S

A standard high-speed parallel interface defined by the X3T9.2 committee of the American National Standards Institute (ANSI). A SCSI interface is used to connect microcomputers to SCSI peripheral devices, such as many hard disks and printers, and to other computers and local area networks.

An argument in an LDAP search that allows certain entries in the subtree and excludes others. Filters allow you to define search criteria and give you better control to achieve more effective and efficient searches.

The practice of logging on by using one security context and then, within the initial logon session, authenticating and using a second account is a secondary logon. To facilitate secondary logons, Windows 2000 introduced the RunAs.exe program and the RunAs.exe service.

A proposed open standard for establishing a secure communications channel to prevent the interception of critical information, such as credit card numbers. Primarily, it enables secure electronic financial transactions on the World Wide Web, although it is designed to work on other Internet services as well.

A Windows service used during the logon process. SAM maintains user account information, including groups to which a user belongs. See also group; user account.

A combination of identifiers, which together define the Internet Protocol Security (IPSec) that protects communication between sender and receiver. An SA is identified by the combination of a Security Parameters Index (SPI), destination IP address, and security protocol (AH or ESP). An SA must be negotiated before secured data can be sent. See also Authentication Header (AH); Encapsulating Security Payload (ESP); Internet Protocol security (IPSec); Security Parameters Index (SPI).

The security attributes or rules that are currently in effect. For example, the rules that govern what a user can do to a protected object are determined by security information in the user's access token and in the object's security descriptor. Together, the access token and the security descriptor form a security context for the user's actions on the object. See also object.

A data structure that contains security information associated with a protected object. Security descriptors include information about who owns the object, who can access it and in what way, and what types of access are audited. See also discretionary access control list (DACL); group; object; permission; system access control list (SACL).

Categories of events about which Windows can create auditing events. Account logon or object access are examples of security event types.

A group that can be listed in discretionary access control lists (DACLs) used to define permissions on resources and objects. A security group can also be used as an e-mail entity. Sending an e-mail message to the group sends the message to all the members of the group. See also discretionary access control list (DACL).

A data structure of variable length that identifies user, group, and computer accounts. Every account on a network is issued a unique SID when the account is first created. Internal processes in Windows refer to an account's SID rather than the account's user or group name. See also user account.

A process that determines the Internet Protocol security (IPSec) services, key settings, and algorithms that will be used to protect the data during the communication. See also Internet Protocol security (IPSec).

A unique, identifying value in the security association (SA) used to distinguish among multiple security associations existing at the receiving computer. See also security association (SA).

An account holder that is automatically assigned a security identifier (SID) for access to resources. A security principal can be a user, group, service, or computer. See also security ID (SID).

A name that uniquely identifies a user, group, or computer within a single domain. This name is not guaranteed to be unique across domains. See also domain; group; security principal.

A physical file representation of a security configuration that can be applied to a local computer or imported to a Group Policy object in Active Directory. When you import a security template to a Group Policy object, Group Policy processes the template and makes the corresponding changes to the members of that Group Policy object, which can be users or computers. See also Active Directory; Group Policy object.

A standard for storage devices, printers, and scanners that is a supplement to the IEEE 1394 specification. See also IEEE 1394.

A connection that exchanges information between computers or between computers and peripheral devices one bit at a time over a single channel. Serial communications can be synchronous or asynchronous. Both sender and receiver must use the same baud rate, parity, and control information. See also asynchronous communication.

A device that uses a serial connection. See also serial connection.

A Windows feature that uses a communications aid interface device to allow keystrokes and mouse controls to be accepted through a computer's serial port.

In general, a computer that provides shared resources to network users. See also client; shared resource.

A file-sharing protocol designed to allow networked computers to transparently access files that reside on remote systems over a variety of networks. The SMB protocol defines a series of commands that pass information between computers. SMB uses four message types: session control, file, printer, and message.

A logical address that allows a system to route data between a remote device and the appropriate communications support.

A software upgrade to an existing software distribution that contains updated files consisting of patches and hot fixes.

An 8-digit to 14-digit number that identifies the services that you order for each B-channel. For example, when you order Primary Rate ISDN, you obtain two phone numbers and two SPIDs from your ISDN provider. Typical ISDN adapters cannot operate without configuring SPIDs.

In TAPI, a dynamic-link library (DLL) that provides an interface between an application requesting services and the controlling hardware device. TAPI supports two classes of service providers, media service providers and telephony service providers. See also dynamic-link library (DLL); Telephony API (TAPI).

A key used primarily for encryption and decryption. Session keys are typically used with symmetric encryption algorithms where the same key is used for both encryption and decryption. For this reason, session and symmetric keys usually refer to the same type of key. See also symmetric key encryption.

