Export (0) Print
Expand All

Windows Server 2003 Glossary - S

Updated: March 7, 2008

Applies To: Windows Server 2000, Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

For more Windows Server terms, see the Windows Server 2008 Glossary.

Glossary - S

#  A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P  Q  R  S  T  U  V  W  X  Y  Z



See other term: security association (SA)  


See other term: system access control list (SACL)  

Safe mode

A method of starting Windows using only basic files and drivers. Safe mode is available by pressing the F8 key during startup. This allows you to start the computer when a problem prevents it from starting correctly.

See also: Safe Mode with Command Prompt   Safe Mode with Networking   

Safe Mode with Command Prompt

A method of starting Windows using basic files and drivers only, without networking, and with only a command prompt displayed. This mode is available by pressing the F8 key when prompted during startup. This allows you to start your computer when a problem prevents it from starting normally.

See also: Safe mode   Safe Mode with Networking   

Safe Mode with Networking

A method of starting Windows using only basic files, drivers, and networking. This mode is available by pressing the F8 key when prompted during startup. This allows you to start your computer when a problem prevents it from starting normally.

See also: Safe mode   Safe Mode with Command Prompt   


See other term: Security Accounts Manager (SAM)  

SAM account name

A domain-unique security principal name in Windows NT 4.0 and earlier.

See also: Security Accounts Manager (SAM)   security principal name   


See other term: system area network (SAN)  




In color management, the purity of a color's hue, moving from gray to the pure color.

See also: hue   


See other term: subnet bandwidth management (SBM)  


A measure of how well a computer, service, or application can grow to meet increasing performance demands. For server clusters, the ability to incrementally add one or more systems to an existing cluster when the overall load of the cluster exceeds its capabilities.

See also: server cluster   


The process of cleaning and removing extinct or outdated names data from the WINS database.

See also: Windows Internet Name Service (WINS)   


See other term: secure channel (Schannel)  


The set of definitions for the universe of objects that can be stored in a directory. For each object class, the schema defines which attributes an instance of the class must have, which additional attributes it can have, and which other object classes can be its parent object class.

See also: attribute   directory partition   object   object class   parent object   

schema master

A domain controller that holds the schema operations master role in Active Directory. The schema master performs write operations to the directory schema and replicates updates to all other domain controllers in the forest. At any time, the schema master role can be assigned to only one domain controller in the forest.

See also: Active Directory   domain controller   operations master   schema   


A range of IP addresses that are available to be leased or assigned to DHCP clients by the DHCP service.

See also: Dynamic Host Configuration Protocol (DHCP)   IP address   lease   

scope of influence

In a domain environment, a site, domain, or organizational unit; in a workgroup environment, the local disk.

See also: domain   organizational unit   site   

scope of management (SOM)

In Group Policy, any Active Directory container to which you can link a Group Policy object (GPO). These containers can be sites, domains, or organizational units.

See also: Active Directory   Group Policy   Group Policy object (GPO)   

screen font

A typeface designed for display on a computer monitor screen. A screen font often has an accompanying PostScript font for printing to PostScript-compatible printers.

See also: font   PostScript   

screen resolution

The setting that determines the amount of information that appears on your screen, measured in pixels. Low resolution, such as 640 x 480, makes items on the screen appear large, although the screen area is small. High resolution, such as 1024 x 768, makes the overall screen area large, although individual items appear small.

See also: pixel   

screen saver

A moving picture or pattern that appears on a computer screen when the mouse or keyboard has not been used for a specified period of time.



secondary cluster

A specific virtual IP address assigned to a Network Load Balancing cluster (the "primary cluster"). The secondary cluster`s virtual IP address is different than the primary cluster`s virtual IP address. Secondary clusters allow you to configure an independent set of port rules for each virtual IP address in your Network Load Balancing (primary) cluster. Also known as a virtual cluster.

See also: cluster   Network Load Balancing   virtual IP address   

secondary logon

The practice of logging on by using one security context and then, within the initial logon session, authenticating and using a second account. In Windows 2000, Windows XP Professional, and the Windows Server 2003 family, secondary logon is enabled by the RunAs.exe program and service.

See also: authentication   

secondary zone

A read-only copy of a DNS zone that is transferred from an authoritative DNS server to another DNS server to provide redundancy.

See also: authoritative   DNS server   DNS zone   Domain Name System (DNS)   primary zone   zone   

second-level domain

A DNS domain name that is rooted hierarchically at the second tier of the domain namespace, directly beneath the top-level domain names. Top-level domain names include .com and .org. When DNS is used on the Internet, second-level domains are names that are registered and delegated to individual organizations and businesses.

See also: domain name   Domain Name System (DNS)   parent domain   top-level domains   


A 512-byte unit of physical storage on a hard disk. Windows file systems allocate storage in clusters, where a cluster is one or more contiguous sectors.

See also: cluster   file system   

secure channel (Schannel)

A Security Support Provider (SSP) that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Internet standard authentication protocols.

See also: authentication protocol   Secure Sockets Layer (SSL)   Transport Layer Security (TLS)   

secure dynamic update

The process in which a DNS client submits a dynamic update request to a DNS server and the DNS server performs the update only if the client is authenticated.

