Support Tools Glossary

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2


A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 


access control

A security mechanism that determines which operations a user, group, service, or computer is authorized to perform on a computer or on a particular object, such as a file, printer, registry subkey, or directory service object.

See also: permission; registry; service

access control entry (ACE)

An entry in an object's discretionary access control list (DACL) that grants permissions to a user or group. An ACE is also an entry in an object's system access control list (SACL) that specifies the security events to be audited for a user or group.

See also: access control; access control list (ACL); permission; security descriptor

access control list (ACL)

A list of security protections that apply to an entire object, a set of the object's properties, or an individual property of an object. There are two types of access control lists: discretionary and system.

See also: access control entry (ACE); security descriptor


See definition for: access control list (ACL)

Active Directory

The Windows-based directory service. Active Directory stores information about objects on a network and makes this information available to users and network administrators. Active Directory gives network users access to permitted resources anywhere on the network using a single logon process. It provides network administrators with an intuitive, hierarchical view of the network and a single point of administration for all network objects.

See also: directory service; domain; forest; replication

active volume

The volume from which the computer starts up. The active volume must be a simple volume on a dynamic disk. You cannot mark an existing dynamic volume as the active volume, but you can upgrade a basic disk containing the active partition to a dynamic disk. After the disk is upgraded to dynamic, the partition becomes a simple volume that is active.

See also: basic disk; dynamic disk; simple volume


A set of technologies that allows software components to interact with one another in a networked environment, regardless of the language in which the components were created.

American Standard Code for Information Interchange (ASCII)

A standard single-byte character encoding scheme used for text-based data. ASCII uses designated 7-bit or 8-bit number combinations to represent either 128 or 256 possible characters. Standard ASCII uses 7 bits to represent all uppercase and lowercase letters, the numbers 0 through 9, punctuation marks, and special control characters used in U.S. English. Most current x86-based systems support the use of extended (or "high") ASCII. Extended ASCII allows the eighth bit of each character to identify an additional 128 special symbol characters, foreign-language letters, and graphic symbols.

See also: Unicode

application programming interface (API)

A set of routines that an application uses to request and carry out lower-level services performed by a computer's operating system. These routines usually carry out maintenance tasks such as managing files and displaying information.

ASCII (American Standard Code for Information Interchange)

See definition for: American Standard Code for Information Interchange (ASCII)


base priority

A precedence ranking that determines the order in which the threads of a process are scheduled for the processor. Use Task Manager to view and change base priorities.

For Message Queuing, a property that specifies the queue's priority in a public queue. You can set the base priority from -32,768 to 32,767; the default priority is 0. Private queues do not support base priority. Message Queuing routes and delivers messages first by base priority, then by message priority.

basic disk

A physical disk that can be accessed by MS-DOS and all Windows-based operating systems. Basic disks can contain up to four primary partitions, or three primary partitions and an extended partition with multiple logical drives. If you want to create partitions that span multiple disks, you must first convert the basic disk to a dynamic disk by using Disk Management or the Diskpart.exe command-line tool.

See also: dynamic disk

basic input/output system (BIOS)

On x86-based computers, the set of essential software routines that test hardware at startup, start the operating system, and support the transfer of data among hardware devices. The BIOS is stored in read-only memory (ROM) so that it can be executed when you turn on the computer. Although critical to performance, the BIOS is usually invisible to computer users.

See also: Extensible Firmware Interface (EFI)

batch program

An ASCII (unformatted text) file that contains one or more operating system commands. A batch program's file name has a .cmd or .bat extension. When you type the file name at the command prompt, or when the batch program is run from another program, its commands are processed sequentially. Also called batch files.

See also: American Standard Code for Information Interchange (ASCII)


See definition for: basic input/output system (BIOS)


The transmission of packets by an Internet Protocol version 4 (IPv4) host to all computers on the subnet.

See also: packet


Software that interprets the markup of files in HTML, formats them into Web pages, and displays them to the end user. Some browsers also permit end users to send and receive e-mail, read newsgroups, and play sound or video files embedded in Web documents.



To assign a port to a printer. Documents that you print are sent to the printer through the captured port.

For Network Monitor, the process by which frames are copied.

See also: frame

capture trigger

A set of conditions that, when met, stop the capture or execute a program or command file to perform another type of action related to the capture.


See definition for: Compression Control Protocol (CCP)

certification authority (CA)

An entity responsible for establishing and vouching for the authenticity of public keys belonging to subjects (usually users or computers) or other certification authorities. Activities of a certification authority can include binding public keys to distinguished names through signed certificates, managing certificate serial numbers, and certificate revocation.


See definition for: common gateway interface (CGI)

checked build

A version of Windows that consists of binaries that provide additional error checking, argument verification, and system debugging code. Much of the extra code in the checked binaries is in the form of ASSERT macros that test an expression. If the expression evaluates to FALSE, the macro generates a kernel debugger error message and breaks into the debugger. This lets you immediately determine the cause and location of the error. Because of the additional error checking code and debugging information, the checked binaries are larger and run slower than the free binaries. This can conceal synchronization or other timing-related problems, such as race conditions, that become apparent only in the free build. If you run the checked build of Windows NT without having enabled kernel debugging, unexpected system shutdowns can occur. This is because the additional checks in the checked build increase the likelihood of encountering a breakpoint.


In data storage, the smallest amount of disk space that can be allocated to hold a file. All file systems used by Windows organize hard disks based on clusters, which consist of one or more contiguous sectors. The smaller the cluster size, the more efficiently a disk stores information. If no cluster size is specified during formatting, Windows picks defaults based on the size of the volume. These defaults are selected to reduce the amount of space that is lost and the amount of fragmentation on the volume. Also called an allocation unit.

In computer networking, a group of independent computers that work together to provide a common set of services and present a single-system image to clients. The use of a cluster enhances the availability of the services and the scalability and manageability of the operating system that provides the services.

See also: volume

cluster storage

Storage where one or more attached disks hold data used either by server applications running on the cluster or by applications for managing the cluster. Each disk on the cluster storage is owned by only one node of the cluster. The ownership of disks moves from one node to another when the disk group fails over or moves to the other node.

See also: cluster

code page

A means of providing support for character sets and keyboard layouts for different countries or regions. A code page is a table that relates the binary character codes used by a program to keys on the keyboard or to characters on the display.


See definition for: Component Object Model (COM)

common gateway interface (CGI)

A server-side interface for initiating software services. For example a set of interfaces that describe how a Web server communicates with software on the same computer. Any software can be a CGI program if it handles input and output according to the CGI standard.

Component Object Model (COM)

An object-based programming model designed to promote software interoperability; it allows two or more applications or components to easily cooperate with one another, even if they were written by different vendors, at different times, in different programming languages, or if they are running on different computers running different operating systems. OLE technology and ActiveX are both built on top of COM.

See also: ActiveX

Compression Control Protocol (CCP)

A protocol used in the negotiation process in a Point-to-Point Protocol (PPP) connection. CCP is one type of Network Control Protocol. Network Control Protocols are used to establish and configure different network protocol parameters for Internet Protocol (IP), Internetwork Packet Exchange (IPX), and NetBIOS Extended User Interface (NetBEUI).

See also: NetBIOS Extended User Interface (NetBEUI)

console tree

The left pane in Microsoft Management Console (MMC) that displays the items contained in the console. The items in the console tree and their hierarchical organization determine the capabilities of a console.