To make resources, such as folders and printers, available to others. See also resource.

Permissions that restrict a shared resource's availability over the network to only certain users. See also permission.

Any device, data, or program that is used by more than one program or one other device. For Windows, shared resource refers to any resource that is made available to network users, such as folders, files, printers, and named pipes. A shared resource can also refer to a resource on a server that is available to network users. See also resource; server.

A two-way, reversible encryption mechanism for authenticating PPP connections employed by Shiva remote access servers.

Underlined letters on a menu or control. Also called access keys or quick-access letters.

A feature that instructs programs that usually convey information only by sound to also provide all information visually, such as by displaying text captions or informative icons.

A member of the TCP/IP suite of protocols that governs the exchange of electronic mail between message transfer agents. See also protocol; Transmission Control Protocol/Internet Protocol (TCP/IP).

A network protocol used to manage TCP/IP networks. In Windows, the SNMP service is used to provide status information about a host on a TCP/IP network. See also protocol; Transmission Control Protocol/Internet Protocol (TCP/IP).

A dynamic volume made up of disk space from a single dynamic disk. A simple volume can consist of a single region on a disk or multiple regions of the same disk that are linked together. You can extend a simple volume within the same disk or onto additional disks. If you extend a simple volume across multiple disks, it becomes a spanned volume. You can create simple volumes only on dynamic disks. Simple volumes are not fault tolerant, but you can mirror them to create mirrored volumes. See also dynamic disk; dynamic volume; fault tolerance; mirrored volume; spanned volume; volume.

A component that saves disk space on the server by maintaining a single physical copy of all identical files found. If SIS finds a duplicate file on the server, it copies the original file into the SIS store and leaves a link where the original resided. This technology is used only with Remote Installation Services. See also Remote Installation Services (RIS).

A program installed on a UNIX-based system to handle password synchronization requests.

One or more well-connected (highly reliable and fast) TCP/IP subnets. A site allows administrators to configure Active Directory access and replication topology to take advantage of the physical network. See also Active Directory; subnet; Transmission Control Protocol/Internet Protocol (TCP/IP).

A storage location for cartridges in a library of removable media managed by Removable Storage. See also library.

A Windows feature that instructs the computer to disregard keystrokes that are not held down for a minimum period of time, which allows the user to brush against keys without any effect.

A standard high-speed parallel interface defined by the American National Standards Institute (ANSI). A SCSI interface is used for connecting microcomputers to peripheral devices such as hard disks and printers, and to other computers and local area networks (LANs). See also local area network (LAN).

An office with a few computers that can be considered a small business or part of a larger network.

A credit card sized device that is used with an access code to enable certificate-based authentication and single sign-on to the enterprise. Smart cards securely store certificates, public and private keys, passwords, and other types of personal information. A smart card reader attached to the computer reads the smart card. See also authentication.

Software that allows workstations to communicate through SNA Server and support SNA Server advanced host integration features. SNA Server Client software also provides application programming interfaces (APIs) that are used by third-party vendors to gain access to IBM host systems and applications.

A type of tool you can add to a console supported by Microsoft Management Console (MMC). A stand-alone snap-in can be added by itself; an extension snap-in can only be added to extend the function of another snap-in. See also Microsoft Management Console (MMC).

See definition for Simple Network Management Protocol (SNMP).

A type of digital video disc (DVD) decoder that allows a DVD drive to display movies on your computer screen. A software decoder uses only software to display movies. See also DVD decoder; DVD drive; hardware decoder.

A Windows feature that produces a visual cue, such as a screen flash or a blinking title bar, whenever the computer plays a system sound.

The folder that contains the file or files to be copied or moved.

A dynamic volume consisting of disk space on more than one physical disk. You can increase the size of a spanned volume by extending it onto additional dynamic disks. You can create spanned volumes only on dynamic disks. Spanned volumes are not fault tolerant and cannot be mirrored. See also dynamic disk; dynamic volume; fault tolerance; mirrored volume; simple volume; volume.

See definition for Shiva Password Authentication Protocol (SPAP).

On NTFS volumes, a custom set of permissions. You can customize permissions on files and directories by selecting the individual components of the standard sets of permissions. See also NTFS file system; permission; volume.

An assistive device that produces spoken words, either by splicing together prerecorded words or by programming the computer to produce the sounds that make up spoken words.

An online drive that is not part of a library unit. Removable Storage treats stand-alone drives as online libraries with one drive and a port. See also Removable Storage.

A Regional and Language Options setting that determines the formats used to display dates, times, currency, numbers, and the sorting order of text. Formerly known as user locale.

In dual-boot or multiple-boot systems, the configuration settings that specify which system to start and how each system should be started. See also dual boot; multiple boot.

A random 128-bit symmetric cryptographic key created at system startup and used to encrypt all of the user's symmetric cryptographic keys. See also encryption; symmetric key.

Routes in the routing table that are permanent. Static routes are manually configured by a network administrator. They change only if the network administrator changes them. If the routing protocol is configured to support auto-static routes (automatically added static routes), then the router can issue a request to a protocol to get an update of routing information on a specific interface. The results of such an update are then converted and kept as static routes. See also protocol; router; routing.

See definition for notification area.

A sequence of bits, bytes, or other small structurally uniform units.

Software (such as Windows Media Technologies) that provides multimedia support, allowing you to deliver content by using advanced streaming format over an intranet or the Internet.

A volume that stores data in stripes on two or more physical disks. A stripe set is created by using Windows NT 4.0 or earlier. Windows XP Professional does not support stripe sets. Instead, you must create a striped volume on dynamic disks. See also dynamic disk; striped volume.

A dynamic volume that stores data in stripes on two or more physical disks. Data in a striped volume is allocated alternately and evenly (in stripes) across the disks. Striped volumes offer the best performance of all the volumes that are available in Windows, but they do not provide fault tolerance. If a disk in a striped volume fails, the data in the entire volume is lost. You can create striped volumes only on dynamic disks. Striped volumes cannot be mirrored or extended. See also dynamic disk; dynamic volume; fault tolerance; volume.

An element of the registry that contains entries or other subkeys. A tier of the registry that is immediately below a key or a subtree (if the subtree has no keys). See also key; registry.

A subdivision of an IP network. Each subnet has its own unique subnetted network ID.

A 32-bit value that enables the recipient of IP packets to distinguish the network ID and host ID portions of the IP address. Typically, subnet masks use the format 255.x.x.x. See also IP address.

The ordering of multiple IP address mappings from a DNS server so that the resolver orders local resource records first. This reduces network traffic across subnets by forcing computers to connect to network resources that are closer to them.

A data stream contained within a DVD. The subpicture stream delivers the subtitles and any other add-on data, such as system help or director s comments, that can be displayed while playing multimedia.

Any node within a tree, along with any selection of connected descendant nodes.

The highest level of the registry (for example, HKEY_LOCAL_MACHINE). See also key; node; registry; subkey.

A single key that is used with symmetric encryption algorithms for both encryption and decryption.

An encryption algorithm that requires the same secret key to be used for both encryption and decryption. This is often called secret key encryption. Because of its speed, symmetric encryption is typically used rather than public key encryption when a message sender needs to encrypt large amounts of data. See also public key encryption.

A tool used to ensure that a file or directory on a client computer contains the same data as a matching file or directory on a server.

The order in which a command must be typed and the elements that follow the command.

A tool that prepares the hard disk on a source computer for duplication to target computers and then runs a non-Microsoft disk-imaging process. This automated installation method is used when the hard disk on the master computer is identical to those of the target computers. See also security ID (SID).

The part of an object's security descriptor that specifies which events are to be audited per user or group. Examples of auditing events are file access, logon attempts, and system shutdowns. See also discretionary access control list (DACL); object; security descriptor.

Files used by Windows to load, configure, and run the operating system. Generally, system files must never be deleted or moved.

See definition for Language for non-Unicode programs.

A pool used to hold cartridges that are not in use. The free pool holds unused cartridges that are available to applications, and the unrecognized and import pools are temporary holding places for cartridges that have been newly placed in a library.

The partition that contains the hardware-specific files needed to load Windows (for example, Ntldr, Osloader, Boot.ini, Ntdetect.com). The system partition can be, but does not have to be, the same as the boot partition. See also partition.

The Poledit.exe tool, used by administrators to set System Policy on Windows NT 4.0 based and Windows 95 based computers.

The volume that contains the hardware-specific files that are needed to load Windows on x86-based computers with a BIOS. The system volume can be, but does not have to be, the same volume as the boot volume. See also basic input/output system (BIOS); boot volume; volume.

The path and folder name where the Windows system files are located. Typically, this is C:\Windows, although you can designate a different drive or folder when you install Windows. You can use the value %systemroot% to replace the actual location of the folder that contains the Windows system files.

A Microsoft product that includes inventory collection, software deployment, and diagnostic tools. SMS automates the task of upgrading software, allows remote problem solving, provides asset management information, and monitors software usage, computers, and networks.

A communications framework developed by IBM to define network functions and establish standards for enabling computers to share and process data.