See also: authentication   DNS client   DNS server   dynamic update   

Secure Hash Algorithm (SHA-1)

An algorithm that generates a 160-bit hash value from an arbitrary amount of input data. SHA-1 is used with the Digital Signature Algorithm (DSA) in the Digital Signature Standard (DSS), among other places.

See also: Digital Signature Standard (DSS)   hash algorithm   

Secure Hypertext Transfer Protocol

A protocol that provides a secure Hypertext Transfer Protocol (HTTP) connection.

See also: Hypertext Transfer Protocol (HTTP)   protocol   

Secure Sockets Layer (SSL)

A proposed open standard for establishing a secure communications channel to prevent the interception of critical information, such as credit card numbers. Primarily, it enables secure electronic financial transactions on the World Wide Web, although it is designed to work on other Internet services as well.

See also: Internet   

secure zone

A DNS zone that is stored in Active Directory and to which access control list (ACL) security features are applied.

See also: access control list (ACL)   Active Directory   DNS zone   Domain Name System (DNS)   

Secure/Multipurpose Internet Mail Extensions (S/MIME)

An extension of MIME that supports secure mail. It enables message originators to digitally sign e-mail messages to provide proof of message origin and data integrity. It also enables messages to be transmitted in encrypted format to provide confidential communications.

See also: public key encryption   


On a network, protection of a computer system and its data from harm or loss, implemented especially so that only authorized users can gain access to shared files.

See also: authorization   

Security Accounts Manager (SAM)

A Windows service used during the logon process. SAM maintains user account information, including groups to which a user belongs.

See also: group   service   user account   

security association (SA)

A combination of identifiers, which together define Internet Protocol security (IPSec) that protects communication between sender and receiver. An SA is identified by the combination of a Security Parameters Index (SPI), destination IP address, and security protocol (Authentication Header (AH) or Encapsulating Security Payload (ESP)). An SA must be negotiated before secured data can be sent.

See also: Authentication Header (AH)   Encapsulating Security Payload (ESP)   Internet Protocol security (IPsec)   IP address   Security Parameters Index (SPI)   

security context

The security attributes or rules that are currently in effect. For example, the rules that govern what a user can do to a protected object are determined by security information in the user`s access token and in the object`s security descriptor. Together, the access token and the security descriptor form a security context for the user`s actions on the object.

See also: access token   object   security descriptor   

security descriptor

A data structure that contains security information associated with a protected object. Security descriptors include information about who owns the object, who can access it and in what way, and what types of access are audited.

See also: discretionary access control list (DACL)   group   object   permission   security context   system access control list (SACL)   

security event

An event that is logged in the security log in Event Viewer. All events that are logged in the security log are auditing events, and they can be divided into the following event categories: account logon, account management, directory service access, logon, object access, policy change, privilege use, process tracking, or system.

See also: auditing   event   Event Viewer   security log   

security filtering

A method of applying the settings of a Group Policy object (GPO) based on security principals.

See also: Group Policy object (GPO)   security principal   

security group

A group that can be listed in discretionary access control lists (DACLs) used to define permissions on resources and objects. A security group can also be used as an e-mail entity. Sending an e-mail message to the group sends the message to all the members of the group.

See also: discretionary access control list (DACL)   group   

security host

An authentication device, supplemental to standard Windows and remote access server security, that verifies whether a caller from a remote client is authorized to connect to the remote access server.

See also: authentication   remote access   remote access server   

security ID (SID)

A data structure of variable length that identifies user, group, and computer accounts. Every account on a network is issued a unique SID when the account is first created. Internal processes in Windows refer to an account`s SID rather than the account's user or group name.

See also: group account   user account   user name   

security log

An event log containing information about security events that are specified in the audit policy.

See also: audit policy   event   

security package

The software implementation of a security protocol. Security packages are contained in security support provider dynamic-link libraries (DLLs) or in security support provider/authentication package DLLs.

Security Parameters Index (SPI)

A unique, identifying value in the security association (SA) used to distinguish among multiple SAs existing at the receiving computer.

See also: security association (SA)   

security principal

In Windows-based computers, an account (such as a user, security group, device, or computer) that can be granted or denied access to resources.

See also: group   resource   security ID (SID)   service   

security principal name

A name that uniquely identifies a user, group, or computer within a single domain. This name is not guaranteed to be unique across domains.

See also: domain   group   security principal   

security protocol

A specification that defines security-related data objects and rules about how the objects are used to maintain security on a computer system.

security support provider (SSP)

A dynamic-link library (DLL) that implements the Security Support Provider Interface (SSPI) by making one or more security packages available to applications. Each security package provides mappings between an application`s SSPI function calls and an actual security model`s functions. Security packages support security protocols such as Kerberos and NTLM.

Security Support Provider Interface (SSPI)

A common interface between transport-level applications, such as Microsoft Remote Procedure Call (RPC), and security support providers (SSPs), such as Windows Distributed Security. SSPI allows a transport application to call one of the SSPs to obtain an authenticated connection. These calls do not require extensive knowledge of the security protocol`s details.

security template

A physical file representation of a security configuration that can be applied to a local computer or imported to a Group Policy object (GPO) in Active Directory. When you import a security template to a GPO, Group Policy processes the template and makes the corresponding changes to the members of that GPO, which can be users or computers.

