Windows Server 2003 Glossary - A
Updated: March 7, 2008
Applies To: Windows Server 2000, Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
For more Windows Server terms, see the Windows Server 2008 Glossary.
Glossary - A
AAAA (quad-A) resource record
A resource record used to map a DNS domain name to a host Internet Protocol version 6 (IPv6) address on the network.
See also: domain name Domain Name System (DNS) IP address resource record (RR)
See other term: ATM adaptation layer (AAL)
See other term: area border router (ABR)
A security mechanism that determines which operations a user, group, service, or computer is authorized to perform on a computer or on a particular object, such as a file, printer, registry subkey, or directory service object.
See also: group object permission registry service
access control entry (ACE)
An entry in either a securable object's discretionary access control list (DACL) or an object's system access control list (SACL). In a DACL, the entry grants or denies permissions to a user or group. In a SACL, the entry specifies which security events to audit for a particular user or group or controls the Windows Integrity Level for the object.
access control list (ACL)
A list of security protections that apply to an entire object, a set of the object's properties, or an individual property of an object. There are two types of access control lists: discretionary and system.
See also: access control entry (ACE) discretionary access control list (DACL) object security descriptor system access control list (SACL)
A phone number that subscribers can dial to reach online services.
A data structure that contains authentication and authorization information for a user. Windows creates the access token when the user logs on and the user's identity is confirmed. The access token contains the user's security ID (SID), the list of groups that the user is a member of, and the list of privileges held by that user. Each process or thread started for the user inherits a copy of the access token. In some cases a user may have more than one access token, with different levels of authority.
See also: privilege security ID (SID) security principal
A Windows security feature that locks a user account if a number of failed logon attempts occur within a specified amount of time, based on security policy lockout settings. Locked accounts cannot log on.
See also: policy user account
account logon event category
In auditing, a group of events that are logged when a user logs on to a computer that uses another computer to validate the user account. Events in this event category are logged on the computer that validates the user account.
See also: auditing event user account
account management event category
In auditing, a group of events that are logged when user or group account information is modified.
See also: auditing event group account user account
A federation partner that is trusted by the Federation Service to provide security tokens. The account partner issues these tokens to its users - that is, users in the account partner realm - so that they can access Web-based applications in the resource partner.
See other term: access control entry (ACE)
See definition for: atomicity, consistency, isolation, durability (ACID)
A message transmitted to indicate that data has been received correctly. The Transmission Control Protocol (TCP) requires that the recipient acknowledge successful receipt of data. Such acknowledgments (ACKs) generate additional network traffic, decreasing the rate at which data passes but increasing reliability. To reduce the impact on performance, most hosts send an acknowledgment for every other segment or when a specified time interval has passed.
See also: host
For Message Queuing, a message class that indicates that a message arrived or was retrieved by the target application (a positive acknowledgment), or that an error occurred before the original message could be retrieved (a negative acknowledgment). These messages are sent to administration queues on the source computer.
See also: administration queue Message Queuing
See other term: access control list (ACL)
See other term: Advanced Configuration and Power Interface (ACPI)
Describes the window or icon that you are currently using or that is currently selected. The operating system always applies the next keystroke or command you choose to the active window. Windows or icons on the desktop that are not selected are inactive.
An application programming interface (API) built into a variety of Windows operating systems, including Windows 2000, Windows XP, and products in the Windows Server 2003 family. Active Accessibility allows an accessibility aid (or other Active Accessibility client) to collect meaningful information from an application`s user interface and convey that information to the user. For example, Microsoft Active Accessibility allows a screen reader to convey to the user that an application is displaying a pop-up message asking whether to save or discard file changes. Because Active Accessibility reduces the need for application-specific code, it reduces overall maintenance costs and allows software developers to innovate in their user interface without sacrificing compatibility with accessibility aids.
See also: application programming interface (API)
A feature in Microsoft Internet Security and Acceleration (ISA) Server that retrieves files for Web pages that are accessed frequently.
