A certification for computer service technicians that is sponsored by the Computing Technology Industry Association (CompTIA). A+ Certification certifies service technicians for competency in troubleshooting, repairing, and installing stand-alone and networked PCs. A+ is an internationally recognized certification that identifies minimum competency for entry-level computer technicians, typically those who have a minimum of six months of practical hands-on and interpersonal support experience. The Association for Services Management International (AFSMI) and a number of prominent hardware and software vendors back the A+ Certification.
A+ Certification was created by CompTIA to benefit all groups involved in the recruiting and hiring process. Specifically,
A+ benefits managers and recruiters by helping them identify trained, competent individuals to fill vacant positions.
A+ benefits job seekers by identifying skills they need to learn and develop, and by providing a recognizable career path for self-promotion and employment.
A+ benefits educational institutions by providing goals and objectives for developing industry-relevant technical training programs.
The A+ exam consists of two parts a core section covering general computer hardware and software that is not vendor-specific, and a module covering Microsoft operating system technologies for MS-DOS and Windows platforms.
On the Web
•
Computer Technology Industry Association’s A+ Certification page
The hierarchical path that locates a file or folder in a file system starting from the root. The absolute path of a file enables the location of the file to be precisely specified, independent of where the user’s current directory is located.
In MS-DOS and Microsoft Windows platforms, the absolute path of a file is specified starting with a drive letter, followed by the hierarchy of directories in which the file is contained (with each directory separated by a backslash), and concluding with the exact filename. For example, on a computer running Windows 98, the absolute path to the executable for the game of Solitaire, which is typically located in the Windows directory on the C drive, would be the following:
C:\Windows\sol.exe
If the user opens a command prompt and the current directory is C:\Windows, the user can simply type sol.exe to run the Solitaire program. From any other current directory though, the user must either type the absolute path to execute the program, or specify the relative path from the current directory to the executable file.
NOTE
On UNIX platforms, path names are specified using forward rather than backward slashes, and absolute paths don’t start with a drive letter. For example, the absolute path to the file script12, located in the bin subdirectory of the usr directory, would be
/usr/bin/script12
See also relative path, Universal Naming Convention (UNC)
An International Organization for Standardization (ISO) standard that provides a mechanism for encoding human-readable symbols into condensed binary form. Abstract Syntax Notation One (ASN.1), which is part of the X.400 and X.500 specifications, provides a standard way of formatting and encoding X.400-based e-mail messages for transmission over a network. More generally, ASN.1 is a method of specifying abstract objects that are intended for any form of serial transmission. ASN.1 is also used for defining objects in Management Information Base (MIB) files for Simple Network Management Protocol (SNMP).
How It Works
ASN.1 is similar in syntax to a programming language, and it allows the definition of different data types, data structures, arrays, classes, and other structures similar to those found in the C++ programming language. The presentation layer (layer 6) of the Open Systems Interconnection (OSI) reference model uses ASN.1 as the standard for specifying the syntax of information exchanged between applications at this layer. ASN.1 data types can be either simple or structured. An example of a definition of a simple data type and its value might be
EmployeeAddress ::= ISO646STRING "99 Microsoft Way"
A more complex structured data type might be
EmployeeRecord ::= SET { name [0]ISO646STRING "Bob Smith title [1]ISO646STRING "Support Specialist" idNumber [2]INTEGER "116427" } ASN.1 data structures are encoded as octets in hexadecimal notation. These structures are then transmitted over the network as binary information.
NOTE
Microsoft Exchange Server uses ASN.1 for its X.400 Connector to provide connectivity with foreign X.400 messaging systems.
A policy created by management to specify acceptable usage for corporate network services as well as the consequences of violating these standards. Acceptable use policies lately have become an important feature of corporate IT culture for a number of reasons, but mainly because of the widespread implementation of Internet access for desktop users.
Management often becomes concerned about the possibilities of employees surfing the Internet for personal use on company time, using company e-mail to send personal messages, sending spam or mail bombs, and so on. Another concern is management’s possible legal liability if employees should access illegal or pornographic material on the Internet using their corporate Internet accounts.
Even if a company doesn’t have desktop Internet access for its employees, it should still have an acceptable use policy governing access to shared network resources such as file servers and color laser printers. To be effective, an acceptable use policy needs to have the following characteristics:
Acceptable and unacceptable usage must be simply and clearly explained in the policy.
A graded series of consequences of unacceptable usage must be clearly stated in the policy.
The policy itself must be clearly visible in employees’ work areas.
Management should regularly call employees’ attention to the policy.
In addition, users should be informed if management is utilizing monitoring practices such as logging all employee Internet access or archiving all employee e-mail. Management should consult its legal department in the drafting of an acceptable use policy, and this policy should be reviewed frequently and kept up-to-date as corporate network access evolves.
Generally, the process of connecting to and using resources on a network. To provide a user with access to network resources, permissions must first be granted to the user. For example, if a user is granted the read permission (and only this permission) for a file on the NTFS file system, the user is said to have read-only access to the file. An important part of a network administrator’s job is to configure appropriate levels of access control—that is, to manage access to network resources such as shared files, printers, and applications so that
Users who need access to these resources have the appropriate level of access to them
Users who do not need access to the resources—as well as distrusted users or hackers—are prevented from accessing them
NOTE
In Microsoft Windows 2000, when a user or process attempts to access an object such as a file on an NTFS volume, a component of the Windows 2000 operating system called the Security Reference Monitor compares the access token attached to the process with the access control list (ACL) attached to the object. Through this comparison, the Security Reference Monitor determines whether to grant access to the user or process.
See also access control, access control list (ACL), access token
For Microsoft Windows 2000, a general term describing how administrators can secure access to objects in Active Directory. The term “access control” is also used for both the Windows 2000 and Windows NT platforms to describe how files and folders can be secured using the NTFS file system, as well as how access to shared folders, printers, and other network resources can be controlled.
How It Works
Access control can be applied to any object in Active Directory, but it is applied most often to a group or a container. Access control to directory objects is implemented primarily by assigning permissions and rights.
Permissions are assigned to an object to determine who can access that object and at what level. Permissions can be set by an administrator or by the owner of the object. The kind of permission that can be applied depends on the type of object being considered. Some of the objects to which permissions can be applied include
NTFS file system objects such as files, folders, and volumes
Local system objects such as processes and programs
Local or Active Directory objects such as user, group, or printer objects
The issue of inheritance is related to permissions. When permissions are assigned to a folder on an NTFS volume, they are also inherited by default by all existing child folders and files within the folder, and by any new child folders or files created later. Similarly, when permissions are assigned to a container in Active Directory, they are also inherited by default by all existing child objects within the container and by any new child objects created later.
Rights are assigned to user or group accounts to provide them with authorization to perform a specific system task, such as backing up a volume, shutting down the system, or logging on to the console interactively. Rights are most often assigned to groups rather than individual users to simplify administration. Rights can be specified at either the local or domain level.
Another aspect of access control is the issue of ownership. When a user creates an object in Active Directory or a file on an NTFS volume, he or she becomes the owner of that object or file. The owner has the right to set and modify the permissions of the object. Every object in Active Directory and every file or folder on an NTFS volume has an owner.
One additional aspect of access control is the issue of auditing. Files and folders on an NTFS volume can be audited to keep track of failures or successes in accessing them. This can be important in detecting security breaches in your network.
NOTE
When assigning permissions to objects in Active Directory, you can assign them either to the object itself (and therefore to all its attributes) or to specific attributes of the object. For example, you could allow all users to have read access to the Phone Number attribute of users in Active Directory, while granting the clerical group read/write access to that attribute so that they can modify users’ phone numbers if necessary.
See also owner, permissions, rights
An entry in a discretionary access control list (DACL) or a system access control list (SACL). An access control entry (ACE) specifies the access or auditing permissions to an object in Active Directory or on a volume formatted using the NTFS file system for a particular user or group.
Graphic A-1. Access control entry (ACE).
How It Works
An ACE is part of a DACL or a SACL for an object and contains information that is used to control the access attributes of that object. An ACE specifies two pieces of information:
The security identifier (SID) of the security principal (user, group, or computer) to which the ACE applies
The level of access to the object permitted for that security principal
An access mask specifying the possible permissions that can be assigned to the object is included with each ACE. An ACE can provide one of the following:
Discretionary access control for explicitly granting or denying access to a specific user or group (AccessAllowed and AccessDenied entries)
System security access control for generating security audit logs (SystemAudit entry)
See also discretionary access control list (DACL), system access control list (SACL)
Any mechanism for implementing access control on an operating system, file system, directory service, or other software. Access control lists (ACLs) are implemented into the basic operating system architecture of Microsoft’s Windows 2000 and Windows NT operating system platforms, and are used to control access to objects in Active Directory and files on NTFS volumes. An access control list is basically a list attached to an object specifying which security principals (users, groups, computers, and so on) are allowed to access the object and what level of access they are allowed to have. In Windows 2000, ACLs are more properly called discretionary access control lists (DACLs) because they can be configured and managed by administrators at their discretion. There is also another type of ACL in Windows called a system access control list (SACL), which is used to control the generation of audit messages when object auditing has been configured on a file system.
Access control lists are natively implemented on some UNIX operating system platforms such as Solaris (which first implemented ACLs in version 2.5.1) and are also available as third-party software for other UNIX platforms. Traditionally access control on UNIX file systems was managed using the chmod (change mode) command, but this offered only limited or coarse-grained control of file permissions and provided no flexibility for configuring unique sets of access permissions for particular users or groups. To set and display access control lists on Solaris, use the setfacl and getfacl commands. Other UNIX packages and add-ons may use different commands such as setacl and getacl.
See also access control, discretionary access control list (DACL), system access control list (SACL)
A utility in Control Panel for most versions of Microsoft Windows that allows you to adjust the behavior of the keyboard, mouse, and display to suit the needs of individuals with impaired eyesight, hearing, or motor skills. Accessibility Options are part of Microsoft’s initiative to provide access to computer technology to all individuals, regardless of their physical impairments. Settings for Accessibility Options include the following:
StickyKeys: Makes it possible to use a key combination such as Ctrl+Alt+Delete without pressing more than one key at a time
FilterKeys: Makes it more difficult to bounce keys by telling the system to ignore brief or repeated keystrokes
ToggleKeys: Generates sounds when certain toggle keys, such as Caps Lock, are turned on
SoundSentry: Flashes a specified part of the screen when the system generates sounds
ShowSounds: Displays icons or text captions to accompany the sounds that programs generate
HighContrast: Makes reading text easier
MouseKeys: Controls the pointer using the numeric keypad
SerialKey: Enables the use of alternative input devices connected to the computer’s serial port instead of the keyboard and mouse
Graphic A-2. Accessibility Options.
NOTE
Windows 98 and Windows 2000 include an additional wizard called the Accessibility Wizard that allows you to configure accessibility options on your computer. Additional accessibility utilities include Magnifier, Narrator, and On-Screen Keyboard.
Microsoft product documentation and books from Microsoft Press are available in alternative formats from Recording for the Blind and Dyslexic and Microsoft Accessibility and Disabilities Group at the following Web sites.
On the Web
•
Recording for the Blind and Dyslexic : http://www.rfbd.org
•
Microsoft Accessibility and Disabilities Group : http://www.microsoft.com/enable/
A Microsoft Windows 98 and Windows 2000 utility for configuring a computer for individuals with impaired visual or motor skills. Accessibility Wizard is an alternative to Accessibility Options for configuring computers for individuals with disabilities.
Graphic A-3. The Accessibility Wizard for Windows 98.
How It Works
To start the Accessibility Wizard, choose Accessories from the Start menu. Then from the Accessibility program group, choose Accessibility Wizard. Note that in Windows 98, you might have to install the Accessibility Tools to gain access to the wizard. The wizard leads the user through a series of questions concerning his or her disability and configures mouse, keyboard, and display properties to meet the particular need. This tool gives administrators the ability to configure workstations for individuals with physical impairments by leading the user through a series of screens that he or she can then respond to in real time. Using the Accessibility Wizard is generally more convenient than using the Accessibility Options property sheet to configure accessibility settings. The wizard’s final screen lists the accessibility options that have been enabled.