See also: Active Directory   Group Policy   Group Policy object (GPO)   

security token

A cryptographically signed data unit that expresses one or more claims.

security token service

A Web service that issues security tokens. A security token service makes assertions based on evidence that it trusts to whoever trusts it. To communicate trust, this service requires proof, such as a security token or set of security tokens, and it issues a security token with its own trust statement. (Note that for some security token formats, this can simply be a reissuance or cosignature.) In Active Directory Federation Services (ADFS), the Federation Service is a security token service.

See Files

The Macintosh-style privilege that allows you to see any files in the folders for which you have this privilege. When Services for Macintosh translates Macintosh-style privileges into Windows permissions, you are granted Read permission for any folders for which you have the See Files and See Folders privileges.

See also: See Folders   

See Folders

The Macintosh-style privilege that allows you to see folders for which you have this privilege but not any files those folders might contain. When Services for Macintosh translates Macintosh-style privileges into Windows permissions, you are granted Read permission for any folders for which you have the See Files and See Folders privileges.

See also: See Files   

seed router

A router that initializes and broadcasts network numbers and zones about one or more physical AppleTalk networks. Servers that are running the AppleTalk protocol can function as seed routers. You can also use hardware routers from other companies as seed routers.

See also: router   zone   

sending member

Between a pair of replicating servers, the member that is sending replicated content over a connection.

Serial Line Internet Protocol (SLIP)

An older industry standard that is part of Windows remote access client to ensure interoperability with other remote access software.

See also: remote access   

serial port

An interface on the computer that allows asynchronous transmission of data characters one bit at a time. Also called a communication port or COM port.

See also: communication port   port   


A computer that provides shared resources, such as files or printers, to network users.

See also: client   shared resource   

server application

Application software running on a cluster node, regardless of whether it does service registration.

See also: node   

server cluster

A group of computers, known as nodes, working together as a single system to ensure that mission-critical applications and resources remain available to clients. A server cluster presents the appearance of a single server to a client.

See also: cluster   node   

server farm

In Active Directory Federation Services (ADFS), a collection of load-balanced federation servers, federation server proxies, or Web servers hosting the ADFS Web Agent.

Server for NIS

A feature of Windows that enables a Windows–based Active Directory domain controller to administer Network Information Service (NIS) networks.

Server Message Block (SMB)

A file-sharing protocol designed to allow networked computers to transparently access files that reside on remote systems over a variety of networks. The SMB protocol defines a series of commands that pass information between computers. SMB uses four message types: session control, file, printer, and message.

See also: protocol   

Server Operators group

A group whose members can manage all domain controllers in a single domain. This group does not exist on workstations, stand-alone servers, or member servers. Administrative tasks that can be performed by members of this group include logging on locally, creating and deleting network shared resources, starting and stopping services, backing up and restoring files, formatting the hard disk of the computer, and shutting down the computer.

See also: domain   domain controller   group   member server   service   stand-alone server   

server zone

The AppleTalk zone on which a server appears. On a Phase 2 network, a server appears in the default zone of the server`s default network.

See also: server   zone   

Server-Gated Cryptography (SGC)

An extension of Secure Sockets Layer (SSL) that enables organizations, such as financial institutions, that have export versions of Internet Information Services (IIS) to use strong encryption (for example, 128-bit encryption).

See also: cryptography   Internet Information Services (IIS)   Secure Sockets Layer (SSL)   


A program, routine, or process that performs a specific system function to support other programs, particularly at a low (close to the hardware) level. When services are provided over a network, they can be published in Active Directory, facilitating service-centric administration and usage. Some examples of services are the Security Accounts Manager service, File Replication Service (FRS), and Routing and Remote Access service.

See also: File Replication service (FRS)   Security Accounts Manager (SAM)   

service (SRV) resource record

A DNS resource record used to identify computers that host specific services, specified in RFC 2782. SRV resource records are used to locate domain controllers for Active Directory.

See also: Active Directory   domain controller   Domain Name System (DNS)   Request for Comments (RFC)   resource record (RR)   

Service Advertising Protocol (SAP)

A NetWare protocol used to identify the services and addresses of servers attached to the network. When a server starts, it uses the protocol to advertise its service. When the same server goes offline, it uses the protocol to announce that it is no longer available. NWLink IPX/SPX/NetBIOS Compatible Transport Protocol (NWLink) uses SAP to locate NetWare servers and services.

See also: NWLink IPX/SPX/NetBIOS Compatible Transport Protocol (NWLink)   protocol   

Service Pack

A software upgrade to an existing software distribution that contains updated files consisting of patches and hot fixes.

Service Principal Name (SPN)

A way of referring to a service principal. SPN structures generally follow Internet Engineering Task Force (IETF) naming conventions, and they often include the name of the computer on which the service is running. SPNs may be used to request Kerberos tickets, and they are required for mutual authentication.

See also: authentication   Internet Engineering Task Force (IETF)   service   ticket   

Service Profile Identifier (SPID)

An 8-digit to 14-digit number that identifies the services that you order for each B-channel. For example, when you order Primary Rate ISDN, you obtain two phone numbers and two SPIDs from your Integrated Services Digital Network (ISDN) provider. Typical ISDN adapters cannot operate without configuring SPIDs.

See also: B-channel   Integrated Services Digital Network (ISDN)   service   

Service Provider Interface

Calling conventions that back-end services use to make themselves accessible to front-end applications.

See also: service   

service ticket

A ticket issued by the Kerberos V5 ticket-granting service (TGS) that allows a user to authenticate to a specific service in the domain.

See also: Kerberos V5 authentication protocol   ticket   ticket-granting service (TGS)   


A service model that does not require that a specific computer be used to complete a task. In a service-centric environment, users need to know only what service they want to use. They do not need to know what computer that service resides on to use it successfully.

See also: machine-centric   service   


A logical connection created between two hosts to exchange data. Typically, sessions use sequencing and acknowledgments to send data reliably. In the context of load balancing TCP/IP traffic, a set of client requests directed to a server. These requests can be invoked with multiple, possibly concurrent, TCP connections. The server program sometimes maintains state information between requests. To preserve access to the server state, Network Load Balancing needs to direct all requests within a session to the same cluster host when load balancing.

See also: client request   host   load balancing   Network Load Balancing   server   Transmission Control Protocol/Internet Protocol (TCP/IP)   

session concentration

For Message Queuing, a feature that typically reduces network bandwidth within a site and the number of sessions between sites. Specially configured Message Queuing servers with routing services provide session concentration.

See also: bandwidth   Message Queuing   Message Queuing server   routing services   session   site   

Session Description Protocol (SDP)

A protocol that Telephony API (TAPI) uses to advertise Internet Protocol (IP) multicast conferences. This protocol describes multimedia sessions for the purposes of session announcement, session invitation, and other forms of session initiation. SDP descriptors are stored in Active Directory. SDP is described in RFC 2327 of the Internet Engineering Task Force (IETF).

See also: Active Directory   Internet Engineering Task Force (IETF)   protocol   Request for Comments (RFC)   Telephony API (TAPI)   

session key

In Internet Protocol security (IPSec), a value that is used in combination with an algorithm to encrypt or decrypt data that is transferred between computers. A session key is created for every pair of computers to provide enhanced security on computers that have multiple simultaneous active sessions.

See also: algorithm   encryption   Internet Protocol security (IPsec)   key   session   

set-by-caller callback

In Network Connections, a form of callback in which the user supplies the telephone number that the remote access server uses for callback. This setting spares the user any long-distance telephone charges.

See also: Network Connections   remote access server   


The program that installs Windows. Also known as unattended installation, Winnt32.exe, and Winnt.exe.


See other term: Server-Gated Cryptography (SGC)  


See other term: Secure Hash Algorithm (SHA-1)  


To make resources, such as folders and printers, available to others.

See also: resource   shared folder   

shared folder

A folder on another computer that has been made available for other people to use on the network.

See also: share   

shared folder permissions

Permissions that restrict a shared resource`s availability over the network to only certain users.

See also: permission   shared resource   

shared printer

A printer that receives input from more than one computer. For example, a printer attached to another computer on the network can be shared so that it is available for you to use. Also called a network printer.

See also: printer   share   

shared resource

Any device, data, or program that is used by more than one program or one other device. For Windows, shared resource refers to any resource that is made available to network users, such as folders, files, printers, and named pipes. Shared resource can also refer to a resource on a server that is available to network users.

See also: device   named pipe   resource   server   share   


A link to any item accessible on your computer or on a network, such as a program, file, folder, disk drive, printer, or another computer. You can put shortcuts in various areas, such as on the desktop, on the Start menu, or in specific folders.

See also: desktop   

shortcut trust

A trust that is manually created between two domains in the same forest. The purpose of a shortcut trust is to optimize the interdomain authentication process by shortening the trust path. Shortcut trusts are transitive and can be one-way or two-way.

See also: Active Directory   domain   forest   one-way trust   trust path   trust relationship   two-way trust   


See other term: security ID (SID)  

signaling protocol

A protocol that uses signaling to request, route, accept, and tear down virtual circuits.

See also: protocol   

signed driver

A driver that meets the criteria of the Windows Logo Program. For performance and stability, Microsoft strongly recommends that you use only signed drivers for new or updated drivers.

See also: unsigned driver   Windows Logo Program   

Simple Authentication and Security Layer (SASL)

An open framework, described in Request for Comments (RFC) 2222, for adding authentication support to connection-based protocols.

Simple Mail Transfer Protocol (SMTP)

A member of the TCP/IP suite of protocols that governs the exchange of electronic mail between message transfer agents.

See also: protocol   Transmission Control Protocol/Internet Protocol (TCP/IP)   

Simple Network Management Protocol (SNMP)

A network protocol used to manage TCP/IP networks. In Windows, the SNMP service is used to provide status information about a host on a TCP/IP network.

See also: agent   protocol   service   Transmission Control Protocol/Internet Protocol (TCP/IP)   

Simple Object Access Protocol (SOAP)

An XML/HTTP-based protocol for platform-independent access to objects and services on the Web. SOAP defines a message format in XML that travels over the Internet using Hypertext Transfer Protocol (HTTP). By using existing Web protocols (HTTP) and languages (XML), SOAP runs over the existing Internet infrastructure without being tied to any operating system, language, or object model.

See also: Extensible Markup Language (XML)   Hypertext Transfer Protocol (HTTP)   object   service   

Simple TCP/IP Services

Four TCP/IP services: Character Generator, Daytime Discard, Echo, and Quote of the Day.

See also: service   Transmission Control Protocol/Internet Protocol (TCP/IP)   

simple volume

A dynamic volume made up of disk space from a single dynamic disk. A simple volume can consist of a single region on a disk or multiple regions of the same disk that are linked together. If the simple volume is not a system volume or boot volume, you can extend it within the same disk or onto additional disks. If you extend a simple volume across multiple disks, it becomes a spanned volume. You can create simple volumes only on dynamic disks. Simple volumes are not fault tolerant, but you can mirror them to create mirrored volumes on computers running the Windows 2000 Server or Windows Server 2003 families of operating systems.

See also: dynamic disk   dynamic volume   fault tolerance   mirrored volume   spanned volume   volume   

single affinity

Specifies that Network Load Balancing should direct multiple requests from the same client IP address to the same cluster host. This is the default setting for affinity.

See also: affinity   Class C affinity   Network Load Balancing   

Single Instance Store (SIS)

A component that saves disk space on the server by maintaining a single physical copy of all identical files found. If SIS finds a duplicate file on the server, it copies the original file into the SIS store and leaves a link where the original resided. This technology is used only with Remote Installation Services.

See also: Remote Installation Services (RIS)   

single node server cluster

A cluster configuration that has one node and that can be configured with or without external cluster storage devices. For a single node cluster without an external cluster storage device, the local disk is configured as the cluster storage device. There are advantages and limitations for each cluster configuration (single node server cluster, single quorum device server cluster, and majority node set server cluster).

See also: cluster   cluster storage   majority node set server cluster   node   single quorum device server cluster   

single quorum device server cluster

A cluster configuration that has two or more nodes and that is configured so that every node is attached to one or more cluster storage device. The cluster configuration data is stored on a single cluster storage device. There are advantages and limitations for each cluster configuration (single node server cluster, single quorum device server cluster, and majority node set server cluster).

See also: cluster   cluster storage   majority node set server cluster   node   single node server cluster   

single sign-on

A process that enables a user with a domain account to log on to a network once, using a password or smart card, and to gain access to any computer in the domain.

See also: domain   smart card   

single sign-on (SSO)

An optimization of the authentication sequence to remove the burden of repeated logon actions by an end user

single sign-on daemon (SSOD)

A daemon on a Windows-based computer that receives an encrypted password and decrypts it before requesting a password change on the UNIX host.


See other term: Single Instance Store (SIS)  


One or more well-connected (highly reliable and fast) TCP/IP subnets. A site allows administrators to configure Active Directory access and replication topology to take advantage of the physical network.

See also: Active Directory   replication topology   subnet   Transmission Control Protocol/Internet Protocol (TCP/IP)   

site link

An Active Directory object that represents a set of sites that can communicate at uniform cost through some intersite transport. For Internet Protocol (IP) transport, a typical site link connects just two sites and corresponds to an actual wide area network (WAN) link. An IP site link connecting more than two sites might correspond to an asynchronous transfer mode (ATM) backbone connecting more than two clusters of buildings on a large campus or several offices in a large metropolitan area connected via leased lines and IP routers.

See also: Active Directory   asynchronous transfer mode (ATM)   Internet Protocol (IP)   site   site link bridge   wide area network (WAN)   

site link bridge

An Active Directory object that represents a set of site links, all of whose sites can communicate via some transport. Typically, a site link bridge corresponds to a router (or a set of routers) in an Internet Protocol (IP) network. By default, the Knowledge Consistency Checker (KCC) may form a route through any and all site links in a transitive manner. If this behavior is turned off, each site link represents its own distinct and isolated network. Sets of site links that can be treated as a single route are expressed through a site link bridge. Each bridge represents an isolated communication environment for network traffic.

See also: Active Directory   Internet Protocol (IP)   Knowledge Consistency Checker (KCC)   site   site link   

sleep mode

An energy-saving mode in which the Windows operating system shuts down all unnecessary components, such as the display screen and the disk drive. The computer returns to its former operating status when it is awakened.

See also: wake-on-LAN   


small computer system interface (SCSI)

A standard high-speed parallel interface defined by the American National Standards Institute (ANSI). A SCSI interface is used for connecting microcomputers to peripheral devices, such as hard disks and printers, and to other computers and local area networks (LANs).

See also: device   local area network (LAN)   

smart card

A credit card–sized device that is used with an access code to enable certificate-based authentication and single sign-on to the enterprise. Smart cards securely store certificates, public and private keys, passwords, and other types of personal information. A smart card reader attached to the computer reads the smart card.

See also: authentication   single sign-on   smart card reader   

smart card reader

A device that is installed in computers to enable the use of smart cards for enhanced security features.

See also: smart card   


See other term: Systems Management Server (SMS)  


See other term: Simple Mail Transfer Protocol (SMTP)


A type of tool that you can add to a console supported by Microsoft Management Console (MMC). A stand-alone snap-in can be added by itself; an extension snap-in can be added only to extend the function of another snap-in.

See also: Microsoft Management Console (MMC)   


An application or device that can read, monitor, and capture network data exchanges and read network packets. If the packets are not encrypted, a sniffer provides a full view of the data inside the packet.

See also: device   packet   



An identifier for a particular service on a particular node on a network. The socket consists of a node address and a port number, which identifies the service. For example, port 80 on an Internet node indicates a Web server. There are two kinds of sockets: streams (bidirectional) and datagrams.

See also: datagram   node   port   process   raw socket   

software decoder

A type of digital video disc (DVD) decoder that allows a DVD drive to display movies on your computer screen. A software decoder uses only software to display movies.

See also: DVD decoder   DVD drive   hardware decoder   

software restriction policies

A collection of policy settings that define what software can run on a computer, based on the default security level for a Group Policy object (GPO). Exceptions to that default security level can then be defined by certificate rules, hash rules, path rules, registry path rules, and Internet zone rules.

See also: default security level   Group Policy   Group Policy object (GPO)   software restriction policies rule   

software restriction policies rule

A rule that creates an exception to the default security level that is defined by software restriction policies. The following types of rules can be created: certificate rules, which recognize software that is digitally signed by an Authenticode software publisher certificate; hash rules, which recognize specific software based on a hash of the software; path rules, which recognize software based on the location in which the software is stored; registry path rules, which recognize software based on the location of the software as it is stored in the registry; and Internet zone rules, which recognize software based on the zone of the Internet from which the software is downloaded.

See also: default security level   hash   path   registry   software restriction policies   


See other term: scope of management (SOM)  

source document

The document where a linked or embedded object was originally created.

See also: embedded object   linked object   

source journaling

For Message Queuing, the process of storing a copy of an outgoing message. Source journaling is configured on a message basis, and it is set by the sending application. When source journaling is enabled, a copy of the message is put in the source journal of the source computer when the message arrives at the destination (target) queue.

See also: journal   Message Queuing   target journaling   

spanned volume

A dynamic volume consisting of disk space on more than one physical disk. You can increase the size of a spanned volume by extending it onto additional dynamic disks. You can create spanned volumes only on dynamic disks. Spanned volumes are not fault tolerant and cannot be mirrored.

See also: dynamic disk   dynamic volume   fault tolerance   mirrored volume   simple volume   volume   

sparse file

A file that is handled in a way that requires much less disk space than would otherwise be needed. Sparse support allows an application to create very large files without committing disk space for those regions of the file that contain only zeros. For example, you can use sparse support to work with a 42-GB file in which you need to write data only to the first 64 KB (the rest of the file is zeroed).

special permissions

On NTFS volumes, a custom set of permissions. You can customize permissions on files and directories by selecting the individual components of the standard sets of permissions.

See also: NTFS file system   permission   volume   


See other term: Service Profile Identifier (SPID)  

split horizon

A route-advertising algorithm that prevents the advertising of routes in the same direction in which they were learned. Split horizon helps prevent routing loops.

See also: poison reverse   routing   


A Briefcase command that separates the copy of the file inside Briefcase from the copy outside Briefcase.


A process on a server in which print documents are stored on a disk until a printer is ready to process them. A spooler accepts each document from each client, stores it, then sends it to a printer when the printer is ready.

See also: print spooler   


See other term: structured query language (SQL)  


See other term: Secure Sockets Layer (SSL)  


See other term: security support provider (SSP)  


stand-alone certification authority

A certification authority (CA) that is not integrated with Active Directory.

See also: Active Directory   certification authority (CA)   

stand-alone root

A DFS namespace, the configuration information for which is stored locally on the host server. The path to access the root or a link starts with the host server name. A stand-alone root has only one root target. There is no root-level fault tolerance. Therefore, when the root target is unavailable, the entire DFS namespace is inaccessible.

See also: DFS namespace   root target   

stand-alone server

A server that runs Windows 2000 or Windows Server 2003, but does not participate in a domain. A stand-alone server has only its own database of users, and it processes logon requests by itself. A stand-alone server does not share account information with other computers and cannot provide access to domain accounts, but it can participate in a workgroup.

See also: domain   member server   workgroup   

standard NIS map

In Network Information Service (NIS), a map that consists of aliases, bootparams, ethers, hosts, group, netgroup, netid, netmasks, networks, passwd, protocols, rpc, services, pservers, and shadow; all other maps are nonstandard.

start-of-authority (SOA) resource record

A record that indicates the starting point or original point of authority for information stored in a zone. The SOA resource record (RR) is the first RR created when adding a new zone. It also contains several parameters used by other computers that use DNS to determine how long they will use information for the zone and how often updates are required.

See also: authoritative   Domain Name System (DNS)   resource record (RR)   zone

A program used by Remote Installation Services (RIS) that is the first file downloaded to the client using Trivial File Transfer Protocol (TFTP). is a small program that displays the Press F12 for Network Service Boot prompt. If F12 is pressed within three seconds, the Client Installation Wizard (OSChooser) is downloaded to begin the remote installation process.

See also: Remote Installation Services (RIS)   Trivial File Transfer Protocol (TFTP)   

startup environment

In dual-boot or multiple-boot systems, the configuration settings that specify which system to start and how each system should be started.

See also: dual boot   multiple boot   


As related to servers, not involving the update of a server-side database based on a client request. As related to the handling of files, the content of the file is not modified or noticed. For Web servers, a stateless client request, which members of a Network Load Balancing cluster can process, is one that returns a static Web page to the client.

See also: Network Load Balancing cluster   

static dialog box

A scripted dialog box between the client computer and an intermediary device. This kind of dialog box requires no response from the user.

See also: client   

static load balancing

The process of manually moving a group between nodes to balance the load across the nodes.

See also: group   node   

static routes

Routes in a routing table that are permanent until changed by a network administrator or by an automatically scheduled auto-static update.

See also: router   routing   

status area

See other term: notification area  

status bar

A line of information related to the current program. The status bar is usually located at the bottom of a window. Not all windows have a status bar.

Stop error

A serious error that affects the operating system and that could place data at risk. The operating system generates an obvious message, a screen with the Stop error, rather than continuing on and possibly corrupting data. Also called a fatal system error.

See also: Stop screen   

Stop screen

A blue character-mode screen that appears when Windows encounters a condition that compromises safe system operation and the system stops. Commonly referred to as a blue screen or bug check.

See also: Stop error   

storage report

A reporting tool that alerts administrators to current disk use trends, as well as to attempts by certain users or groups to save unauthorized files.

storage subsystem

A stand-alone hardware appliance that hosts one or more storage devices (such as disk drives, tape drives, optical drives), and is peripheral to the server or servers that control access to it. Storage subsystems are used to create centralized data repositories, while freeing computing and storage resources on servers.

storage-class resource

A required dependency for many resource types. Windows Server 2003, Enterprise Edition, and Windows Server 2003, Datacenter Edition, provide one storage-class resource: Physical Disk. However, your vendor or reseller might supply other storage-class resource types.

See also: dependency   resource types   

strict RFC checking

For DNS, a form of domain name checking that examines characters used in DNS names for compliance with DNS naming requirements and valid character usage as specified in RFC 1123, Requirements for Internet Hosts - Applications and Support. For strict RFC compliance, DNS domain names will use name labels made up only of valid uppercase and lowercase letters, number characters, and hyphens (A through Z, a through z, 0 through 9, -), separated by periods.

See also: domain name   Domain Name System (DNS)   label   loose name checking   Request for Comments (RFC)   


A group of characters or character bytes handled as a single entity. Computer programs use strings to store and transmit data and commands. Most programming languages consider strings (such as 2674:gstmn) as distinct from numeric values (such as 470924).

See also: transmitting station ID (TSID) string   

striped volume

A dynamic volume that stores data in stripes on two or more physical disks. Data in a striped volume is allocated alternately and evenly (in stripes) across the disks. Striped volumes offer the best performance of all the volumes that are available in Windows, but they do not provide fault tolerance. If a disk in a striped volume fails, the data in the entire volume is lost. You can create striped volumes only on dynamic disks. Striped volumes cannot be mirrored or extended.

See also: dynamic disk   dynamic volume   fault tolerance   mirrored volume   volume   

strong password

A password that cannot be easily guessed or cracked. A strong password is at least six characters long, does not contain all or part of the user's account name, and contains at least three of the four following categories of characters: uppercase characters, lowercase characters, numbers, and symbols found on the keyboard (such as !, @, #).

See also: password   password policy   weak password   

structured query language (SQL)

A widely accepted standard database sublanguage used in querying, updating, and managing relational databases.

stub area

An Open Shortest Path First (OSPF) area that does not advertise individual external networks. A stub area blocks external routes and therefore reduces the amount of memory required on the internal routers located in the stub area. To keep the topology database size small, routing to all external networks in a stub area is done through a default route (destination with the subnet mask of In OSPF, any destination that you cannot reach through an intra-area or inter-area router is reachable through the default route.

See also: Open Shortest Path First (OSPF)   routing   

stub zone

A copy of a zone that contains only the resource records required to identify the authoritative DNS servers for that zone. A DNS server that hosts a parent zone and a stub zone for one of the parent zone`s delegated child zones can receive updates from the authoritative DNS servers for the child zone.

See also: authoritative   DNS server   resource record (RR)   zone   


A DNS domain located directly beneath another domain name (the parent domain) in the namespace tree. For example, would be a subdomain of the domain Also called child domain.

See also: child domain   domain   Domain Name System (DNS)   parent domain   


In public key cryptography, an entity that requests or holds a certificate. A subject can be a user, a computer, or any other device capable of requesting or using a certificate.

See also: public key cryptography   


An element of the registry that contains entries or other subkeys. A tier of the registry that is immediately below a key or a subtree (if the subtree has no keys).

See also: descendent key   entry   key   registry   subtree   


A subdivision of an Internet Protocol (IP) network. Each subnet has its own unique subnetted network ID.

See also: Internet Protocol (IP)   network ID   

subnet bandwidth management (SBM)

An Internet Engineering Task Force (IETF) standard that enables administrative control at the subnet level.

See also: Internet Engineering Task Force (IETF)   

subordinate server

A server that does not attempt to resolve queries on its own. Instead, it sends all queries to forwarders. Formerly known as slave server.


Any node within a tree, along with any selection of connected descendant nodes. The highest level of the registry (for example, HKEY_LOCAL_MACHINE).

See also: key   node   registry   subkey   


An administrative grouping feature that supports a DHCP server`s ability to use more than scope for each physical interface and subnet. Superscopes are useful under the following conditions: If more DHCP clients must be added to a network than were originally planned, if an Internet Protocol (IP) network is renumbered, or if two or more DHCP servers are configured to provide scope redundancy and fault-tolerant design DHCP service for a single subnet. Each superscope can contain one or more member scopes (also known as child scopes).

See also: DHCP client   DHCP server   fault tolerance   scope   subnet   


See other term: switched virtual circuit (SVC)  

switch type

The type of interface to which your Integrated Services Digital Network (ISDN) device is being attached. Also called switch.

See also: B-channel   D-channel   Integrated Services Digital Network (ISDN)   

switched virtual circuit (SVC)

A connection established dynamically between devices on an asynchronous transfer mode (ATM) network through the use of signaling.

See also: asynchronous transfer mode (ATM)   

switching hub

A central network device (multiport hub) that forwards packets to specific ports rather than, as in conventional hubs, broadcasting every packet to every port. In this way, the connections between ports deliver the full bandwidth available.

See also: hub   packet   port   

symmetric encryption

An encryption algorithm that requires the same secret key to be used for both encryption and decryption. Because of its speed, symmetric encryption is typically used when a message sender needs to encrypt large amounts of data. Also called secret key encryption.

See also: public key encryption   

symmetric key

A single key that is used with symmetric encryption algorithms for both encryption and decryption.

See also: encryption   key   symmetric encryption   


Each application or command runs in the order listed, and each item must finish before the next command is run.


The order in which a command must be typed, and the elements that follow the command.

See also: Command Prompt window   


A tool used to configure the startup key, a random, 128-bit, symmetric cryptographic key created at system startup and used to encrypt all of the user`s symmetric cryptographic keys.

See also: encryption   symmetric key   

system access control list (SACL)

The part of an object`s security descriptor that specifies which events are to be audited per user or group. Examples of auditing events are file access, logon attempts, and system shutdowns.

See also: auditing   discretionary access control list (DACL)   event   object   security descriptor   

system area network (SAN)

A network configuration, usually on a separate Internet Protocol (IP) subnet, that gives data a direct path to system hardware.

See also: Internet Protocol (IP)   subnet   

system default profile

The user profile that is loaded when Windows is running and no user is logged on. When the Begin Logon dialog box is visible, the system default profile is loaded.

See also: user profile   

system disk

A disk that contains the MS-DOS system files necessary to start MS-DOS.

See also: MS-DOS (Microsoft Disk Operating System)   

system files

Files used by Windows to load, configure, and run the operating system. Generally, system files must never be deleted or moved.

System menu

A menu that contains commands you can use to manipulate a window or close a program. You click the program icon at the left of the title bar to open the System menu.

system partition

The partition that contains the hardware-specific files needed to load Windows (for example, Ntldr, Osloader, Boot.ini, The system partition can be, but does not have to be, the same as the boot partition.

See also: boot partition   partition   

System Policy

A Windows NT 4.0-style policy based on registry settings made using Poledit.exe, the System Policy Editor.

See also: policy   registry   

System State

In Backup, a collection of system-specific data maintained by the operating system that must be backed up as a unit. It is not a backup of the entire system. The System State data includes the registry, COM+ Class Registration database, system files, boot files, and files under Windows File Protection. For servers, the System State data also includes the Certificate Services database (if the server is a certificate server). If the server is a domain controller, the System State data also includes the Active Directory database and the SYSVOL directory. If the server is a node in a cluster, it includes the Cluster database information. The IIS Metabase is included if Internet Information Services (IIS) is installed.

See also: Active Directory   cluster   domain controller   Internet Information Services (IIS)   node   registry   SYSVOL   

system variables

Storage locations for data that are defined by the operating system and that are the same regardless of who is logged on at the computer. (Users who are also members of the Administrators group can add new variables or change the values.)

See also: Administrators group   

system volume

The volume that contains the hardware-specific files that are needed to load Windows on x86-based computers with a basic input/output system (BIOS). The system volume can be, but does not have to be, the same volume as the boot volume.

See also: basic input/output system (BIOS)   boot volume   volume   x86   


The path and folder name where the Windows system files are located. Typically, this is C:\Windows, although you can designate a different drive or folder when you install Windows. You can use the value %systemroot% to replace the actual location of the folder that contains the Windows system files. To identify your systemroot folder, click Start, click Run, type %systemroot%, and then click OK.

Systems Management Server (SMS)

A Microsoft product that includes inventory collection, software deployment, and diagnostic tools. SMS automates the task of upgrading software, allows remote problem solving, provides asset management information, and monitors software usage, computers, and networks.


A shared directory that stores the server copy of the domain`s public files, which are replicated among all domain controllers in the domain.

See also: directory   domain   domain controller   

Community Additions

© 2016 Microsoft