port.
all-ones subnet
The subnet for which all the bits in the subnet portion of the subnetted network ID are set to 1.
all-subnets directed broadcast address
The broadcast address designed to reach all subnets of a subnetted class-based IP network ID.
all-zeros subnet
The subnet for which all the bits in the subnet portion of the subnetted network ID are set to 0.
allocate
To mark media for use by an application. Media in the available state may be allocated.
allocated state
A state that indicates media are in use and assigned to application media pools.
alternative input devices
Input devices for users who cannot use standard input devices, such as a mouse or a keyboard.
ambiguous name resolution
In an LDAP search, the process of searching for a string value in a set of attributes by using one filter of the form (ANR=string). A defined set of attributes is available for ANR searches, and when the (ANR=string) filter is encountered, the filter is expanded to include a search of every attribute in the ANR set.
answer file
A text file that you can use to provide automated input for unattended installation of Windows 2000. This input includes parameters to answer the questions required by Setup for specific installations. In some cases, you can use this text file to provide input to wizards, such as the Active Directory Installation wizard, which is used to add Active Directory to Windows 2000 Server through Setup. The default answer file for Setup is known as Unattend.txt.
anti-replay
A feature for preventing replay attacks. See also replay attack.
AppleTalk
The Apple Computer network architecture and network protocols. A network that has Macintosh clients and a computer running Windows 2000 Server with Services for Macintosh functions as an AppleTalk network.
AppleTalk Control Protocol (ATCP)
The Network Control Protocol for AppleTalk-based PPP connections. ATCP negotiates AppleTalk-based parameters to dynamically configure an AppleTalk-based PPP peer across a point-to-point link.
AppleTalk Phase 2
The extended AppleTalk Internet model designed by Apple Computer that supports multiple zones within a network and extended addressing capacity. See also AppleTalk.
AppleTalk Protocol
The set of network protocols on which the AppleTalk network architecture is based. The AppleTalk Protocol stack must be installed on a computer running Windows 2000 Server so that Macintosh clients can connect to it. See also AppleTalk.
application assignment
A process that uses Software Installation (an extension of Group Policy) to assign programs to groups of users. The programs appear on the users' desktop when they log on.
application layer
The layer at which applications access network services. This layer represents the services that directly support applications, such as software for file transfers, database access, and e-mail.
application media pool
A data repository that determines which media can be accessed by which applications and that sets the policies for that media. There can be any number of application media pools in a Removable Storage system. Applications create application media pools.
application programming interface (API)
A set of routines that an application uses to request and carry out lower-level services performed by a computer's operating system. These routines usually carry out maintenance tasks such as managing files and displaying information.
APPN
See Advanced Peer-to-Peer Networking.
APPN domain
An APPN network node and the other physical unit (PU) type 2.1 nodes attached to it.
area
A group of contiguous networks within an OSPF autonomous system. OSPF areas reduce the size of the link state database and provide the ability to summarize routes. See also autonomous system; link state database.
area border router (ABR)
A router that is attached to multiple areas. Area border routers maintain separate link state databases for each area. See also link state database.
ARP
See Address Resolution Protocol.
ARP cache
A table of IP addresses and their corresponding media access control address. There is a separate ARP cache for each interface.
assigned applications
Applications that are assigned to users or computers by an administrator using the Software Installation snap-in an extension to Group Policy. Assigned applications are always available to users or computers managed by a Group Policy object. User-assigned applications appear to be installed on a user's computer and can be installed by selecting the software from the Start menu, or selecting a shortcut on the desktop. Applications assigned to a computer are installed when the computer is turned on.
assigning
In Windows 2000 and Systems Management Server, to deploy a program to members of a collection (group), where acceptance of the program is mandatory.
Asymmetric Digital Subscriber Line (ADSL)
A high-bandwidth digital transmission technology that uses existing phone lines and also allows voice transmissions over the same lines. Most of the traffic is transmitted downstream to the user, generally at rates of 512 Kbps to about 6 Mbps.
asymmetric key algorithm
See public-key algorithm.
Asynchronous Transfer Mode (ATM)
A high-speed connection-oriented protocol used to transport many different types of network traffic.
ATCP
AppleTalk Control Protocol.
ATM
See Asynchronous Transfer Mode.
ATM adaptation layer (AAL)
The layer of the ATM protocol stack that parses data into the payload portion of the ATM cell for transport across an ATM network. See also Asynchronous Transfer Mode (ATM).
atomic transaction
In Active Directory, database transactions that are either completed in full or are not applied at all. If for any reason an error occurs and a transaction is unable to complete all of its steps, the system is returned to the state it was in before the transaction was started.
atomic update
In a server cluster, the means by which the cluster registry key is replicated to all nodes. If any part of an atomic update on a node fails, all of it fails. In Active Directory, the method of updating an Active Directory attribute. An LDAP directory server processes each update request as an atomic action: The request either is committed and all its effects are durable, or it is terminated and has no effect. In Active Directory replication, the scope of an atomic update is the object. All of the attribute changes made to an object that are replicated at the same time are applied together atomically.
attribute (object)
In Active Directory, an attribute describes characteristics of an object and the type of information an object can hold. For each object class, the schema defines what attributes an instance of the class must have and what additional attributes it might have.
attributeID
The object identifier that is the unique name of an attribute.
attributes (file)
Information that indicates whether a file is read-only, hidden, ready for archiving (backing up), compressed, or encrypted, and whether the file contents should be indexed for fast file searching.
attributeSyntax
The syntax object identifier for this attribute.
auditing
To track the activities of users by recording selected types of events in the security log of a server or a workstation.
augmentative communication devices
Add-on software and hardware that can help users with disabilities control a computer by using assistive technology. Examples are speech recognition systems and screen readers.
authentication
A basic security function of cryptography. Authentication verifies the identity of the entities that communicate over the network. For example, the process that verifies the identity of a user who logs on to a computer either locally, at a computer's keyboard, or remotely, through a network connection. See also cryptography; confidentiality; integrity; Kerberos authentication protocol; nonrepudiation; NTLM authentication protocol.
authentication
The IPSec process that verifies the origin and integrity of a message by assuring the genuine identity of each computer. Without strong authentication, an unknown computer and any data it sends is suspect. IPSec provides multiple methods of authentication to ensure compatibility with earlier systems running earlier versions of Windows, non-Windows-based systems, and shared computers.
authentication
In network access, the process by which the system validates the user's logon information. A user's name and password are compared against an authorized list. If the system detects a match, access is granted to the extent specified in the permissions list for that user. When a user logs on to an account on a computer running Windows 2000 Professional, the authentication is performed by the client. When a user logs on to an account on a Windows 2000 Server domain, authentication can be performed by any server of that domain. See also server; trust relationship.
Authentication Header (AH)
A header that provides authentication, integrity, and anti-replay for the entire packet (both the IP header and the data payload carried in the packet).
authenticator
A data structure used by one party to prove that another party knows a secret key. In the Kerberos authentication protocol, authenticators include timestamps, to prevent replay attacks, and are encrypted with the session key issued by the Key Distribution Center (KDC). See also Kerberos authentication protocol; Key Distribution Center; replay attack; secret key.
authoritative
In the Domain Name System (DNS), the use of zones by DNS servers to register and resolve a DNS domain name. When a DNS server is configured to host a zone, it is authoritative for names within that zone. DNS servers are granted authority based on information stored in the zone. See also zone.
authoritative restore
In Backup, a type of restore operation on a Windows 2000 domain controller in which the objects in the restored directory are treated as authoritative, replacing (through replication) all existing copies of those objects. Authoritative restore is applicable only to replicated System State data such as Active Directory data and File Replication service data. The Ntdsutil.exe utility is used to perform an authoritative restore. See also nonauthoritative restore; System State.
authorization
The process that determines what a user is permitted to do on a computer system or network. For remote access or demand-dial routing connections, the verification that the connection attempt is allowed. Authorization occurs after successful authentication. See also access control; authentication.
automated installation
To run an unattended setup using one or more of several methods such as Remote Installation Services, bootable CD, and Sysprep.
automatic file truncation
A process that converts premigrated files into a remote storage identifier or placeholder to reclaim space on the managed volume. Automatic file truncation is initiated on a managed volume whenever the amount of free space is less than the desired free space as defined by the administrator.