Defines all possible actions for a particular type of object (file, folder, and so on) for each access control entry (ACE) in a discretionary access control list (DACL) or a system access control list (SACL). The system chooses the access rights that it can grant to a thread from the possible actions listed in the access mask.
Microsoft Windows NT and Windows 2000 use access masks that support three types of access rights:
Specific access rights: These include access rights such as FILE_READ_DATA and FILE_APPEND_DATA, which provide permission to read and write data in a file. Objects can have up to 16 different specific access rights, depending on the object type.
Standard access rights: These apply to all objects and include DELETE, which grants or denies delete access to an object, and WRITE_OWNER, which grants or denies access to the owner security identifier (SID) of an object.
Generic access rights: These map to specific access rights and standard access rights. Each type of securable object maps generic access rights to its own specific and standard access rights. Generic access rights for file objects include FILE_GENERIC_READ, FILE_GENERIC_WRITE, and FILE_GENERIC_ EXECUTE. These three types are listed in Windows Explorer in Windows 2000 and in Windows NT Explorer in Windows NT as the special permissions read (R), write (W), and execute (X).
See media access control method
A mode of running a console created with the Microsoft Management Console (MMC). Different access modes are provided for MMC consoles in order to allow or restrict access to administrative functionality. This enables senior administrators to create custom consoles for junior administrators that have only the functionality needed to perform specified tasks, while preventing them from using functionality that could cause problems if not handled correctly.
How It Works
Selecting options from the Console menu configures access modes for MMC consoles. The two modes available for running consoles are
Author mode: This mode grants the user full access to all the functionality of the MMC, including adding new snap-ins, removing snap-ins, creating new console windows, and accessing the entire console tree. Only senior administrators should have this access mode.
User mode: This mode does not allow the user to add snap-ins to or remove snap-ins from the console and restricts access to some of the functionality of the MMC, depending on the options selected. For example, by selecting the Force SDI option, the MMC displays only a single console window. User mode has three submodes:
Full access: This submode allows the user to view the whole console tree but restricts the user from adding new snap-ins or changing the properties of the console.
Delegated access: This submode restricts the user so that only a portion of the console tree can be viewed.
SDI delegated access: This submode further restricts the user to a single document interface (SDI), that is, a console with only one window open. The user can open no new windows.
TIP
If an MMC console is set to user mode, you can start it in author mode by running it from the command line with the /a switch. You can also right-click on the console file (*.msc file) in Windows Explorer and use the shortcut menu to start the console in author mode. However, an administrator can also set the user’s profile settings to prevent the user from opening a console in author mode.
A type of device that enables wireless stations to connect to a wired local area network (LAN). An access point therefore provides wireless stations with access to resources on a network.
Graphic A-4. Access point.
How It Works
In typical wireless networking implementations, an access point is a device connected to a wired network, such as an Ethernet network. The access point is a transceiver, transmitting and receiving signals using either direct sequencing or frequency hopping methods in spread spectrum communication technologies. The access point provides a point of access to the wired network for mobile computers. To communicate with the access point, a mobile computer can use either a special wireless PCMCIA card or a network interface card (NIC), or it can use station adapters, which are devices that plug in to the standard 10BaseT port of the computer’s Ethernet card.
For spread spectrum communication in the 2.4 GHz range, access points typically support 1–3 Mbps communication over distances of up to about 3 kilometers. The area covered by an access point is called a cell. An access point can generally support 15 to 25 wireless stations, while still maintaining optimal data transfer rates. The access points allow wireless stations to be quickly and easily connected to a wired LAN.
See also wireless networking
See Internet service provider (ISP)
An object generated during a successful logon by the security subsystem in Microsoft Windows NT and Windows 2000 and attached by the Winlogon process to all the user’s processes. An access token is used to uniquely identify the user’s processes in order to provide the user with appropriate access to resources on a network.
How It Works
An access token is like a card key. Your card key will provide you with access to doors that have been configured to grant you permission to open them. The list of card keys that a door will accept is analogous to an access control list (ACL).
Graphic A-5. Access token.
When you successfully log on to Windows NT or Windows 2000, you are granted an access token, which is attached to all your user processes. Your access token contains the security identifier (SID) of your user account and every group to which you belong. When your application tries to access an object such as a file on a volume formatted with the NTFS file system, Windows NT or Windows 2000 compares the SIDs in your application’s access token to those in the access control entries (ACEs) in the object’s ACL. If it finds a match, the system grants access to that object.
See also access control list (ACL), object in Windows NT and Windows 2000
A set of credentials for participating in a network. In a typical network, each user needs an account to access resources on the network, such as shared folders, printers, or applications. Accounts provide a way of identifying users on a network and are the foundation for network security. An administrator or another user with high security privileges typically creates accounts.
Accounts are generally used in server-based networks where a central computer such as a Microsoft Windows NT domain controller keeps track of each user’s account and grants or denies access to the network based on the credentials entered by the user at logon. Accounts are used less frequently in peer-to-peer networks or workgroups because the security requirements are usually much less stringent.
A Windows NT or Windows 2000 network contains three kinds of accounts:
User account: Identifies users who belong to the domain by storing their names, passwords, the groups they belong to, and the permissions they have for accessing system resources
Group account: Identifies a specific group of users and is used to assign permissions to them
Computer account: Identifies machines that belong to the domain
A type of domain in Windows NT in an enterprise containing global user accounts and global group accounts throughout. Account domains simplify account administration by centralizing administration to a single domain.
Graphic A-6. Account domain.
How It Works
An account domain is often a master domain too when used in a single master domain model implementation of Windows NT. The account domain contains user accounts for every user in the enterprise and is usually located at corporate headquarters. Servers and workstations at company branch offices belong to other domains called resource domains. Users at branch offices who want to log on to the network must log on to the account domain, even though their workstations are located within a resource domain. For this scenario to work, a trust relationship must be established so that each resource domain trusts the account domain. In this way, all user accounts can be centralized in the account domain, which eases account management for administrators located at headquarters.
See also resource domain, trust relationship
In Microsoft Windows NT and Windows 2000, a state in which a user is prevented from logging on to the network. If account lockout restrictions are set on a network, a user who fails successively to log on will be locked out of the network after a predetermined number of attempts. For example, if a user forgets the password and repeatedly attempts to log on, the domain controller assumes that unauthorized access is being attempted and shuts out the user by locking out his or her account. The account can either remain locked until an administrator unlocks it, or it can be configured to unlock after a specified period of time.
Account lockout restrictions are part of the account policy that can be set for domains. Account lockout is used to prevent unauthorized access to the network by preventing distrusted users from attempting to guess a trusted user’s password. If you set up account lockout on your network, you will probably also want to configure auditing to record failed logon attempts.
TIP
Use account lockout only for high-security networks. In a low-security environment, users can become frustrated if they lock themselves out by mistyping their password, and administrators must cope with the additional overhead and bother of unlocking these accounts.
See also Account policy
In Microsoft Windows NT and Windows 2000, account operators are users who are assigned the responsibility of administering user and group accounts for a network. To make an individual an account operator, simply make them a member of the Account Operators group. Account operators can administer accounts only on a domain controller, not on a member server or workstation.
Account operators have the preassigned rights to log on locally to a domain controller and to shut down the system. In addition, account operators have the built-in capacity to create and manage user accounts, global group accounts, and local group accounts, as well as to keep local profiles.
TIP
Account operators should be assigned in enterprise-level networking environments only. In small to medium-sized networking environments, creating and configuring user accounts is usually the responsibility of the administrator.
In Microsoft Windows NT and Windows 2000, a built-in group whose users can create, delete, and modify the properties of users, global groups, and local groups. The Account Operators group exists only on domain controllers and has an empty initial membership. The Account Operators group has the following preassigned rights:
Log on locally
Shut down the system
Additionally, members of the Account Operators group have the ability to create, delete, and modify user and group accounts. In Windows NT, members do so using User Manager for Domains. In Windows 2000, members use Active Directory Users and Computers.
NOTE
Members of the Account Operators group cannot modify the membership or rights of the following built-in groups:
Administrators
Account Operators
Server Operators
Print Operators
Backup Operators
See also built-in group
In Microsoft Windows NT, a set of rules specified for a domain using User Manager for Domains that determines the restrictions placed on passwords for users in that domain. In Windows 2000, this set of rules is specified using Active Directory Users and Computers.
To configure your account policy for a domain in Windows NT, select the domain you want to administer in User Manager for Domains, and from the menu, select Policies. Then select Accounts to open the Account Policy dialog box. You can specify restrictions for the following:
Maximum and minimum password age
Minimum password length
Password history
Account lockout trigger and duration
Forcible disconnection when logon hours expire
Logon requirement for password changes
Graphic A-7. The Account Policy dialog box in Windows NT 4.0.
NOTE
As a network administrator, not only should you avoid making your account policy too lax (for example, allowing two-letter passwords), you should also avoid making your policy unnecessarily restrictive. For example, suppose your company is a medium-security environment, but you force users to create passwords of 10 characters or more in length, you keep a password history of 10 passwords, and you set a minimum password age of seven days. Your policy might result in users writing down their list of 10 passwords and taping it under their keyboard—obviously defeating the same network security you are trying to enforce! Ultimately, the best security policy is often a posted list of rules and procedures with warnings of the consequences of breaking the rules.
TIP
In a high-security environment, you can force users to choose complex passwords containing a mixture of uppercase letters, lowercase letters, numbers, and symbols by installing Passfilt.dll from Windows NT Service Pack 2 or later.
See also account lockout, domain in Windows NT and Windows 2000, passfilt.dll
An account template is a user account in Microsoft Windows NT created with User Manager for Domains that has common group memberships and account restrictions. The administrator can copy the template and make a few modifications to easily create new accounts.
How It Works
As an example, an administrator might create an account called MarketingUserTemplate, assign it membership in the marketing global group, and set a logon hours restriction and home directory location. Next, to create new marketing user accounts in User Manager for Domains, the administrator selects the MarketingUserTemplate account, and then selects User and Copy from the menu to create a copy of the account template with the same membership and restrictions. The administrator then assigns a user name, full name, description, and password to the new account; clicks Add; and continues creating more marketing user accounts.
NOTE
Do not assign any rights and permissions to an account template because these will not be copied to the new accounts. Disable the account template so that no one can use it to log on to the network.
TIP
Add an underscore to the beginning of your account templates (for example, _MarketUserTemplate) so that these will always be visible at the top of the User Manager for Domains window.
See also user account, User Manager for Domains
See access control entry (ACE)
Stands for acknowledgment; any transmission from a receiving station to a transmitting station communicating that the transmitted data has been received without errors. On the other hand, if the receiving station determines that the data transmission is late or has not arrived, a NAK (negative acknowledgment) is generated to indicate to the transmitting station that the data should be sent again.
The Transmission Control Protocol (TCP) is a connection-oriented protocol that relies on acknowledgments for successful transmission of data. When a stream of TCP packets is being sent over the network, each packet contains an acknowledgment number indicating the sequence number of the next packet that the receiving station should expect to receive. TCP can use an ACK to acknowledge a series of TCP packets that have been received, rather than just a single packet. A TCP packet sent as an acknowledgment has its ACK flag set to 1 to indicate that the acknowledgment numbers of the packets received are valid.
See access control list (ACL)
See Association for Computing Machinery (ACM)
See Advanced Configuration and Power Interface (ACPI)
A component of Microsoft Site Server that provides the capability of distributing channels only one time per refresh period. This results in considerable savings in bandwidth and server resources, since networks not using the Active Channel Multicaster require each client to separately pull the same channel content. For example, if a network has 10 clients, the same content would traverse the network 10 times.
How It Works
Active Channel Multicaster uses multicasting to reduce the number of connections needed to broadcast channel information. The server opens only one connection to the Web in order to retrieve the channel information. The multicast server then transmits a single copy of the channel information, directed toward an Internet Protocol (IP) multicast group. Users who have subscribed to this multicast group receive the information being transmitted directly into their Microsoft Internet Explorer browser cache. Users then view the multicast information through the standard Internet Explorer interface.
