Windows Server 2008 Glossary - A

Applies To: Windows Server 2008

For more Windows Server terms, see either the Windows Server 2008 R2 Glossary or the Windows Server 2003 Glossary.

Glossary - A

#  A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P  Q  R  S  T  U  V  W  X  Y  Z

AAM

A security feature of Windows that allows administrators to perform normal day-to-day tasks while running with a standard user token. If administrator privileges are needed for an operation, the administrator will be notified and asked to provide either consent or credentials, depending on system policy settings.

access

Ability to view data or navigate to or within a physical or virtual computer environment (n). To connect to a resource, either remotely  or locally (v).

Access Control Server

A component of Cisco Identity Based Networking Services (IBNS) architecture that improves network access security for Cisco network devices.

access token

A data structure that contains authentication and authorization information for a user. Windows creates the access token when the user logs on and the user's identity is confirmed. The access token contains the user's security ID (SID), the list of groups that the user is a member of, and the list of privileges held by that user. Each process or thread started for the user inherits a copy of the access token. In some cases a user may have more than one access token, with different levels of authority.

account

A security element that verifies the identity of a user or computer. An account has an associated name and password as well as group memberships, privileges, and constraints.

account federation server

The federation server that is located in the corporate network of the account partner organization. The account federation server issues security tokens to users based on user authentication. The server authenticates a user, pulls the relevant attributes and group membership information out of the account store, and generates and signs a security token to return to the user—either to be used in its own organization or to be sent to a partner organization.

account federation server proxy

The federation server proxy that is located in the perimeter network of the account partner organization. The account federation server proxy collects authentication credentials from a client that logs on over the Internet (or from the perimeter network) and passes those credentials to the account federation server.

account partner

A federation partner that is trusted by the Federation Service to provide security tokens to its users (that is, users in the account partner organization) so that they can access Web-based applications in the resource partner.

ACS

A component of Cisco Identity Based Networking Services (IBNS) architecture that improves network access security for Cisco network devices.

Active Directory Domain Services

The Microsoft Windows based directory service. Active Directory Domain Services stores information about objects on a network and makes this information available to users and network administrators.

Active Directory Domain Services Installation Wizard

The tool that is used to install and remove Active Directory Domain Services (AD DS).

Active Directory Federation Services

A component that provides Web single-sign-on (SSO) technologies. AD FS provides SSO by securely sharing digital identity and entitlement rights across security and enterprise boundaries. AD FS supports the WS-Federation Passive Requestor Profile (WS-F PRP).

Active Directory Lightweight Directory Services

A Lightweight Directory Access Protocol (LDAP) directory service that provides flexible support for directory-enabled applications, without the restrictions of Active Directory Domain Services (AD DS). Previously known as Active Directory Application Mode (ADAM).

Active Directory Lightweight Directory Services instance

A single copy of the Active Directory Lightweight Directory Services (AD LDS) directory service that includes its associated directory store and its application event log.

active partition

A partition from which a computer starts up. The active partition must be a primary partition on a basic disk. If you use Windows exclusively, the active partition can be the same as the system volume.

active volume

The volume from which the computer starts up. The active volume must be a simple volume on a dynamic disk. You cannot mark an existing dynamic volume as the active volume, but you can upgrade a basic disk containing the active partition to a dynamic disk. After the disk is upgraded to dynamic, the partition becomes a simple volume that is active.

AD DS

See "Active Directory Domain Services".

AD FS

A component that provides Web single-sign-on (SSO) technologies. AD FS provides SSO by securely sharing digital identity and entitlement rights across security and enterprise boundaries. AD FS supports the WS-Federation Passive Requestor Profile (WS-F PRP).

AD LDS

See "Active Directory Lightweight Directory Services".

AD LDS instance

A single copy of the Active Directory Lightweight Directory Services (AD LDS) directory service that includes its associated directory store and its application event log.

AD FS Web Agent

An installable role service of AD FS that is used to create an AD FS-enabled Web server. An AD FS Web Agent consumes incoming security tokens and authentication cookies that are signed by a valid federation server—to either allow or deny a user access to the protected application—while taking into consideration application-specific access control settings.

AD FS-enabled Web server

A Web server that is configured with the appropriate AD FS Web Agent software—either the claims-aware agent or the Windows token–based agent—which is necessary for authenticating and authorizing federated access to locally hosted, Web-based applications.

Admin Approval Mode

A security feature of Windows that allows administrators to perform normal day-to-day tasks while running with a standard user token. If administrator privileges are needed for an operation, the administrator will be notified and asked to provide either consent or credentials, depending on system policy settings.

administrative task

An operation that can only be performed by an administrator, not a standard user.

Administrative templates

A collection of files that provide policy setting information for the items that appear under the Administrative Templates folder in the console tree of the Local Group Policy Editor and when editing a Group Policy object using the Group Policy Management Console. These files are in the ADMX and ADML file format.

administrator

The person in charge of managing a Windows computer. The administrator is responsible for installing software, assigning passwords, and managing files.

Administrator account

On Windows-based computers, a user account that is a member of the computer’s local Administrators group or a member of a group that is a member of the local Administrators group, such as the Domain Admins group in a Windows domain. This is the first account that is created when you install an operating system on a new workstation, stand-alone server, or member server. By default, this account has the highest level of administrative access to the local computer.

administrator role separation

The ability to delegate local administrative permissions for a read-only domain controller (RODC) to any domain user without granting that user any user rights for the domain or other domain controllers.

ADMX files

One .admx and .adml file, joined by a common name, that are used to describe Group Policy settings in Group Policy management tools.

Advanced Group Policy Management

An extension to the Group Policy Management Console (GPMC) that provides change control and enhanced management for Group Policy objects (GPOs).

AGPM

An extension to the Group Policy Management Console (GPMC) that provides change control and enhanced management for Group Policy objects (GPOs).

AGPM Service

A Windows service that enables Advanced Group Policy Management (AGPM) clients to manage deployed and archived Group Policy objects (GPOs) and enforces delegation in AGPM.

AGPM Service Account

The account under which the AGPM Service runs.

AIS

A system service that facilitates starting applications that require one or more elevated privileges to run, such as Administrative Tasks. When user requires elevated privileges to run an application and gives consent, AIS creates a new process for the application with the user’s full access token.

answer file

A file that automates Windows Setup. This file enables the configuration of Windows settings, the addition and removal of components, and many Windows Setup tasks, such as disk configuration.

anti-hammering

A type of software or hardware methods that increase the difficulty and cost of a key search attack on a PIN or password.

app compat

The concept of ensuring that older applications still run correctly under newer operating systems.

AppCompat database

A database that contains a list of applications that may have potential compatibility problems and remedies. When an application starts, Windows checks this database to configure system options to minimize compatibility problems.

application compatibility

The concept of ensuring that older applications still run correctly under newer operating systems.

application compatibility database

A database that contains a list of applications that may have potential compatibility problems and remedies. When an application starts, Windows checks this database to configure system options to minimize compatibility problems.

Application Information Service

A system service that facilitates starting applications that require one or more elevated privileges to run, such as Administrative Tasks. When user requires elevated privileges to run an application and gives consent, AIS creates a new process for the application with the user’s full access token.

application manifest

An XML document that describes requirements for an application. The application manifest can be a separate file or embedded in the application’s .exe file.

Application Verifier

A graphical user interface (GUI) tool that aids IT managers and developers in testing applications on Microsoft® Windows® and the Windows Server family. It helps developers identify potential application compatibility, stability, and security issues.

AppVerifier

A graphical user interface (GUI) tool that aids IT managers and developers in testing applications on Microsoft® Windows® and the Windows Server family. It helps developers identify potential application compatibility, stability, and security issues.

Authenticated Internet Protocol

See "Authenticated IP".

Authenticated IP

A protocol extension to Internet Key Exchange (IKE) that supports additional authentication mechanisms and the combination of user and computer authentication requirements.

authentication method

For BitLocker Drive Encryption, a combination of one or more of the following elements, identified by a globally unique identifier (GUID): personal identification number (PIN), recovery password, recovery key, startup key, and Trusted Platform Module (TPM).

AuthIP

See "Authenticated IP".

authorization

A process that verifies that the user, computer, process, or other entity has the correct rights or permissions to access a resource.

Authorization Policies Wizard

A wizard that is available through TS Gateway Manager that enables you to quickly configure a Terminal Services connection authorization policy (TS CAP), a Terminal Services resource authorization policy (TS RAP), and a computer group that is associated with a TS RAP.

Autounattend.xml

The unattended answer file that is automatically detected by Windows Setup during operating system installation.

auxiliary AppCompat database

An additional database that is associated with the AppCompat database. The Auxiliary AppCompat database can be modified on the system and is used primarily in large enterprises where the IT environment is heavily managed. The main AppCompat database is read-only.

availability

A level of service provided by applications, services, or systems. Highly available systems have minimal downtime, whether planned or unplanned.