Automatic Private IP Addressing (APIPA)
A feature of Windows 2000 TCP/IP that automatically configures a unique IP address from the range 169.254.0.1 to 169.254.255.254 and a subnet mask of 255.255.0.0 when the TCP/IP protocol is configured for dynamic addressing and a Dynamic Host Configuration Protocol (DHCP) is not available.
Automation
A Component Object Model (COM) based technology that allows for interoperability among ActiveX components, including OLE components. Formerly referred to as OLE Automation. See also ActiveX; object linking and embedding.
autonomous system (AS)
A group of routers exchanging routing information by using a common routing protocol.
auxiliaryClass
A multivalued property that specifies the auxiliary classes from which this class inherits. For an existing classSchema object, values can be added to this property but not removed.

Each value is the lDAPDisplayName of a class. You must ensure that the class exists or will exist when the new class is written to the directory. If one of the classes does not exist, the classSchema object fails to be added to the directory.

The full set of auxiliary classes is the union of the systemAuxiliaryClass and auxiliaryClass on this class as well as the systemAuxiliaryClass and auxiliaryClass properties of all inherited classes.

availability
A measure of the fault tolerance of a computer and its programs. A highly available computer runs 24 hours a day, 7 days a week. See also fault tolerance.
available bit rate (ABR)
An ATM service type that supports available-bit-rate traffic, minimum guaranteed transmission rate, and peak data rates. ABR also allows bandwidth allocation depending on availability, and it uses flow control to communicate bandwidth availability to the end node.
available state
A state in which media can be allocated for use by applications.
averaging counter
A type of counter that measures a value over time and displays the average of the last two measurements over some other factor (for example, PhysicalDisk\Avg. Disk Bytes/Transfer).
AXFR
See full zone transfer.

B

B channel
One of the 64 Kbps communications channels on an ISDN circuit. A BRI (Basic Rate Interface) ISDN has two bearer channels and one data channel. A PRI (Primary Rate Interface) ISDN line has 23 bearer channels (in North America) or 30 bearer channels (in Europe) and one data channel. B channel is also called bearer channel. See also Integrated Services Digital Network (ISDN).
backbone
In OSPF, an area common to all other OSPF areas that is used as the transit area for inter-area traffic and for distributing routing information between areas. The backbone must be contiguous. See also Open Shortest Path First (OSPF).
backbone router
In OSPF, a router that is connected to the backbone area. This includes routers that are connected to more than one area (area border routers). However, backbone routers do not have to be area border routers. Routers that have all networks connected to the backbone are internal routers. See also area border router; Open Shortest Path First (OSPF).
backup designated router (BDR)
An OSPF router that forms adjacencies with all other routers on a multiple access network and becomes the designated router when the designated router becomes unavailable.
backup domain controller
In Windows NT Server 4.0 or earlier, a computer running Windows NT Server that receives a copy of the domain's directory database (which contains all account and security policy information for the domain). The copy synchronizes periodically with the master copy on the primary domain controller. A backup domain controller also authenticates user logon information and can be promoted to function as primary domain controllers as needed. Multiple backup domain controllers can exist in a domain. Windows NT 3.51 and 4.0 backup domain controllers can participate in a Windows 2000 domain when the domain is configured in mixed mode. See also mixed mode; primary domain controller.
backup operator
A type of local or global group that contains the user rights needed to back up and restore files and folders. Members of the Backup Operators group can back up and restore files and folders regardless of ownership, access permissions, encryption, or auditing settings. See also auditing; global group; local group; user rights.
backup set
A collection of files, folders, and other data that has been backed up and stored in a file or on one or more tapes.
bad block
A disk sector that can no longer be used for data storage, usually due to media damage or imperfections.
bandwidth
In analog communications, the difference between the highest and lowest frequencies in a given range. For example, a telephone line accommodates a bandwidth of 3,000 Hz, the difference between the lowest (300 Hz) and highest (3,300 Hz) frequencies it can carry. In digital communications, the rate at which information is sent expressed in bits per second (bps).
Bandwidth Allocation Control Protocol (BACP)
A PPP Network Control Protocol that negotiates the election of a favored peer for a multiprocessing connection. If both ends of the multiprocessing connection issue a connection request at the same time, then the connection request of the favored peer is performed.
Bandwidth Allocation Protocol (BAP)
A PPP control protocol that is used on a multiprocessing connection to dynamically add and remove links.
bar code
A machine-readable label that identifies an object, such as physical media.
base DIT
The directory that is installed during a fresh install of a Windows 2000 domain controller.
base search
See search scope.
baseline
A range of measurements derived from performance monitoring that represents acceptable performance under typical operating conditions.
basic disk
A physical disk that contains primary partitions or extended partitions with logical drives used by Windows 2000 and all versions of Windows NT. Basic disks can also contain volume, striped, mirror, or RAID-5 sets that were created using Windows NT 4.0 or earlier. As long as a compatible file format is used, basic disks can be accessed by MS-DOS, Windows 95, Windows 98, and all versions of Windows NT.
basic input/output system (BIOS)
The set of essential software routines that tests hardware at startup, is involved with starting the operating system, and supports the transfer of data among hardware devices. The BIOS is stored in read-only memory (ROM) so that it can be executed when the computer is turned on. Although critical to performance, the BIOS is usually invisible to computer users.
basic volume
A volume on a basic disk. Basic volumes include primary partitions, logical drives within extended partitions, as well as volume, striped, mirror, or RAID-5 sets that were created using Windows NT 4.0 or earlier. Only basic disks can contain basic volumes. Basic and dynamic volumes cannot exist on the same disk.
Berkeley Internet Name Domain (BIND)
An implementation of the Domain Name System (DNS) written and ported to most available versions of the UNIX operating system. The Internet Software Consortium maintains the BIND software. See also BIND boot file.
binary
A base-2 number system in which values are expressed as combinations of two digits, 0 and 1.
BIND
See Berkeley Internet Name Domain.
BIND boot file
Configuration file used by Domain Name System (DNS) servers running under versions of the Berkeley Internet Name Domain (BIND) software implementation. The BIND boot file is a text file, Named.boot, where individual lines in the file list boot directives used to start a service when the DNS server is started. By default, Microsoft DNS servers use DNS service parameters stored in the Windows 2000 registry, but allow the use of a BIND boot file as an alternative for reading boot configuration settings. See also BIND; registry boot.
bindery
A database in Novell NetWare 2.x and 3.x that contains organizational and security information about users and groups.
binding
A process by which software components and layers are linked together. When a network component is installed, the binding relationships and dependencies for the components are established. Binding allows components to communicate with each other.
BINL service
See Boot Information Negotiation Layer service.
BINLSVC
See Boot Information Negotiation Layer Service.
BIOS
See basic input/output system.
BIOS parameter block (BPB)
A series of fields containing data on disk size, geometry variables, and the physical parameters of the volume. The BPB is located within the boot sector.
bit
The smallest unit of information handled by a computer. One bit expresses a 1 or a 0 in a binary numeral, or a true or false logical condition. A group of 8 bits makes up a byte, which can represent many types of information, such as a letter of the alphabet, a decimal digit, or other character. Bit is also called binary digit.
bit stuffing
A technique used by PPP on synchronous links, such as T-Carrier, ISDN, or other digital links, to prevent the occurrence of the Flag character within the PPP frame.
bit-wise logical AND
A mathematical operation that compares equal numbers of bits using the logical AND comparison. If both bits being compared are 1, the result is 1. Otherwise, the result is 0.
bits per second (bps)
The number of bits transmitted every second, used as a measure of the speed at which a device, such as a modem, can transfer data. A character is made up of 8 bits. In asynchronous communication, each character is preceded by a start bit and terminates with a stop bit. So for each character, 10 bits are transmitted. If a modem communicates at 2,400 bits per second (bps), then 240 characters are sent every second.
black hole
A condition of an internetwork where packets are lost without an indication of the error.
block policy option
An option that prevents Group Policy objects specified in higher-level Active Directory containers from applying to a computer or user.
bonding
The combining of ISDN B channels through hardware support.
boot
To start or reset a computer. When first turned on or reset, the computer executes the software that loads and starts the computer's operating system, which prepares it for use.