To receive Active Channel Multicaster multicasts, Internet Explorer client browsers must have the Multicast Delivery Agent (MDA) installed on the client computers. The MDA runs in the background client computer and
Checks the CDF file against the client browser’s subscription list to identify multicast information
Replaces the delivery agent for the multicast channel content
Supplies the user with information about multicast subscriptions
A component of Microsoft Site Server 3.0 that lets Web content developers create, manage, and deliver Channel Definition Format (CDF) files. These files specify the channel’s structure and update frequency. Users receive channels utilizing a standard Web browser such as Microsoft Internet Explorer 4.0 and later.
How It Works
Active Channel Server supports both content channels and software channels. Content channels contain a collection of theme-based Web pages or other documents. Software channels contain program files and offer users new software and software updates.
Active Channel Server uses Active Channel Agents to collect content items from a specified source and organize them into channels. These agents are scripts that can automatically update channel content items according to a specified schedule. Active Channel Agents can collect content from
A shared directory on the network
Any open database connectivity (ODBC)–compliant database such as Microsoft SQL Server
Indexing Service
Site Server Commerce databases
Site Server Search catalogs
Knowledge Manager shared knowledge briefs
Active Channel Server can also use third-party agents or custom agent scripts to gather content from other sources.
Users then configure their Web browsers to either alert them when new channel content is available or automatically download the new content. If software channels are used, software can be automatically downloaded and installed on user machines.
A feature first introduced with Microsoft Internet Explorer version 4.0 that enables active content from Web sites or channels to be displayed directly on your desktop. This includes content such as graphics, HTML pages, Microsoft ActiveX controls, Java applets, and channels. For example, you could have a stock ticker applet placed directly on your desktop that updates its information continually using a live Internet connection.
Active Desktop integrates the Web and your desktop, allowing you to launch programs, switch between files, and customize your desktop using active Web content. Active Desktop makes your desktop and its folders look and work like the Web, allowing you to browse resources on your computer or local network the same way you browse for content on the World Wide Web. Information about volumes, folders, and files can be displayed as Web pages within folders, and you can move up and down the folder hierarchy using a single click instead of a double click.
Graphic A-8. Active Desktop.
Active Desktop is included with Microsoft Windows 98 and Windows 2000, and is optionally available for Windows 95 and Windows NT 4.0 by installing Internet Explorer 4.0 and the Windows Desktop Update.
How It Works
The Active Desktop is implemented as an application programming interface (API) called the IActiveDesktop interface, which is part of the Windows Shell API. This interface is designed to allow client programs to manage desktop items and wallpapers on local computers. It also provides methods for adding desktop items (with or without a user interface, allowing the user to decide whether to accept the addition), adding desktop items associated with a URL, applying changes by writing settings to the registry, and so on.
The Active Desktop consists of two layers:
HTML layer: This is the background layer that hosts active Web content items. The HTML layer has three components: a file named desktop.htm that contains HTML tags for each active Web component on the desktop, an ActiveX control that lets you move or resize components on your desktop, and any other static HTML element you want to display in the background.
Icon layer: This transparent foreground layer integrates a web-type environment with familiar Windows 95 shell features such as double-clicking, drag-and-drop, file associates, and so on.
Users can add new items to the Active Desktop on their machines by using the display utility in Control Panel (or by right-clicking a blank area of the desktop and choosing Properties from the context menu). Either specify the URL of the object you want to add to your Active Desktop, or browse to locate it on your network or on the Internet (if you are connected). Programmers can use the ActiveDesktop interface to write routines that add, remove, or modify items on the Active Desktop. You can also add items to the Active Desktop using a Channel Definition Format (CDF) file.
See also Active Platform
The directory service for the Microsoft Windows 2000 network operating system. Active Directory consists of both a database and a service. Active Directory is a database of information about resources on the network, such as computers, users, shared folders, and printers. It is also a service that makes this information available to users and applications. Active Directory provides the basic features needed for an enterprise-level directory service, including an extensible information source, naming conventions for directory objects, a common set of policies, and tools for administering the service from a single point of access. Administrators can configure Active Directory to control access to network resources by users and applications.
How It Works
The basic element of Active Directory is the object. An object can represent a user, computer, printer, application, file, or another resource on the network. Active Directory objects possess attributes, which are their properties. For example, some user attributes might include first name, last name, e-mail address, and phone number. Some attributes must have mandatory values, while others can be left undefined. Attributes of a printer might include the location of the printer, the asset number of the printer for accounting purposes, the type of printer, and so on.
A special type of Active Directory object is the organizational unit (OU). An OU is a type of object that can contain other objects. An OU can either contain a specific object, such as a user or an application, or it can contain another OU. Using OUs, you can organize Active Directory into a hierarchical directory of network information based on the X.500 directory recommendations of the International Telecommunication Union (ITU). You can assign users permissions on subtrees of OUs for management and resource access purposes.
Organizational units are contained within domains, which are the basic security and organizational structure for Active Directory. Every object in Active Directory must belong to a domain. Domains usually mirror the organizational structure of your enterprise and act as a security boundary in your enterprise. For example, privileges granted in one domain are not automatically carried over to another domain. Domains can be joined into larger structures called domain trees using two-way transitive trusts, and these tree structures can be grouped into domain forests for larger enterprises.
Discretionary access control lists (DACLs) and system access control lists (SACLs) protect Active Directory objects. DACLs and SACLs specify which user or application has permission to access attributes of directory objects, and work in a similar fashion to access control lists (ACLs) that are implemented in the version of NTFS used in Windows NT 4.0. DACLs and SACLs can be used to propagate their permissions to connected directory objects. They also provide a simple way for administrators to grant access and usage rights for Active Directory to users and groups.
Active Directory has a set of rules governing which objects can be stored in the directory and which attributes these objects can possess. This set of rules is known as the schema.
Information in Active Directory is maintained for each domain on the network. Active Directory database information is stored and maintained on machines called domain controllers. This information is replicated automatically between domain controllers to ensure that every portion of the distributed directory is up-to-date. By default, the replication of updates to Active Directory occurs automatically every five minutes. Automatic replication of Active Directory information occurs only within the security boundary of a specific domain. Domain controllers in one domain do not automatically replicate with those in another domain.
Active Directory provides network administrators with centralized administration of all information about resources on the network, and it provides both users and administrators with advanced search capabilities for locating resources on the network.
NOTE
The default naming convention for objects stored in Active Directory is an Active Directory canonical name of the object. This defines the object’s position in a domain tree from left to right, starting with the object’s name and delimited by slashes. For example, the User Account MSmith in the Marketing organizational unit of the northwind.microsoft.com domain would have the Active Directory canonical name:
msmith\users\marketing\northwind.microsoft.com
Active Directory supports non-DNS naming conventions for interoperability with non-DNS environments. An example is the Lightweight Directory Access Protocol (LDAP) naming convention. An LDAP URL is composed of the name of the server with the distinguished name of the object appended to it. Other naming conventions include the following:
User principal name: This convention consists of the user’s Security Accounts Manager (SAM) account name with an object’s user principal name suffix appended to it. The user principal name suffix is the name of the domain tree or the name of the domain above the object in the domain tree.
Request for Comments (RFC) number 822 Name: This naming convention is essentially the user’s e-mail address.
Universal Naming Convention (UNC): This convention can be used for shared resources.
TIP
Before implementing Active Directory in your enterprise, you will need to gather information about the structure of your organization because Active Directory usually mirrors this structure in some fashion. A good way to proceed is to use a centralized planning approach with a team consisting of both technical and management representatives. You must develop a naming strategy, plan your domain structure, and consider how you will delegate administrative duties concerning Active Directory. When you delegate administrative control to Active Directory, do so at the OU level instead of at the individual object level. This makes it easier to control portions of the OU hierarchy within Active Directory. In particular, you probably want to delegate control to individuals responsible for creating users, groups, computers, and similar objects.
TIP
Consider the speed of the various links between your different geographical locations, and how any systems that are not interoperable with Active Directory will be integrated into your new system. You should also profile your user community to determine what sort of domain hierarchy you will be implementing. Also consider integrating your Domain Name System (DNS) zone information into Active Directory because this will store your DNS zone information in the distributed Active Directory. Plus, it will facilitate and simplify updates of zone information through replication of domain controllers.
TIP
An important planning issue is determining where to locate domain controllers and global catalog servers for your enterprise. This is because after Active Directory is installed and configured, the majority of Active Directory traffic is related to Active Directory clients querying Active Directory for information. Directory replication traffic is usually a less important consideration, unless the organization is in a constant state of flux. Placing a domain controller at each site will optimize queries but can increase replication traffic. Nevertheless, placing a domain controller at a site that has users in that domain is usually the best solution. If the domain tree is large, you should not place a global catalog server at each site because this can create a lot of replication traffic. Place global catalog servers only at large regional sites. Remember that replication of modifications made to your Active Directory might take some time to propagate throughout your enterprise. For example, if you create a new user account object, it might be a few minutes before the user can actually log on to the network using the account.
On the Web
•
Active Directory Technical Summary : http://www.microsoft.com/ntserver/windowsnt5/techdetails/prodarch/ad_techsummary.asp
A client on a machine running Microsoft Windows 2000 that allows the computers to log on to a network by locating a domain controller and then accessing information published in Active Directory. The purpose of Active Directory Client is to enable the client machine to access information stored in Active Directory on domain controllers in the network.
NOTE
A version of Active Directory Client called the Directory Services client is available for computers running Windows 95 and Windows 98. This client allows them to log on to a Windows 2000 domain and access information published in Active Directory. The Directory Services client can be found in the \clients folder on the Windows 2000 Server compact disc. Microsoft Internet Explorer version 5.0 or later must be installed on the machine running Windows 95 or Windows 98 prior to installing the Directory Services client. A similar client will also be available for Windows NT version 4.0 machines.
A Microsoft Windows 2000 management console that can be used for administering domain modes and trust relationships. Active Directory Domains and Trusts provide administrators with a graphical representation of all the domain trees in a domain forest. Using the Active Directory Domains and Trusts, you can perform common administrative tasks such as
Creating an explicit domain trust and managing existing trust relationships between domains
Changing the domain mode from mixed mode to native mode
Adding user principal name suffixes for a forest
Graphic A-9. Active Directory Domains and Trusts.
NOTE
To start the Active Directory Domains and Trusts, open the administrative tools shortcut named Active Directory Domains And Trusts.
TIP
You can also use the Active Directory Domains and Trusts to open Active Directory Users and Computers by right-clicking on a domain and then selecting Manage from the shortcut menu.
See also administrative tools (Windows 2000)
A wizard on a machine running Microsoft Windows 2000 that installs Active Directory service on a member server, turning it into a domain controller. You can use Active Directory Installation Wizard to
Create a new domain controller with a new domain tree
Create a new domain controller with a new child domain that is located under a parent domain in an existing domain tree
Create a replica domain controller for an existing domain
Graphic A-10. Active Directory Installation Wizard.
How It Works
You must be an administrator to run Active Directory Installation Wizard. Start the wizard by running the dcpromo utility from the command prompt, or choose the Run command from the Start menu, enter dcpromo in the Run dialog box, and then click OK. This opens the wizard’s welcome screen, where you are required to make a number of decisions concerning the following:
Whether to create a new domain or add a replica domain controller to an existing domain
If you choose to create a new domain, whether to create a new domain tree or add a child domain to an existing tree
If you choose to create a new domain tree, whether to create a new domain forest or add the new tree to an existing forest
Names you specify for new or existing domains, domain trees, or domain forests are based on the Domain Name System (DNS) naming system. Other steps in the wizard allow you to specify the path to the Active Directory database, the location of the SYSVOL share, and so on.
These are the results of running Active Directory Installation Wizard:
The machine on which the wizard is run becomes a domain controller. If it is the first domain controller in your domain, the wizard also creates a new site for that controller. If it is the first domain in your enterprise, it is also the root domain for any domain tree that will be created. You can use the wizard to create the first domain forest in your enterprise too.
The first domain controller is also your global catalog server.
Active Directory files are located in %SystemRoot%\Ntds with the associated log files.
The shared system volume SYSVOL, which stores scripts used for implementing group policies for your domain, is located in %SystemRoot%\Sysvol.
A number of default organizational units (OUs) are created, namely the Users, Builtin, Computers, and Domain Controllers.