See also: caching
Interactive or animated content used on the Internet. Active content includes ActiveX controls and web browser add-ons.
See also: channel
The Windows-based directory service. Active Directory stores information about objects on a network and makes this information available to users and network administrators. Active Directory gives network users access to permitted resources anywhere on the network using a single logon process. It provides network administrators with an intuitive, hierarchical view of the network and a single point of administration for all network objects.
See also: directory partition directory service domain forest object replication
Active Directory Application Mode (ADAM)
A stand-alone directory service that is designed specifically for use with directory-enabled applications. Active Directory Application Mode (ADAM) does not require or depend on Active Directory forests or domains. ADAM stores and replicates only application-related information. ADAM does not store or replicate network operating system (NOS)-related information.
Active Directory Application Mode (ADAM) instance
For Active Directory Application Mode (ADAM), a single copy of the ADAM directory service, along with its associated directory store, assigned Lightweight Directory Access Protocol (LDAP) and Secure Sockets Layer (SSL) ports, and application event log. You can run multiple ADAM instances simultaneously on a single ADAM server.
See also: Active Directory Application Mode (ADAM) directory service Lightweight Directory Access Protocol (LDAP) Secure Sockets Layer (SSL)
Active Directory Federation Services (ADFS)
A Windows Server 2003 R2 component that provides Web single-sign-on (SSO) technologies to authenticate a user to multiple Web applications over the life of a single online session. ADFS accomplishes this by securely sharing digital identity and entitlement rights across security and enterprise boundaries. ADFS in Windows Server 2003 R2 supports the WS-Federation Passive Requestor Profile (WS-F PRP).
Active Directory Installation Wizard
The tool that is used to install and remove Active Directory.
See also: Active Directory
Active Directory replication
The synchronization of Active Directory partition replicas between domain controllers. Replication automatically copies the changes that originate on a writable directory partition replica to all other domain controllers that hold the same directory partition replica. More specifically, a destination domain controller pulls these changes from the source domain controller.
See also: Active Directory domain controller global catalog replica replication
Active Directory Service Interfaces (ADSI)
A directory service model and a set of Component Object Model (COM) interfaces. ADSI enables Windows applications and Active Directory clients to access several network directory services, including Active Directory. ADSI is supplied as a software development kit (SDK).
See also: Active Directory Component Object Model (COM) directory service
Active Directory Users and Computers
An administrative tool used by an administrator to perform day-to-day Active Directory administration tasks. The tasks that can be performed with this tool include creating, deleting, modifying, moving, and setting permissions on objects stored in the directory. Examples of objects in Active Directory are organizational units, users, contacts, groups, computers, printers, and shared file objects.
See also: Active Directory object permission
Active Directory-integrated zone
A primary Domain Name System (DNS) zone that is stored in Active Directory so that it can use multimaster replication and Active Directory security features.
See also: Active Directory Domain Name System (DNS) multimaster replication primary zone
A partition from which a computer starts up. The active partition must be a primary partition on a basic disk. If you use Windows exclusively, the active partition can be the same as the system volume.
See also: basic disk primary partition system partition system volume x86
The volume from which the computer starts up. The active volume must be a simple volume on a dynamic disk. You cannot mark an existing dynamic volume as the active volume, but you can upgrade a basic disk containing the active partition to a dynamic disk. After the disk is upgraded to dynamic, the partition becomes a simple volume that is active.
See also: active partition basic disk dynamic disk dynamic volume simple volume
A set of technologies that allows software components to interact with one another in a networked environment, regardless of the language in which the components were created.
See also: ActiveX component
A reusable software component that can be used to incorporate ActiveX technology.
See also: ActiveX
See other term: Active Directory Application Mode (ADAM)
See other term: Active Directory Application Mode (ADAM) instance
A unique identifier that identifies a network node to other nodes on the network. Also known as the net address or MAC address.
See also: media access control (MAC) address node
address (A) resource record
A resource record (RR) used to map a DNS domain name to a host Internet Protocol version 4 (IPv4) address on the network.