Boot Information Negotiation Layer (BINL) service
A service that runs on Windows 2000 Server that acts on client boot requests. For example, by using Remote Installation Service the BINL service listens for and answers DHCP (PXE) requests. It also services Client Installation Wizard requests. BINL directs the client to the files needed to start the installation process. This service also checks Active Directory to verify credentials, determine whether a client needs service, and whether to create a new or reset an existing computer account on behalf of the client.
boot partition
The volume that contains the operating system and its support files. The boot partition can be (but does not have to be) the same as the system partition. Both a primary partition and a logical drive in an extended partition can be used as a boot partition.
boot sector
A critical disk structure for starting your computer located at sector 1 of each volume or floppy disk. It contains executable code and data that is required by the code, including information used by the file system to access the volume. The boot sector is created when you format the volume.
bootable CD
An automated installation method that runs Setup from a CD-ROM. This method is useful for computers at remote sites with slow links and no local IT department. See also automated installation.
bootstrap protocol (BOOTP)
A set of rules or standards to enable computers to connect with one another, used primarily on TCP/IP networks to configure workstations without using media disks. RFCs 951 and 1542 define this protocol. DHCP is a boot configuration protocol that uses this protocol.
Border Gateway Protocol (BGP)
A routing protocol designed for use between autonomous systems. See also autonomous system.
bottleneck
A condition, usually involving a hardware resource, that causes the entire system to perform poorly.
BounceKeys
A keyboard filter that assists users whose fingers bounce on the keys when pressing or releasing them.
bound trap
In programming, a problem in which a set of conditions exceeds a permitted range of values that causes the microprocessor to stop what it is doing and handle the situation in a separate routine.
boundary layer
A common interface between two software components that is standardized to allow other components to connect to this interface.
Bourne shell
A UNIX command processor developed by Steven Bourne.
branch
A segment of a logical tree structure, representing a folder and any folders that it contains.
bridgehead server
In Active Directory replication, a single server in each site that is designated to perform site-to-site replication. Bridgehead servers are designated automatically by the KCC, or they can be assigned manually by an administrator. Bridgehead servers ensure that most replication occurs within sites rather than between sites.
bridgehead server
A server that receives and forwards e-mail traffic at each end of a connection agreement, similar to the task a gateway performs.
broadcast
An address that is destined for all hosts on a particular network segment. See also broadcast network.
broadcast and unknown server (BUS)
A multicast service on an emulated local area network (ELAN) that forwards broadcast, multicast, and initial unicast data traffic sent by a LAN emulation client. See also emulated local area network (ELAN).
broadcast datagram
An IP datagram sent to all hosts on the subnet. See also datagram.
broadcast message
A network message sent from a single computer that is distributed to all other devices on the same segment of the network as the sending computer.
broadcast name resolution
A mechanism defined in RFC 1001/1002 that uses broadcasts to resolve names to IP addresses through a process of registration, resolution, and name release. See also broadcast datagram; Request for Comments (RFC).
broadcast network
A network that supports more than two attached nodes and has the ability to address a single physical message to all of the attached nodes (broadcast). Ethernet is an example of a broadcast network.
browse list
Any list of items that can be browsed, such as a list of servers on a network, or a list of printers displayed in the Add Printer wizard.
browser
A client tool for navigating and accessing information on the Internet or an intranet. In the context of Windows networking, "browser" can also mean the Computer Browser service, a service that maintains an up-to-date list of computers on a network or part of a network and provides the list to applications when requested. When a user attempts to connect to a resource in a domain, the domain's browser is contacted to provide a list of available resources.
brute force attack
See key search attack.
buffer
An area of memory used for intermediate storage of data until it can be used.
buffer overflow attack
An attack in which an attacker exploits a weakness in a program or service to force a buffer overflow condition and then cause malicious code (provided by the attacker) to run in the computer's memory. Through a successful buffer overflow attack, an attacker can take control of the computer with the rights and permissions of the system and the logged--on user.
bulk encryption
A process in which large amounts of data, such as files, e-mail messages, or online communications sessions, are encrypted for confidentiality. It is usually done with a symmetric key algorithm. See also encryption; symmetric key encryption.
BUS
See broadcast and unknown server.
bus
A communication line used for data transfer among the components of a computer system. A bus is essentially a highway that allows different parts of the system to share data.

C

C shell
A UNIX command processor whose programming constructs are similar to those of the C language.
C2 level of security
U.S. government security level that designates a system that has controls capable of enforcing access limitations on an individual basis. In a C2 system, the owner of a system resource has the right to decide who can access it, and the operating system can detect when data is accessed and by whom.
cable modem
A modem that provides broadband Internet access in the range of 10 to 30 Mbps.
cache
For DNS and WINS, a local information store of resource records for recently resolved names of remote hosts. Typically, the cache is built dynamically as the computer queries and resolves names; it helps optimize the time required to resolve queried names. See also cache file; naming service; resource record.
cache file
A file used by the Domain Name System (DNS) server to preload its names cache when service is started. Also known as the "root hints" file because resource records stored in this file are used by the DNS service to help locate root servers that provide referral to authoritative servers for remote names. For Windows DNS servers, the cache file is named Cache.dns and is located in the %systemroot%\System32\Dns folder. See also authoritative; cache; systemroot.
cache hints file
see cache file.
caching
A special pool in memory in which recently-used data values are temporarily held for quicker subsequent accesses. For DNS, the ability of DNS servers to store information about the domain namespace learned during the processing and resolution of name queries. In Windows 2000, caching is also available through the DNS client service (resolver) as a way for DNS clients to keep a cache of name information learned during recent queries. See also caching resolver.
caching resolver
For Windows 2000, a client-side Domain Name System (DNS) name resolution service that performs caching of recently learned DNS domain name information. The caching resolver service provides system-wide access to DNS-aware programs for resource records obtained from DNS servers during the processing of name queries. Data placed in the cache is used for a limited period of time and aged according to the active Time To Live (TTL) value. You can set the TTL either individually for each resource record (RR) or default to the minimum TTL set in the start of authority RR for the zone. See also cache; caching; expire interval; minimum TTL; resolver; resource record; Time To Live (TTL).
caching-only server
A DNS name server that only performs queries, caches the answers, and returns the results. It is not authoritative for any names and does not contain any zones. It only stores data that it has cached while resolving queries. See also caching; name server; zone.
Call Manager
A software component that establishes, maintains and terminates a connection between two computers.
Callback Control Protocol (CBCP)
The Network Control Protocol for negotiating the use of callback over PPP links.
capture buffer
The maximum size of the capture file. When the capture file reaches the maximum size, the oldest frames are removed to make room for newer frames (FIFO queue).
central site
In Systems Management Server, the primary site at the top of the Systems Management Server hierarchy, to which all other sites in the system report their inventory and events.
certificate
A digital document that is commonly used for authentication and secure exchange of information on open networks, such as the Internet, extranets, and intranets. A certificate securely binds a public key to the entity that holds the corresponding private key. Certificates are digitally signed by the issuing certification authority and can be issued for a user, a computer, or a service. The most widely accepted format for certificates is defined by the ITU-T X.509 version 3 international standard. See also certification authority; private key; public key.
certificate revocation list (CRL)
A document maintained and published by a certification authority that lists certificates that have been revoked. A CRL is signed with the private key of the CA to ensure its integrity. See also certificate; certification authority.
Certificate Services
The Windows 2000 service that issues certificates for a particular CA. It provides customizable services for issuing and managing certificates for the enterprise. See also certificate; certification authority.
certificate stores
Windows 2000 stores public key objects, such as certificates and certificate revocation lists, in logical stores and physical stores. Logical stores group public key objects for users, computers, and services. Physical stores are where the public key objects are actually stored in the registry of local computers (or in Active Directory for some user certificates). Logical stores contain pointers to the public key objects in the physical stores. Users, computers, and services share many public key objects, so logical stores enable public key objects to be shared without requiring the storage of duplicates of the objects for each user, computer, or service.
certificate template
A Windows 2000 construct that profiles certificates (that is, it pre-specifies format and content) based on their intended usage. When requesting a certificate from a Windows 2000 enterprise certification authority (CA), certificate requesters are, depending on their access rights, able to select from a variety of certificate types that are based on certificate templates, such as "User" and "Code Signing". See also certificate; enterprise certification authority.
certificate trust list (CTL)
A signed list of root certification authority certificates that an administrator considers reputable for designated purposes, such as client authentication or secure e-mail. See also certificate; certification authority; root certificate; root certification authority.