TIP
You must make sure that DNS is already installed and configured prior to running Active Directory Installation Wizard in order to create the first domain controller for your network. A DNS name will be needed for your new domain controller, and a DNS server must be available on the network during the installation process.
Active Directory files also require an NTFS volume, which must be configured as a basic volume. Dynamic volumes cannot be used for Active Directory files. Running the wizard creates a log file in the %SystemRoot%\Debug folder that shows the results of the installation procedure.
If you are creating a new child domain, there must be an available domain controller on the existing parent domain. If you are creating a replica domain controller, there must be an available domain controller in the target domain.
Formal term for all object classes that can be stored in Active Directory and all attributes that make up these object classes. The schema defines which kinds of objects are permitted to be published in Active Directory and states their possible attributes.
How It Works
The schema consists of two types of objects:
Classes: These objects are predefined collections of attributes. For example, every user account on a network is represented in Active Directory by a User class object.
Attributes: This is the actual information stored in an object. For example, a User class object is composed of attributes such as Name, PhoneNumber, and so on.
Attributes are defined separately from classes. This allows each attribute to be defined only once and then used in many different classes. Class definitions (such as the User class) and attribute definitions (such as the Name attribute) are themselves objects within Active Directory. This means you can manage class and attribute definitions in Active Directory with the same tools you use to manage other objects (user and group accounts, computers, and so on).
The schema is located under the rootDSE object, which contains information about the directory and is located at the top of the Lightweight Directory Access Protocol (LDAP) directory naming structure. You can access this object using the LDAP URL:
LDAP://rootDSE
Active Directory of Microsoft Windows 2000 includes a default schema that defines commonly used object classes such as users, groups, computers, domains, organizational units (OUs), and security policies. Active Directory is extensible and can be modified using Active Directory Schema. Specifically, you can modify the schema by
Defining new object types and their attributes
Defining new attributes for existing object classes
Removing attributes from existing object classes
Removing existing object classes
NOTE
Existing object classes and their attributes cannot actually be deleted; they are simply marked “defunct” in Active Directory and can no longer be used.
See also Active Directory Schema
A Microsoft Windows 2000 administrative tool that can be used to modify Active Directory. Active Directory comes with a default schema that defines various common default object classes such as Users, Groups, Computers, and Domains—plus, it defines their attributes. Using Active Directory Schema, you can modify your organization’s schema by
Creating new classes and modifying existing ones
Creating new attributes and modifying existing ones
Deactivating unnecessary classes and attributes
Members of the Schema Admins group, of which the default Administrator account is automatically a member, are the only users who can make changes to the schema. A typical use for Active Directory Schema is adding new attributes to an existing User object, for example a SeniorityLevel attribute.
NOTE
Active Directory Schema is an advanced tool that should be used only by qualified administrators, as an inexperienced user could easily render your Active Directory inoperable. Before you can use this tool to modify the schema, you must add a registry setting to your machine and specify the one domain controller that can be used to modify the schema for your enterprise. This prevents unauthorized access to the schema and inconsistencies that can occur when the schema is simultaneously modified in more than one place. You must also install the snap-in for this tool in a Microsoft Management Console (MMC) console before you can use it—it is not available from the Start menu’s list of Administrative Tools.
TIP
Another way of modifying Active Directory schema is to write a script that uses Active Directory Service Interfaces (ADSI) to make calls that modify the schema. This is the best solution if you want to modify the schema for an entire enterprise or if you want to automate modifications to the schema.
See also Active Directory schema
An object-oriented programming interface to Active Directory of Microsoft Windows 2000. More generally, a set of interfaces built on the Component Object Model (COM) that lets applications work with various types of directories using a single access method. Active Directory Service Interfaces (ADSI) was formerly known as OLE DS.
How It Works
ADSI works by abstracting the capabilities of directory services from different network providers to present a single set of interfaces for managing network resources in a distributed computing network. ADSI provides a simple, open, functionally rich, and scriptable method for interfacing with any directory service, independent of the vendor. ADSI is built on the Component Object Model and consists of two types of COM objects (directory service leaf objects and directory service container objects) that clients can manipulate with interfaces. ADSI providers are used to implement these objects and their interfaces. Each object in a given namespace is identified using a unique name. For example, file system objects can be specified using their absolute path, while directory objects are usually specified using their X.500 address. However, ADSI is flexible enough to handle any naming system used by third-party vendors’ directory service implementations.
ADSI can be used by programmers and administrators to create directory-enabled applications using tools such as Microsoft Visual Basic or Microsoft Visual C++. ADSI supports the Lightweight Directory Access Protocol (LDAP) C API defined in Request for Comments (RFC) number 1823, which specifies a low-level interface for C language programming and provides support for the Messaging Application Programming Interface (MAPI) so that legacy MAPI applications will work with Active Directory.
A Microsoft Windows 2000 management console that can be used to administer Active Directory sites, domain trees, domain controllers, subnets, and intersite links. Using Active Directory Sites and Services, you can perform common administrative tasks such as
Creating a new site and configuring replication within the site
Configuring directory service (DS) objects and licensing site settings
Adding servers, domain controllers, intersite links, and subnets to a site
Moving and repairing domain controllers
Delegating control of a site
Graphic A-11. Active Directory Sites and Services.
See also administrative tools (Windows 2000)
A management console in Microsoft Windows 2000 that can be used for administering Active Directory objects and information published in the directory. Using Active Directory Users and Computers, you can perform common administrative tasks such as
Creating a new user, group, shared folder, computer, printer, or other resource
Creating new organizational units (OUs) for organizing directory objects
Moving directory objects to different organizational units
Deleting objects from the directory
Displaying and editing the properties of directory objects
Managing group policies and changing domain controllers
Finding objects within Active Directory database
NOTE
To start Active Directory Users and Computers, choose Programs from the Start menu, choose Administrative Tools, and then choose Active Directory Users And Computers.
TIP
If you want to quickly assign permissions to network resources such as file shares, printers, users, and groups in your enterprise, simply move their associated directory objects to different servers that require the same permissions to the same OU. Objects inherit permissions from their new OU and lose permissions from their old OU. However, permissions assigned directly to an object are moved together with the object.
Graphic A-12. Active Directory Users and Computers.
See also administrative tools (Windows 2000)
A consortium of software and systems vendors that is dedicated to the promotion and widespread adoption of Microsoft ActiveX technologies. The goal of The Active Group is to build on the success of ActiveX technologies and ensure that their evolution meets the needs of the broadest possible community of developers and users. Microsoft provides source code, reference specifications, and validation testing standards for ActiveX technologies to The Active Group.
The Active Group functions as an authoring group working under the auspices of The Open Group, a group dedicated to lowering the barriers of integrating new technology across the enterprise. Members of The Active Group steering committee include Adobe Systems, Computer Associates International, DEC, Hewlett-Packard Company, Microsoft Corporation, Powersoft-Sybase, Sheridan Systems, Siemens-Nixdorf Information Systems, Software AG, Videosoft, Visio, and Wall Data.
On the Web
•
The Active Group : http://www.activex.org
A hub that has electronic circuitry to regenerate weak signals. Active hubs function as multiport repeaters, allowing computers to be networked together in a star topology. Virtually all hubs sold today are active hubs.
See also passive hub
The partition that contains the boot files for the operating system you want to run, that is, the partition from which the computer starts up. On a computer running Microsoft Windows 2000 or Windows NT that is based on the x86 family of CPUs (an x86-based computer), the active partition must be a primary partition. In addition, on a computer running Windows 2000, the active partition must be on a basic disk.
Alpha-based computers have no active partitions; these are configured by the manufacturer-supplied configuration program.
NOTE
Depending on your platform, you can use any of the following tools to make a partition active:
The fdisk utility from the command prompt for MS-DOS and Windows 95 or Windows 98 platforms
The Disk Administrator administrative tool in Windows NT
The Computer Management administrative console in Windows 2000
See also system partition
A set of Microsoft technologies for developing applications for the Internet. Applications developed using Active Platform technologies can be accessed and run from any client platform independent of the operating system, as long as a standard Web browser such as Microsoft Internet Explorer is installed on the client.
Active Platform is actually an umbrella term for three key Microsoft technologies:
Active Desktop: Integrates the Microsoft Windows desktop with the Internet, providing a seamless connection between local and remote applications and resources. Active Desktop is a core technology of Internet Explorer.
Active Server: The Active Platform component of Microsoft Internet Information Services (IIS) version 5 or later. Using Active Server technologies, core Windows NT services can be extended to the Internet using applications developed with Microsoft Active Server Pages (ASP) technologies.
Microsoft ActiveX: A component software technology based on the Component Object Model (COM). ActiveX allows distributed Web-based applications to be developed in any programming language and then run from within an ActiveX-enabled browser such as Internet Explorer.
The process of using a scripting language such as Microsoft Visual Basic Scripting Edition (VBScript) or Microsoft JScript to drive Component Object Model (COM) components. Host applications such as Microsoft Internet Information Services (IIS) with Microsoft Active Server Pages (ASP) and Microsoft Internet Explorer have scripting engines for running scripts written in VBScript or JScript. Active scripting engines can be developed for other interpretive scripting languages, such as Perl, to leverage a developer’s existing knowledge of these programming platforms. Scripting engines for client software, such as Internet Explorer, are specially designed to eliminate the authoring components that are not needed in a nonauthoring host environment. This makes the client-side scripting engine lightweight, which yields better performance.
How It Works
In a typical scenario, the host application loads the script document and calls an application programming interface (API) to create a new instance of a scripting engine. The host application feeds the script to the engine and executes the script.
An open, compile-free application environment for developing Web applications for Microsoft Internet Information Server (IIS) version 3.0 and later. Microsoft Active Server Pages (ASP) can be used to build powerful, distributed Web-based applications that combine Hypertext Markup Language (HTML), script, and Microsoft ActiveX technologies to provide dynamic Web sites. ASP combines the ease of HTML with familiar programming tools such as Microsoft Visual Basic Scripting Edition (VBScript) and Microsoft JScript, along with reusable Component Object Model (COM) components. These components can be used to build powerful, dynamic Web sites. ASP executes on the Web server, and the output returned to the Web browser is a plain HTML file.
How It Works
A page created using ASP typically contains a mixture of HTML, scripts, and other components written in any programming language. When a client requests an ASP file, the scripts in the file are processed on the server. The scripts can reference components running on either the local server or any other accessible server, and can perform actions such as accessing a database, sending e-mail, or processing information in another fashion. The result is then returned by the server to the client as a standard HTML file and displayed in the usual way.
For example, when requested, the following ASP file will return the current time and browser type to the requesting client:
<HTML> <HEAD><TITLE>Sample Web Page</TITLE></HEAD> <BODY> The time right now is <% = now %> Your browser type is <% =Request.ServerVariables("http_user_agent") %> </BODY> </HTML> You can use ASP to develop Web content that is customized for user preferences and demographics and that uses Microsoft ActiveX Data Objects (ADO) and open database connectivity (ODBC) to provide access to multiple data sources. ASP provides a browser-neutral approach to the design of Web applications where all of the application logic resides on the server.
ASP on IIS version 4.0 integrates with Microsoft Transaction Server (MTS), allowing ASP-based Web applications to take advantage of Transaction Server’s process isolation, scalability, and transaction programming model.
NOTE
Unlike the stateless Hypertext Transfer Protocol (HTTP), ASP is a session-based technology. When a user connects to an ASP file on a Web server, a session object is created. After the session expires, the session object is destroyed. The default time-out for ASP applications is 20 minutes, although Outlook Web Access uses a time-out of 60 minutes.
On the Web
•
Charles Carroll’s ActiveServerPages.com : http://www.activeserverpages.com
•
15 Seconds home page : http://www.15seconds.com
See also Active Platform
A Microsoft ActiveX engine that can be used to interactively download and install software over the Internet using a standard Web browser such as Microsoft Internet Explorer.
How It Works
Active Setup makes use of the fact that source files of the application to be installed are partitioned into segments, the traditional ACME setup cabinet files (*.cab files). Active Setup begins by downloading a small, self-extracting setup package to the browser client. This file also collects information about the client’s computer to help determine which components already exist on the system and whether the desired application is compatible with the system’s configuration. The user specifies a location from which to download the desired application and the types of components to be installed. The application’s *.cab files are then downloaded as needed, after which Active Setup is completed and normal ACME setup can continue.