See also: Microsoft Management Console (MMC)


A set of information that includes identification and proof of identification that is used to gain access to local and network resources. Examples of credentials are user names and passwords, smart cards, and certificates.

cyclic redundancy check (CRC)

A procedure used in checking for errors in data transmission. CRC error checking uses a complex calculation to generate a number based on the data transmitted. The sending device performs the calculation before transmission and sends its result to the receiving device. The receiving device repeats the same calculation after transmission. If both devices obtain the same result, it is assumed that the transmission was error-free. The procedure is known as a redundancy check because each transmission includes not only data but extra (redundant) error-checking values. Communications protocols such as XMODEM and Kermit use cyclical redundancy checking.



A networking program, usually associated with UNIX systems, that runs in the background performing tool functions such as housekeeping or maintenance without user intervention or awareness. Pronounced "demon."


See definition for: Distributed File System (DFS)


See definition for: Dynamic Host Configuration Protocol (DHCP)

DHCP client

Any network-enabled device that supports the ability to communicate with a DHCP server for the purpose of obtaining dynamic leased IP configuration and related optional parameters information.

See also: DHCP server; Dynamic Host Configuration Protocol (DHCP)

DHCP server

A computer running the Microsoft DHCP service that offers dynamic configuration of IP addresses and related information to DHCP-enabled clients.

See also: Dynamic Host Configuration Protocol (DHCP); IP address

dial-up connection

The connection to your network if you use a device that uses the telephone network. This includes modems with a standard telephone line, ISDN cards with high-speed ISDN lines, or X.25 networks.

If you are a typical user, you might have one or two dial-up connections, for example, to the Internet and to your corporate network. In a more complex server situation, multiple network modem connections might be used to implement advanced routing.

directory service

Both the directory information source and the service that makes the information available and usable. A directory service enables the user to find an object when given any one of its attributes.

See also: Active Directory

disk mirroring

A set of software processes that maintains a backup copy of a volume at all times. Each mirror of a volume resides on a different disk; ideally, each disk has its own controller. If one mirror becomes unavailable (due to a disk failure, for example), you can use the other mirror to gain access to the volume's data.

See also: mirror; volume

distinguished name

A name that uniquely identifies an object by using the relative distinguished name for the object, plus the names of container objects and domains that contain the object. The distinguished name identifies the object as well as its location in a tree. Every object in Active Directory has a distinguished name. A typical distinguished name might be


This identifies the MyName user object in the domain.

See also: Active Directory; domain

Distributed File System (DFS)

A service that allows system administrators to organize distributed network shares into a logical namespace, enabling users to access files without specifying their physical location and providing load sharing across network shares.

See also: service


See definition for: dynamic-link library (DLL)


See definition for: Domain Name System (DNS)

DNS server

A server that maintains information about a portion of the DNS database and that responds to and resolves DNS queries.

See also: Domain Name System (DNS)


In Active Directory, a collection of computer, user, and group objects defined by the administrator. These objects share a common directory database, security policies, and security relationships with other domains.

In DNS, any tree or subtree within the DNS namespace. Although the names for DNS domains often correspond to Active Directory domains, DNS domains should not be confused with Active Directory domains.

See also: Active Directory; Domain Name System (DNS)

domain controller

In an Active Directory forest, a server that contains a writable copy of the Active Directory database, participates in Active Directory replication, and controls access to network resources. Administrators can manage user accounts, network access, shared resources, site topology, and other directory objects from any domain controller in the forest.

See also: Active Directory; forest; shared resource

domain DFS

An implementation of Distributed File System (DFS) in which DFS topological information is stored in Active Directory. Because this information is made available on multiple domain controllers in the domain, domain DFS provides fault tolerance for any distributed file system in the domain.

See also: Active Directory; Distributed File System (DFS); fault tolerance

Domain Name System (DNS)

A hierarchical, distributed database that contains mappings of DNS domain names to various types of data, such as IP addresses. DNS enables the location of computers and services by user-friendly names, and it also enables the discovery of other information stored in the database.

See also: IP address; service; Transmission Control Protocol/Internet Protocol (TCP/IP)

dynamic disk

A physical disk that provides features that basic disks do not, such as support for volumes that span multiple disks. Dynamic disks use a hidden database to track information about dynamic volumes on the disk and other dynamic disks in the computer. You convert basic disks to dynamic by using the Disk Management snap-in or the DiskPart command-line tool. When you convert a basic disk to dynamic, all existing basic volumes become dynamic volumes.

See also: active volume; basic disk; partition; volume

Dynamic Host Configuration Protocol (DHCP)

A TCP/IP service protocol that offers dynamic leased configuration of host IP addresses and distributes other configuration parameters to eligible network clients. DHCP provides safe, reliable, and simple TCP/IP network configuration, prevents address conflicts, and helps conserve the use of client IP addresses on the network.

DHCP uses a client/server model where the DHCP server maintains centralized management of IP addresses that are used on the network. DHCP-supporting clients can then request and obtain lease of an IP address from a DHCP server as part of their network boot process.

See also: DHCP client; DHCP server; IP address; service; Transmission Control Protocol/Internet Protocol (TCP/IP)

An operating system feature that allows executable routines (generally serving a specific function or set of functions) to be stored separately as files with .dll extensions. These routines are loaded only when needed by the program that calls them.

See also: Resource DLL



See definition for: Extensible Firmware Interface (EFI)

Encrypting File System (EFS)

A feature in this version of Windows that enables users to encrypt files and folders on an NTFS volume disk to keep them safe from access by intruders.

See also: NTFS file system

environment variable

A string consisting of environment information, such as a drive, path, or file name, associated with a symbolic name that can be used by Windows. You use System in Control Panel or the set command from the command prompt to define environment variables.

See also: variable

Extensible Firmware Interface (EFI)

In computers with the Intel Itanium processor, the interface between a computer's firmware, hardware, and the operating system. EFI defines a new partition style called GUID partition table (GPT). EFI serves the same purpose for Itanium-based computers as the basic input/output system (BIOS) found in x86-based computers. However, it has expanded capabilities that provide a consistent way to start any compatible operating system and an easy way to add EFI drivers for new bootable devices without the need to update the computer's firmware.

See also: basic input/output system (BIOS)



See definition for: file allocation table (FAT)


A derivative of the file allocation table (FAT) file system. FAT32 supports smaller cluster sizes and larger volumes than FAT, which results in more efficient space allocation on FAT32 volumes.

See also: file allocation table (FAT)

fault tolerance

The ability of computer hardware or software to ensure data integrity when hardware failures occur. Fault-tolerant features appear in many server operating systems and include mirrored volumes, RAID-5 volumes, and server clusters.

See also: cluster; RAID-5 volume

file allocation table (FAT)

A file system used by MS-DOS and other Windows operating systems to organize and manage files. The file allocation table is a data structure that Windows creates when you format a volume by using FAT or FAT32 file systems. Windows stores information about each file in the file allocation table so that it can retrieve the file later.

See also: FAT32; NTFS file system

File Share resource

A file share accessible by a network path that is supported as a cluster resource by a Resource DLL.

See also: Resource DLL

File Transfer Protocol (FTP)

A member of the TCP/IP suite of protocols, used to copy files between two computers on the Internet. Both computers must support their respective FTP roles: one must be an FTP client and the other an FTP server.