Certificates console
A snap-in to the MMC. This console is used to manage certificate stores for users, computers, and services. See also certificate; certificate stores.
certification authority (CA)
An entity responsible for establishing and vouching for the authenticity of public keys belonging to users (end entities) or other certification authorities. Activities of a certification authority can include binding public keys to distinguished names through signed certificates, managing certificate serial numbers, and certificate revocation. See also certificate; public key.
Certification Authority console
A Snap-in to the MMC. This console is used to configure and manage Windows 2000 certification authorities. See also certification authority.
certification hierarchy
A model of trust for certificates in which certification paths are created through the establishment of parent-child relationships between certification authorities. See also certification authority; certification path.
certification path
An unbroken chain of trust from a certificate to the root certification authority in a certification hierarchy. See also certification hierarchy; certificate.
Certification Practices Statement (CPS)
A formal statement that describes the certification policies and practices of a certification authority. See also certification authority.
Challenge Handshake Authentication Protocol (CHAP)
A challenge-response authentication protocol for PPP connections documented in RFC 1994 that uses the industry-standard Message Digest 5 (MD5) one-way encryption scheme to hash the response to a challenge issued by the remote access server.
change journal
A feature new to Windows 2000 that tracks changes to NTFS volumes, including additions, deletions, and modifications. The change journal exists on the volume as a sparse file.
change log
See quorum log.
changer
The robotic element of an online library unit.
character stuffing
A technique used by PPP on asynchronous links, such as analog phone lines, to prevent the occurrence of the Flag character within the PPP frame.
checkpoint
In a server cluster node's registry, a snapshot of the registry cluster key or of an application key. The checkpoint is written to the quorum disk when certain events take place, such as a node failure. See also cluster database.
child domain
For DNS and Active Directory, a domain located in the namespace tree directly beneath another domain name (its parent domain). For example, "example.reskit.com" is a child domain of the parent domain, "reskit.com" Child domain is also called subdomain. See also directory partition; domain; parent domain.
child object
An object that is the immediate subordinate of another object in a hierarchy. A child object can have only one immediate superior, or parent, object. In Active Directory, the schema determines what classes of objects can be child objects of what other classes of objects. Depending on its class, a child object can also be the parent of other objects. See also object; parent object.
Chooser
The Macintosh desk accessory with which users select the network server and printers they want to use.
CIDR block
A block of IP addresses allocated using Classless Interdomain Routing (CIDR).
cipher
The method of forming a hidden message. The cipher is used to transform a readable message called plaintext (also sometimes called cleartext) into an unreadable, scrambled, or hidden message called ciphertext. Only someone with a secret decoding key can convert the ciphertext back into its original plaintext. See also ciphertext; plaintext; cryptography.
cipher block chaining (CBC)
A process used to hide patterns of identical blocks of data within a packet. An Initialization Vector (an initial random number) is used as the first random block to encrypt and decrypt a block of data. Different random blocks are used in conjunction with the secret key to encrypt each block.
ciphertext
Text that has been encrypted using an encryption key. Ciphertext is meaningless to anyone who does not have the decryption key. See also decryption; encryption; encryption key; plaintext.
class
A category of objects that share a common set of characteristics. Each object in the directory is an instance of one or more classes in the schema.
Class A IP address
A unicast IP address that ranges from 1.0.0.1 to 126.255.255.254. The first octet indicates the network, and the last three octets indicate the host on the network. See also Class B IP address; Class C IP address; IP address.
Class B IP address
A unicast IP address that ranges from 128.0.0.1 to 191.255.255.254. The first two octets indicate the network, and the last two octets indicate the host on the network. See also Class A IP address; Class C IP address; IP address.
Class C IP address
A unicast IP address that ranges from 192.0.0.1 to 223.255.255.254. The first three octets indicate the network, and the last octet indicates the host on the network. Network Load Balancing provides optional session support for Class C IP addresses (in addition to support for single IP addresses) to accommodate clients that make use of multiple proxy servers at the client site. See also Class A IP address; Class B IP address; IP address.
Class D IP address
The Internet address class designed for IP multicast addresses. The value of the first octet for Class D IP addresses and networks varies from 224 to 239.
Class E IP address
The Internet address class designed for experimental use only. The value of the first octet for Class E IP addresses and networks starts at 240.
class-based
IP addressing or routing that is based on the internet address classes.
classical IP over ATM (CLIP)
A proposed Internet standard, described in RFC 2225 and other related RFCs, that allows IP communication directly on the ATM layer. See also Asynchronous Transfer Mode; Internet Protocol.
Classless Interdomain Routing (CIDR)
A method of allocating public IP addresses that is not based on the original internet address classes. Classless Interdomain Routing (CIDR) was developed to help prevent the depletion of public IP addresses and minimize the size of Internet routing tables.
clean installation
The process of installing an operating system on a clean or empty partition of a computer's hard disk.
cleartext
See plaintext.
client
Any computer or program connecting to, or requesting services of, another computer or program. See also server.
client access point
In Systems Management Server, a site system that provides a set of shared directories and files that create a common communication point between the site server and clients.
client request
A service request from a client to a server or, for Network Load Balancing, a cluster of computers. Network Load Balancing forwards each client request to a specific host within the cluster according to the system administrator's load-balancing policy. See also client; cluster; host; server.
Client Service for NetWare
A service included with Windows 2000 Professional that allows clients to make direct connections to resources on computers running NetWare 2.x, 3.x, 4.x, or 5.x server software.
client-side extensions
Group Policy components that, in certain cases, are responsible for implementing Group Policy on a client.
CLIP
See Classical IP over ATM.
ClonePrincipal
A tool that allows the incremental migration of users to a Windows 2000 environment without affecting the existing Windows NT production environment.
closed captioning
Alternative representation, usually text, of audio or graphics media that can be seen only on a specially equipped receiver.
CLUSDB
In a server cluster, the snapshot of the startup cluster registry key stored in the local disk.
cluster
A group of independent computer systems known as nodes or hosts, that work together as a single system to ensure that mission-critical applications and resources remain available to clients. A server cluster is the type of cluster that the Cluster service implements. Network Load Balancing provides a software solution for clustering multiple computers running Windows 2000 Server that provides networked services over the Internet and private intranets. In file systems a cluster is the smallest amount of disk space that can be allocated to hold a file. All file systems used by Windows 2000 organize hard disks based on clusters, also called allocation units. The smaller the cluster size, the more efficiently a disk stores information. If no cluster size is specified during formatting, Windows 2000 picks defaults based on the size of the volume and the file system used. These defaults are selected to reduce the amount of space lost and the amount of fragmentation on the volume.
Cluster Administrator
An application (Cluadmin.exe) used to configure a cluster and its nodes, groups, and resources. Cluster Administrator can run on any member of the trusted domain regardless of whether the computer is a cluster node. See also cluster; Cluster Administrator extension; Cluster.exe; node; resource.
Cluster Administrator extension
A dynamic-link library (DLL) that enables Cluster Administrator to manage a custom resource type. A Cluster Administrator extension uses the Cluster Administrator Extension API. See also cluster; Cluster Administrator; resource.
cluster API
A collection of functions implemented by the cluster software and used by a cluster-aware client or server application, a cluster management application, or a resource DLL. The cluster API is used to manage the cluster, cluster objects, and the cluster database. See also cluster; cluster-aware application; dynamic-link library; node; resource; resource DLL.