See also: domain name Domain Name System (DNS) IP address resource record (RR)
A predefined grouping of Internet addresses that defines a network of a certain size. The range of numbers that can be assigned for the first octet in the IP address is based on the address class. Class-based IP addressing has been superceded by Classless Interdomain Routing (CIDR).
See also: Class A IP address Class B IP address Class C IP address Classless Interdomain Routing (CIDR)
The addresses within a DHCP scope range of addresses that are available for leased distribution to clients.
See also: address Dynamic Host Configuration Protocol (DHCP) lease scope
Address Resolution Protocol (ARP)
In TCP/IP, a protocol that uses broadcast traffic on the local network to resolve a logically assigned Internet Protocol version 4 (IPv4) address to its physical hardware or media access control (MAC) layer address. In asynchronous transfer mode (ATM), ARP is used two different ways. For classical IPv4 over ATM (CLIP), ARP is used to resolve addresses to ATM hardware addresses. For ATM LAN emulation (LANE), ARP is used to resolve Ethernet/802.3 or Token Ring addresses to ATM hardware addresses.
See also: asynchronous transfer mode (ATM) classical IP over ATM (CLIP) Internet Protocol (IP) IP address LAN emulation (LANE) media access control (MAC) address Message Authentication Code (MAC) packet Transmission Control Protocol/Internet Protocol (TCP/IP)
Address Windowing Extensions (AWE) API
A set of application programming interfaces (APIs) developed by Microsoft that allows software developers to create applications that use up to 64 GB of physical nonpaged memory in a 32-bit virtual address space on 32-bit platforms. This technology allows for windowed views to this physical memory from within the application`s virtual address space.
See also: application programming interface (API) virtual address
A relationship formed between selected neighboring Open Shortest Path First (OSPF) routers for the purpose of exchanging routing information. When the link state databases of two neighboring routers are synchronized, the routers are said to be adjacent. Not every pair of neighboring routers becomes adjacent.
See also: link state database Open Shortest Path First (OSPF) router
For Message Queuing, a queue that stores acknowledgment messages.
See also: acknowledgment message Message Queuing queue
Alerts that relate to server and resource use. They notify users about problems in areas such as security and access, user sessions, server shutdown due to power loss (when an uninterruptible power supply (UPS) is available), directory replication, and printing. When a computer generates an administrative alert, a message is sent to a predefined list of users and computers.
See also: Alerter service uninterruptible power supply (UPS)
Logon information that is used to identify a member of an administrative group. Groups that use administrative credentials include Administrators, Domain Admins, and DNS Admins. Most system-wide or domain-wide tasks require administrative credentials.
See also: Administrators group group
In the Windows Server 2003 family, a person who is responsible for setting up and managing local computers, stand-alone servers, member servers, or domain controllers. An administrator sets up user and group accounts, assigns passwords and permissions, and helps users with networking problems. Administrators can be members of the Administrators group on local computers or servers. A person who is a member of the Administrators group on a local computer or server has full access to that computer or server and can assign access control rights to users as necessary. Administrators can also be members of the Domain Admins group on domain controllers and have full control over user and computer accounts residing in that domain.
See also: access control computer account domain domain controller group account member server network administrator stand-alone server user account
On a local computer, the first account that is created when you install an operating system on a new workstation, stand-alone server, or member server. By default, this account has the highest level of administrative access to the local computer, and it is a member of the Administrators group. In an Active Directory domain, the first account that is created when you set up a new domain by using the Active Directory Installation Wizard. By default, this account has the highest level of administrative access in a domain, and it is a member of the Administrators, Domain Admins, Domain Users, Enterprise Admins, Group Policy Creator Owners, and Schema Admins groups.
On a local computer, a group whose members have the highest level of administrative access to the local computer. Examples of administrative tasks that can be performed by members of this group include installing programs; accessing all files on the computer; auditing access control; and creating, modifying, and deleting local user accounts. In an Active Directory domain, a group whose members have the highest level of administrative access in the domain. Examples of administrative tasks that can be performed by members of this group include setting domain policy; assigning and resetting domain user account passwords; setting up and managing domain controllers; and creating, modifying, and deleting domain user accounts.
