Export (0) Print
Expand All

Windows Server 2008 Glossary - A

Updated: June 10, 2009

Applies To: Windows Server 2008

For more Windows Server terms, see either the Windows Server 2008 R2 Glossary or the Windows Server 2003 Glossary.

#  A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P  Q  R  S  T  U  V  W  X  Y  Z

A security feature of Windows that allows administrators to perform normal day-to-day tasks while running with a standard user token. If administrator privileges are needed for an operation, the administrator will be notified and asked to provide either consent or credentials, depending on system policy settings.

Ability to view data or navigate to or within a physical or virtual computer environment (n). To connect to a resource, either remotely  or locally (v).

A component of Cisco Identity Based Networking Services (IBNS) architecture that improves network access security for Cisco network devices.

A data structure that contains authentication and authorization information for a user. Windows creates the access token when the user logs on and the user's identity is confirmed. The access token contains the user's security ID (SID), the list of groups that the user is a member of, and the list of privileges held by that user. Each process or thread started for the user inherits a copy of the access token. In some cases a user may have more than one access token, with different levels of authority.

A security element that verifies the identity of a user or computer. An account has an associated name and password as well as group memberships, privileges, and constraints.

The federation server that is located in the corporate network of the account partner organization. The account federation server issues security tokens to users based on user authentication. The server authenticates a user, pulls the relevant attributes and group membership information out of the account store, and generates and signs a security token to return to the user—either to be used in its own organization or to be sent to a partner organization.

The federation server proxy that is located in the perimeter network of the account partner organization. The account federation server proxy collects authentication credentials from a client that logs on over the Internet (or from the perimeter network) and passes those credentials to the account federation server.

A federation partner that is trusted by the Federation Service to provide security tokens to its users (that is, users in the account partner organization) so that they can access Web-based applications in the resource partner.

A component of Cisco Identity Based Networking Services (IBNS) architecture that improves network access security for Cisco network devices.

The Microsoft Windows based directory service. Active Directory Domain Services stores information about objects on a network and makes this information available to users and network administrators.

The tool that is used to install and remove Active Directory Domain Services (AD DS).

A component that provides Web single-sign-on (SSO) technologies. AD FS provides SSO by securely sharing digital identity and entitlement rights across security and enterprise boundaries. AD FS supports the WS-Federation Passive Requestor Profile (WS-F PRP).

A Lightweight Directory Access Protocol (LDAP) directory service that provides flexible support for directory-enabled applications, without the restrictions of Active Directory Domain Services (AD DS). Previously known as Active Directory Application Mode (ADAM).

A single copy of the Active Directory Lightweight Directory Services (AD LDS) directory service that includes its associated directory store and its application event log.

A partition from which a computer starts up. The active partition must be a primary partition on a basic disk. If you use Windows exclusively, the active partition can be the same as the system volume.

The volume from which the computer starts up. The active volume must be a simple volume on a dynamic disk. You cannot mark an existing dynamic volume as the active volume, but you can upgrade a basic disk containing the active partition to a dynamic disk. After the disk is upgraded to dynamic, the partition becomes a simple volume that is active.

See "Active Directory Domain Services".

A component that provides Web single-sign-on (SSO) technologies. AD FS provides SSO by securely sharing digital identity and entitlement rights across security and enterprise boundaries. AD FS supports the WS-Federation Passive Requestor Profile (WS-F PRP).

See "Active Directory Lightweight Directory Services".

A single copy of the Active Directory Lightweight Directory Services (AD LDS) directory service that includes its associated directory store and its application event log.

An installable role service of AD FS that is used to create an AD FS-enabled Web server. An AD FS Web Agent consumes incoming security tokens and authentication cookies that are signed by a valid federation server—to either allow or deny a user access to the protected application—while taking into consideration application-specific access control settings.

A Web server that is configured with the appropriate AD FS Web Agent software—either the claims-aware agent or the Windows token–based agent—which is necessary for authenticating and authorizing federated access to locally hosted, Web-based applications.