See also: Transmission Control Protocol/Internet Protocol (TCP/IP)


For Indexing Service, software that extracts content and property values from a document to index them.

For Internet Protocol security (IPSec), a specification of Internet Protocol (IP) traffic that provides the ability to trigger security negotiations for a communication based on the source, destination, and type of IP traffic.

For Internet Information Services (IIS), a feature of Internet Server Application Programming Interface (ISAPI) that allows preprocessing of requests and postprocessing of responses, permitting site-specific handling of Hypertext Transfer Protocol (HTTP) requests and responses.

In IP and Internetwork Packet Exchange (IPX) packet filtering, a definition in a series of definitions that indicates to the router the type of traffic allowed or disallowed on each interface.

See also: Internet Server Application Programming Interface (ISAPI)

flexible single-master operations (FSMO)

See definition for: operations master


A stream of data sent or received by a host. Also known as network traffic.


One or more Active Directory domains that share the same class and attribute definitions (schema), site and replication information (configuration), and forest-wide search capabilities (global catalog). Domains in the same forest are linked with two-way, transitive trust relationships.

See also: Active Directory; domain; global catalog; schema; two-way trust


In synchronous communication, a package of information transmitted as a single unit from one device to another.

See also: capture


See definition for: operations master


See definition for: File Transfer Protocol (FTP)



A dedicated device (or a set of services running on a dedicated computer) that routes network traffic and enables communication between different networking protocols. A gateway is a multiprotocol Internet Protocol (IP) router that translates between different transport protocols or data formats.

global catalog

A directory database that applications and clients can query to locate any object in a forest. The global catalog is hosted on one or more domain controllers in the forest. It contains a partial replica of every domain directory partition in the forest. These partial replicas include replicas of every object in the forest, as follows: the attributes most frequently used in search operations and the attributes required to locate a full replica of the object.

In Microsoft Provisioning System, the Exchange server maintains a list of global catalogs, and it maintains a load balance across global catalogs.

See also: Active Directory; domain controller; forest; replication

globally unique identifier (GUID)

A 16-byte value generated from the unique identifier on a device, the current date and time, and a sequence number. A GUID is used to identify a particular device or component.


See definition for: Group Policy object (GPO)

graphical user interface (GUI)

A display format, like that of Windows, that represents a program's functions with graphic images such as buttons and icons. GUIs enable a user to perform operations and make choices by pointing and clicking with a mouse.

Group Policy

The infrastructure within Active Directory directory service that enables directory-based change and configuration management of user and computer settings, including security and user data. You use Group Policy to define configurations for groups of users and computers. With Group Policy, you can specify policy settings for registry-based policies, security, software installation, scripts, folder redirection, remote installation services, and Internet Explorer maintenance. The Group Policy settings that you create are contained in a Group Policy object (GPO). By associating a GPO with selected Active Directory system containers—sites, domains, and organizational units—you can apply the GPO's policy settings to the users and computers in those Active Directory containers. To create an individual GPO, use the Group Policy Object Editor. To manage Group Policy objects across an enterprise, you can use the Group Policy Management console.

See also: Active Directory; Group Policy object (GPO)

Group Policy object (GPO)

A collection of Group Policy settings. GPOs are essentially the documents created by the Group Policy Object Editor. GPOs are stored at the domain level, and they affect users and computers that are contained in sites, domains, and organizational units. In addition, each computer has exactly one group of policy settings stored locally, called the local Group Policy object.

See also: Group Policy


See definition for: globally unique identifier (GUID)



In the user interface, an interface added to an object that facilitates moving, sizing, reshaping, or other functions pertaining to an object. In programming, a pointer to a pointer, that is, a token that lets a program access an identified resource.

hardware abstraction layer (HAL)

A thin layer of software provided by the hardware manufacturer that hides, or abstracts, hardware differences from higher layers of the operating system. By means of the filter provided by the HAL, different types of hardware look alike to the rest of the operating system. This enables the operating system to be portable from one hardware platform to another. The HAL also provides routines that enable a single device driver to support the same device on all platforms.

high performance file system (HPFS)

The file system designed for the OS/2 version 1.2 operating system.


A file in which the system stores a portion of the registry (named for their resemblance to the cellular structure of a beehive). A hive is backed by a single file and a .log file, which are in either the systemroot\System32\Config folder or the systemroot\Profiles\username folder.

By default, most hive files (Default, SAM, Security, and System) are stored in the systemroot\System32\Config folder. The systemroot\Profiles folder contains the user profile for each user of the computer. Because a hive is a file, it can be moved from one system to another. However, you must use the Registry Editor, Regedit.exe, to edit the file.

See also: key; registry

Hosts file

A local text file in the same format as the 4.3 Berkeley Software Distribution (BSD) UNIX /etc/hosts file. This file maps host names to IP addresses, and it is stored in the \%Systemroot%\System32\Drivers\Etc folder.


See definition for: Hypertext Markup Language (HTML)


See definition for: Hypertext Transfer Protocol (HTTP)

Hypertext Markup Language (HTML)

A simple markup language used to create hypertext documents that are portable from one platform to another. HTML files are simple ASCII text files with codes embedded (indicated by markup tags) to denote formatting and hypertext links.

See also: American Standard Code for Information Interchange (ASCII)

Hypertext Transfer Protocol (HTTP)

The protocol used to transfer information on the World Wide Web. An HTTP address (one kind of Uniform Resource Locator (URL)) takes the following form:

See also: protocol; Uniform Resource Locator (URL)


incorrect delegation

A condition in which the resource records establishing a Domain Name System (DNS) zone delegation contain incorrect data or indicate a DNS server that does not have authority for the delegated zone. An improper delegation causes a DNS resolver to direct queries to an incorrect server and the query fails.

See also: Domain Name System (DNS)

infrastructure master

A domain controller that holds the infrastructure operations master role in Active Directory. The infrastructure master updates the group-to-user reference whenever group memberships change and replicates these changes across the domain. At any time, the infrastructure master role can be assigned to only one domain controller in each domain.

See also: Active Directory; domain controller; operations master


A set of change and configuration management features based on Active Directory that enables management of user and computer data and settings, including security data. IntelliMirror also provides limited ability to deploy software to Windows 2000 and later workstations or servers.

See also: Active Directory

Internet Server Application Programming Interface (ISAPI)

An application programming interface (API) that resides on a server computer for initiating software services tuned for Windows operating systems.

In Microsoft Provisioning System, ISAPI resides on the Web server.

See also: application programming interface (API)

Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX)

Transport protocols used in Novell NetWare networks, which together correspond to the combination of TCP and IP in the TCP/IP protocol suite. Windows implements IPX through NWLink.

See also: NWLink IPX/SPX/NetBIOS Compatible Transport Protocol (NWLink); Transmission Control Protocol/Internet Protocol (TCP/IP)

IP address

For Internet Protocol version 4 (IPv4), a 32-bit address used to identify a node on an IPv4 internetwork. Each node on the IP internetwork must be assigned a unique IPv4 address, which is made up of the network ID, plus a unique host ID. This address is typically represented with the decimal value of each octet separated by a period (for example, You can configure the IP address statically or dynamically by using Dynamic Host Configuration Protocol (DHCP).

For Internet Protocol version 6 (IPv6), an identifier that is assigned at the IPv6 layer to an interface or set of interfaces and that can be used as the source or destination of IPv6 packets.