Cluster controller
An IBM Systems Network Architecture component that manages input/output operations for clusters of terminals or attached network devices.
cluster database
The database of configuration data (cluster objects and their settings) pertinent to the cluster. This database is the product of the cluster registry key checkpoint and the changes recorded in the quorum log. A local copy of this database is maintained by all the nodes of the cluster hive in the registry. See also checkpoint; cluster hive.
cluster disk
A disk on a shared bus connected to the cluster nodes, which all the cluster nodes can access (though not at the same time).
cluster hive
In the system registry of a server cluster node, the local copy of the cluster database; the portion of the system registry on each node that contains the configuration data of a cluster. When all the cluster nodes are up, changes to the cluster hive are synchronized on all cluster nodes, and the cluster hive is identical with the cluster database. While a node is down, that node's cluster hive is not updated with cluster configuration changes, but the changes are recorded on the quorum log. At startup, the local copy might have out-of-date information. If so, it is recreated using the last checkpoint and the change records in the quorum log. See also checkpoint; cluster database.
cluster log
An optionally enabled trace record of Cluster service events on a node. Not synonymous with quorum log.
cluster object
A physical or logical unit managed by the Cluster service. Cluster objects include nodes, networks, network interfaces (see network adapter), groups, resources, and resource types.
cluster registry key
The portion of the system registry on each node that contains the property and configuration data for the cluster, nodes, and specified resources. The cluster key is synchronized on all nodes in the cluster and on the quorum disk.
Cluster service
Clussvc.exe, the primary executable of the Windows Clustering component that creates a server cluster, controls all aspects of its operation, and manages the cluster database. Each node in a server cluster runs one instance of the Cluster service.
cluster-aware
The classification of an application or service that runs on a server cluster node, is managed as a cluster resource, and is designed to be aware of and interact with the server cluster environment. Cluster-aware applications use the Cluster API to receive status and notification information from the server cluster. See also Cluster API; cluster-unaware application; node; resource DLL.
cluster-aware application
An application or service that runs on a server cluster node and is managed as a cluster resource. Cluster-aware applications use the Cluster API to receive status and notification information from the server cluster. See also Cluster API; cluster-unaware application; node.
cluster-capable disk
A disk that can be accessed by all server cluster nodes.
cluster-unaware application
In a server cluster, the classification of an application or service that can run on a node and be managed as a cluster resource but does not support the Cluster API and therefore has no inherent knowledge of its environment. See also cluster-aware application; node.
Cluster.exe
An alternative to using Cluster Administrator to administer clusters from the Windows 2000 command prompt. Cluster.exe can be called from command scripts to automate many cluster administration tasks. See also Cluster Administrator.
cn (Common-Name)
The descriptive relative distinguished name for the schema object.
CNAME
For Active Directory, an object's distinguished name presented with the root first and without the LDAP attribute tags (such as: CN= or DC=). The segments of the name are delimited with forward slashes (/). For example,CN=MyDocuments,OU=MyOU,DC=Microsoft,DC=Com is presented as microsoft.com/MyOU/MyDocuments in canonical form. For DNS, a type of resource record. See also distinguished name; Lightweight Directory Access Protocol (LDAP); canonical name (CNAME) resource record.
code signing
The process of digitally signing software code to ensure its integrity and provide assurance of its origin.
cognitive disabilities
Impairments resulting from perceptual anomalies, memory loss, and learning and developmental disabilities, such as dyslexia and Down syndrome.
collection
In Systems Management Server, a set of resources in a site defined by membership rules. Collections are used to distribute software, view inventory on clients, and access clients for remote tool sessions.
COM
See Component Object Model.
Comma Separated Value (CSV) scripts
Windows 2000 includes a command-line utility, CSVDE, to import directory objects using .csv files and export directory objects as .csv files. CSV scripts are targeted for ease-of-use. The first line in the script identifies the attributes in the lines that follow. Columns are separated by commas. The file format is compatible with the Microsoft Excel CSV format, so that files are easily created. Use Excel or any other tool that can read and write .csv files. A benefit of using CSVDE is that it supports Unicode.
Comma Separated Value Directory Exchange (CSVDE)
A command--line utility that allows you to import and export objects to and from Active Directory. You can not create, modify, and delete directory objects using this utility. By using this utility, objects are stored in the Microsoft Comma-Separated Value (CSV) file format. The CSV file format is supported by many other applications, such as Microsoft Excel, that can read and save data in the CSV file format. Also, Microsoft Exchange Server administration tools can import and export data using the CSV format. CSVDE can be run on a Windows 2000 server or copied to a Windows 2000 workstation.
command control block (CCB)
A specifically formatted information set used in the IBM Token Ring environment that is transmitted from the application program to the adapter support software to request an operation.
common gateway interface (CGI)
A server-side interface for initiating software services. For example a set of interfaces that describe how a Web server communicates with software on the same computer. Any software can be a CGI program if it handles input and output according to the CGI standard.
Common Internet File System (CIFS)
A protocol and a corresponding API used by application programs to request higher level application services. CIFS was formerly known as SMB (Server Message Block).
Common Programming Interface for Communications (CPIC)
A platform-independent API developed by IBM to provide portability for APPC LU 6.2-based applications.
compaction
A process that reclaims space and defragments disks to improve WINS server performance.
complementary metal-oxide semiconductor (CMOS)
The battery-packed memory that stores information, such as disk types and amount of memory, used to start the computer.
completed state
A state that indicates that media can no longer be used for write operations.
Component Object Model (COM)
An object-based programming model designed to promote software interoperability; it allows two or more applications or components to easily cooperate with one another, even if they were written by different vendors, at different times, in different programming languages, or if they are running on different computers running different operating systems. COM is the foundation technology upon which broader technologies can be built. Object linking and embedding (OLE) technology and ActiveX are both built on top of COM.
computer account objects
Objects used to identify a specific computer account in Windows NT Server 4.0 or Windows 2000 Server.
computer name
A unique name of up to 15 uppercase characters that identifies a computer to the network. The name cannot be the same as any other computer or domain name in the network.
confidentiality
A basic security function of cryptography. Confidentiality provides assurance that only authorized users can read or use confidential or secret information. Without confidentiality, anyone with network access can use readily available tools to eavesdrop on network traffic and intercept valuable proprietary information. For example, an Internet Protocol security service that ensures a message is disclosed only to intended recipients by encrypting the data. See also cryptography; authentication; integrity; nonrepudiation.
connection agreement
A configurable section in the ADC user interface that holds information such as the server names to contact for synchronization, object classes to synchronize, target containers, and the synchronization schedule. See also Active Directory Connector (ADC).
connection establishment delay
The delay encountered when forwarding a packet across an on-demand demand-dial connection. The delay is due to the connection establishment process, consisting of creating a physical connection and/or a logical connection and a PPP connection.
connection object
An Active Directory object that represents a replication connection from one domain controller to another. The connection object is a child of the replication destination's NTDS Settings object and identifies the replication source server, contains a replication schedule, and specifies a replication transport. Connection objects are created automatically by the Knowledge Consistency Checker, but they can also be created manually. Automatically generated connections must not be modified by the user unless they are first converted into manual connections.
connection-oriented
A type of network protocol that requires an end-to-end virtual connection between the sender and receiver before communicating across the network.
connection-oriented communication
A network transmission service where a physical or logical link is negotiated and established prior to packet transmission.
Connection-Oriented NDIS (Co-NDIS)
A Network Driver Interface Specification that supports connection-oriented data transfer.
connection-specific DNS suffix
A DNS suffix specific to an adapter, rather than global to the computer. During the name resolution process, it is appended to an incomplete name. An incomplete name might be a single-label name or a multiple-label name that is not dot-terminated and can not be resolved as an fully qualified domain name. Connection-specific DNS suffixes can also be used for registration of the computer's name.
connection-specific domain name
A domain name specific to an adapter, rather than global to the computer. See also domain name.
connectionless
A network protocol in which a sender broadcasts traffic on the network to an intended receiver without first establishing a connection to the receiver.
console
A framework for hosting administrative tools in the Microsoft Management Console (MMC). A console is defined by the items in its console tree, which might include folders or other containers, World Wide Web pages, and other administrative items. A console has windows that can provide views of the console tree, and the administrative properties, services, and events that are acted on by the items in the console tree.
console tree
The tree view pane in a Microsoft Management Console (MMC) that displays the hierarchical namespace. By default it is the left pane of the console window, but it can be hidden. The items in the console tree (for example, Web pages, folders, and controls) and their hierarchical organization determines the management capabilities of a console. See also Microsoft Management Console (MMC); namespace.
constant bit rate (CBR)
An ATM service type that supports constant bandwidth allocation. This service type is used for voice and video transmissions that require little or no cell loss and rigorous timing controls during transmission.
container object
An object that can logically contain other objects. For example, a folder is a container object. See also noncontainer object; object.
context switch
An event that occurs when the kernel switches the processor from one thread to another, for example, when an I/O operation causes a thread to be blocked and the operating system selects another thread to run on the processor.