TIP
One advantage of Active Setup is that if the download is interrupted, it can be resumed at the interruption point rather than at the beginning.
The volume from which a computer starts up. On a computer running Microsoft Windows 2000, the active volume must be a simple volume, and it must be on a dynamic disk.
NOTE
You can upgrade the basic disk that contains the active partition to a dynamic disk, making it a simple volume that is active, but you cannot mark an existing dynamic volume as the active volume.
The window that has the focus on a Microsoft Windows desktop. The active window is the window belonging to the application in which the user is currently working. If several windows are open on a user’s desktop, only one of these windows can be the active window. A unique color on the active window’s title bar distinguishes it from other windows. If the user enters commands or text using the keyboard, these commands or text will be routed to the program displaying the active window. To make a window the active window on the desktop, simply click on it using the mouse, or cycle through the windows on the desktop using Alt+Tab.
TIP
You can capture a bitmap image of the active window to the clipboard by pressing Alt+PrintScreen. Then open Paint, paste the contents of the clipboard into the program, and save it as a *.bmp image.
An umbrella term for Microsoft technology for building and using software components. Microsoft ActiveX is built on the Component Object Model (COM) and Distributed Component Object Model (DCOM) technologies, which enable software components to interact across a network.
The term “ActiveX” was first coined at the Internet Professional Developers Conference (Internet PDC) in 1996 and was based on the conference slogan “Activate the Internet.” ActiveX does not replace OLE but broadens and enlarges it to include the Internet and intranet technologies. ActiveX is supported by most Microsoft development and productivity applications, including Visual Basic, Visual C++, and Office.
On the Web
•
Microsoft COM home page : http://www.microsoft.com/com
See also Component Object Model (COM), OLE
See COM component
Compiled, reusable software components based on Microsoft’s Component Object Model (COM). ActiveX controls, formerly called OLE controls, can be combined as prefabricated components to aid developers in building new applications.
How It Works
ActiveX controls can draw themselves in their own windows, respond to events such as mouse clicks, and be managed through properties and methods. An ActiveX control cannot run as a stand-alone program but must be loaded into a control container such as Microsoft Visual Basic or Microsoft Internet Explorer. ActiveX controls typically provide a user interface and are generally designed to run on the client.
ActiveX controls are often used to provide dynamic features for Web pages—for example, a stock ticker control that adds a live stock ticker to a Web page, an advanced user interface navigation tool, and an animation control that adds animation functionality to a page.
ActiveX controls can be embedded into a Hypertext Markup Language (HTML) page by using the HTML <OBJECT> tag. If a user tries to access such a page using a Web browser and the embedded ActiveX control is not installed on his or her system, the control can be automatically downloaded by using the URL specified in the CODEBASE attribute of the <OBJECT> tag. Once the ActiveX control is downloaded and installed on the user’s system, the browser will continue to use the cached control until an updated version becomes available on the server.
Here is an example of a typical <OBJECT> tag that includes a CODEBASE attribute:
<OBJECT WIDTH=225 HEIGHT=35 CLASS CODEBASE="http://example.microsoft.com/AControl.cab#Version=1,0,0,1"> </OBJECT>
NOTE
A malicious ActiveX control can potentially damage software or data on a user’s computer. To help users determine whether an ActiveX control is safe to install, Microsoft has developed a code-signing technology called Authenticode, which identifies the creator of a control using a digital signature issued by a well-known security authority such as VeriSign Inc.
A data access interface used to communicate with OLE DB–compliant data sources. ActiveX Data Objects (ADO) is a high-level object-based interface to OLE DB. OLE DB is a low-level complex interface to the data source. Using ADO and OLE DB, a client application can connect to a variety of data sources using the same programming model. These data sources include relational databases, hierarchical databases, indexed sequential access method (ISAM) databases, and virtually any other kind of data source for which an open database connectivity (ODBC) driver exists. In order to communicate with these unique data sources, ADO and OLE DB employ components called OLE DB providers, which are designed for specific data sources. If a native OLE DB provider is not available for a data source, but an ODBC driver is available, it should be possible to access the data source using the ODBC driver and an OLE DB provider designed to communicate with ODBC drivers.
ADO is supported in a variety of environments. For example, ADO could be used in Microsoft Visual C++ and Microsoft Visual Basic to access data in an OLE DB data source, such as Microsoft SQL Server. ADO can also be used in conjunction with Microsoft Internet Information Services (IIS) to create Microsoft Active Server Pages (ASP) applications that access data sources.
NOTE
In a Web-based environment, ADO is basically a server-based solution for data access. All data operations, such as changes to database records and filtering, must take place on the server. The client can then receive the data but cannot easily manipulate it. For applications in which the client must be able to manipulate the data being accessed, use remote data binding with Remote Data Service (RDS) instead. RDS is a technology that enables the user to manipulate data on the client and have any changes automatically made on the server. Allowing data to be manipulated on the client makes Web applications faster and more responsive.
TIP
ADO communicates with a database through a networking library. Choosing the right networking library can significantly improve data access performance. For example, if Microsoft SQL Server is running on the same machine as IIS, using named pipes can provide better performance than using the TCP/IP networking library.
Generally, a device for connecting two different types of electronic hardware without losing functionality. In networking, a cable adapter has two different connectors that provide data transmission back and forth. Cable adapters come in many varieties, and they are specified by the two connector types and whether the connectors are male or female (for example, DB9 female to DB25 male adapter). Cable adapters are a necessary part of the network administrator’s toolkit because of the large number of connectivity options provided by networking equipment vendors.
The term “adapter” is also used in a number of different contexts in networking, including the following examples:
Network interface cards (NICs) are sometimes called network adapter cards because they provide connectivity between computers and network cabling.
Cigarette lighter adapters can be used to power cellular phones or laptops from an automobile battery.
Digital phone adapters allow analog modems to be connected directly to Private Branch Exchange (PBX) phone outlets without damage.
ST-SC adapters provide connectivity between fiber-optic connectors of differing types.
A technique for converting analog sound, such as speech, into binary digital information by frequently sampling the sound and expressing its modulation in binary form. Adaptive Differential Pulse-Code Modulation (ADPCM) codecs convert analog signals into digital information by quantizing the differences between the actual analog signal and a predicted signal. The result is that analog signals encoded into files using ADPCM have a smaller size than many other formats. ADPCM enables speech information to be compressed into small files for storage and transmission.
Personal Communications Services (PCS) cellular telephony systems use a 32-Kbps ADPCM coding system to provide the same quality of voice communication that is available in wired telephone networks. This standard was developed by the International Telecommunication Union (ITU) and is known as G.721.
See analog-to-digital converter (ADC)
A Control Panel utility in Microsoft Windows 95 and Windows 98 that is used to install new peripheral hardware on your machine. On machines running Windows 98 that are fully Plug and Play compliant, you can either plug the device into the computer while it is running (for hot-pluggable devices) or you can turn off the machine, install the card, turn on the machine, and have Windows 98 automatically enumerate the new device and begin the installation procedure. The Add New Hardware Wizard generally needs to be run only for legacy devices that are not fully Plug and Play compliant.
Graphic A-13. A screen from the Add New Hardware Wizard in Windows 98.
How It Works
To install a device using the Add New Hardware Wizard in Windows 98, start the wizard and let Windows 98 look for Plug and Play devices. If the device is a legacy device, let Windows 98 search it. If Windows 98 cannot find the device, you must identify it from a list of devices by selecting a device class, choosing the manufacturer and model, and specifying the location of the appropriate driver for the device.
NOTE
In Windows 2000 this hardware utility has been enhanced and is called Add/Remove Hardware.
TIP
Make sure your hardware device is attached to your machine and turned on before running the Add New Hardware Wizard!
A wizard in Microsoft Windows 95, Windows 98, Windows NT, and Windows 2000 that is used to install a printer on your machine.
How It Works
The Add Printer wizard can be used to install both locally attached printers (such as one connected to an LPT port on your computer) and a network printer (such as one connected to a print server or a printer with its own network card). To install a locally connected printer, simply specify the manufacturer and model number of the printer and load the appropriate printer driver. To install a network printer, you need to specify the Universal Naming Convention (UNC) path to the network printer, which must first be shared on the network. After the printer has been installed, its property sheet can be opened to allow further settings to be configured. The installation of a printer ends with the optional printing of a test page to verify that the installation was successful.
NOTE
In Windows 2000, you can publish a printer in Active Directory to configure the properties of a printer.
A Control Panel utility in Microsoft Windows 95, Windows 98, Windows NT, and Windows 2000 that lets you install and remove applications from your system. Using this utility you can
Configure your Windows operating system by installing or removing optional Windows components.
Install programs from floppy disk, CD-ROM, or network share point. For Windows 2000, you can also install programs from Microsoft over the Internet.
Uninstall programs and their registry settings for previously installed programs.
Create a startup disk for troubleshooting purposes (Windows 95 and Windows 98 only).
NOTE
The Windows 2000 version of this utility is more advanced and has a different interface than earlier versions (see the screen capture).
Graphic A-14. A utility in Windows 2000.
TIP
If you are short on disk space, use Add/Remove Programs to remove seldom-used components of Windows from your hard drive.
A virtual container in Microsoft Exchange that lets Microsoft Exchange Server administrators group recipients according to common attributes. These containers are created automatically when you establish the defining attributes for the address book view.
How It Works
For example, using the Exchange Administrator program, you could create an address book view called By Department and use the Department attribute of the recipients in your Exchange organization to automatically generate various address book view containers called Sales, Marketing, Management, and so on. Each address book view container will contain only those recipients that belong to a specific department. For instance, when users access the global address list using Microsoft Outlook, these containers will be visible in their address books, along with their recipients. This allows users to more quickly address e-mail to recipients in a particular department instead of scrolling down the entire global address list.
You can also create multilevel address book views. For example, you could create a first level of virtual containers sorted by Country, followed by a second level sorted by State.
TIP
If you use the Exchange Administrator program to move a recipient from one address book view to another, the recipient takes on the defining attributes of the new address book view.
Also called an A record, a type of resource record in the Domain Name System (DNS) that maps the name of a host computer or other network device to an IP address. Address records enable resolvers to query a DNS server on the network in order to resolve a host name or fully qualified domain name (FQDN) of a machine into its IP address so that network communication with the machine can be established. Address records are one of the most commonly used types of resource records stored in DNS zone files. A large part of the administrative work of a DNS administrator is creating and maintaining accurate address records for hosts on the network. The syntax for the address record is specified in Request for Comments (RFC) number 1035.
Example
An address record for the host named SERVER12 located in the northwind.microsoft.com Internet domain and having the IP address 172.16.8.55 would be
server12.northwind.microsoft.com IN A 172.16.8.55
Here IN identifies the record as belonging to the Internet class, and A identifies that it is an address record.
A TCP/IP network layer protocol responsible for resolving IP addresses into MAC addresses. Address Resolution Protocol (ARP) is defined in Request for Comments (RFC) number 826.
How It Works
When a TCP/IP-aware application tries to access another TCP/IP host using its IP address, the destination host’s IP address must first be resolved into a MAC address so that the frame can be addressed and placed on the wire and then be recognized by the destination host’s network interface card (NIC). This is because network interface cards operate at the physical layer (layer 1) and data-link layer (layer 2) of the Open Systems Interconnection (OSI) reference model and must use physical addresses (such as MAC addresses) instead of logical addresses (such as IP addresses) for network communication.
Graphic A-15. Address Resolution Protocol (ARP).
ARP broadcasts an ARP Request packet that effectively says, “Who has the following IP address?” This broadcast requests the MAC address of the destination host. The destination host then responds with an ARP Reply packet containing its own MAC address. The requesting host next temporarily stores the IP-to-MAC-address mapping in its local ARP cache in case this is required again within a short interval of time.
NOTE
If the destination host is on a remote network, ARP obtains the MAC address of the local router interface that connects the local network to the remote network.
See also arp command
Information that indicates which address types and subtypes can be handled by connectors and gateways for Microsoft Exchange Server. This information is used to determine how messages are routed. Each time a new connector or gateway is installed, a new address space must be created for that connector or gateway. For example, if a message were being routed through the Internet Mail Service to the address someone@microsoft.com, the address type would be SMTP and the address space would be microsoft.com. Other address types include MS Mail and X.400.