See also: Dynamic Host Configuration Protocol (DHCP)


See definition for: Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX)


See definition for: Internet Server Application Programming Interface (ISAPI)


There are no glossary terms that begin with this letter.



See definition for: Key Distribution Center (KDC)

Kerberos V5 authentication protocol

An authentication mechanism used to verify user or host identity. The Kerberos V5 authentication protocol is the default authentication service. Internet Protocol security (IPSec) can use the Kerberos protocol for authentication.

See also: Key Distribution Center (KDC); ticket-granting service (TGS); ticket-granting ticket (TGT)


The core of layered architecture that manages the most basic operations of the operating system and the computer's processor. The kernel schedules different blocks of executing code, called threads, for the processor to keep it as busy as possible and coordinates multiple processors to optimize performance. The kernel also synchronizes activities among Executive-level subcomponents, such as I/O Manager and Process Manager, and handles hardware exceptions and other hardware-dependent functions. The kernel works closely with the hardware abstraction layer.

kernel mode

A highly privileged mode of operation where program code has direct access to all memory, including the address spaces of all user-mode processes and applications, and to hardware. Also known as supervisor mode, protected mode, or Ring 0.


In Registry Editor, a folder that appears in the left pane of the Registry Editor window. A key can contain subkeys and entries. For example, Environment is a key of HKEY_CURRENT_USER.

In IP security (IPSec), a value used in combination with an algorithm to encrypt or decrypt data. Key settings for IPSec are configurable to provide greater security.

See also: registry

Key Distribution Center (KDC)

A network service that supplies session tickets and temporary session keys used in the Kerberos V5 authentication protocol.

See also: Kerberos V5 authentication protocol; ticket-granting service (TGS); ticket-granting ticket (TGT)

Knowledge Consistency Checker (KCC)

A built-in process that runs on all domain controllers and generates the replication topology for the Active Directory forest. At specified intervals, the KCC reviews and makes modifications to the replication topology to ensure propagation of data either directly or transitively.

See also: Active Directory; domain controller; forest; replication topology

Korn shell (ksh)

A command shell that provides the following functionality: file input and output redirection; command-line editing by using vi; command history; integer arithmetic; pattern matching and variable substitution; command name abbreviation (aliasing); and built-in commands for writing shell programs.


See definition for: Korn shell (ksh)


lame delegation

See definition for: incorrect delegation


See definition for: local area network (LAN)

Layer Two Tunneling Protocol (L2TP)

An industry-standard Internet tunneling protocol that provides encapsulation for sending Point-to-Point Protocol (PPP) frames across packet-oriented media. For IP networks, L2TP traffic is sent as User Datagram Protocol (UDP) messages. In Microsoft operating systems, L2TP is used in conjunction with Internet Protocol security (IPSec) as a virtual private network (VPN) technology to provide remote access or router-to-router VPN connections. L2TP is described in RFC 2661.

See also: frame


See definition for: Lightweight Directory Access Protocol (LDAP)

Lightweight Directory Access Protocol (LDAP)

The primary access protocol for Active Directory. LDAP is an industry-standard protocol, established by the Internet Engineering Task Force (IETF), that allows users to query and update information in a directory service. Active Directory supports both LDAP version 2 and LDAP version 3.

See also: Active Directory; directory service; protocol

local area network (LAN)

A communications network connecting a group of computers, printers, and other devices located within a relatively limited area (for example, a building). A LAN enables any connected device to interact with any other on the network.

See also: NetBIOS Extended User Interface (NetBEUI); network basic input/output system (NetBIOS); virtual local area network (VLAN)

Local Security Authority (LSA)

A protected subsystem that authenticates and logs users on to the local computer. In addition, the LSA maintains information about all aspects of local security on a computer (collectively known as the local security policy), and it provides various services for translation between names and identifiers.



See definition for: media access control (MAC)

majority node set server cluster

A cluster configuration that has two or more nodes and that is configured so that the nodes may or may not be attached to one or more cluster storage devices. The cluster configuration data is stored on multiple disks across the cluster, and the Cluster service makes sure that this data is kept consistent across the different disks. There are advantages and limitations for each cluster configuration (single node server cluster, single quorum device server cluster, and majority node set server cluster).

See also: cluster; cluster storage; single quorum device server cluster

management information base (MIB)

A set of objects that represent various types of information about a device, used by Simple Network Management Protocol (SNMP) to manage the device. Because different network management services are used for different types of devices and protocols, each service has its own set of objects.

See also: service; Simple Network Management Protocol (SNMP)

master boot record (MBR)

The first sector on a hard disk, which begins the process of starting the computer. The MBR contains the partition table for the disk and a small amount of executable code called the master boot code.


See definition for: master boot record (MBR)

media access control (MAC)

A sublayer of the IEEE 802 specifications that defines network access methods and framing.

Message Authentication Code (MAC)

An algorithm that ensures the quality of a block of data.


See definition for: management information base (MIB)

Microsoft Management Console (MMC)

A framework for hosting administrative tools called snap-ins. A console might contain tools, folders or other containers, World Wide Web pages, and other administrative items. These items are displayed in the left pane of the console, called a console tree. A console has one or more windows that can provide views of the console tree. The main MMC window provides commands and tools for authoring consoles. The authoring features of MMC and the console tree itself might be hidden when a console is in User Mode.

See also: console tree; snap-in


One of the two volumes that make up a mirrored volume. Each mirror of a mirrored volume resides on a different disk. If one mirror becomes unavailable (due to a disk failure, for example), Windows can use the remaining mirror to gain access to the volume's data.

See also: fault tolerance; volume


See definition for: Microsoft Management Console (MMC)


The process of sending a message simultaneously to more than one destination on a network.


native mode

In Windows 2000 domains, the domain mode in which all domain controllers in a domain are running Windows 2000 and a domain administrator has switched the domain operation mode from mixed mode to native mode. Native mode supports universal groups and nesting of groups. In native mode, domain controllers running Windows NT 4.0 or earlier are not supported.

In Windows Server 2003 domains, native mode is referred to as Windows 2000 native, and it is one of three domain functional levels available.

See also: Active Directory


See definition for: NetBIOS Extended User Interface (NetBEUI)


See definition for: network basic input/output system (NetBIOS)

NetBIOS Extended User Interface (NetBEUI)

A network protocol native to Microsoft Networking. It is usually used in small, department-size local area networks (LANs) of 1 to 200 clients. NetBEUI can use Token Ring source routing as its only method of routing. NetBEUI is the Microsoft implementation of the NetBIOS standard.

See also: Compression Control Protocol (CCP); local area network (LAN); network basic input/output system (NetBIOS); protocol


A command-line and scripting tool for networking components for local or shared computers running Windows 2000, Windows XP Professional, or Windows Server 2003.

network basic input/output system (NetBIOS)

An application programming interface (API) that can be used by programs on a local area network (LAN). NetBIOS provides programs with a uniform set of commands for requesting the lower-level services required to manage names, conduct sessions, and send datagrams between nodes on a network.

See also: application programming interface (API); basic input/output system (BIOS); local area network (LAN); service

nonpaged pool

Operating system memory that is never paged to disk. Paging is the moving of infrequently used parts of a program's working memory from RAM to another storage medium, usually the hard disk. In Task Manager, the amount of memory used by a process, in kilobytes.

notification area

The area on the taskbar to the right of the taskbar buttons. The notification area displays the time and can also contain shortcuts that provide quick access to programs, such as Volume Control and Power Options. Other shortcuts can appear temporarily, providing information about the status of activities. For example, the printer shortcut icon appears after a document has been sent to the printer and disappears when printing is complete.

