P

Parent/child trusts are by default created automatically when a new child domain is added to a preexisting domain tree. The trust between a parent and a child is two-way and transitive.

An authentication protocol where the user ID and password are transmitted in clear text to the server, where they are compared to the server’s version of the same information. This is not a secure means of authenticating a user and should be avoided in most environments.

A protocol that uses the EAP protocol with MS-CHAPv2 to authenticate users. PEAP allows the client to use a password to authenticate the user on the wireless network.

A rule within a software restriction policy that will grant or deny access to software by evaluating its file path.

The part of a security right that determines what a user can do to a securable object.

Developed and standardized by Microsoft to provide a simple mechanism to create a virtual private network (VPN) with Windows NT 4 and Windows 9x clients.

This principle states that all users and processes should be operating using the fewest permissions necessary to complete the job. This minimizes the potential for damage should the user or process be used improperly.

A group of interrelated attributes to which permissions can be granted rather than granting permissions to each individual attribute.

An encryption scheme based on the Diffie-Hellman algorithm, which was first released in 1976. It allows users to share encryption keys without the need for a secure channel.