convergence
The process of stabilizing a system after changes occur in the network. For routing, if a route becomes unavailable, routers send update messages throughout the internetwork, reestablishing information about preferred routes. For Network Load Balancing, a process by which hosts exchange messages to determine a new, consistent state of the cluster and to elect the host with the highest host priority, known as the default host. During convergence, a new load distribution is determined for hosts that share the handling of network traffic for specific TCP or UDP ports. See also cluster; default host; host; User Datagram Protocol (UDP).
convergence time
The time it takes for the internetwork to achieve convergence. See convergence.
cost
A unitless metric configured on OSPF routers that indicates the preference of using a certain link.
cross-reference object
In Active Directory, an object that contains knowledge of one directory partition. Cross reference objects are used to generate referrals to other directory partitions and to foreign directories. On a specified domain controller, subject to replication latency, the combination of all cross references provides knowledge of all directory partitions in the forest, irrespective of location in the directory tree.
cryptanalysis
The art and science of breaking ciphertext. In contrast, the art and science of keeping messages secure is cryptography. See also ciphertext; cryptography; plaintext.
crypto-accelerator board
A hardware device that speeds up cryptographic operations by offloading operations to a special processor on the board.
CryptoAPI (CAPI)
An application programming interface (API) that is provided as part of Windows 2000. CryptoAPI provides a set of functions that allow applications to encrypt or digitally sign data in a flexible manner while providing protection for private keys. Actual cryptographic operations are performed by independent modules known as cryptographic service providers (CSPs). See also cryptographic service provider; private key.
cryptographic key
See encryption key.
cryptographic service provider (CSP)
An independent software module that performs cryptography operations such as secret key exchange, digital signing of data, and public key authentication. Any Windows 2000 service or application can request cryptography operations from a CSP. See also CryptoAPI.
cryptography
The art and science of information security. It provides four basic information security functions: confidentiality, integrity, authentication, and nonrepudiation. See also confidentiality; integrity; authentication; nonrepudiation.
cryptology
The science that encompasses both cryptography and cryptanalysis. See also cryptanalysis; cryptography.
CSVDE
See Comma-Separated Value Directory Exchange.
current directory
The directory being worked in currently. Also called current folder.
current working directory
The directory that a user is associated with at any given time.
custom resource type
A resource type defined by a third-party developer using the Cluster service API.
custom subnet mask
A subnet mask that is not based on the internet address classes. Custom subnet masks are commonly used when subnetting.
cyclical redundancy check (CRC)
A procedure used in checking for errors in data transmission. CRC error checking uses a complex calculation to generate a number based on the data transmitted. The sending device performs the calculation before transmission and sends its result to the receiving device. The receiving device repeats the same calculation after transmission. If both devices obtain the same result, it is assumed that the transmission was error-free. The procedure is known as a redundancy check because each transmission includes not only data but extra (redundant) error-checking values. Communications protocols such as XMODEM and Kermit use cyclical redundancy checking.

D

daemon
A networking program, usually associated with UNIX systems, that runs in the background performing utility functions such as housekeeping or maintenance without user intervention or awareness. Pronounced "demon".
DARPA model
The four-layer model that is used to describe the TCP/IP protocol suite. The four layers of the DoD (Department of Defense) Advanced Research Projects Agency (DARPA) model are: Application, Transport, Internet, and Network Interface.
data decryption field (DDF)
A header field, in a file encrypted by using the Encrypting File System, that contains the file encryption key encrypted with the file encryptor's public key.
Data Encryption Standard (DES)
An encryption algorithm that uses a 56-bit key, and maps a 64-bit input block to a 64-bit output block. The key appears to be a 64-bit key, but one bit in each of the 8 bytes is used for odd parity, resulting in 56 bits of usable key.
Data Link Control (DLC)
A protocol used primarily for IBM mainframe computers and printer connectivity.
data recovery field (DRF)
A header field, in a file encrypted by using the Encrypting File System, that contains the file encryption key encrypted with a recovery agent's public key.
data stream
All information transferred over a network at any given time.
data-link layer
A layer that packages raw bits from the physical layer into frames (logical, structured packets for data). This layer is responsible for transferring frames from one computer to another, without errors. After sending a frame, the data-link layer waits for an acknowledgment from the receiving computer.
Database Manager
The Cluster service component that controls access to the cluster database.
datagram
An unacknowledged packet of data sent to another network destination. The destination can be another device directly reachable on the local area network (LAN) or a remote destination reachable using routed delivery through a packet-switched network.
datagram socket
A socket using the Windows Sockets API that provides a connectionless, unreliable flow of data.
DCOM
See Distributed Component Object Model.
DCOM Configuration tool
A Windows NT Server tool that can be used to configure 32-bit applications for DCOM communication over the network. See also DCOM.
dead gateway detection
The practice of the Windows 2000 TCP/IP protocol to change the default gateway to the next default gateway in the list of configured default gateways when a specific number of connections retransmit segments.
deallocate
To return media to the available state after they have been used by an application.
decommissioned state
A state that indicates that media have reached their allocation maximum.
decryption
The process of making encrypted data readable again by converting ciphertext to plaintext. See also ciphertext; encryption; plaintext.
deep search
See search scope.
default gateway
A configuration item for the TCP/IP protocol that is the IP address of a directly reachable IP router. Configuring a default gateway creates a default route in the IP routing table.
default host
The host with the highest host priority for which a drainstop command is not in progress. After convergence, the default host handles all of the network traffic for TCP and UDP ports that are not otherwise covered by port rules. See also convergence; drainstop; host priority; port rule; User Datagram Protocol.
default network
In the Macintosh environment, the physical network on which the processes of the server reside as nodes and on which the server appears to users. The default network of the server must be one to which that server is attached. Only servers on AppleTalk Phase 2 internets have default networks.
default printer
The printer to which a computer sends documents if the Print command is selected without first specifying which printer to use with a program.
default route
A route that is used when no other routes for the destination are found in the routing table. For example, if a router or end system cannot find a network route or host route for the destination, the default route is used. The default route is used to simplify the configuration of end systems or routers. For IP routing tables, the default route is the route with the network destination of 0.0.0.0 and netmask of 0.0.0.0.
default subnet mask
A subnet mask that is used on an Internet Address Class-based network. The subnet mask for Class A is 255.0.0.0. The subnet mask for Class B is 255.255.0.0. The subnet mask for Class C is 255.255.255.0.
default zone
The zone to which all Macintosh clients on a network are assigned by default.
defaultObjectCategory
The distinguished name of the classSchema object for the class that should be used by default as the objectCategory for new instances of this class. This is an indexed property used to make object class searches fast and efficient.

By default, defaultObjectCategory is set to the distinguished name of the classSchema object for this class. If this object will be frequently queried by the value of a super class rather than the object's own class, the defaultObjectCategory can be defined in the schema to the desired value.

If you are sub-classing a structural class, best practice is to set this to the same value as the superclass. This allows the standard UI to "find" your sub-class.

deferred procedure call (DPC)
A kernel-defined control object type that represents a procedure that is to be called later. A DPC runs at DISPATCH_LEVEL IRQL. A DPC can be used when a timer event occurs or when an ISR needs to perform more work but should do so at a lower interrupt request level than the one at which an ISR executes. In an SMP environment, a DPC might run immediately on a processor other than the current one, or might run after another interrupt has run on the current processor.
defragmentation
The process of rewriting parts of a file to contiguous sectors on a hard disk to increase the speed of access and retrieval. When files are updated, the computer tends to save these updates on the largest continuous space on the hard disk, which is often on a different sector than the other parts of the file. When files are thus fragmented, the computer must search the hard disk each time the file is opened to find all of the parts of the file, which slows down response time. In Active Directory, defragmentation rearranges how the data is written in the directory database file to compact it. See also fragmentation.
delegation
The ability to assign responsibility for management and administration of a portion of the namespace to another user, group, or organization. For DNS, a name service record in the parent zone that lists the name server authoritative for the delegated zone. See also inheritance; parenting.
delegation wizard
A wizard used to distribute precise elements of the administrator's workload to others.
demand-dial connection
A connection, typically using a circuit-switched wide area network link, that is initiated when data needs to be forwarded. The demand-dial connection is typically terminated when there is no traffic.