NTFS file system

An advanced file system that provides performance, security, reliability, and advanced features that are not found in any version of file allocation table (FAT). For example, NTFS guarantees volume consistency by using standard transaction logging and recovery techniques. If a system fails, NTFS uses its log file and checkpoint information to restore the consistency of the file system. NTFS also provides advanced features, such as file and folder permissions, encryption, disk quotas, and compression.

See also: FAT32; file allocation table (FAT)

NTLM authentication protocol

A challenge/response authentication protocol. The NTLM authentication protocol is supported in Windows 2000, Windows XP, and the Windows Server 2003 family, but it is not the default. It was the default authentication protocol for earlier versions of Windows.

See also: protocol

See definition for: NWLink IPX/SPX/NetBIOS Compatible Transport Protocol (NWLink)

The Microsoft implementation of the Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX) protocol used on NetWare networks. NWLink allows connectivity between Windows-based computers and NetWare networks running IPX/SPX. NWLink also provides network basic input/output system (NetBIOS) functionality and the Routing Information Protocol (RIP).

See also: Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX); network basic input/output system (NetBIOS); Routing Information Protocol over IPX (RIPX)


object linking and embedding (OLE)

A method for sharing information among applications. Linking an object, such as a graphic, from one document to another inserts a reference to the object into the second document. Any changes you make in the object in the first document will also be made in the second document. Embedding an object inserts a copy of an object from one document into another document. Changes you make in the object in the first document will not be updated in the second unless the embedded object is explicitly updated.


See definition for: Open Database Connectivity (ODBC)

one-way trust

A trust relationship between two domains in which only one of the two domains trusts the other domain. For example, domain A trusts domain B, and domain B does not trust domain A. One-way trusts are often used to enable authenticated access to resource domains.

See also: domain; trust relationship; two-way trust

Open Database Connectivity (ODBC)

An application programming interface (API) that enables database applications to access data from a variety of existing data sources.

See also: application programming interface (API)

operations master

A domain controller that has been assigned one or more special roles in an Active Directory domain. The domain controllers assigned these roles perform operations that are single-master (not permitted to occur at different places on the network at the same time). Examples of these operations include resource identifier allocation, schema modification, PDC emulation, adding and removing domains to and from the forest, and tracking changes to security principals across all domains in a forest.

See also: Active Directory; domain controller; infrastructure master

organizational unit

An Active Directory container object used within domains. An organizational unit is a logical container into which users, groups, computers, and other organizational units are placed. It can contain objects only from its parent domain. An organizational unit is the smallest scope to which a Group Policy object (GPO) can be linked, or over which administrative authority can be delegated.

See also: Active Directory; Group Policy object (GPO)


A member of a mirrored volume or a RAID-5 volume that has failed due to a severe cause, such as a loss of power or a complete hard-disk head failure. When this happens, the fault-tolerant driver determines that it can no longer use the orphaned member and directs all new reads and writes to the remaining members of the fault-tolerant volume.

See also: fault tolerance; RAID-5 volume



An Open Systems Interconnection (OSI) network layer transmission unit that consists of binary information representing both data and a header containing an identification number, source and destination addresses, and error-control data.

packet header

In network protocol communications, a specially reserved field of a defined bit length that is attached to the front of a packet for carry and transfer of control information. When the packet arrives at its destination, the field is then detached and discarded as the packet is processed and disassembled in a corresponding reverse order for each protocol layer.

See also: packet

page fault

The interrupt that occurs when software attempts to read from or write to a virtual memory location that is marked not present.

In Task Manager, page fault is the number of times data has to be retrieved from disk for a process because it was not found in memory. The page fault value accumulates from the time the process started.

paged pool

The system-allocated virtual memory that has been charged to a process and that can be paged. Paging is the moving of infrequently used parts of a program's working memory from random access memory (RAM) to another storage medium, usually the hard disk.

In Task Manager, the amount of system-allocated virtual memory, in kilobytes, used by a process.


A calculated value that is used to reconstruct data after a failure. RAID-5 volumes stripe data and parity intermittently across a set of disks. When a disk fails, some server operating systems use the parity information together with the data on good disks to recreate the data on the failed disk.

See also: fault tolerance; RAID-5 volume; striped volume

parity bit

In asynchronous communications, an extra bit used in checking for errors in groups of data bits transferred within or between computer systems. In modem-to-modem communications, a parity bit is often used to check the accuracy with which each character is transmitted.

See also: parity


A portion of a physical disk that functions as though it were a physically separate disk. After you create a partition, you must format it and assign it a drive letter before you can store data on it.

On basic disks, partitions are known as basic volumes, which include primary partitions and logical drives. On dynamic disks, partitions are known as dynamic volumes, which include simple, striped, spanned, mirrored, and RAID-5 volumes.

See also: basic disk

partition table

On a hard disk, the data structure that stores the offset (location) and size of each primary partition on the disk. On MBR disks, the partition table is located in the master boot record. On GPT disks, the partition table is located in the GUID partition entry array.

See also: globally unique identifier (GUID); master boot record (MBR); partition


A sequence of directory (or folder) names that specifies the location of a directory, file, or folder within the Windows directory tree. Each directory name and file name within the path must be preceded by a backslash (\). For example, to specify the path of a file named Readme.doc located in the Windows directory on drive C, type C:\Windows\Readme.doc.

PCMCIA device

A removable device, approximately the size of a credit card, that can be plugged into a PCMCIA slot in a portable computer. PCMCIA devices can include modems, network adapters, and hard disk drives.

Some PCMCIA cards can be connected to and disconnected from your computer without restarting it. Before you remove the PCMCIA card, however, you should use the Add Hardware Wizard to notify Windows that you are doing so. Windows will then notify you when you can remove the device.


See definition for: primary domain controller (PDC)

Performance Monitor

A Windows NT administrative tool that monitors performance on local or remote computers. Performance Monitor was replaced by the Performance console in Windows 2000.


A rule associated with an object to regulate which users can gain access to the object and in what manner. Permissions are assigned or denied by the object's owner.


See definition for: Post Office Protocol

Portable Operating System Interface for UNIX (POSIX)

An Institute of Electrical and Electronics Engineers (IEEE) standard that defines a set of operating-system services. Programs that adhere to the POSIX standard can be easily ported from one system to another. POSIX was based on UNIX system services, but it was created in a way that allows it to be implemented by other operating systems.

See also: service


See definition for: Portable Operating System Interface for UNIX (POSIX)

Post Office Protocol

A maildrop service that allows a client to retrieve mail that the server is holding for it. The most recent implementation is Version 3, or POP3.

primary domain controller (PDC)

In a Windows NT domain, a domain controller running Windows NT Server 4.0 or earlier that authenticates domain logon attempts and updates user, computer, and group accounts in a domain. The PDC contains the master read-write copy of the directory database for the domain. A domain has only one PDC.

In a Windows 2000 or Windows Server 2003 domain, the PDC emulator master supports compatibility with client computers that are not running Windows 2000 or Windows XP Professional.

See also: Active Directory


A device that puts text or images on paper or other print media. Examples are laser printers or dot-matrix printers.