Each address space can be assigned a cost value, which is used for optimizing outbound message routing. The lower the cost value of an address space, the less it will be used by the connector. If two address spaces have the same cost value, each route will be given roughly equal priority in the routing process.
See Administrative Management Domain (ADMD)
A special administrative share created during installation on computers running Microsoft Windows NT and Windows 2000 and used for remote administration of the computer. The path of this share is always the path to the %SystemRoot% directory (usually C:\Winnt). The Administrators group is assigned full control permissions on the ADMIN$ share on a Windows NT system. This allows administrators to access the share and remotely administer the system without needing to know where the system files are stored. Only the Administrators group has access to the ADMIN$ share.
A dialog box that displays on Microsoft Windows NT to notify selected users and computers of problems or warnings. Alerts are generated by the Windows NT Alerter service. Administrative alerts can be displayed when problems with security, access, sessions, directory replication, and printing occur, or when a server is shut down by an uninterruptible power supply (UPS) device.
You can configure which specific users or computers will receive administrative alerts by using Server Manager.
TIP
If you configured alerts to be sent to a specific computer but they are not being received, check your alert configuration in Server Manager. You might have misspelled the name of that particular computer—Server Manager does not validate computer names.
In X.400 messaging, a message-handling system (MHS) that is managed by a registered private agency. Administrative Management Domains (ADMDs) are usually large public telecommunications carriers such as MCI WorldCom and AT&T. This is in contrast to a Private Management Domain (PRMD), which represents a message-handling system managed by a private corporation. In the X.400 world, PRMDs cannot communicate directly with each other; instead, they must communicate through ADMDs. All the ADMDs in the world therefore form a kind of messaging backbone for global X.400 communication.
NOTE
The ADMD is the second field in a typical X.400 originator/recipient (O/R) address and is located right after the country field.
See also X.400
A share created during setup by Microsoft Windows NT or Windows 2000 for system purposes and remote administration. These shares usually end in the “$” character, which makes them hidden shares. You cannot modify the permissions on these shares and you cannot remove the shares.
Here are some examples of administrative shares:
C$, D$, and so on: The shares used by administrators to connect to the root of each volume on a network server and perform remote administration such as creating and deleting files and folders
ADMIN$: The share name for the %SystemRoot% folder, used by the system during remote administration
IPC$: A share used by interprocess communication (IPC) resources for sharing the named pipe interface, which allows applications running on different computers to communicate over the network
PRINT$: A share used to support shared printers
REPL$: A share used by the Directory Replicator Service that allows directory trees to be exported
NETLOGON: A share used by the NetLogon service that enables the processing of domain requests
See also share
A Microsoft Windows 2000 program group containing tools for administering a network based on Windows 2000. These tools are implemented as preconfigured snap-ins for the Microsoft Management Console (MMC) and are commonly referred to as consoles. Each administrative tool corresponds to an MMC console with a particular snap-in installed. The set of available tools for a particular machine running Windows 2000 depends on how that machine was installed and configured. Commonly installed tools for Windows 2000 Server, which can be used for both local and remote administration, can include
Component Services
Computer Management
Configure Your Server
Data Sources (ODBC)
Distributed File System
Event Viewer
Internet Services Manager
Licensing
Local Security Policy
Performance
Routing and Remote Access
Server Extensions Administrator
Services
Telnet Server Administration
NOTE
Internet Services Manager (HTML) is implemented as an HTML tool that can be run from within a standard Web browser such as Microsoft Internet Explorer.
TIP
As an administrator, you can create your own administrative tools by opening a blank MMC console and installing the various snap-ins you need. When you save this tool, it will automatically be saved in the Administrative Tools program group.
A Microsoft Windows NT program group containing tools for administering a Windows NT–based network. The basic set of tools for Windows NT Server 4.0 consists of the following:
Administrative Wizards
Backup
Disk Administrator
Event Viewer
License Manager
Migration Tool for NetWare
Network Client Administrator
Performance Monitor
Remote Access Admin
Server Manager
System Policy Editor
User Manager for Domains
Windows NT Diagnostics
The number of tools, which can be extended by installing additional Windows NT services using the Network utility in Control Panel, includes the following tools:
DHCP Manager
DNS Manager
File Manager
Network Monitor
WINS Manager
NOTE
A subset of these administrative tools can be installed on Windows NT Workstation 4.0, and a smaller subset can be installed on Windows 95 or Windows 98. The files required to install the client-based network administrative tools on Windows NT Workstation 4.0 and Windows 95 or Windows 98 are available in the \Clients\Srvtools directory on the Windows NT Server 4.0 compact disc.
A Microsoft Windows NT administrative tool that consists of a number of wizards designed to facilitate common administrative tasks, namely
Creating new user accounts
Creating new groups and modifying the membership of groups
Configuring permissions for accessing files and folders
Installing local printers or connecting to network printers
Installing new programs or removing existing ones
Installing a modem
Creating disk sets for installing network client software
Managing license compliance
See also administrative tools (Windows NT)
Generally, a person who has full rights and permissions to all resources on a network. The administrator is usually responsible for installing, managing, and controlling servers and networking components. Administrators can also modify the properties of user accounts and the membership of groups, create and manage security printers, install printers, share resources, and assign permissions to those resources.
In Microsoft Windows NT and Windows 2000, the Administrator account is a built-in account whose password is defined during installation. In Windows NT, the administrator account is a member of the Domain Admins group and the Administrators group on the domain controller on which it is defined, and it has full rights and permissions on all user-accessible system resources. In Windows 2000, the administrator account is a member of the built-in Administrators group.
NOTE
On a Windows NT domain controller, the Administrator account is a global user account, while on a Windows NT member server or workstation, the Administrator account is a separate local account.
TIP
You can rename the default Administrator account, but you cannot delete it. If you rename the account, make sure you remember what the new name is!
See also Administrators group
In Microsoft Windows NT, a built-in group existing on all servers and workstations, whose initial membership consists of the Domain Admins group (on domain controllers only) and the Administrator user account (on all computers running Windows NT). In Windows 2000, a built-in group with similar membership.
The Administrators group has full rights on all user-accessible processes on a computer running Windows NT or Windows 2000. For example, on a Windows NT domain controller, the Administrators group has the right to
Log on locally
Access the computer over the network
Take ownership of files
Change the system time
Configure auditing and manage the security log
Shut down the system
Back up and restore files and directories
Force shutdown from a remote system
Load new device drivers
Add computers to the domain in Windows NT and Windows 2000
See also built-in group
See ActiveX Data Objects (ADO)
See Adaptive Differential Pulse-Code Modulation (ADPCM)
See Active Directory Service Interfaces (ADSI)
See Asymmetric Digital Subscriber Line (ADSL)
An open industry specification that enables software designers to integrate features for power management throughout a computer system, including the hardware, operating system, and application software. Advanced Configuration and Power Interface (ACPI) is supported by Microsoft Windows 2000 and enables the operating system to handle all the power-management resources for computer subsystems and peripherals. ACPI works with subsystems and peripherals for a wide range of mobile, desktop, and server platforms. ACPI is also the foundation for the OnNow industry initiative that enables computers to start at the touch of the keyboard.
NOTE
ACPI support can be enabled for Windows 98 by running Setup using the following command-line switch:
setup /p j
Running Setup in this mode adds the ACPIOption string value with a value data of 1 to the Windows 98 registry and causes hardware devices to be queried for ACPI support during setup. Note that Windows 98 does not support all ACPI features, for example Passive Cooling Mode.
On the Web
•
ACPI home page : http://www.teleport.com/~acpi
•
Microsoft OnNow and Power Management : http://www.microsoft.com/hwdev/onnow.htm
A connectivity technology for high-speed, low-cost infrared (IR) networking developed by IBM. IBM is the first vendor to release products based on the Advanced Infrared (AIr) standard and is working with the Infrared Data Association (IrDA) to standardize the technology.
How It Works
AIr allows ad hoc multipoint wireless peer-to-peer connections to be formed simultaneously between multiple wireless information appliances such as Personal Digital Assistants (PDAs), cellular phones, laptops, and digital cameras. The devices must be within 8 meters of each other to reliably communicate without interference. AIr ports can receive signals within a 120-degree cone, which means that the ports need not be precisely aimed at each other to achieve reliable transmission. AIr currently supports data throughput of up to 4 Mbps for direct line-of-sight communication, but it can interoperate with the existing slower IrDA 1.1 standard, and it supports the Very Fast Infrared (VFIR) standard currently under development.
See also Infrared Data Association (IrDA), infrared transmission
The standard analog cellular phone service used in North and South America. Advanced Mobile Phone Service (AMPS), which was introduced by AT&T in the early 1980s, was the first generation of cellular phone technology and is widely deployed throughout the United States.
How It Works
AMPS uses frequencies in the 800-MHz to 900-MHz range of the radio spectrum. It modulates a 3-kHz voice channel onto 30-kHz FM carrier signals using Frequency Division Multiple Access (FDMA) to create a series of 30-kHz channels. Separate channels are used for base station to mobile transmission (forward channels) and mobile station to base transmission (backward channels). The resulting allocation of bandwidth for each channel results in a maximum of approximately 800 simultaneous phone conversations per operator.
Because the population of most cities would suggest that 800 simultaneous phone conversations is far from enough, the idea was developed to partition the coverage of cities into a number of small areas called “cells.” Each base station uses a limited-power transmitter with a directional antenna to provide coverage for a small geographical cell (from which the term “cellular communication” arose). A typical cell ranges from .5 kilometer to 20 kilometers in size, depending on whether the coverage is in a densely populated urban area or a sparsely populated rural one. Mobile users’ phones also have limited transmission power, meaning that communication is usually limited to the immediate cell the user is in. As a user moves from one cell to another, the signal is smoothly picked up from the new cell. Adjacent cells use different frequencies, which prevents interference.
Handheld AMPS cellular phones have power levels generally under 0.6 watts with a range of about 5 miles from the base station, while power levels in vehicle-mounted phones reach up to 3 watts with a range of 15 miles. Base stations themselves generally have power levels up to about 1 kilowatt.
Because of the need for data transmission and security (encryption), digital cellular phone services are increasing in popularity.
On the Web
•
Universal Wireless Communication Consortium : http://www.uwcc.org
See also cellular phone technology, Code Division Multiple Access (CDMA), Digital Advanced Mobile Phone Service (D-AMPS), Global System for Mobile Communications (GSM), Time Division Multiple Access (TDMA)
A protocol developed by IBM as the second generation of Systems Network Architecture (SNA). Advanced Peer-to-Peer Networking (APPN) is an extension of SNA that was developed
To enable SNA traffic to flow concurrently with other protocols
To provide prioritization of SNA traffic
To allow users to establish sessions without mainframe involvement
APPN provides a mechanism for peer-to-peer networking and session establishment between any two logical units (LUs) on an SNA network. APPN provides greater distributed network control than legacy SNA by isolating the effects of single-point failures. It supports the dynamic exchange of information about network topology to facilitate connection, reconfiguration, and route selection. APPN also supports the dynamic definition and automated registration of network resources.
A protocol for peer-to-peer networking in a Systems Network Architecture (SNA) environment usually associated with AS/400 host systems.
How It Works
Advanced Program-to-Program Communications (APPC) protocol relies on each device in the network communicating directly with the others. Computers depend on their own intelligence for network communication and do not need constant access to a centrally located AS/400 host. APPC supports display and other application services across an SNA network. The overall architecture for peer-oriented SNA networks is known as Advanced Peer-to-Peer Networking (APPN). Advanced Program-to-Program Communications protocol lets applications on different APPN systems communicate across a network.
APPC is used for a variety of purposes in the AS/400 environment including
5250 access
TN5250 access
File transfer
Applications that use APPC to communicate are called transaction programs (TPs).
NOTE
Microsoft SNA Server provides services necessary for APPC connectivity with AS/400 systems and mainframe hosts. APPC is typically used in peer-oriented SNA networks running on AS/400 host systems, although mainframe hosts can also support it.
A method of streaming data supported by Microsoft NetShow. Advanced Streaming Format (ASF) supports video, audio, images, URLs, and scripts. ASF streams can combine different types of data, allowing you to stream presentations involving slides and audio narration.