demand-dial filter
An IP packet filter that specifies what types of TCP/IP traffic either creates the connection or ignores it for the purposes of creating the connection.
demand-dial interface
A logical interface that represents a demand-dial connection (a PPP link) that is configured on the calling router. The demand-dial interface contains configuration information such as the port to use, the addressing used to create the connection (such as a phone number), authentication and encryption methods, and authentication credentials.
demand-dial routing
Routing that makes dial-up connections to connect networks based on need. For example, a branch office with a modem that dials and establishes a connection only when there is network traffic from one office to another.
demultiplexing
The action of forwarding a packet to the proper process, such as when an IPX packet arrives at its destination and is handed to the IPX protocol.
denial-of-service attack
An attack in which an attacker exploits a weakness or a design limitation of a network service to overload or halt the service, so that the service is not available for use. This type of attack is typically launched to prevent other users from using a network service such as a Web server or a file server.
dependency
In clustering, the state in which one resource must be online before a second resource can come online.
dependency tree
A discrete set of resources that are connected to each other by dependency relationships. All resources in a specified dependency tree must be members of a single group. See also dependency; resource.
designated router (DR)
An OSPF router that forms adjacencies with all other routers on a multiple access network.
desired free space
The amount of free space that should be maintained on a volume at all times during normal use.
desktop
The on-screen work area in which windows, icons, menus, and dialog boxes appear.
device
Any piece of equipment that can be attached to a network or computer, for example, a computer, printer, joystick, adapter or modem card, or any other peripheral equipment. Devices normally require a device driver to function with Windows 2000. See also device driver.
device driver
A program that allows a specific device, such as a modem, network adapter, or printer, to communicate with Windows 2000. Although a device can be installed on a system, Windows 2000 cannot use the device until the appropriate driver has been installed and configured. If a device is listed in the Hardware Compatibility List (HCL), a driver is usually included with Windows 2000. Device drivers load (for all enabled devices) when a computer is started, and thereafter run invisibly. See also Hardware Compatibility List (HCL).
device fonts
Fonts that reside in your printer. They can be built into the printer itself or provided by a font cartridge or font card. See also printer fonts.
Dfs
See Distributed file system.
Dfs link
Part of the Distributed file system (Dfs) topology that lies below the Dfs root and forms a connection to one or more shared folders or another Dfs root. It does this by mapping a DNS name to the standard UNC of the target shared folder.
Dfs root
A Server Message Block share at the top of the Dfs topology that is the starting point for the links and shared files that make up the Dfs namespace. A Dfs root can be defined at the domain level, for domain-based operation, or at the server level, for stand-alone operation. Domain-based Dfs can have multiple roots in the domain but only one root on each server. See also namespace.
Dfs shared folder
Files or folders in the Dfs namespace that are shared by users with proper permissions. Shared folders can exist at the root level (domain-based Dfs only) or be referred to by Dfs links.
Dfs topology
The overall logical hierarchy of a Distributed file system, including elements such as roots, links, shared folders, and replica sets, as depicted in the Dfs administrative console. This is not to be confused with the Dfs namespace, which is the logical view of shared resources seen by users.
DHCP
See Dynamic Host Configuration Protocol.
DHCP Manager
The primary tool used to manage DHCP servers. The DHCP Manager is a Microsoft Management Console (MMC) tool that is added to the Administrative Tools menu when the DHCP service is installed.
DHCP relay agent
A routing component that transfers messages between DHCP clients and DHCP service located on separate networks.
DHCP service
A service, that enables a computer to function as a DHCP server and configure DHCP-enabled clients on a network. DHCP runs on a server, enabling the automatic, centralized management of IP addresses and other TCP/IP configuration settings for a network's clients.
dialog box
A window that is displayed to request or supply information. Many dialog boxes have options which must be selected before Windows NT can carry out a command.
dictionary attack
An attack in which an attacker tries known words in the dictionary and numerous common password names in an attempt to "guess" the password. Because most users prefer easily remembered passwords, dictionary attacks are often a shortcut to finding a password in significantly less time than key search (brute force) attacks would take to find the same password. See also key search attack.
Diffie-Hellman (DH) algorithm
An algorithm that predates Rivest-Shamir-Adleman (RSA) encryption and offers better performance. It is one of the oldest and most secure algorithms used for key exchange. The two parties publicly exchange keying information, which Windows 2000 additionally protects with hash function encryption. Neither party ever exchanges the actual key; however, after their exchange of keying material, each is able to generate the identical shared key. At no time is the actual key ever exchanged.
Diffie-Hellman Groups
Groups used to determine the length of the base prime numbers (key material) for the DH exchange. The strength of any key derived from a DH exchange depends in part on the strength of the DH group the primes are based upon.
Diffie-Hellman Key Agreement
See Diffie-Hellman (DH) algorithm.
digital certificate
See certificate.
digital signature
A means for originators of a message, file, or other digitally--encoded information to bind their identity to the information. The process of digitally signing information entails transforming the information, as well as some secret information held by the sender, into a tag called a signature. Digital signatures are used in public key environments and they provide nonrepudiation and integrity services. See also public key cryptography.
Digital Signature Algorithm (DSA)
See Digital Signature Security Standard.
Digital Signature Security Standard (DSS)
A standard that uses the Digital Signature Algorithm (DSA) for its signature algorithm and SHA-1 as its message hash algorithm. DSA is a public key algorithm that is used only to generate digital signatures and cannot be used for data encryption. Digital Signature Standard is also called DSS.
direct delivery
The delivery of an IP packet by an IP node to the final destination on a directly attached network.
direct hosting
A feature that allows Windows 2000 computers using Microsoft file and print sharing to communicate over IPX, bypassing the NetBIOS layer.
direct memory access (DMA)
Memory access that does not involve the microprocessor. DMA is frequently used for data transfer directly between memory and a peripheral device, such as a disk drive.
directory
An information source that contains information about computer files or other objects. In a file system, a directory stores information about files. In a distributed computing environment (such as a Windows 2000 domain), the directory stores information about objects such as printers, applications, databases, and users.
directory partition
A contiguous subtree of Active Directory that is replicated as a unit to other domain controllers in the forest that contain a replica of the same subtree. In Active Directory, a single server always holds at least three directory partitions: schema, (class and attribute definitions for the directory); configuration (replication topology and related metadata); domain (subtree that contains the per-domain objects for one domain). The schema and configuration directory partitions are replicated to every domain controller in a specified forest. A domain directory partition is replicated only to domain controllers for that domain. In addition to a full, writable replica of its own domain directory partition, a Global Catalog server also holds partial, read-only replicas of all other domain directory partitions in the forest. See also full replica; Global Catalog; partial replica.
directory service
Both the directory information source and the service that make the information available and usable. A directory service enables the user to find an object given any one of its attributes. See also Active Directory; directory.
directory store
The physical storage for Active Directory directory partition replicas on a given domain controller. The store is implemented using the Extensible Storage Engine.
directory system agent (DSA)
The process that manages and provides access to stored directory information.
directory tree
A hierarchy of objects and containers in a directory that can be viewed graphically as an upside-down tree, with the root object at the top. Endpoints in the tree are usually single (leaf) objects, and nodes in the tree, or branches, are container objects. A tree shows how objects are connected in terms of the path from one object to another. A simple tree is a single container and its objects. A contiguous subtree is any unbroken path in the tree, including all the members of any container in that path.
disable
To make a device nonfunctional. For example, if a device in a hardware profile is disabled, the device cannot be used while using that hardware profile. Disabling a device frees the resources that were allocated to the device.
disabled user account
A user account that does not permit logging on. The account appears in the user account list of Local Users and Groups or Active Directory Users and Computers and can be re-enabled by a member of the Administrators group at any time. See also user account.
disconnected placeholder
A placeholder whose file contents have been removed from remote storage. A disconnected placeholder could have been restored from backup after the space in remote storage was reclaimed, or the data within remote storage is physically unavailable (for example, because of a media failure).
discontiguous namespace
Namespace that is based on different DNS root domain names, such as that of multiple trees in the same forest. See also flat namespace; hierarchical namespace; namespace.