An operating system object that consists of an executable program, a set of virtual memory addresses, and one or more threads. When a program runs, a process is created.

promiscuous mode

A mode in which a network device listens to all traffic present on the local network segment. A device operating in promiscuous mode reads every frame it receives, whether the frames are broadcast, multicast, or unicast. Certain devices typically operate in promiscuous mode, such as bridges, which must listen to all traffic in order to build their media access control (MAC) address tables, and network troubleshooting devices, which capture and analyze all traffic on a particular local area network (LAN) segment.

See also: broadcast; local area network (LAN)


A set of rules and conventions for sending information over a network. These rules govern the content, format, timing, sequencing, and error control of messages exchanged among network devices.

See also: Transmission Control Protocol/Internet Protocol (TCP/IP)



See definition for: Quality of Service (QoS)

Quality of Service (QoS)

A set of quality assurance standards and mechanisms for data transmission, implemented in this version of Windows.


RAID-5 volume

A fault-tolerant volume with data and parity striped intermittently across three or more physical disks. Parity is a calculated value that is used to reconstruct data after a failure. If a portion of a physical disk fails, Windows recreates the data that was on the failed portion from the remaining data and parity. You can create RAID-5 volumes only on dynamic disks on computers running the Windows 2000 Server or Windows Server 2003 families of operating systems. You cannot mirror or extend RAID-5 volumes. In Windows NT 4.0, a RAID-5 volume was known as a striped set with parity.

See also: dynamic disk; fault tolerance; parity; volume


See definition for: Remote Access Service (RAS)

reduced instruction set computing

A type of microprocessor design that focuses on rapid and efficient processing of a relatively small set of instructions. RISC architecture limits the number of instructions that are built into the microprocessor, but optimizes each so it can be carried out very rapidly{bmct emdash.bmp}usually within a single clock cycle.

Redundant Array of Independent Disks (RAID)

A method used to standardize and categorize fault-tolerant disk systems. RAID levels provide various mixes of performance, reliability, and cost. Some servers provide three of the RAID levels: Level 0 (striping), Level 1 (mirroring), and Level 5 (RAID-5).

See also: fault tolerance; RAID-5 volume


A database repository for information about a computer's configuration. The registry contains information that Windows continually references during operation, such as:

  • Profiles for each user

  • The programs installed on the computer and the types of documents that each can create

  • Property settings for folders and program icons

  • What hardware exists on the system

  • Which ports are being used

The registry is organized hierarchically as a tree, and it is made up of keys and their subkeys, hives, and entries.

See also: hive; key

registry key

An identifier for a record or group of records in the registry.

relative ID (RID)

The part of a security ID (SID) that uniquely identifies an account or group within a domain.

See also: domain; forest; security ID (SID)

remote access

Part of the integrated Routing and Remote Access service that provides remote networking for telecommuters, mobile workers, and system administrators who monitor and manage servers at multiple branch offices. Users can use Network Connections to dial in to remotely access their networks for services such as file and printer sharing, electronic mail, scheduling, and SQL database access.

See also: service

Remote Access Service (RAS)

A Windows NT 4.0 service that provides remote networking for telecommuters, mobile workers, and system administrators who monitor and manage servers at multiple offices.

remote procedure call (RPC)

A message-passing facility that allows a distributed application to call services that are available on various computers on a network. Used during remote administration of computers.

See also: service

reparse points

NTFS file system objects that have a definable attribute containing user-controlled data and that are used to extend functionality in the input/output (I/O) subsystem.

See also: NTFS file system


The process of copying updated data from a data store or file system on a source computer to a matching data store or file system on one or more destination computers to synchronize the data.

In Active Directory, replication synchronizes schema, configuration, application, and domain directory partitions between domain controllers.

In Distributed File System (DFS), replication synchronizes files and folders between DFS roots and root targets.

See also: Active Directory; Distributed File System (DFS); topology

replication topology

In Active Directory replication, the set of physical connections that domain controllers use to replicate directory updates among domain controllers within sites and between sites.

In the File Replication service (FRS), the interconnections between replica set members. These interconnections determine the path that data takes as it replicates to all replica set members.

See also: Active Directory; Distributed File System (DFS); domain controller; replication

Request for Comments (RFC)

An official document of the Internet Engineering Task Force (IETF) that specifies the details for protocols included in the TCP/IP family.

See also: protocol; Transmission Control Protocol/Internet Protocol (TCP/IP)


Generally, any part of a computer system or network, such as a disk drive, printer, or memory, that can be allotted to a running program or a process.

For Device Manager, any of four system components that control how the devices on a computer work. These four system resources are interrupt request (IRQ) lines, direct memory access (DMA) channels, input/output (I/O) ports, and memory addresses.

For server clusters, a physical or logical entity that is capable of being managed by a cluster, brought online and taken offline, and moved between nodes. A resource can be owned only by a single node at any point in time.

Resource DLL

A dynamic-link library (DLL) containing an implementation of the Resource application programming interface (API) for a specific type of resource. The Resource DLL is loaded into the address space of its Resource Monitor.

See also: application programming interface (API); dynamic-link library (DLL)


See definition for: relative ID (RID)

ring transition

A ring transition or kernel-mode transition occurs when user-mode processes use application program interfaces (APIs) to switch their threads from user mode to kernel mode.


See definition for: Routing Information Protocol over IPX (RIPX)


See definition for: reduced instruction set computing


Hardware that helps local area networks (LANs) and wide area networks (WANs) achieve interoperability and connectivity and that can link LANs that have different network topologies (such as Ethernet and Token Ring). Routers match packet headers to a LAN segment and choose the best path for the packet, optimizing network performance.

See also: local area network (LAN); packet header; Routing Information Protocol over IPX (RIPX); static routes; wide area network (WAN)

Routing Information Protocol over IPX (RIPX)

A protocol used by routers to exchange information between routers on an Internetwork Packet Exchange (IPX) network and by hosts to determine the best router to use when forwarding IPX traffic to a remote IPX network.

See also: NWLink IPX/SPX/NetBIOS Compatible Transport Protocol (NWLink); protocol; router


See definition for: remote procedure call (RPC)



See definition for: Security Accounts Manager (SAM)


The set of definitions for the universe of objects that can be stored in a directory. For each object class, the schema defines which attributes an instance of the class must have, which additional attributes it can have, and which other object classes can be its parent object class.


A type of program consisting of a set of instructions to an application or tool program. A script usually expresses instructions by using the application's or tool's rules and syntax, combined with simple control structures such as loops and if/then expressions. "Batch program" is often used interchangeably with "script" in the Windows environment.


See definition for: small computer system interface (SCSI)

Security Accounts Manager (SAM)

A Windows service used during the logon process. SAM maintains user account information, including groups to which a user belongs.

See also: service

security descriptor

A data structure that contains security information associated with a protected object. Security descriptors include information about who owns the object, who can access it and in what way, and what types of access are audited.

See also: permission

security ID (SID)

A data structure of variable length that identifies user, group, and computer accounts. Every account on a network is issued a unique SID when the account is first created. Internal processes in Windows refer to an account's SID rather than the account's user or group name.

Server Message Block (SMB)

A file-sharing protocol designed to allow networked computers to transparently access files that reside on remote systems over a variety of networks. The SMB protocol defines a series of commands that pass information between computers. SMB uses four message types: session control, file, printer, and message.