See other term: Active Directory Service Interfaces (ADSI)
Advanced Configuration and Power Interface (ACPI)
An open industry specification that defines power management on a wide range of mobile, desktop, and server computers and peripherals. ACPI is the foundation for the OnNow industry initiative that allows system manufacturers to deliver computers that start at the touch of a keyboard. ACPI design is essential to take full advantage of power management and Plug and Play.
For Network Load Balancing, the method used to associate client requests to cluster hosts. When no affinity is specified, all network requests are load balanced across the cluster without respect to their source. Affinity is implemented by directing all client requests from the same IP address to the same cluster host.
An application that runs on a Simple Network Management Protocol (SNMP) managed device. The agent application is the object of management activities. A computer running SNMP agent software is also sometimes referred to as an agent.
See also: Simple Network Management Protocol (SNMP)
A service used by the server and other services to notify selected users and computers of administrative alerts that occur on a computer. The Alerter service requires the Messenger service.
See also: administrative alerts Messenger service service
In cryptography, a mathematical process that is used in cryptographic operations such as the encryption and digital signing of data. An algorithm is commonly used with a cryptographic key to enhance security.
See also: encryption public key encryption symmetric encryption
The smallest amount of disk space that can be allocated to hold a file. All file systems used by Windows organize hard disks based on allocation units. The smaller the allocation unit size, the more efficiently a disk stores information. If you do not specify an allocation unit size when formatting the disk, Windows picks default sizes based on the size of the volume. These default sizes are selected to reduce the amount of space that is lost and the amount of fragmentation on the volume. Also called a cluster.
See also: file system volume
American Standard Code for Information Interchange (ASCII)
A standard single-byte character encoding scheme used for text-based data. ASCII uses designated 7-bit or 8-bit number combinations to represent either 128 or 256 possible characters. Standard ASCII uses 7 bits to represent all uppercase and lowercase letters, the numbers 0 through 9, punctuation marks, and special control characters used in U.S. English. Most current x86-based systems support the use of extended (or "high") ASCII. Extended ASCII allows the eighth bit of each character to identify an additional 128 special symbol characters, foreign-language letters, and graphic symbols.
See also: Unicode
An authentication mechanism by which users who are able to connect to an Internet site without credentials are assigned to the IUSR_ComputerName account and granted the access rights that are assigned to that account.
An authentication mechanism that does not require user accounts and passwords. Anonymous authentication grants remote users the identity IUSR_ComputerName. Anonymous authentication is used on the Internet to grant visitors restricted access to predefined public resources.
A text file used to automate Setup or other installation processes. Using this text file, you can provide custom answers to Setup-related questions. Typically, you must point the Setup program to use the answer file at the same time Setup is started. Answer files can only be used on applications and operating systems that support them.
See also: Setup
See other term: application programming interface (API)
See other term: Automatic Private IP Addressing (APIPA)
Client software that is shipped with all Macintosh computers and with Apple Computer server software. Macintosh computers can use their AppleShare client software to connect to computers running Services for Macintosh.
See also: client server
AppleTalk Control Protocol (ATCP)
A network control protocol defined within Point-to-Point Protocol (PPP). ATCP allows clients to connect to a Windows server by running PPP over AppleTalk. ATCP negotiates the AppleTalk parameters to use during the PPP session.
See also: Network Control Protocol Point-to-Point Protocol (PPP)
AppleTalk Filing Protocol
The presentation-layer protocol that manages access to remote files in an AppleTalk network.
See also: protocol
AppleTalk Phase 2
The extended AppleTalk Internet model designed by Apple Computer that supports multiple zones within a network and extended addressing capacity.
See also: zone
The set of network protocols on which AppleTalk network architecture is based. The AppleTalk Protocol is installed with Services for Macintosh to help users access resources on a network.