discovery
A process by which the Windows 2000 Net Logon service attempts to locate a domain controller running Windows 2000 Server in the trusted domain. Once a domain controller has been discovered, it is used for subsequent user account authentication. For SNMP, dynamic discovery is the identification of devices attached to an SNMP network.
discretionary access control list (DACL)
The part of an object's security descriptor that grants or denies specific users and groups permission to access the object. Only the owner of an object can change permissions granted or denied in a DACL; thus access to the object is at the owner's discretion. See also access control entry; object; security descriptor; system access control list.
disjoint networks
Networks that are separate and unaware of each other.
disjointed subnet
Subnets of a subnetted IP network ID that are not contiguous (connected by the same routers).
disk
A physical data storage device attached to a computer. See also basic disk; dynamic disk.
disk bottleneck
A condition that occurs when disk performance is reduced to the extent that overall system performance is affected.
disk quota
The maximum amount of disk space available to a user.
display adapter
An expansion board that plugs into a personal computer to give it display capabilities. A computer's display capabilities depend on both the logical circuitry (provided in the video adapter) and the monitor. Each adapter offers several different video modes. The two basic categories of video modes are text and graphic. Within the text and graphic modes, some monitors also offer a choice of resolutions. At lower resolutions a monitor can display more colors. Modern adapters contain memory, so that the computer's RAM is not used for storing displays. In addition, most adapters have their own graphics coprocessor for performing graphics calculations. These adapters are often called graphics accelerators. See also network adapter.
display specifiers
Objects in Active Directory that store localized graphical user interface information. Display specifiers enable the graphical user interface to be extended for each class of object in Active Directory.
distance vector
A routing protocol technology in which routing information is advertised as a series of network IDs and their distance in hops from the advertising router. Routing information exchanged between typical distance vector-based routers is unsynchronized and unacknowledged.
distinguished name
A name that uniquely identifies an object by using the relative distinguished name for the object, plus the names of container objects and domains that contain the object. The distinguished name identifies the object as well as its location in a tree. Every object in Active Directory has a distinguished name. An example of a distinguished name is CN=MyName,CN=Users,DC=Reskit,DC=Com.

This distinguished name identifies the "MyName" user object in the reskit.com domain.

Distributed Component Object Model (DCOM)
The Microsoft Component Object Model (COM) specification that defines how components communicate over Windows-based networks. Use the DCOM Configuration tool to integrate client/server applications across multiple computers. DCOM can also be used to integrate robust Web browser applications. See also DCOM Configuration tool.
Distributed Data Management (DDM)
An underlying database architecture provided by the host system, used by IBM.
distributed DHCP
A DHCP scenario in which IP addresses are distributed across a site boundary.
Distributed file system (Dfs)
A Windows 2000 service consisting of software residing on network servers and clients that transparently links shared folders located on different file servers into a single namespace for improved load sharing and data availability.
distributed processing
A computing environment that contains a client and a server. This structure allows the workload to be divided into parts yet appear as a single process.
Distributed Relational Database Architecture (DRDA)
An IBM distributed database protocol that provides access to IBM DB2 relational database programs on IBM host platforms including IBM Multiple Virtual Storage (MVS) and AS/400 systems.
distribution folder
The folder created on the Windows 2000 distribution server to contain the Setup files.
distribution point
In Systems Management Server, a site system with the distribution point role that stores package files received from a site server. Systems Management Server clients contact distribution points to obtain programs and files after they detect that an advertised application is available from a client access point.
distribution point group
In Systems Management Server, a set of distribution points that can be managed as a single entity.
DNS
See Domain Name System.
DNS Notify
A revision to the DNS standard (RFC 1996) that proposes that the master server for a zone notify certain secondary servers for that zone of changes, and the secondary servers can then check to see whether they need to initiate a zone transfer. See also master server; secondary server.
DNS resolver
A component of the TCP/IP protocol that sends Domain Name System (DNS) queries to a DNS server.
DNS server
A computer that runs DNS server programs containing name-to-IP address mappings, IP address-to-name mappings, information about the domain tree structure, and other information. DNS servers also attempt to resolve client queries.
DNS suffix
For DNS, an optional parent domain name that can be appended to the end of a relative domain name that is used in a name query or host lookup. The DNS suffix can be used to complete an alternate fully qualified DNS domain name to be searched when the first attempt to query a name fails.
DNS suffix search list
A list of domain names specified on the DNS tab of the Advanced TCP/IP Settings page. During name resolution, the resolver appends these domain names one by one to form a fully qualified domain name.
domain
In Windows 2000 and Active Directory, a collection of computers defined by the administrator of a Windows 2000 Server network that share a common directory database. A domain has a unique name and provides access to the centralized user accounts and group accounts maintained by the domain administrator. Each domain has its own security policies and security relationships with other domains and represents a single security boundary of a Windows 2000 computer network. Active Directory is made up of one or more domains, each of which can span more than one physical location. For DNS, a domain is any tree or subtree within the DNS namespace. Although the names for DNS domains often correspond to Active Directory domains, DNS domains should not be confused with Windows 2000 and Active Directory networking domain.
domain consolidation
The process of combining two or more domains into a larger domain.
domain controller
For a Windows NT Server or Windows 2000 Server domain, the server that authenticates domain logons and maintains the security policy and the security accounts master database for a domain. Domain controllers manage user access to a network, which includes logging on, authentication, and access to the directory and shared resources.
domain controller discovery
A process by which the Net Logon service attempts to locate a domain controller that is running Windows NT Server in the trusted domain. After a domain controller has been discovered, it is used for subsequent user account authentication.
domain controller locator (Locator)
An algorithm that runs in the context of the Net Logon service and that finds domain controllers on a Windows 2000 network. Locator can find domain controllers by using DNS names (for IP/DNS-compatible computers) or by using NetBIOS names (for computers that are running Windows 3.x, Windows for Workgroups, Windows NT 3.5 or later, Windows 95, or Windows 98, or it can be used on a network where IP transport is not available).
domain hierarchy
The parent-child tree structure of domains.
domain local group
A Windows 2000 group only available in native mode domains and can contain members from anywhere in the forest, in trusted forests, or in a trusted pre-Windows 2000 domain. Domain local groups can only grant permissions to resources within the domain in which they exist. Typically, domain local groups are used to gather security principals from across the forest to control access to resources within the domain.
domain migration
The process of moving accounts, resources, and their associated security objects from one domain structure to another.
domain name
In Windows 2000 and Active Directory, the name given by an administrator to a collection of networked computers that share a common directory. For DNS, domain names are specific node names in the DNS namespace tree. DNS domain names use singular node names, known as "labels," joined together by periods (.) that indicate each node level in the namespace. See also Domain Name System (DNS); namespace.
domain name label
Each part of a full DNS domain name that represents a node in the domain namespace tree. Domain names are made up of a sequence of labels, such as the three labels ("noam," "reskit," and "com") that make up the DNS domain name "noam.reskit.com." Each label used in a DNS name must have 63 or fewer characters.
Domain Name System (DNS)
A hierarchical naming system used for locating domain names on the Internet and on private TCP/IP networks. DNS provides a service for mapping DNS domain names to IP addresses, and vice versa. This allows users, computers, and applications to query the DNS to specify remote systems by fully qualified domain names rather than by IP addresses. See also domain; Ping.
domain namespace
The database structure used by the Domain Name System (DNS). See also Domain Name System (DNS).
domain naming master
The domain controller that has the domain naming master role is the only domain controller that can do the following: Add new domains to the forest; Remove existing domains from the forest; Add or remove cross-reference objects to external directories. See also Active Directory; domain controller; multimaster replication; operations master; replication.
domain restructure
The process of reorganizing one domain structure into another that typically results in the accounts, groups, and trusts being altered.
domain tree
In DNS, the inverted hierarchical tree structure that is used to index domain names. Domain trees are similar in purpose and concept to the directory trees used by computer filing systems for disk storage. See also domain name; namespace.
domain upgrade
The process of replacing an earlier operating system version on the computers in a domain with a later version.
domain-based Dfs
An implementation of Dfs that stores its configuration information in Active Directory. Because this information is made available on every domain controller in the domain, domain-based Dfs provides high availability for any distributed file system in the domain. A domain-based Dfs root has the following characteristics: it must be hosted on a domain member server, it has its topology published automatically to Active Directory, it can have root-level shared folders and it supports root and file replication through File Repl