See also: protocol


A program, routine, or process that performs a specific system function to support other programs, particularly at a low (close to the hardware) level. When services are provided over a network, they can be published in Active Directory, facilitating service-centric administration and usage. Some examples of services are the Security Accounts Manager service, File Replication service, and Routing and Remote Access service.

See also: Security Accounts Manager (SAM)


See definition for: shell (sh)


To make resources, such as folders and printers, available to others.

See also: resource

shared resource

Any device, data, or program that is used by more than one program or one other device. For Windows, shared resource refers to any resource that is made available to network users, such as folders, files, printers, and named pipes. Shared resource can also refer to a resource on a server that is available to network users.

See also: resource; share

shell (sh)

A command-line POSIX tool that contains a large subset of Korn shell functionality (though no variable arrays).


See definition for: security ID (SID)

Simple Mail Transfer Protocol (SMTP)

A member of the TCP/IP suite of protocols that governs the exchange of electronic mail between message transfer agents.

See also: protocol; Transmission Control Protocol/Internet Protocol (TCP/IP)

Simple Network Management Protocol (SNMP)

A network protocol used to manage TCP/IP networks. In Windows, the SNMP service is used to provide status information about a host on a TCP/IP network.

See also: protocol; service; Transmission Control Protocol/Internet Protocol (TCP/IP)

simple volume

A dynamic volume made up of disk space from a single dynamic disk. A simple volume can consist of a single region on a disk or multiple regions of the same disk that are linked together. If the simple volume is not a system volume or boot volume, you can extend it within the same disk or onto additional disks. If you extend a simple volume across multiple disks, it becomes a spanned volume. You can create simple volumes only on dynamic disks. Simple volumes are not fault tolerant, but you can mirror them to create mirrored volumes on computers running the Windows 2000 Server or Windows Server 2003 families of operating systems.

See also: dynamic disk; fault tolerance; spanned volume; volume

single quorum device server cluster

A cluster configuration that has two or more nodes and that is configured so that every node is attached to one or more cluster storage device. The cluster configuration data is stored on a single cluster storage device. There are advantages and limitations for each cluster configuration (single node server cluster, single quorum device server cluster, and majority node set server cluster).

See also: cluster; cluster storage; majority node set server cluster

small computer system interface (SCSI)

A standard high-speed parallel interface defined by the American National Standards Institute (ANSI). A SCSI interface is used for connecting microcomputers to peripheral devices, such as hard disks and printers, and to other computers and local area networks (LANs).

See also: local area network (LAN)


See definition for: Server Message Block (SMB)


See definition for: Simple Mail Transfer Protocol (SMTP)


A type of tool that you can add to a console supported by Microsoft Management Console (MMC). A stand-alone snap-in can be added by itself; an extension snap-in can be added only to extend the function of another snap-in.

See also: Microsoft Management Console (MMC)

spanned volume

A dynamic volume consisting of disk space on more than one physical disk. You can increase the size of a spanned volume by extending it onto additional dynamic disks. You can create spanned volumes only on dynamic disks. Spanned volumes are not fault tolerant and cannot be mirrored.

See also: dynamic disk; fault tolerance; simple volume; volume


See definition for: structured query language (SQL)

standard error (STDERR)

In UNIX, the defined receiver of error messages about a process. By default, the standard error goes to the terminal.

standard input (STDIN)

In UNIX, the defined source of input for a process. By default, standard input comes from the terminal.

standard output (STDOUT)

In UNIX, the defined receiver for output from a process. By default, the standard output goes to the terminal.

static routes

Routes in a routing table that are permanent until changed by a network administrator or by an automatically scheduled auto-static update.

See also: router

striped volume

A dynamic volume that stores data in stripes on two or more physical disks. Data in a striped volume is allocated alternately and evenly (in stripes) across the disks. Striped volumes offer the best performance of all the volumes that are available in Windows, but they do not provide fault tolerance. If a disk in a striped volume fails, the data in the entire volume is lost. You can create striped volumes only on dynamic disks. Striped volumes cannot be mirrored or extended.

See also: dynamic disk; fault tolerance; volume

structured query language (SQL)

A widely accepted standard database sublanguage used in querying, updating, and managing relational databases.

subnet mask

A 32-bit value that enables the recipient of Internet Protocol version 4 (IPv4) packets to distinguish the network ID and host ID portions of the IPv4 address. Typically, subnet masks use the format 255.x.x.x. IPv6 uses network prefix notations rather than subnet masks.

See also: IP address

system tray

See definition for: notification area



See definition for: Telephony API (TAPI)


See definition for: Transmission Control Protocol/Internet Protocol (TCP/IP)


See definition for: Transmission Control Protocol/Internet Protocol (TCP/IP)


See definition for: Transport Driver Interface (TDI)

Telephony API (TAPI)

An application programming interface (API) used by communications programs to work with telephony and network services. Communications programs like HyperTerminal and Phone Dialer use TAPI to dial, answer, and route telephone calls on conventional telephony devices, including PBXs, modems, and fax machines. TAPI 3.0 also provides Internet Protocol (IP) telephony support, which Phone Dialer and other programs use to transmit, route, and control real-time audio and video signals over IP-based networks such as the Internet.

See also: application programming interface (API); service


A protocol that enables an Internet user to log on to and enter commands on a remote computer linked to the Internet, as if the user were using a text-based terminal directly attached to that computer. Telnet is part of the TCP/IP suite of protocols. The term telnet also refers to the software (client or server component) that implements this protocol.

See also: protocol; Transmission Control Protocol/Internet Protocol (TCP/IP)


See definition for: ticket-granting service (TGS)


See definition for: ticket-granting ticket (TGT)


A type of object within a process that runs program instructions. Using multiple threads allows concurrent operations within a process and enables one process to run different parts of its program on different processors simultaneously. A thread has its own set of registers, its own kernel stack, a thread environment block, and a user stack in the address space of its process.

See also: kernel


A set of identification data for a security principal, issued by a domain controller for purposes of user authentication. Two forms of tickets in Windows are ticket-granting tickets (TGTs) and service tickets.

See also: domain controller; ticket-granting ticket (TGT)

ticket-granting service (TGS)

A Kerberos V5 service provided by the Kerberos V5 Key Distribution Center (KDC) service that issues service tickets that allow users to authenticate to services in a domain.

See also: Kerberos V5 authentication protocol; Key Distribution Center (KDC); ticket-granting ticket (TGT)

ticket-granting ticket (TGT)

A credential issued to a user by the Kerberos Key Distribution Center (KDC) when the user logs on. The user must present the TGT to the KDC when requesting session tickets for services. Because a TGT is normally valid for the life of the user's logon session, it is sometimes called a user ticket.

See also: Kerberos V5 authentication protocol; Key Distribution Center (KDC); ticket-granting service (TGS)


The physical layout of computers, cables, switches, routers, and other components of a network. Topology also refers to the underlying network architecture, such as Ethernet or Token Ring.

In Active Directory replication, the set of connections that domain controllers use to replicate information among themselves.

See also: domain controller


Command-line POSIX tool which changes the modification date of files.

Transmission Control Protocol/Internet Protocol (TCP/IP)

A set of networking protocols widely used on the Internet that provides communications across interconnected networks of computers with diverse hardware architectures and various operating systems. TCP/IP includes standards for how computers communicate and conventions for connecting networks and routing traffic.