See also: protocol resource
The layer of AppleTalk Phase 2 protocols that delivers data to its destination on the network.
See also: AppleTalk Phase 2
A process that uses Software Installation (an extension of Group Policy) to assign programs to groups of users. The programs appear on the users` desktop when they log on.
See also: Group Policy
application directory partition
An Active Directory directory partition that stores application-specific data that can be dynamic (subject to Time to Live restrictions). Application directory partitions can store any type of object except security principals and are not replicated to the global catalog. The replication scope of an application directory partition can be configured to include any set of domain controllers in the forest.
See also: Active Directory directory partition Time to Live (TTL)
application memory tuning
A feature of Windows Server 2003, Enterprise Edition, and Windows Server 2003, Datacenter Edition. Application memory tuning can be enabled on computers with between 2 gigabytes (GB) and 4 GB of physical RAM, and it allows applications running on these computers to address 3 GB of virtual memory instead of the 2 GB normally allocated to each application process. Also known as 4-gigabyte tuning (4GT).
See also: virtual memory
application programming interface (API)
A set of routines that an application uses to request and carry out lower-level services performed by a computer`s operating system. These routines usually carry out maintenance tasks such as managing files and displaying information.
area border router (ABR)
An Open Shortest Path First (OSPF) router that is attached to multiple areas. ABRs maintain separate topological databases for each area.
See also: Open Shortest Path First (OSPF) topological database
See other term: Address Resolution Protocol (ARP)
See other term: autonomous system (AS)
See other term: autonomous system boundary router (ASBR)
See other term: American Standard Code for Information Interchange (ASCII)
See other term: Automated System Recovery (ASR)
A form of data transmission in which information is sent and received at irregular intervals, one character at a time. Because data is received at irregular intervals, the receiving modem must be signaled to let it know when the data bits of a character begin and end. This is done by means of start and stop bits.
See also: modem (modulator/demodulator)
asynchronous transfer mode (ATM)
A high-speed, connection-oriented, virtual circuit-based packet switching protocol used to transport many different types of network traffic. ATM packages data in 53-byte, fixed-length cells that can be switched quickly between logical connections on a network.
See other term: AppleTalk Control Protocol (ATCP)
See other term: asynchronous transfer mode (ATM)
ATM adaptation layer (AAL)
The layer of the asynchronous transfer mode (ATM) protocol stack that parses data into the payload portion of the ATM cell for transport across an ATM network.
See also: asynchronous transfer mode (ATM)
atomicity, consistency, isolation, durability (ACID)
The four essential properties of an electronic transaction. Atomicity is the ability to do or undo a transaction completely; consistency is the ability of a transaction to change a system from one consistent state to another consistent state; isolation is the ability for a transaction to occur independently of other transactions made at the same time; and durability is the ability of a transaction to persist, even during system failure.
For files, information that indicates whether a file is read-only, hidden, ready for archiving (backing up), compressed, or encrypted, and whether the file contents should be indexed for fast file searching.
See also: Active Directory class object object class schema
Data that is recorded in the event log when specified system, application, and security-related events take place. Audit entries provide valuable data about system operations that can be used to identify system use and to diagnose system behavior.
See also: auditing event
Enhanced logging capabilities that monitor and manage the growth and size of log files used by DHCP on an ongoing daily basis.
See also: Dynamic Host Configuration Protocol (DHCP)
Policy that determines the security events to be reported to the network administrator.
See also: policy security
The process that tracks the activities of users by recording selected types of events in the security log of a server or a workstation.
See also: security log
The process of verifying the identity of a user, computer, process, or other entity by validating the credentials provided by the entity. Common forms of credentials are digital signatures, smart cards, biometric data, and a combination of user names and passwords.
See also: cryptography Kerberos V5 authentication protocol nonrepudiation NTLM authentication protocol smart card trust relationship
Authentication Header (AH)
A header that provides authentication, integrity, and anti-replay for the entire packet (the Internet Protocol (IP) header and the data payload carried in the packet).
