Export (0) Print
Expand All

Windows Server 2008 Glossary - S

Updated: June 10, 2009

Applies To: Windows Server 2008

For more Windows Server terms, see either the Windows Server 2008 R2 Glossary or the Windows Server 2003 Glossary.

#  A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P  Q  R  S  T  U  V  W  X  Y  Z

See "Security Association".

A measure of how well a computer, service, or application can grow to meet increasing performance demands.

The process that BitLocker Drive Encryption uses to encrypt the volume master key and create a binary large object (BLOB).

A desktop that is isolated from other processes running on the system. The secure desktop increases the security of the elevation prompt.

An algorithm that generates a 160-bit hash value from an arbitrary amount of input data. SHA-1 is used with the Digital Signature Algorithm (DSA) in the Digital Signature Standard (DSS), among other places.

A logical portion of a network that client computers can access if they either meet corporate health policy or are exempt from meeting corporate health policy.

Protection of a computer system and its data from harm or loss.

A combination of identifiers, which together define Internet Protocol security (IPsec), that protects communication between sender and receiver.

A cryptographically signed data unit that expresses one or more claims.

A Web service that issues security tokens. A security token service makes assertions based on evidence that it trusts to whoever trusts it. To communicate trust, this service requires proof, such as a security token or set of security tokens, and it issues a security token with its own trust statement. (Note that for some security token formats, this can simply be a reissuance or cosignature.) In Active Directory Federation Services (ADFS), the Federation Service is a security token service.

In AD FS, a certificate that AD FS-enabled Web servers, federation servers, and federation server proxies use to secure Web services traffic for communication among themselves as well as with Web clients.

A group of computers, known as nodes, or terminal servers working together as a single system to ensure that mission-critical applications and resources remain available to clients.

A group of servers that are in one location and that are networked together for the purpose of sharing workload.

An expanded Microsoft Management Console (MMC) component available in Windows Server that provides a single source for securely deploying and managing roles, role services, and features on a server; managing a server's identity and system information, including local user accounts; starting and stopping available services; and displaying server status, critical events, and issues with role configuration.

A command line tool that automates the deployment of roles and features on computers running Windows Server.

A group of computers, known as nodes, or terminal servers working together as a single system to ensure that mission-critical applications and resources remain available to clients.

A command line tool that automates the deployment of roles and features on computers running Windows Server.

A program, routine, or process that performs a specific system function to support other programs.

Configuration parameters or elements that control the behavior of a service, application, feature, function, or a run-time environment.

A client software component that declares a client's health state (by providing a statement of health) to a NAP agent.

An algorithm that generates a 160-bit hash value from an arbitrary amount of input data. SHA-1 is used with the Digital Signature Algorithm (DSA) in the Digital Signature Standard (DSS), among other places.

To make resources, such as folders and printers, available to others. Do not use as a noun.

A server software counterpart to a system health agent (SHA). A system health validator verifies the statement of health (SoH) made by its respective SHA.

A strict form of security identifier (SID) filtering that is applied to external trust relationships by default, which prevents any SIDs that are not part of the trusted quarantined domain from traversing the trust relationship. This type of filtering helps prevent malicious users in the quarantined domain from gaining unauthorized, privileged access to the trusting domain. SID filter quarantining was designed to be applied to external trust relationships. It should not be applied to forest trust relationships, trusts within a domain, or trusts within a forest that has a forest functional level of Windows 2000.

See also: SID filtering   

A security enhancement that is applied to all Active Directory trust relationships to reduce the possibility of escalation of privilege attacks from trusted entities. Security identifier (SID) filtering removes SIDs that identify privileged accounts in communications across trust relationships.

See also: SID filter quarantining   

Data that binds a sender's identity to the information being sent. A digital signature may be bundled with any message, file, or other digitally encoded information, or transmitted separately. Digital signatures are used in public key environments and provide nonrepudiation and integrity services.

A process that enables a user with a domain account to log on to a network once, using a password or smart card, and to gain access to any computer in the domain.

The unused area outside of the boot sector in sector 0 of a partitioned data storage device.

A reference to one or more computer programs.

A declaration from a client computer that asserts the computer's health status. System health agents (SHAs) create SoHs and send them to a corresponding system health validator (SHV).

The validation of a statement of health (SoH) that a system health validator (SHV) produces and sends to the NAP administration server. The SoHR can contain remediation instructions.

A combination of full access token and filtered access token linked together by the local security authority (LSA) component of the operating system.

A process that enables a user with a domain account to log on to a network once, using a password or smart card, and to gain access to any computer in the domain.

A process in which a read-only domain controller (RODC) is installed in two stages. In the first stage, a highly privileged user, such as a member of the Domain Admins group, creates an account for the RODC. In the second stage, a delegated user attaches the server that will be the RODC to the account that was created for it.

A process in which a read-only domain controller (RODC) is installed in two stages. In the first stage, a highly privileged user, such as a member of the Domain Admins group, creates an account for the RODC. In the second stage, a delegated user attaches the server that will be the RODC to the account that was created for it.

A user account in the Users group that has a full privilege access token. The standard user is not an administrator and is not a member of any local groups that are filtered.

An add-in for AppVerifier that predicts whether an application will perform correctly when run as a standard user or as an administrator with a filtered access token.

A key that is stored on a USB flash drive that must be inserted each time the computer starts.

A declaration from a client computer that asserts the computer's health status. System health agents (SHAs) create SoHs and send them to a corresponding system health validator (SHV).

The validation of a statement of health (SoH) that a system health validator (SHV) produces and sends to the NAP administration server. The SoHR can contain remediation instructions.

A software or hardware system, such as a disk drive or storage area network, that enables the persistence of data.

A Web service that issues security tokens. A security token service makes assertions based on evidence that it trusts to whoever trusts it. To communicate trust, this service requires proof, such as a security token or set of security tokens, and it issues a security token with its own trust statement. (Note that for some security token formats, this can simply be a reissuance or cosignature.) In Active Directory Federation Services (ADFS), the Federation Service is a security token service.

A tool used to configure the startup key, a random, 128-bit, symmetric cryptographic key created at system startup and used to encrypt all of the user`s symmetric cryptographic keys.

A client software component that declares a client's health state (by providing a statement of health) to a NAP agent.

A server software counterpart to a system health agent (SHA). A system health validator verifies the statement of health (SoH) made by its respective SHA.

The first volume that is accessed when a computer starts up. This volume contains the hardware-specific files that are required to load Windows and includes the computer's boot manager (for loading multiple operating systems). Generally, the system volume can be, but is not required to be, the same volume as the operating system volume.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft