Windows Server 2008 Glossary - S

Applies To: Windows Server 2008

For more Windows Server terms, see either the Windows Server 2008 R2 Glossary or the Windows Server 2003 Glossary.

Glossary - S

#  A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P  Q  R  S  T  U  V  W  X  Y  Z

SA

See "Security Association".

scalability

A measure of how well a computer, service, or application can grow to meet increasing performance demands.

seal

The process that BitLocker Drive Encryption uses to encrypt the volume master key and create a binary large object (BLOB).

secure desktop

A desktop that is isolated from other processes running on the system. The secure desktop increases the security of the elevation prompt.

Secure Hash Algorithm

An algorithm that generates a 160-bit hash value from an arbitrary amount of input data. SHA-1 is used with the Digital Signature Algorithm (DSA) in the Digital Signature Standard (DSS), among other places.

secure network

A logical portion of a network that client computers can access if they either meet corporate health policy or are exempt from meeting corporate health policy.

security

Protection of a computer system and its data from harm or loss.

security association

A combination of identifiers, which together define Internet Protocol security (IPsec), that protects communication between sender and receiver.

security token

A cryptographically signed data unit that expresses one or more claims.

security token service

A Web service that issues security tokens. A security token service makes assertions based on evidence that it trusts to whoever trusts it. To communicate trust, this service requires proof, such as a security token or set of security tokens, and it issues a security token with its own trust statement. (Note that for some security token formats, this can simply be a reissuance or cosignature.) In Active Directory Federation Services (ADFS), the Federation Service is a security token service.

server authentication certificate

In AD FS, a certificate that AD FS-enabled Web servers, federation servers, and federation server proxies use to secure Web services traffic for communication among themselves as well as with Web clients.

server cluster

A group of computers, known as nodes, or terminal servers working together as a single system to ensure that mission-critical applications and resources remain available to clients.

server farm

A group of servers that are in one location and that are networked together for the purpose of sharing workload.

Server Manager

An expanded Microsoft Management Console (MMC) component available in Windows Server that provides a single source for securely deploying and managing roles, role services, and features on a server; managing a server's identity and system information, including local user accounts; starting and stopping available services; and displaying server status, critical events, and issues with role configuration.

Server Manager command line tool

A command line tool that automates the deployment of roles and features on computers running Windows Server.

server pool

A group of computers, known as nodes, or terminal servers working together as a single system to ensure that mission-critical applications and resources remain available to clients.

ServerManagerCmd.exe

A command line tool that automates the deployment of roles and features on computers running Windows Server.

service

A program, routine, or process that performs a specific system function to support other programs.

setting

Configuration parameters or elements that control the behavior of a service, application, feature, function, or a run-time environment.

SHA

A client software component that declares a client's health state (by providing a statement of health) to a NAP agent.

SHA-1

An algorithm that generates a 160-bit hash value from an arbitrary amount of input data. SHA-1 is used with the Digital Signature Algorithm (DSA) in the Digital Signature Standard (DSS), among other places.

share

To make resources, such as folders and printers, available to others. Do not use as a noun.

SHV

A server software counterpart to a system health agent (SHA). A system health validator verifies the statement of health (SoH) made by its respective SHA.

SID filter quarantining

A strict form of security identifier (SID) filtering that is applied to external trust relationships by default, which prevents any SIDs that are not part of the trusted quarantined domain from traversing the trust relationship. This type of filtering helps prevent malicious users in the quarantined domain from gaining unauthorized, privileged access to the trusting domain. SID filter quarantining was designed to be applied to external trust relationships. It should not be applied to forest trust relationships, trusts within a domain, or trusts within a forest that has a forest functional level of Windows 2000.

See also: SID filtering   

SID filtering

A security enhancement that is applied to all Active Directory trust relationships to reduce the possibility of escalation of privilege attacks from trusted entities. Security identifier (SID) filtering removes SIDs that identify privileged accounts in communications across trust relationships.

See also: SID filter quarantining   

signature

Data that binds a sender's identity to the information being sent. A digital signature may be bundled with any message, file, or other digitally encoded information, or transmitted separately. Digital signatures are used in public key environments and provide nonrepudiation and integrity services.

single sign-on

A process that enables a user with a domain account to log on to a network once, using a password or smart card, and to gain access to any computer in the domain.

slack space

The unused area outside of the boot sector in sector 0 of a partitioned data storage device.

software

A reference to one or more computer programs.

SoH

A declaration from a client computer that asserts the computer's health status. System health agents (SHAs) create SoHs and send them to a corresponding system health validator (SHV).

SoHR

The validation of a statement of health (SoH) that a system health validator (SHV) produces and sends to the NAP administration server. The SoHR can contain remediation instructions.

split access token

A combination of full access token and filtered access token linked together by the local security authority (LSA) component of the operating system.

SSO

A process that enables a user with a domain account to log on to a network once, using a password or smart card, and to gain access to any computer in the domain.

staged read-only domain controller installation

A process in which a read-only domain controller (RODC) is installed in two stages. In the first stage, a highly privileged user, such as a member of the Domain Admins group, creates an account for the RODC. In the second stage, a delegated user attaches the server that will be the RODC to the account that was created for it.

staged RODC installation

A process in which a read-only domain controller (RODC) is installed in two stages. In the first stage, a highly privileged user, such as a member of the Domain Admins group, creates an account for the RODC. In the second stage, a delegated user attaches the server that will be the RODC to the account that was created for it.

standard user

A user account in the Users group that has a full privilege access token. The standard user is not an administrator and is not a member of any local groups that are filtered.

Standard User Analyzer

An add-in for AppVerifier that predicts whether an application will perform correctly when run as a standard user or as an administrator with a filtered access token.

startup key

A key that is stored on a USB flash drive that must be inserted each time the computer starts.

statement of health

A declaration from a client computer that asserts the computer's health status. System health agents (SHAs) create SoHs and send them to a corresponding system health validator (SHV).

statement of health response

The validation of a statement of health (SoH) that a system health validator (SHV) produces and sends to the NAP administration server. The SoHR can contain remediation instructions.

storage

A software or hardware system, such as a disk drive or storage area network, that enables the persistence of data.

STS

A Web service that issues security tokens. A security token service makes assertions based on evidence that it trusts to whoever trusts it. To communicate trust, this service requires proof, such as a security token or set of security tokens, and it issues a security token with its own trust statement. (Note that for some security token formats, this can simply be a reissuance or cosignature.) In Active Directory Federation Services (ADFS), the Federation Service is a security token service.

SYSKEY

A tool used to configure the startup key, a random, 128-bit, symmetric cryptographic key created at system startup and used to encrypt all of the user`s symmetric cryptographic keys.

system health agent

A client software component that declares a client's health state (by providing a statement of health) to a NAP agent.

system health validator

A server software counterpart to a system health agent (SHA). A system health validator verifies the statement of health (SoH) made by its respective SHA.

system volume

The first volume that is accessed when a computer starts up. This volume contains the hardware-specific files that are required to load Windows and includes the computer's boot manager (for loading multiple operating systems). Generally, the system volume can be, but is not required to be, the same volume as the operating system volume.