See also: authentication Internet Protocol (IP) packet
The protocol by which an entity on a network proves its identity to a remote entity. Typically, identity is proved with the use of a secret key, such as a password, or with a stronger key, such as the key on a smart card. Some authentication protocols also implement mechanisms to share keys between client and server to provide message integrity or privacy.
See also: authentication identity Kerberos V5 authentication protocol key NTLM authentication protocol protocol smart card
Describes a DNS server that hosts a primary or secondary copy of a DNS zone.
See also: authoritative restore DNS server Domain Name System (DNS) resource record (RR) zone
In Backup, a type of restore operation performed on an Active Directory domain controller in which the objects in the restored directory are treated as authoritative, replacing (through replication) all existing copies of those objects.
See also: Active Directory domain controller nonauthoritative restore object replication
The process that determines what a user is permitted to do on a computer system or network.
See also: authentication
A database that stores Authorization Manager policy.
A tape or disk library with an automatic mechanism, such as a robotic arm, that loads and unloads media into a drive or drives without manual intervention from the user. Automated libraries are sometimes known as autoloaders, changers, jukeboxes, media changers, and robotic libraries.
Automated System Recovery (ASR)
A feature that helps you recover a system that will not start. To use Automated System Recovery, you must first use the Automated System Recovery Preparation Wizard (part of Backup). This wizard backs up the partition used by the operating system, but it does not back up other partitions, such as program or data partitions. Those partitions must be backed up using Backup or other standard routines.
See also: partition
automatic file replication
The replication of files and directories between computers as performed automatically by the File Replication service (FRS). In a domain distributed file system, FRS provides automatic file and directory replication between targets. The user configures automatic replication through the DFS administration tool. Files in a stand-alone distributed file system must be replicated between targets manually or by using other utilities.
See also: Distributed File System (DFS) domain DFS File Replication service (FRS) replication
Automatic Private IP Addressing (APIPA)
A TCP/IP feature in Windows XP and Windows Server 2003 that automatically configures a unique IP address from the range 169.254.0.1 through 169.254.255.254 with a subnet mask of 255.255.0.0 when the TCP/IP protocol is configured for dynamic addressing and a DHCP server is not available. The APIPA range of IP addresses is reserved by the Internet Assigned Numbers Authority (IANA) for use on a single subnet, and IP addresses within this range are not used on the Internet.
See also: DHCP server Dynamic Host Configuration Protocol (DHCP) IP address Transmission Control Protocol/Internet Protocol (TCP/IP)
autonomous system (AS)
A group of routers exchanging routing information by using a common routing protocol.
See also: autonomous system boundary router (ASBR) router
autonomous system boundary router (ASBR)
A router that exchanges routing information with routers that belong to other autonomous systems. The ASBR then advertises external routes throughout the autonomous system. ASBRs can be internal or area border routers, and they might or might not be connected to the backbone.
The process of adding static routes to the routing table automatically. When you configure an interface to use auto-static update mode, the router sends a request to other routers and inherits routes. The routes are saved in the routing table as auto-static routes and are kept even if the router is restarted or the interface goes down. Auto-static updates are supported in Routing Information Protocol (RIP) for Internet Protocol (IP) and in RIP for Internetwork Packet Exchange (IPX), but they are not available for use with Open Shortest Path First (OSPF).
See also: Open Shortest Path First (OSPF) routing Routing Information Protocol over IPX (RIPX) static routes
A level of service provided by applications, services, or systems. Highly available systems have minimal downtime, whether planned or unplanned. Availability is often expressed as the percentage of time that a service or system is available, for example, 99.9 percent for a service that is down for 8.75 hours a year.
available bit rate (ABR)
An asynchronous transfer mode (ATM) service type that supports available-bit-rate traffic, minimum guaranteed transmission rate, and peak data rates. ABR also allows bandwidth allocation depending on availability, and it uses flow control to communicate bandwidth availability to the end node.
See also: asynchronous transfer mode (ATM) bandwidth node
See other term: full zone transfer (AXFR)