Using the NetShow Real-Time Encoder, you can generate live ASF streams that contain audio and video. You can also use tools provided with NetShow to create and store ASF files that you can later stream. NetShow can deliver ASF streams using either multicasting or unicasting.
TIP
When multicasting an ASF stream, configure NetShow to provide a supplemental unicast source for the stream for any clients that cannot receive multicasts.
See APPC File Transfer Protocol (AFTP)
Simple Network Management Protocol (SNMP) client software that runs on a hub, a router, or another networking component. Agents collect information about TCP/IP statistics and conditions and can supply this information when requested to an SNMP management system. Agents can also alert management systems to errors and other conditions when a trap occurs. SNMP agents are identified by the community to which they belong.
How It Works
An agent must be installed on each networking component that will be managed in an SNMP-managed network. The agent program can then perform operations such as
Get operations initiated by the SNMP management console for obtaining information about a specific managed object in the host Management Information Base (MIB)
Get-next operations initiated by the management console to continue traversing the MIB database from the point at which it was accessed by a get operation
Set operations initiated by the management console to set a value for a managed object (if permissions allow this)
Trap operations initiated by the managed host itself when an error condition occurs, such as when the computer’s disk becomes full
NOTE
Microsoft Windows NT includes an optional service called the SNMP service, which can be used to install SNMP agent software to enable management by SNMP management consoles. TCP/IP must be installed before the SNMP agent service is installed. By default, the agent listens to TCP port number 161 for SNMP messages and to port number 162 for SNMP traps.
TIP
Windows 98 also includes an SNMP agent conforming to SNMP 1.0 specifications that lets you monitor remote connections to machines running Windows 98 from an SNMP management console. This agent is implemented as a Win32 service using Windows Sockets over TCP/IP. You can install the Microsoft SNMP agent on Windows 98 using the Network utility in Control Panel.
The mantra for administering a Microsoft Windows NT enterprise-level network: user A ccounts are organized by placing them in G lobal groups, which are then placed into L ocal groups that have appropriate P ermissions and rights assigned to them.
How It Works
In practice, these are the steps for administering a Windows NT enterprise-level network:
Create global user accounts for users in the account domains or master domains.
Create global groups in these domains to organize users according to function, location, or some other criteria (or use the Windows NT built-in groups if these suffice).
Assign global users to their respective global groups.
Determine who needs access to network resources in the resource domains.
Create local groups on domain controllers and member servers within the resource domains (or use the Windows NT built-in groups if these suffice).
Assign rights and permissions to each local group as desired to provide access to network resources.
Finally place global groups into local groups as desired to provide users with permissions to access resources.
Graphic A-16. AGLP.
NOTE
On Windows 2000-based networks, the mantra is AGDLP since local (L) groups are referred to as domain local (DL) groups.
See Advanced Infrared (AIr)
A version of the UNIX operating system developed by IBM for its RS/6000 platform of servers and workstations. The first version of AIX was based on the UNIX System V operating system (release 2). The current major version is AIX Version 4.3. AIX is supported by symmetric multiprocessor (SMP) systems, scalable parallel systems, and workstations. These are some of the features of AIX 4.3:
Concurrent support of 32-bit and 64-bit applications using 64-bit hardware
A Web-based management system for managing AIX using any Java 1.1–enabled browser
Binary compatibility with earlier version 4 .x releases
C2 level security certification
Fast Connect for high-speed PC file and print services
On the Web
•
AIX Operating Environment : http://www.rs6000.ibm.com/software/aix_os.html
A Microsoft Windows NT service responsible for sending administrative alerts to users and computers. The Alerter service generates an alert when potentially dangerous conditions occur, such as when disk space is running out. You can configure which users or computers receive these alerts by using Server Manager (or by using the Server utility in Control Panel). Pop-up alert messages will appear if the administrator is logged on or is at the appropriate computer when the alert occurs. The administrator can then consult the system log for information about what caused the alert.
TIP
The Server service must be running for the Alerter service to function. The Messenger service should also be running on both the sending and receiving computers. Also, restart the Server service and Alerter service on the computer after modifying the list of users and computers to whom alert conditions on that computer should be sent.
Literally, a name for a name. An alias can be a nickname that identifies a user for e-mail. A user’s alias is usually a shortened form of the user’s full name, such as the alias JSmith or JeffS for user Jeff Smith. Aliases are a convenient way of identifying users and form the user-specific portion of an e-mail address. For example, if Jeff Smith belongs to a company whose Domain Name System (DNS) domain on the Internet is northwind.microsoft.com, his e-mail address would be either JSmith@northwind.microsoft.com or, instead, JeffS@ northwind.microsoft.com, depending on which alias is selected. In Microsoft Exchange Server you can use the auto naming feature in the Exchange Administrator program to generate the alias for a new recipient.
TIP
What if both a Jeff Smith and a Jeff Smythe work at the same company? If JeffS is the alias for the first user, you could use JeffS2 for the second. It all depends on your choice of naming convention.
A directory on a machine running Microsoft Windows NT that is used to store desktop settings and Start menu shortcuts for applications in the Common Programs group. Shortcuts in this group are available to all users who log on locally to the machine. The All Users folder is located in the path %SystemRoot%\Profiles\All Users. If you modify the settings in this folder, any new users who log on locally to the machine will inherit the new settings in their user profile. This can be a useful way to provide standard shortcuts to people who use a particular machine.
A computer platform whose processor is based on the DEC Alpha RISC architecture microprocessor. Alpha is one of two processor platforms supported by Microsoft Windows NT (the other being Intel’s x86 platform). Alpha-based systems, which are used primarily for high-performance servers and workstations, can run operating systems such as Windows NT, Digital UNIX, and OpenVMS.
The Alpha 21164 processor is specifically designed for running Windows NT desktop applications and includes a new set of motion video instructions (MVI) for high-performance multimedia applications. The superscalar design of this processor integrates a 16-KB instruction cache, an 8-KB data cache, and a 96-KB second-level cache and can issue four instructions for each clock cycle. It uses 0.35-micron CMOS-integrated circuit technology and a fully pipelined 64-bit RISC architecture to provide the highest performance for Windows NT systems. The processor is housed in a 499-pin ceramic package and generates 28 watts of heat when running at 366 MHz. It is designed to work with the AlphaPC 164LX motherboard.
On the Web
•
Digital Semiconductor Alpha Microprocessors home page : http://www.digital.com/alphaoem/
•
The AlphaNT Source : http://dutlbcz.lr.tudelft.nl/alphant
A U.S. standards organization that facilitates and governs the development of standards in many areas, including computing and communication. The American National Standards Institute (ANSI) was founded as a private sector voluntary standards association in 1918 and is a nonprofit, private association with almost 1400 member organizations.
ANSI doesn’t create standards itself, but it oversees groups and organizations in the development of standards. ANSI is a member organization of the International Organization for Standardization (ISO) and provides the charter for the Institute of Electrical and Electronics Engineers (IEEE).
Standards that are approved by ANSI are called ANSI Standards. Examples include the ANSI C/C++ programming language standards, ANSI-89 SQL standards, and ANSI character set. There are over 13,000 standards that have been approved by ANSI to date.
On the Web
•
American National Standards Institute home page : http://www.ansi.org
A nonprofit organization that administers the registration of blocks of IP addresses to Internet service providers (ISPs) in those areas previously managed by Internet Network Information Center (InterNIC) via its designated representative Network Solutions, Inc., namely North and South America, the Caribbean, and sub-Saharan Africa. IP address blocks are usually assigned to large national ISPs who then allocate smaller blocks to regional and metropolitan ISPs, who in turn allocate IP addresses to the networks of their corporate clients and dial-up users.
NOTE
IP address registration is administered in Europe by the Reseaux IP Europeans (RIPE) and in the Asia Pacific region by the Asia Pacific Network Information Center (APNIC). Two additional Internet Protocol (IP) registries are planned for the continents of Africa and South America.
On the Web
•
ARIN home page : http://www.arin.net
See asymmetric multiprocessing (AMP)
See Advanced Mobile Phone Service (AMPS)
See analog transmission
A modem used for asynchronous transmission of data over Plain Old Telephone Service (POTS) lines. Analog modems are still a popular component for remote communication between users and remote networks.
How It Works
The word “modem” stands for “modulator/demodulator,” which refers to the fact that modems convert digital transmission signals to analog signals and vice versa. For example, in transmission, an analog modem converts the digital signals it receives from the local computer into audible analog signals that can be carried as electrical impulses over POTS to a destination computer or network.
To transmit data over a telephone channel, the modem modulates the incoming digital signal to a frequency within the carrying range of analog phone lines (between 300 Hz and 3.3 kHz). To accomplish this, multiplexing of the digital signal from the computer with a carrier signal is performed. The resulting modulated signal is transmitted into the local loop and transmitted to the remote station where a similar modem demodulates it into a digital signal suitable for the remote computer.
However, this basic process can transmit data only at speeds of about 1200 bps. To achieve the much higher speeds of today’s modems, advanced technologies must be applied, including echo canceling, training, data compression, and special modulation algorithms such as quadrature amplitude modulation (QAM). Using these technologies, modem speeds of 56 Kbps are now common.
Bell Labs in the 1960s and 1970s originally formulated modem standards, but after the breakup of Bell Telephone, the task of developing modem standards was taken over by the International Telegraph and Telephone Consultative Committee (CCITT), which is now called the International Telecommunication Union (ITU). According to ITU specifications, modem standards are classified by a series of specifications known as the V series.
Any device for changing analog signals into digital transmission—for example, recording someone singing onto a CD. The pressure waves in the air produced by the vibration of the person’s vocal chords are analog in form and continually vary in strength within a certain range of values. The recording equipment samples this continually varying information at discrete time intervals and converts it to digital form.
Analog-to-digital converters (ADCs) are used in industry to convert environmental variables (temperature, pressure, density, speed, and so on) that vary continuously over time to digital information, which can then be analyzed using computer programs. ADCs are used in analog modems to convert digital signals into audio and vice versa.
Transmission of signals that vary smoothly with time, as shown in the diagram. An analog signal can take on any value in a specified range of values. A simple example is alternating current (AC), which continually varies between about +110 volts and -110 volts in a sine wave fashion 60 times per second. A more complex example of an analog signal is the time-varying electrical voltage generated when a person speaks into a dynamic microphone or telephone. Analog signals such as telephone speech contain a wealth of detail but are not readily accessible to computers unless they are converted to digital form using a device such as an analog-to-digital converter (ADC). Old-fashioned vinyl records store sound information in the form of a continuously varying analog groove, but modern musical CDs store their information in digital form. Some individuals claim that they can actually tell the difference between an analog and a digital recording, and generally agree that the analog recording sounds “warmer.”
Analog signals are usually specified as a continuously varying voltage over time and can be displayed on a device known as an oscilloscope. The maximum voltage displacement of a periodic (repeating) analog signal is called its amplitude, and the shortest distance between crests of a periodic analog wave is called its wavelength.
Graphic A-17. Analog transmission.
NOTE
The local loop of the Plain Old Telephone Service (POTS) is limited to carrying sound signals in frequency range from 300 Hz to 3300 Hz (3.3 kHz). This range is suitable for voice communication, but limits the theoretical maximum speed of analog modem transmissions to about 56 Kbps.
In Hypertext Markup Language (HTML), a source or target of a hypertext link. An anchor can be either text or a graphic and is specified using the tag formation <A …>…</A>. Anchor tags are fundamental to HTML and make the hypertext concept of linked documents possible. Without anchor tags, Web pages could not be linked together. There are two types of anchor tag. The first type creates a hypertext link that refers to a document. For example, the following HTML element will display the word “contents” as a hyperlink. If the user clicks on the link, the browser will load the contents.htm page specified in this tag:
<A TARGET="_window2" HREF="http://www.northwind.microsoft.com/contents.htm">Contents</A>
The second type of anchor tag marks a portion of text as a destination for a hyperlink. You can place the following element at the end of the contents.htm page:
<A NAME="bottom">This is the end of the page</A>
To load the contents.htm page and jump directly to the bottom of the page, the user needs to click a hyperlink such as this one:
<A TARGET="_window2" HREF="http://www.northwind.microsoft.com/contents.htm#bottom">Contents</A>
Enables Microsoft NetShow clients to receive streaming multimedia information. Announcements, which are used only with Advanced Streaming Format (ASF) transmissions, are text files that have the extension .asx.