A security feature of Windows that allows administrators to perform normal day-to-day tasks while running with a standard user token. If administrator privileges are needed for an operation, the administrator will be notified and asked to provide either consent or credentials, depending on system policy settings.

An operation that can only be performed by an administrator, not a standard user.

A collection of files that provide policy setting information for the items that appear under the Administrative Templates folder in the console tree of the Local Group Policy Editor and when editing a Group Policy object using the Group Policy Management Console. These files are in the ADMX and ADML file format.

The person in charge of managing a Windows computer. The administrator is responsible for installing software, assigning passwords, and managing files.

On Windows-based computers, a user account that is a member of the computer’s local Administrators group or a member of a group that is a member of the local Administrators group, such as the Domain Admins group in a Windows domain. This is the first account that is created when you install an operating system on a new workstation, stand-alone server, or member server. By default, this account has the highest level of administrative access to the local computer.

The ability to delegate local administrative permissions for a read-only domain controller (RODC) to any domain user without granting that user any user rights for the domain or other domain controllers.

One .admx and .adml file, joined by a common name, that are used to describe Group Policy settings in Group Policy management tools.

An extension to the Group Policy Management Console (GPMC) that provides change control and enhanced management for Group Policy objects (GPOs).

An extension to the Group Policy Management Console (GPMC) that provides change control and enhanced management for Group Policy objects (GPOs).

A Windows service that enables Advanced Group Policy Management (AGPM) clients to manage deployed and archived Group Policy objects (GPOs) and enforces delegation in AGPM.

The account under which the AGPM Service runs.

A system service that facilitates starting applications that require one or more elevated privileges to run, such as Administrative Tasks. When user requires elevated privileges to run an application and gives consent, AIS creates a new process for the application with the user’s full access token.

A file that automates Windows Setup. This file enables the configuration of Windows settings, the addition and removal of components, and many Windows Setup tasks, such as disk configuration.

A type of software or hardware methods that increase the difficulty and cost of a key search attack on a PIN or password.

The concept of ensuring that older applications still run correctly under newer operating systems.

A database that contains a list of applications that may have potential compatibility problems and remedies. When an application starts, Windows checks this database to configure system options to minimize compatibility problems.

The concept of ensuring that older applications still run correctly under newer operating systems.

A database that contains a list of applications that may have potential compatibility problems and remedies. When an application starts, Windows checks this database to configure system options to minimize compatibility problems.

A system service that facilitates starting applications that require one or more elevated privileges to run, such as Administrative Tasks. When user requires elevated privileges to run an application and gives consent, AIS creates a new process for the application with the user’s full access token.

An XML document that describes requirements for an application. The application manifest can be a separate file or embedded in the application’s .exe file.

A graphical user interface (GUI) tool that aids IT managers and developers in testing applications on Microsoft® Windows® and the Windows Server family. It helps developers identify potential application compatibility, stability, and security issues.

A graphical user interface (GUI) tool that aids IT managers and developers in testing applications on Microsoft® Windows® and the Windows Server family. It helps developers identify potential application compatibility, stability, and security issues.

See "Authenticated IP".

A protocol extension to Internet Key Exchange (IKE) that supports additional authentication mechanisms and the combination of user and computer authentication requirements.

For BitLocker Drive Encryption, a combination of one or more of the following elements, identified by a globally unique identifier (GUID): personal identification number (PIN), recovery password, recovery key, startup key, and Trusted Platform Module (TPM).

See "Authenticated IP".

A process that verifies that the user, computer, process, or other entity has the correct rights or permissions to access a resource.

A wizard that is available through TS Gateway Manager that enables you to quickly configure a Terminal Services connection authorization policy (TS CAP), a Terminal Services resource authorization policy (TS RAP), and a computer group that is associated with a TS RAP.

The unattended answer file that is automatically detected by Windows Setup during operating system installation.

An additional database that is associated with the AppCompat database. The Auxiliary AppCompat database can be modified on the system and is used primarily in large enterprises where the IT environment is heavily managed. The main AppCompat database is read-only.

A level of service provided by applications, services, or systems. Highly available systems have minimal downtime, whether planned or unplanned.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft