Windows Server 2003 Glossary - S
Updated: March 7, 2008
Applies To: Windows Server 2000, Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
For more Windows Server terms, see the Windows Server 2008 Glossary.
Glossary - S
See other term: Secure/Multipurpose Internet Mail Extensions (S/MIME)
See other term: security association (SA)
See other term: system access control list (SACL)
A method of starting Windows using only basic files and drivers. Safe mode is available by pressing the F8 key during startup. This allows you to start the computer when a problem prevents it from starting correctly.
Safe Mode with Command Prompt
A method of starting Windows using basic files and drivers only, without networking, and with only a command prompt displayed. This mode is available by pressing the F8 key when prompted during startup. This allows you to start your computer when a problem prevents it from starting normally.
Safe Mode with Networking
A method of starting Windows using only basic files, drivers, and networking. This mode is available by pressing the F8 key when prompted during startup. This allows you to start your computer when a problem prevents it from starting normally.
See other term: Security Accounts Manager (SAM)
SAM account name
A domain-unique security principal name in Windows NT 4.0 and earlier.
See other term: system area network (SAN)
See other term: Service Advertising Protocol (SAP)
See other term: Simple Authentication and Security Layer (SASL)
In color management, the purity of a color's hue, moving from gray to the pure color.
See also: hue
See other term: subnet bandwidth management (SBM)
A measure of how well a computer, service, or application can grow to meet increasing performance demands. For server clusters, the ability to incrementally add one or more systems to an existing cluster when the overall load of the cluster exceeds its capabilities.
See also: server cluster
The process of cleaning and removing extinct or outdated names data from the WINS database.
See also: Windows Internet Name Service (WINS)
See other term: secure channel (Schannel)
The set of definitions for the universe of objects that can be stored in a directory. For each object class, the schema defines which attributes an instance of the class must have, which additional attributes it can have, and which other object classes can be its parent object class.
See also: attribute directory partition object object class parent object
A domain controller that holds the schema operations master role in Active Directory. The schema master performs write operations to the directory schema and replicates updates to all other domain controllers in the forest. At any time, the schema master role can be assigned to only one domain controller in the forest.
See also: Active Directory domain controller operations master schema
A range of IP addresses that are available to be leased or assigned to DHCP clients by the DHCP service.
See also: Dynamic Host Configuration Protocol (DHCP) IP address lease
scope of influence
In a domain environment, a site, domain, or organizational unit; in a workgroup environment, the local disk.
See also: domain organizational unit site
scope of management (SOM)
In Group Policy, any Active Directory container to which you can link a Group Policy object (GPO). These containers can be sites, domains, or organizational units.
See also: Active Directory Group Policy Group Policy object (GPO)
A typeface designed for display on a computer monitor screen. A screen font often has an accompanying PostScript font for printing to PostScript-compatible printers.
See also: font PostScript
The setting that determines the amount of information that appears on your screen, measured in pixels. Low resolution, such as 640 x 480, makes items on the screen appear large, although the screen area is small. High resolution, such as 1024 x 768, makes the overall screen area large, although individual items appear small.
See also: pixel
A moving picture or pattern that appears on a computer screen when the mouse or keyboard has not been used for a specified period of time.
See other term: small computer system interface (SCSI)
See other term: Session Description Protocol (SDP)
A specific virtual IP address assigned to a Network Load Balancing cluster (the "primary cluster"). The secondary cluster`s virtual IP address is different than the primary cluster`s virtual IP address. Secondary clusters allow you to configure an independent set of port rules for each virtual IP address in your Network Load Balancing (primary) cluster. Also known as a virtual cluster.
See also: cluster Network Load Balancing virtual IP address
The practice of logging on by using one security context and then, within the initial logon session, authenticating and using a second account. In Windows 2000, Windows XP Professional, and the Windows Server 2003 family, secondary logon is enabled by the RunAs.exe program and service.
See also: authentication
A read-only copy of a DNS zone that is transferred from an authoritative DNS server to another DNS server to provide redundancy.
See also: authoritative DNS server DNS zone Domain Name System (DNS) primary zone zone
A DNS domain name that is rooted hierarchically at the second tier of the domain namespace, directly beneath the top-level domain names. Top-level domain names include .com and .org. When DNS is used on the Internet, second-level domains are names that are registered and delegated to individual organizations and businesses.
See also: domain name Domain Name System (DNS) parent domain top-level domains
A 512-byte unit of physical storage on a hard disk. Windows file systems allocate storage in clusters, where a cluster is one or more contiguous sectors.
See also: cluster file system
secure channel (Schannel)
A Security Support Provider (SSP) that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Internet standard authentication protocols.
See also: authentication protocol Secure Sockets Layer (SSL) Transport Layer Security (TLS)
secure dynamic update
The process in which a DNS client submits a dynamic update request to a DNS server and the DNS server performs the update only if the client is authenticated.
See also: authentication DNS client DNS server dynamic update
Secure Hash Algorithm (SHA-1)
An algorithm that generates a 160-bit hash value from an arbitrary amount of input data. SHA-1 is used with the Digital Signature Algorithm (DSA) in the Digital Signature Standard (DSS), among other places.
See also: Digital Signature Standard (DSS) hash algorithm
Secure Hypertext Transfer Protocol
A protocol that provides a secure Hypertext Transfer Protocol (HTTP) connection.
See also: Hypertext Transfer Protocol (HTTP) protocol
Secure Sockets Layer (SSL)
A proposed open standard for establishing a secure communications channel to prevent the interception of critical information, such as credit card numbers. Primarily, it enables secure electronic financial transactions on the World Wide Web, although it is designed to work on other Internet services as well.
See also: Internet
A DNS zone that is stored in Active Directory and to which access control list (ACL) security features are applied.
See also: access control list (ACL) Active Directory DNS zone Domain Name System (DNS)
Secure/Multipurpose Internet Mail Extensions (S/MIME)
An extension of MIME that supports secure mail. It enables message originators to digitally sign e-mail messages to provide proof of message origin and data integrity. It also enables messages to be transmitted in encrypted format to provide confidential communications.
See also: public key encryption
On a network, protection of a computer system and its data from harm or loss, implemented especially so that only authorized users can gain access to shared files.
See also: authorization
Security Accounts Manager (SAM)
A Windows service used during the logon process. SAM maintains user account information, including groups to which a user belongs.
See also: group service user account
security association (SA)
A combination of identifiers, which together define Internet Protocol security (IPSec) that protects communication between sender and receiver. An SA is identified by the combination of a Security Parameters Index (SPI), destination IP address, and security protocol (Authentication Header (AH) or Encapsulating Security Payload (ESP)). An SA must be negotiated before secured data can be sent.
See also: Authentication Header (AH) Encapsulating Security Payload (ESP) Internet Protocol security (IPsec) IP address Security Parameters Index (SPI)
The security attributes or rules that are currently in effect. For example, the rules that govern what a user can do to a protected object are determined by security information in the user`s access token and in the object`s security descriptor. Together, the access token and the security descriptor form a security context for the user`s actions on the object.
See also: access token object security descriptor
A data structure that contains security information associated with a protected object. Security descriptors include information about who owns the object, who can access it and in what way, and what types of access are audited.
An event that is logged in the security log in Event Viewer. All events that are logged in the security log are auditing events, and they can be divided into the following event categories: account logon, account management, directory service access, logon, object access, policy change, privilege use, process tracking, or system.
See also: auditing event Event Viewer security log
A method of applying the settings of a Group Policy object (GPO) based on security principals.
See also: Group Policy object (GPO) security principal
A group that can be listed in discretionary access control lists (DACLs) used to define permissions on resources and objects. A security group can also be used as an e-mail entity. Sending an e-mail message to the group sends the message to all the members of the group.
See also: discretionary access control list (DACL) group
An authentication device, supplemental to standard Windows and remote access server security, that verifies whether a caller from a remote client is authorized to connect to the remote access server.
See also: authentication remote access remote access server
security ID (SID)
A data structure of variable length that identifies user, group, and computer accounts. Every account on a network is issued a unique SID when the account is first created. Internal processes in Windows refer to an account`s SID rather than the account's user or group name.
See also: group account user account user name
An event log containing information about security events that are specified in the audit policy.
See also: audit policy event
The software implementation of a security protocol. Security packages are contained in security support provider dynamic-link libraries (DLLs) or in security support provider/authentication package DLLs.
Security Parameters Index (SPI)
A unique, identifying value in the security association (SA) used to distinguish among multiple SAs existing at the receiving computer.
See also: security association (SA)
In Windows-based computers, an account (such as a user, security group, device, or computer) that can be granted or denied access to resources.
security principal name
A name that uniquely identifies a user, group, or computer within a single domain. This name is not guaranteed to be unique across domains.
See also: domain group security principal
A specification that defines security-related data objects and rules about how the objects are used to maintain security on a computer system.
security support provider (SSP)
A dynamic-link library (DLL) that implements the Security Support Provider Interface (SSPI) by making one or more security packages available to applications. Each security package provides mappings between an application`s SSPI function calls and an actual security model`s functions. Security packages support security protocols such as Kerberos and NTLM.
Security Support Provider Interface (SSPI)
A common interface between transport-level applications, such as Microsoft Remote Procedure Call (RPC), and security support providers (SSPs), such as Windows Distributed Security. SSPI allows a transport application to call one of the SSPs to obtain an authenticated connection. These calls do not require extensive knowledge of the security protocol`s details.
A physical file representation of a security configuration that can be applied to a local computer or imported to a Group Policy object (GPO) in Active Directory. When you import a security template to a GPO, Group Policy processes the template and makes the corresponding changes to the members of that GPO, which can be users or computers.
See also: Active Directory Group Policy Group Policy object (GPO)
A cryptographically signed data unit that expresses one or more claims.
security token service
A Web service that issues security tokens. A security token service makes assertions based on evidence that it trusts to whoever trusts it. To communicate trust, this service requires proof, such as a security token or set of security tokens, and it issues a security token with its own trust statement. (Note that for some security token formats, this can simply be a reissuance or cosignature.) In Active Directory Federation Services (ADFS), the Federation Service is a security token service.
The Macintosh-style privilege that allows you to see any files in the folders for which you have this privilege. When Services for Macintosh translates Macintosh-style privileges into Windows permissions, you are granted Read permission for any folders for which you have the See Files and See Folders privileges.
See also: See Folders
The Macintosh-style privilege that allows you to see folders for which you have this privilege but not any files those folders might contain. When Services for Macintosh translates Macintosh-style privileges into Windows permissions, you are granted Read permission for any folders for which you have the See Files and See Folders privileges.
See also: See Files
A router that initializes and broadcasts network numbers and zones about one or more physical AppleTalk networks. Servers that are running the AppleTalk protocol can function as seed routers. You can also use hardware routers from other companies as seed routers.
See also: router zone
Between a pair of replicating servers, the member that is sending replicated content over a connection.
Serial Line Internet Protocol (SLIP)
An older industry standard that is part of Windows remote access client to ensure interoperability with other remote access software.
See also: remote access
An interface on the computer that allows asynchronous transmission of data characters one bit at a time. Also called a communication port or COM port.
See also: communication port port
A computer that provides shared resources, such as files or printers, to network users.
See also: client shared resource
Application software running on a cluster node, regardless of whether it does service registration.
See also: node
A group of computers, known as nodes, working together as a single system to ensure that mission-critical applications and resources remain available to clients. A server cluster presents the appearance of a single server to a client.
See also: cluster node
In Active Directory Federation Services (ADFS), a collection of load-balanced federation servers, federation server proxies, or Web servers hosting the ADFS Web Agent.
Server for NIS
A feature of Windows that enables a Windows–based Active Directory domain controller to administer Network Information Service (NIS) networks.
Server Message Block (SMB)
A file-sharing protocol designed to allow networked computers to transparently access files that reside on remote systems over a variety of networks. The SMB protocol defines a series of commands that pass information between computers. SMB uses four message types: session control, file, printer, and message.
See also: protocol
Server Operators group
A group whose members can manage all domain controllers in a single domain. This group does not exist on workstations, stand-alone servers, or member servers. Administrative tasks that can be performed by members of this group include logging on locally, creating and deleting network shared resources, starting and stopping services, backing up and restoring files, formatting the hard disk of the computer, and shutting down the computer.
The AppleTalk zone on which a server appears. On a Phase 2 network, a server appears in the default zone of the server`s default network.
See also: server zone
Server-Gated Cryptography (SGC)
An extension of Secure Sockets Layer (SSL) that enables organizations, such as financial institutions, that have export versions of Internet Information Services (IIS) to use strong encryption (for example, 128-bit encryption).
See also: cryptography Internet Information Services (IIS) Secure Sockets Layer (SSL)
A program, routine, or process that performs a specific system function to support other programs, particularly at a low (close to the hardware) level. When services are provided over a network, they can be published in Active Directory, facilitating service-centric administration and usage. Some examples of services are the Security Accounts Manager service, File Replication Service (FRS), and Routing and Remote Access service.
See also: File Replication service (FRS) Security Accounts Manager (SAM)
service (SRV) resource record
A DNS resource record used to identify computers that host specific services, specified in RFC 2782. SRV resource records are used to locate domain controllers for Active Directory.
See also: Active Directory domain controller Domain Name System (DNS) Request for Comments (RFC) resource record (RR)
Service Advertising Protocol (SAP)
A NetWare protocol used to identify the services and addresses of servers attached to the network. When a server starts, it uses the protocol to advertise its service. When the same server goes offline, it uses the protocol to announce that it is no longer available. NWLink IPX/SPX/NetBIOS Compatible Transport Protocol (NWLink) uses SAP to locate NetWare servers and services.
See also: NWLink IPX/SPX/NetBIOS Compatible Transport Protocol (NWLink) protocol
A software upgrade to an existing software distribution that contains updated files consisting of patches and hot fixes.
Service Principal Name (SPN)
A way of referring to a service principal. SPN structures generally follow Internet Engineering Task Force (IETF) naming conventions, and they often include the name of the computer on which the service is running. SPNs may be used to request Kerberos tickets, and they are required for mutual authentication.
See also: authentication Internet Engineering Task Force (IETF) service ticket
Service Profile Identifier (SPID)
An 8-digit to 14-digit number that identifies the services that you order for each B-channel. For example, when you order Primary Rate ISDN, you obtain two phone numbers and two SPIDs from your Integrated Services Digital Network (ISDN) provider. Typical ISDN adapters cannot operate without configuring SPIDs.
See also: B-channel Integrated Services Digital Network (ISDN) service
Service Provider Interface
Calling conventions that back-end services use to make themselves accessible to front-end applications.
See also: service
A ticket issued by the Kerberos V5 ticket-granting service (TGS) that allows a user to authenticate to a specific service in the domain.
See also: Kerberos V5 authentication protocol ticket ticket-granting service (TGS)
A service model that does not require that a specific computer be used to complete a task. In a service-centric environment, users need to know only what service they want to use. They do not need to know what computer that service resides on to use it successfully.
See also: machine-centric service
A logical connection created between two hosts to exchange data. Typically, sessions use sequencing and acknowledgments to send data reliably. In the context of load balancing TCP/IP traffic, a set of client requests directed to a server. These requests can be invoked with multiple, possibly concurrent, TCP connections. The server program sometimes maintains state information between requests. To preserve access to the server state, Network Load Balancing needs to direct all requests within a session to the same cluster host when load balancing.
See also: client request host load balancing Network Load Balancing server Transmission Control Protocol/Internet Protocol (TCP/IP)
For Message Queuing, a feature that typically reduces network bandwidth within a site and the number of sessions between sites. Specially configured Message Queuing servers with routing services provide session concentration.
Session Description Protocol (SDP)
A protocol that Telephony API (TAPI) uses to advertise Internet Protocol (IP) multicast conferences. This protocol describes multimedia sessions for the purposes of session announcement, session invitation, and other forms of session initiation. SDP descriptors are stored in Active Directory. SDP is described in RFC 2327 of the Internet Engineering Task Force (IETF).
See also: Active Directory Internet Engineering Task Force (IETF) protocol Request for Comments (RFC) Telephony API (TAPI)
In Internet Protocol security (IPSec), a value that is used in combination with an algorithm to encrypt or decrypt data that is transferred between computers. A session key is created for every pair of computers to provide enhanced security on computers that have multiple simultaneous active sessions.
See also: algorithm encryption Internet Protocol security (IPsec) key session
In Network Connections, a form of callback in which the user supplies the telephone number that the remote access server uses for callback. This setting spares the user any long-distance telephone charges.
See also: Network Connections remote access server
The program that installs Windows. Also known as unattended installation, Winnt32.exe, and Winnt.exe.
See other term: Server-Gated Cryptography (SGC)
See other term: Secure Hash Algorithm (SHA-1)
To make resources, such as folders and printers, available to others.
See also: resource shared folder
A folder on another computer that has been made available for other people to use on the network.
See also: share
shared folder permissions
Permissions that restrict a shared resource`s availability over the network to only certain users.
See also: permission shared resource
A printer that receives input from more than one computer. For example, a printer attached to another computer on the network can be shared so that it is available for you to use. Also called a network printer.
See also: printer share
Any device, data, or program that is used by more than one program or one other device. For Windows, shared resource refers to any resource that is made available to network users, such as folders, files, printers, and named pipes. Shared resource can also refer to a resource on a server that is available to network users.
A link to any item accessible on your computer or on a network, such as a program, file, folder, disk drive, printer, or another computer. You can put shortcuts in various areas, such as on the desktop, on the Start menu, or in specific folders.
See also: desktop
A trust that is manually created between two domains in the same forest. The purpose of a shortcut trust is to optimize the interdomain authentication process by shortening the trust path. Shortcut trusts are transitive and can be one-way or two-way.
See also: Active Directory domain forest one-way trust trust path trust relationship two-way trust
See other term: security ID (SID)
A protocol that uses signaling to request, route, accept, and tear down virtual circuits.
See also: protocol
A driver that meets the criteria of the Windows Logo Program. For performance and stability, Microsoft strongly recommends that you use only signed drivers for new or updated drivers.
See also: unsigned driver Windows Logo Program
Simple Authentication and Security Layer (SASL)
An open framework, described in Request for Comments (RFC) 2222, for adding authentication support to connection-based protocols.
Simple Mail Transfer Protocol (SMTP)
A member of the TCP/IP suite of protocols that governs the exchange of electronic mail between message transfer agents.
See also: protocol Transmission Control Protocol/Internet Protocol (TCP/IP)
Simple Network Management Protocol (SNMP)
A network protocol used to manage TCP/IP networks. In Windows, the SNMP service is used to provide status information about a host on a TCP/IP network.
See also: agent protocol service Transmission Control Protocol/Internet Protocol (TCP/IP)
Simple Object Access Protocol (SOAP)
An XML/HTTP-based protocol for platform-independent access to objects and services on the Web. SOAP defines a message format in XML that travels over the Internet using Hypertext Transfer Protocol (HTTP). By using existing Web protocols (HTTP) and languages (XML), SOAP runs over the existing Internet infrastructure without being tied to any operating system, language, or object model.
See also: Extensible Markup Language (XML) Hypertext Transfer Protocol (HTTP) object service
Simple TCP/IP Services
Four TCP/IP services: Character Generator, Daytime Discard, Echo, and Quote of the Day.
See also: service Transmission Control Protocol/Internet Protocol (TCP/IP)
A dynamic volume made up of disk space from a single dynamic disk. A simple volume can consist of a single region on a disk or multiple regions of the same disk that are linked together. If the simple volume is not a system volume or boot volume, you can extend it within the same disk or onto additional disks. If you extend a simple volume across multiple disks, it becomes a spanned volume. You can create simple volumes only on dynamic disks. Simple volumes are not fault tolerant, but you can mirror them to create mirrored volumes on computers running the Windows 2000 Server or Windows Server 2003 families of operating systems.
See also: dynamic disk dynamic volume fault tolerance mirrored volume spanned volume volume
Specifies that Network Load Balancing should direct multiple requests from the same client IP address to the same cluster host. This is the default setting for affinity.
See also: affinity Class C affinity Network Load Balancing
Single Instance Store (SIS)
A component that saves disk space on the server by maintaining a single physical copy of all identical files found. If SIS finds a duplicate file on the server, it copies the original file into the SIS store and leaves a link where the original resided. This technology is used only with Remote Installation Services.
See also: Remote Installation Services (RIS)
single node server cluster
A cluster configuration that has one node and that can be configured with or without external cluster storage devices. For a single node cluster without an external cluster storage device, the local disk is configured as the cluster storage device. There are advantages and limitations for each cluster configuration (single node server cluster, single quorum device server cluster, and majority node set server cluster).
See also: cluster cluster storage majority node set server cluster node single quorum device server cluster
single quorum device server cluster
A cluster configuration that has two or more nodes and that is configured so that every node is attached to one or more cluster storage device. The cluster configuration data is stored on a single cluster storage device. There are advantages and limitations for each cluster configuration (single node server cluster, single quorum device server cluster, and majority node set server cluster).
See also: cluster cluster storage majority node set server cluster node single node server cluster
A process that enables a user with a domain account to log on to a network once, using a password or smart card, and to gain access to any computer in the domain.
See also: domain smart card
single sign-on (SSO)
An optimization of the authentication sequence to remove the burden of repeated logon actions by an end user
single sign-on daemon (SSOD)
A daemon on a Windows-based computer that receives an encrypted password and decrypts it before requesting a password change on the UNIX host.
See other term: Single Instance Store (SIS)
One or more well-connected (highly reliable and fast) TCP/IP subnets. A site allows administrators to configure Active Directory access and replication topology to take advantage of the physical network.
See also: Active Directory replication topology subnet Transmission Control Protocol/Internet Protocol (TCP/IP)
An Active Directory object that represents a set of sites that can communicate at uniform cost through some intersite transport. For Internet Protocol (IP) transport, a typical site link connects just two sites and corresponds to an actual wide area network (WAN) link. An IP site link connecting more than two sites might correspond to an asynchronous transfer mode (ATM) backbone connecting more than two clusters of buildings on a large campus or several offices in a large metropolitan area connected via leased lines and IP routers.
site link bridge
An Active Directory object that represents a set of site links, all of whose sites can communicate via some transport. Typically, a site link bridge corresponds to a router (or a set of routers) in an Internet Protocol (IP) network. By default, the Knowledge Consistency Checker (KCC) may form a route through any and all site links in a transitive manner. If this behavior is turned off, each site link represents its own distinct and isolated network. Sets of site links that can be treated as a single route are expressed through a site link bridge. Each bridge represents an isolated communication environment for network traffic.
An energy-saving mode in which the Windows operating system shuts down all unnecessary components, such as the display screen and the disk drive. The computer returns to its former operating status when it is awakened.
See also: wake-on-LAN
See other term: Serial Line Internet Protocol (SLIP)
small computer system interface (SCSI)
A standard high-speed parallel interface defined by the American National Standards Institute (ANSI). A SCSI interface is used for connecting microcomputers to peripheral devices, such as hard disks and printers, and to other computers and local area networks (LANs).
See also: device local area network (LAN)
A credit card–sized device that is used with an access code to enable certificate-based authentication and single sign-on to the enterprise. Smart cards securely store certificates, public and private keys, passwords, and other types of personal information. A smart card reader attached to the computer reads the smart card.
smart card reader
A device that is installed in computers to enable the use of smart cards for enhanced security features.
See also: smart card
See other term: Systems Management Server (SMS)
See other term: Simple Mail Transfer Protocol (SMTP)
A type of tool that you can add to a console supported by Microsoft Management Console (MMC). A stand-alone snap-in can be added by itself; an extension snap-in can be added only to extend the function of another snap-in.
See also: Microsoft Management Console (MMC)
An application or device that can read, monitor, and capture network data exchanges and read network packets. If the packets are not encrypted, a sniffer provides a full view of the data inside the packet.
See also: device packet
See other term: Simple Network Management Protocol (SNMP)
An identifier for a particular service on a particular node on a network. The socket consists of a node address and a port number, which identifies the service. For example, port 80 on an Internet node indicates a Web server. There are two kinds of sockets: streams (bidirectional) and datagrams.
See also: datagram node port process raw socket
A type of digital video disc (DVD) decoder that allows a DVD drive to display movies on your computer screen. A software decoder uses only software to display movies.
See also: DVD decoder DVD drive hardware decoder
software restriction policies
A collection of policy settings that define what software can run on a computer, based on the default security level for a Group Policy object (GPO). Exceptions to that default security level can then be defined by certificate rules, hash rules, path rules, registry path rules, and Internet zone rules.
See also: default security level Group Policy Group Policy object (GPO) software restriction policies rule
software restriction policies rule
A rule that creates an exception to the default security level that is defined by software restriction policies. The following types of rules can be created: certificate rules, which recognize software that is digitally signed by an Authenticode software publisher certificate; hash rules, which recognize specific software based on a hash of the software; path rules, which recognize software based on the location in which the software is stored; registry path rules, which recognize software based on the location of the software as it is stored in the registry; and Internet zone rules, which recognize software based on the zone of the Internet from which the software is downloaded.
See also: default security level hash path registry software restriction policies
See other term: scope of management (SOM)
The document where a linked or embedded object was originally created.
See also: embedded object linked object
For Message Queuing, the process of storing a copy of an outgoing message. Source journaling is configured on a message basis, and it is set by the sending application. When source journaling is enabled, a copy of the message is put in the source journal of the source computer when the message arrives at the destination (target) queue.
See also: journal Message Queuing target journaling
A dynamic volume consisting of disk space on more than one physical disk. You can increase the size of a spanned volume by extending it onto additional dynamic disks. You can create spanned volumes only on dynamic disks. Spanned volumes are not fault tolerant and cannot be mirrored.
See also: dynamic disk dynamic volume fault tolerance mirrored volume simple volume volume
A file that is handled in a way that requires much less disk space than would otherwise be needed. Sparse support allows an application to create very large files without committing disk space for those regions of the file that contain only zeros. For example, you can use sparse support to work with a 42-GB file in which you need to write data only to the first 64 KB (the rest of the file is zeroed).
On NTFS volumes, a custom set of permissions. You can customize permissions on files and directories by selecting the individual components of the standard sets of permissions.
See also: NTFS file system permission volume
See other term: Service Profile Identifier (SPID)
A route-advertising algorithm that prevents the advertising of routes in the same direction in which they were learned. Split horizon helps prevent routing loops.
See also: poison reverse routing
A Briefcase command that separates the copy of the file inside Briefcase from the copy outside Briefcase.
A process on a server in which print documents are stored on a disk until a printer is ready to process them. A spooler accepts each document from each client, stores it, then sends it to a printer when the printer is ready.
See also: print spooler
See other term: structured query language (SQL)
See other term: Secure Sockets Layer (SSL)
See other term: security support provider (SSP)
See other term: Security Support Provider Interface (SSPI)
stand-alone certification authority
A certification authority (CA) that is not integrated with Active Directory.
See also: Active Directory certification authority (CA)
A DFS namespace, the configuration information for which is stored locally on the host server. The path to access the root or a link starts with the host server name. A stand-alone root has only one root target. There is no root-level fault tolerance. Therefore, when the root target is unavailable, the entire DFS namespace is inaccessible.
See also: DFS namespace root target
A server that runs Windows 2000 or Windows Server 2003, but does not participate in a domain. A stand-alone server has only its own database of users, and it processes logon requests by itself. A stand-alone server does not share account information with other computers and cannot provide access to domain accounts, but it can participate in a workgroup.
See also: domain member server workgroup
standard NIS map
In Network Information Service (NIS), a map that consists of aliases, bootparams, ethers, hosts, group, netgroup, netid, netmasks, networks, passwd, protocols, rpc, services, pservers, and shadow; all other maps are nonstandard.
start-of-authority (SOA) resource record
A record that indicates the starting point or original point of authority for information stored in a zone. The SOA resource record (RR) is the first RR created when adding a new zone. It also contains several parameters used by other computers that use DNS to determine how long they will use information for the zone and how often updates are required.
See also: authoritative Domain Name System (DNS) resource record (RR) zone
A program used by Remote Installation Services (RIS) that is the first file downloaded to the client using Trivial File Transfer Protocol (TFTP). Startrom.com is a small program that displays the Press F12 for Network Service Boot prompt. If F12 is pressed within three seconds, the Client Installation Wizard (OSChooser) is downloaded to begin the remote installation process.
See also: Remote Installation Services (RIS) Trivial File Transfer Protocol (TFTP)
In dual-boot or multiple-boot systems, the configuration settings that specify which system to start and how each system should be started.
See also: dual boot multiple boot
As related to servers, not involving the update of a server-side database based on a client request. As related to the handling of files, the content of the file is not modified or noticed. For Web servers, a stateless client request, which members of a Network Load Balancing cluster can process, is one that returns a static Web page to the client.
See also: Network Load Balancing cluster
static dialog box
A scripted dialog box between the client computer and an intermediary device. This kind of dialog box requires no response from the user.
See also: client
static load balancing
The process of manually moving a group between nodes to balance the load across the nodes.
See also: group node
Routes in a routing table that are permanent until changed by a network administrator or by an automatically scheduled auto-static update.
See also: router routing
See other term: notification area
A line of information related to the current program. The status bar is usually located at the bottom of a window. Not all windows have a status bar.
A serious error that affects the operating system and that could place data at risk. The operating system generates an obvious message, a screen with the Stop error, rather than continuing on and possibly corrupting data. Also called a fatal system error.
See also: Stop screen
A blue character-mode screen that appears when Windows encounters a condition that compromises safe system operation and the system stops. Commonly referred to as a blue screen or bug check.
See also: Stop error
A reporting tool that alerts administrators to current disk use trends, as well as to attempts by certain users or groups to save unauthorized files.
A stand-alone hardware appliance that hosts one or more storage devices (such as disk drives, tape drives, optical drives), and is peripheral to the server or servers that control access to it. Storage subsystems are used to create centralized data repositories, while freeing computing and storage resources on servers.
A required dependency for many resource types. Windows Server 2003, Enterprise Edition, and Windows Server 2003, Datacenter Edition, provide one storage-class resource: Physical Disk. However, your vendor or reseller might supply other storage-class resource types.
See also: dependency resource types
strict RFC checking
For DNS, a form of domain name checking that examines characters used in DNS names for compliance with DNS naming requirements and valid character usage as specified in RFC 1123, Requirements for Internet Hosts - Applications and Support. For strict RFC compliance, DNS domain names will use name labels made up only of valid uppercase and lowercase letters, number characters, and hyphens (A through Z, a through z, 0 through 9, -), separated by periods.
See also: domain name Domain Name System (DNS) label loose name checking Request for Comments (RFC)
A group of characters or character bytes handled as a single entity. Computer programs use strings to store and transmit data and commands. Most programming languages consider strings (such as 2674:gstmn) as distinct from numeric values (such as 470924).
See also: transmitting station ID (TSID) string
A dynamic volume that stores data in stripes on two or more physical disks. Data in a striped volume is allocated alternately and evenly (in stripes) across the disks. Striped volumes offer the best performance of all the volumes that are available in Windows, but they do not provide fault tolerance. If a disk in a striped volume fails, the data in the entire volume is lost. You can create striped volumes only on dynamic disks. Striped volumes cannot be mirrored or extended.
See also: dynamic disk dynamic volume fault tolerance mirrored volume volume
A password that cannot be easily guessed or cracked. A strong password is at least six characters long, does not contain all or part of the user's account name, and contains at least three of the four following categories of characters: uppercase characters, lowercase characters, numbers, and symbols found on the keyboard (such as !, @, #).
See also: password password policy weak password
structured query language (SQL)
A widely accepted standard database sublanguage used in querying, updating, and managing relational databases.
An Open Shortest Path First (OSPF) area that does not advertise individual external networks. A stub area blocks external routes and therefore reduces the amount of memory required on the internal routers located in the stub area. To keep the topology database size small, routing to all external networks in a stub area is done through a default route (destination 0.0.0.0 with the subnet mask of 0.0.0.0). In OSPF, any destination that you cannot reach through an intra-area or inter-area router is reachable through the default route.
See also: Open Shortest Path First (OSPF) routing
A copy of a zone that contains only the resource records required to identify the authoritative DNS servers for that zone. A DNS server that hosts a parent zone and a stub zone for one of the parent zone`s delegated child zones can receive updates from the authoritative DNS servers for the child zone.
See also: authoritative DNS server resource record (RR) zone
A DNS domain located directly beneath another domain name (the parent domain) in the namespace tree. For example, example.microsoft.com would be a subdomain of the domain microsoft.com. Also called child domain.
See also: child domain domain Domain Name System (DNS) parent domain
In public key cryptography, an entity that requests or holds a certificate. A subject can be a user, a computer, or any other device capable of requesting or using a certificate.
See also: public key cryptography
An element of the registry that contains entries or other subkeys. A tier of the registry that is immediately below a key or a subtree (if the subtree has no keys).
See also: descendent key entry key registry subtree
A subdivision of an Internet Protocol (IP) network. Each subnet has its own unique subnetted network ID.
See also: Internet Protocol (IP) network ID
subnet bandwidth management (SBM)
An Internet Engineering Task Force (IETF) standard that enables administrative control at the subnet level.
See also: Internet Engineering Task Force (IETF)
A server that does not attempt to resolve queries on its own. Instead, it sends all queries to forwarders. Formerly known as slave server.
Any node within a tree, along with any selection of connected descendant nodes. The highest level of the registry (for example, HKEY_LOCAL_MACHINE).
See also: key node registry subkey
An administrative grouping feature that supports a DHCP server`s ability to use more than scope for each physical interface and subnet. Superscopes are useful under the following conditions: If more DHCP clients must be added to a network than were originally planned, if an Internet Protocol (IP) network is renumbered, or if two or more DHCP servers are configured to provide scope redundancy and fault-tolerant design DHCP service for a single subnet. Each superscope can contain one or more member scopes (also known as child scopes).
See other term: switched virtual circuit (SVC)
The type of interface to which your Integrated Services Digital Network (ISDN) device is being attached. Also called switch.
See also: B-channel D-channel Integrated Services Digital Network (ISDN)
switched virtual circuit (SVC)
A connection established dynamically between devices on an asynchronous transfer mode (ATM) network through the use of signaling.
See also: asynchronous transfer mode (ATM)
A central network device (multiport hub) that forwards packets to specific ports rather than, as in conventional hubs, broadcasting every packet to every port. In this way, the connections between ports deliver the full bandwidth available.
See also: hub packet port
An encryption algorithm that requires the same secret key to be used for both encryption and decryption. Because of its speed, symmetric encryption is typically used when a message sender needs to encrypt large amounts of data. Also called secret key encryption.
See also: public key encryption
A single key that is used with symmetric encryption algorithms for both encryption and decryption.
See also: encryption key symmetric encryption
Each application or command runs in the order listed, and each item must finish before the next command is run.
The order in which a command must be typed, and the elements that follow the command.
See also: Command Prompt window
A tool used to configure the startup key, a random, 128-bit, symmetric cryptographic key created at system startup and used to encrypt all of the user`s symmetric cryptographic keys.
See also: encryption symmetric key
system access control list (SACL)
The part of an object`s security descriptor that specifies which events are to be audited per user or group. Examples of auditing events are file access, logon attempts, and system shutdowns.
See also: auditing discretionary access control list (DACL) event object security descriptor
system area network (SAN)
A network configuration, usually on a separate Internet Protocol (IP) subnet, that gives data a direct path to system hardware.
See also: Internet Protocol (IP) subnet
system default profile
The user profile that is loaded when Windows is running and no user is logged on. When the Begin Logon dialog box is visible, the system default profile is loaded.
See also: user profile
A disk that contains the MS-DOS system files necessary to start MS-DOS.
See also: MS-DOS (Microsoft Disk Operating System)
Files used by Windows to load, configure, and run the operating system. Generally, system files must never be deleted or moved.
A menu that contains commands you can use to manipulate a window or close a program. You click the program icon at the left of the title bar to open the System menu.
The partition that contains the hardware-specific files needed to load Windows (for example, Ntldr, Osloader, Boot.ini, Ntdetect.com). The system partition can be, but does not have to be, the same as the boot partition.
See also: boot partition partition
A Windows NT 4.0-style policy based on registry settings made using Poledit.exe, the System Policy Editor.
See also: policy registry
In Backup, a collection of system-specific data maintained by the operating system that must be backed up as a unit. It is not a backup of the entire system. The System State data includes the registry, COM+ Class Registration database, system files, boot files, and files under Windows File Protection. For servers, the System State data also includes the Certificate Services database (if the server is a certificate server). If the server is a domain controller, the System State data also includes the Active Directory database and the SYSVOL directory. If the server is a node in a cluster, it includes the Cluster database information. The IIS Metabase is included if Internet Information Services (IIS) is installed.
See also: Active Directory cluster domain controller Internet Information Services (IIS) node registry SYSVOL
Storage locations for data that are defined by the operating system and that are the same regardless of who is logged on at the computer. (Users who are also members of the Administrators group can add new variables or change the values.)
See also: Administrators group
The volume that contains the hardware-specific files that are needed to load Windows on x86-based computers with a basic input/output system (BIOS). The system volume can be, but does not have to be, the same volume as the boot volume.
See also: basic input/output system (BIOS) boot volume volume x86
The path and folder name where the Windows system files are located. Typically, this is C:\Windows, although you can designate a different drive or folder when you install Windows. You can use the value %systemroot% to replace the actual location of the folder that contains the Windows system files. To identify your systemroot folder, click Start, click Run, type %systemroot%, and then click OK.
Systems Management Server (SMS)
A Microsoft product that includes inventory collection, software deployment, and diagnostic tools. SMS automates the task of upgrading software, allows remote problem solving, provides asset management information, and monitors software usage, computers, and networks.
A shared directory that stores the server copy of the domain`s public files, which are replicated among all domain controllers in the domain.
See also: directory domain domain controller