See also: protocol

Transport Driver Interface (TDI)

A common set of routines for network layer components that communicate with the session layer of the Open Systems Interconnection (OSI) model. These routines allow software components above and below the transport layer to be mixed and matched without reprogramming.

transport protocol

A protocol that defines how data should be presented to the next receiving layer in the Windows NT and Windows 2000 networking model and packages the data accordingly. The transport protocol passes data to the network adapter driver through the Network Driver Interface Specification (NDIS) interface and to the redirector through the Transport Driver Interface (TDI).

trust relationship

A logical relationship established between domains to allow pass-through authentication, in which a trusting domain honors the logon authentications of a trusted domain. User accounts and global groups defined in a trusted domain can be given rights and permissions in a trusting domain, even though the user accounts or groups don't exist in the trusting domain's directory.

See also: domain; permission

tunnel server

A server or router that terminates tunnels and forwards traffic to the hosts on the target network.

See also: router

two-way trust

A trust relationship between two domains in which both domains trust each other. For example, domain A trusts domain B, and domain B trusts domain A. All parent-child trusts are two-way.

See also: domain; one-way trust; trust relationship



See definition for: Universal Character Set (UCS)


See definition for: Universal Naming Convention (UNC)

UNC (Universal Naming Convention) name

The full name of a resource on a network. It conforms to the \\servername\sharename syntax, where servername is the name of the server and sharename is the name of the shared resource. UNC names of directories or files can also include the directory path under the share name, with the following syntax:


See also: resource


A character encoding standard developed by the Unicode Consortium that represents almost all of the written languages of the world. The Unicode character repertoire has multiple representation forms, including UTF-8, UTF-8, and UTF-32. Most Windows interfaces use the UTF-16 form.

See also: American Standard Code for Information Interchange (ASCII); Universal Character Set (UCS)

Uniform Resource Locator (URL)

An address that uniquely identifies a location on the Internet. A URL for a World Wide Web site is preceded by https://, as in the fictitious URL A URL can contain more detail, such as the name of a page of hypertext, usually identified by the file name extension .html or .htm.

uninterruptible power supply (UPS)

A device that connects a computer and a power source to ensure that electrical flow is not interrupted. UPS devices use batteries to keep the computer running for a period of time after a power failure. UPS devices usually provide protection against power surges and brownouts as well.

Universal Character Set (UCS)

An international standard character set reference that is part of the Unicode standard. The most widely held existing version of the UCS standard is UCS-2, which specifies 16-bit character values currently accepted and recognized for use to encode most of the world's languages.

See also: American Standard Code for Information Interchange (ASCII); Unicode

Universal Naming Convention (UNC)

A convention for naming files and other resources beginning with two backslashes (\), indicating that the resource exists on a network computer. UNC names conform to the \\servername\sharename syntax, where servername is the server's name and sharename is the name of the shared resource. The UNC name of a directory or file can also include the directory path after the share name, by using the following syntax: \\servername\sharename\directory\filename.

universal serial bus (USB)

An external bus that supports Plug and Play installation. Using USB, you can connect and disconnect devices without shutting down or restarting your computer. You can use a single USB port to connect up to 127 peripheral devices, including speakers, telephones, CD-ROM drives, joysticks, tape drives, keyboards, scanners, and cameras. A USB port is usually located on the back of your computer near the serial port or parallel port.


A powerful, multiuser, multitasking operating system initially developed at AT&T Bell Laboratories in 1969 for use on minicomputers. UNIX is considered more portable, that is, less computer-specific, than other operating systems because it is written in C language. Newer versions of UNIX have been developed at the University of California at Berkeley and by AT&T.


See definition for: uninterruptible power supply (UPS)


See definition for: Uniform Resource Locator (URL)


See definition for: universal serial bus (USB)

user profile

A file that contains configuration information for a specific user, such as desktop settings, persistent network connections, and application settings. Each user's preferences are saved to a user profile that Windows uses to configure the desktop each time a user logs on.


A form of encoding and decoding that allows binary files to be sent as e-mail. A binary file, such as a program or image, cannot be sent directly over the Internet by e-mail. To send such a file, you must first encode it to hide the control characters. This encoding can be accomplished by converting the binary file to a text file. UUEncoding carries out this conversion, and UUDecoding regenerates the original file.



In programming, a named storage location capable of containing a certain type of data that can be modified during program execution.

System environment variables are defined by the operating systems in the Windows Server 2003 family, and they are the same no matter who is logged on to the computer. Administrator group members can add new variables or change the values, however.

User environment variables can be different for each user of a particular computer. They include any environment variables you want to define or variables defined by your applications, such as the path where application files are located.

See also: environment variable

virtual local area network (VLAN)

A logical grouping of hosts on one or more local area networks (LANs) that allows communication to occur between hosts as if they were on the same physical LAN.

See also: local area network (LAN)


See definition for: virtual local area network (VLAN)

VoIP (Voice over Internet Protocol)

A method for sending voice over a local area network (LAN), a wide area network (WAN), or the Internet using TCP/IP packets.

See also: local area network (LAN); Transmission Control Protocol/Internet Protocol (TCP/IP); wide area network (WAN)


An area of storage on a hard disk. A volume is formatted by using a file system, such as file allocation table (FAT) or NTFS, and has a drive letter assigned to it. You can view the contents of a volume by clicking its icon in Windows Explorer or in My Computer. A single hard disk can have multiple volumes, and volumes can also span multiple disks.

See also: file allocation table (FAT); NTFS file system; simple volume; spanned volume

volume set

A volume that consists of disk space on one or more physical disks. A volume set is created by using basic disks and is supported only in Windows NT 4.0 or earlier. Volume sets were replaced by spanned volumes, which use dynamic disks.

See also: basic disk; dynamic disk; partition; spanned volume; volume

voluntary tunnel

A tunnel that is initiated by the client. A voluntary tunnel tunnels Point-to-Point Protocol (PPP) over Internet Protocol (IP) from the client to the tunnel server, and then the data is forwarded to the target host by the tunnel server.

See also: tunnel server



See definition for: wide area network (WAN)


Word count. Command-line POSIX tool that returns the number of bytes, words, and lines in files.

wide area network (WAN)

A communications network connecting geographically separated computers, printers, and other devices. A WAN enables any connected device to interact with any other on the network.

See also: local area network (LAN)

Windows Internet Name Service (WINS)

A software service that dynamically maps IP addresses to computer names (network basic input/output system (NetBIOS) names). This enables users to access resources by name instead of requiring them to use IP addresses that are difficult to recognize and remember.

See also: IP address; network basic input/output system (NetBIOS); resource; service; WINS resource

Windows Support Tools

Tools that administrators, developers, or support personnel can use to diagnose and troubleshoot operating system configuration problems. Although Windows Support Tools are included on the operating system CD, they are not guaranteed or supported by Microsoft, and they must be installed separately from the operating system.


See definition for: Windows Internet Name Service (WINS)

WINS resource

A resource type that provides Windows Internet Name Service (WINS) from a cluster.

See also: cluster; Windows Internet Name Service (WINS)

working set

For a process, the amount of physical memory assigned to the process by the operating system.



A set of standards defining a distributed directory service, developed by the International Standards Organization (ISO).

See also: directory service


There are no glossary terms that begin with this letter.


There are no glossary terms that begin with this letter.