How It Works
The function of an announcement depends on whether the transmission method is multicasting or unicasting. If the transmission method is multicasting, announcements enable NetShow clients to retrieve the channel file containing channel information. If the transmission method is unicasting, announcements supply the client with information on how to connect to the NetShow server.
TIP
Once created, an announcement can be distributed to clients by several means: over the Web, through e-mail, or on a network share.
A service in Microsoft Windows 98 that automatically runs in the background when you have WebTV for Windows installed on your computer.
How It Works
Announcement Manager receives broadcast announcements from TV networks or Web sites that notify your computer about the time and address of the broadcast and which software applications must be running to receive the broadcast. When Announcement Manager receives an announcement, it directs it to the broadcast filters you have configured for your WebTV service. The broadcast filters then determine whether to ignore the broadcast or schedule its receipt.
Announcement Manager is part of the Microsoft Broadcast Architecture, a specification for receiving Web information broadcast to your computer through a TV tuner interface.
One of three authentication schemes for Microsoft Internet Information Services (IIS). Anonymous access allows anonymous users to gain access to Web content hosted on the IIS server by using the anonymous user account. Anonymous access is usually reserved for low-security public Web sites, where the identity of the individual visiting the site is not important. By enabling anonymous access to the site, distrusted users from the Internet can access content on the site. By contrast, private corporate intranets use a higher form of authentication, such as
Windows NT Challenge/Response Authentication when clients are running Microsoft Windows and are using Microsoft Internet Explorer as their browser
Basic Authentication when clients are running another operating system or Web browser
See also Basic Authentication, Windows NT Challenge/Response Authentication
Any user who attempts to access network resources without providing a username or password. Some Microsoft Windows NT applications like Microsoft Internet Information Services (IIS) can be configured to allow anonymous users to access their resources. This allows distrusted users from unsecure networks such as the Internet to access data that is made available for the public at large.
NOTE
Access to network resources by anonymous users can be controlled by assigning permissions to a special anonymous user account. Windows NT then provides anonymous users access to resources by impersonating the user utilizing the anonymous user account.
See IUSR_ComputerName
See American National Standards Institute (ANSI)
A standard published by the American National Standards Institute (ANSI) for writing C and C++ code. Programs written in ANSI C or ANSI C++ are portable to a large number of computing platforms. Most commercial C/C++ programming tools, such as Microsoft Visual C++, contain extensions to ANSI C/C++ that simplify common programming tasks considerably but restrict the portability of the resulting code to different platforms.
TIP
You can use Visual C++ to write strict ANSI C/C++ code by following these guidelines:
Call Win32 application programming interfaces (APIs) directly in your program instead of using the Microsoft Foundation Classes (MFC) libraries.
Disable the Microsoft extensions to C++ by running Visual C++ using the /Za command-line option.
Use the isostream and standard template libraries from the ANSI Standard C++ library and the appropriate #include statements in your code.
An 8-bit character set used by Microsoft Windows 95 and Windows 98 that lets you represent up to 256 characters (numbered 0 through 255). The ASCII (American Standard Code for Information Exchange) character set is a subset of the ANSI (American National Standards Institute) character set with characters numbered 32 through 126, each representing a displayable character. Some ANSI character codes cannot be displayed by Windows 95 or Windows 98 applications and are generally displayed as solid blocks on the output device.
ANSI uses a single byte to represent a character, in contrast to the Unicode standard supported by Windows NT, which uses 2 bytes to represent a character. For example, the ANSI character “A” would be represented in hexadecimal notation by the single byte 41h. The 256-character limit of ANSI supports only a few international characters, such as accented French and German vowels, but the 65,536-character limit of Unicode supports virtually every alphabet in the world. For example, the Unicode character “A” would be represented in hexadecimal notation by the two-byte string {41h, 00h}. The following table shows which Windows environments support ANSI and Unicode for character encoding.
Windows Environments and Character Encoding
| ANSI | Unicode |
| 16-bit Windows object libraries | 32-bit Windows object libraries |
| Windows 95 and Windows 98 API | Windows NT API |
| Automation in Windows 95, Windows 98, and Windows NT |
A text file that can be used to perform an unattended installation of Microsoft Windows NT and Windows 2000.
How It Works
In the answer file, you specify in advance the answers to the user prompts that occur during a normal installation. This can include specifications such as what keyboard layout to use, whether the computer should join a domain or belong to a workgroup, what network protocols should be installed, and so on. The answer file is invoked using the /u switch when running the winnt or winnt32 setup utility. Answer files can be customized for individual machines by using Uniqueness Database Files (UDFs). The UDFs can be used to specify computer-specific parameters such as the computer name.
TIP
For Windows NT, a sample answer file unattend.txt is located in the \I386 folder on the Windows NT CD. You can customize this file using Microsoft Notepad or another text editor to suit your needs.
In Windows 2000, the answer file should be named sysprep.inf and must reside in the Sysprep folder, located in the root of the drive on which you are installing Windows 2000. Setup ignores the answer files named differently or located elsewhere.
See Association of Online Professionals (AOP)
See application programming interface (API)
See Advanced Program-to-Program Communications (APPC) protocol
A protocol that provides file transfer capabilities for the Advanced Program-to-Program Communications (APPC) protocol. APPC File Transfer Protocol (AFTP) servers are the APPC equivalent of File Transfer Protocol (FTP) servers in the TCP/IP world.
Microsoft SNA Server can be used to establish AFTP connections to AS/400 or mainframe computers running the APPC applications suite. Users can then utilize standard FTP client software to transfer files between the SNA server and the AS/400 or mainframe host. The optional AFTP service must first be installed on the SNA server. The installation can be configured so that the SNA server performs the function of an FTP-to-AFTP gateway. This will enable standard FTP clients to transfer files to and from the mainframe host.
An Apple networking technology for transport-independent networking that is part of the networking and communication subsystem of the Macintosh operating system. Apple Open Transport is designed to make it easy to set up and configure networking on the Macintosh computer and to increase the performance of file, print, and other networking services on a MacOS server. Open Transport provides a consistent interface for configuring network services across supported protocols and a uniform set of application programming interfaces (APIs) for accessing networking and communication services on the Macintosh. Open Transport enables protocols to be loaded and unloaded on demand, provides a networking naming scheme plus consistent network services over the TCP/IP and AppleTalk protocols, and includes support for TCP/IP services such as Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS). Open Transport also provides consistent API access to serial communication on the Macintosh, while third-party support is available for PPP, NCP/IPX, SMB/TCP/NetBIOS, DECnet, LAT, and X.25.
The Open Transport/AppleTalk protocol stack supports both the dynamic self-addressing of traditional AppleTalk clients and newer manually assigned static addressing. The Open Transport/TCP/IP protocol stack supports DHCP, bootstrap protocol (BOOTP), both local hosts files and DNS, Internet Protocol (IP) multicasting, both Ethernet Version 2.0 and IEEE 802.3 framing, TCP wildcard source port assignments, PPP connectivity, IP multihoming, and almost unlimited simultaneous TCP connections (limited only by installed memory and processor power).
TIP
An Apple Macintosh running Open Transport/TCP/IP can function as a DHCP client to a Microsoft Windows NT server running as a DHCP server, but not as a WINS client.
The file sharing protocol for AppleTalk networks. AppleShare provides these functions:
Enables sharing of volumes, folders, and printers
Provides auditing information on which resources have been accessed
Supports password-based control of access to shared resources
By installing Services for Macintosh on a Microsoft Windows NT server, the Windows NT server can emulate an AppleShare server so that Macintosh clients can access shared resources on the Windows NT server.
An Apple networking technology that supports native TCP/IP on the Apple Macintosh platform and provides Web, file, print, and e-mail services for departmental and workgroup-level environments. The latest version, AppleShare IP v6.1, features a single integrated administration console for local server management, remote administration using a standard Web browser, IP address filtering, Sherlock searching support, multihosting, Simple Mail Transfer Protocol (SMTP) and point of presence (POP) protocol support, shared Internet Mail Access Protocol (IMAP) folders, Domain Name System (DNS) services, and full compatibility with MacOS 8.5.
AppleShare IP client software must be installed on Macintosh client machines to enable them to access AppleShare IP services on a server over the network. AppleShare IP supports both Server Message Block (SMB) and File Transfer Protocol (FTP) protocols in addition to AppleShare file sharing, and is compatible with both Macintosh and Microsoft Windows clients.
A program written using the Java programming language, which can be accessed through a Web page and downloaded to the client machine where it is run within the Web browser window. Java applets can add dynamic functionality to static Web pages provided users view these pages with a Java-enabled Web browser.
How It Works
When an applet is created, its Java statements are compiled into an intermediate pseudo-machine-code language called a bytecode. The bytecode file is stored as a class file on a Web server like Microsoft Internet Information Services (IIS), and a Web page can reference the class file using an <APPLET> tag. When a Web browser requests the page and encounters the <APPLET> tag, the bytecode in the class file is executed in a Java virtual machine on the browser.
The original networking protocol for Apple Macintosh networks. AppleTalk enables users to share folders and printers for access by other network users. AppleTalk is a legacy technology that has been largely replaced by Apple Open Transport, which supports AppleTalk, TCP/IP, and other popular network protocols.
How It Works
AppleTalk is a workgroup-level networking technology that supports up to 254 network nodes per physical network. AppleTalk can run on top of the legacy LocalTalk data-link protocol, which was built into the Macintosh RS-449/RS-422 serial interface. In the more recent AppleTalk Phase II, the data-link protocols supported include EtherTalk, TokenTalk, and FDDITalk for connectivity with Ethernet, Token Ring, and Fiber Distributed Data Interface (FDDI) networks, respectively. Addresses of machines on AppleTalk networks are randomly self-assigned when the machine is first attached to the network, and then broadcast to ensure they are not already being used. This dynamic addressing feature is based on the AppleTalk Address Resolution Protocol (AARP). AppleTalk internetworks are logically partitioned into zones whose main function is to make network resources easier for users to access. A zone is a logical representation of AppleTalk network nodes that can span multiple physical networks. The mapping between zones and network numbers is maintained by the Zone Information Protocol (ZIP), which creates Zone Information Tables (ZITs) that are stored on AppleTalk routers.
AppleTalk is a suite of networking protocols that work together to provide file and print sharing services to Macintosh networks. The following illustration shows the details of the AppleTalk protocol suite.
Graphic A-18. AppleTalk.
NOTE
Apple Open Transport includes an updated version of AppleTalk with additional features such as support for manually assigned node addresses, support for multihomed and multinode systems, and other features.
A type of firewall that provides application-level control over network traffic. Application gateways can be used to deny access to the resources of private networks to distrusted users over the Internet.
How It Works
Application gateways examine incoming packets at the application level and use proxies to create secure sessions with remote users. For example, when an external user with a Web browser tries to access the company’s internal web server, the application gateway runs a proxy application that simulates the internal web server. A session is established between the remote user and the proxy application, while a separate, independent session is established between the proxy application and the internal web server. The remote user makes a request to the proxy, the proxy acts as a go-between and obtains the information from the internal web server, and then the proxy returns the result to the remote user.
The advantage of using application gateways over packet-filtering routers is that in packet filtering, a direct network connection still exists between the remote user and the internal network resource, while an application gateway prevents the remote user from directly accessing the internal network resource. This layer of additional security comes at some cost, namely that application gateways are generally slower and require a separate proxy application for each internal network service you want to make available through the firewall.
Layer 7 of the Open Systems Interconnection (OSI) reference model, in which network-aware, user-controlled software is implemented—for example, e-mail, file transfer utilities, and terminal access. The application layer represents the window between the user and the network. Examples of protocols that run at the application layer include File Transfer Protocol (FTP), Hypertext Transfer Protocol (HTTP), telnet, and similar protocols that can be implemented as utilities the user can interface with.
Originally the OSI model consisted of two kinds of application layer services with their related protocols:
Common Application Service Elements (CASE): These enable users to initiate or terminate peer (Layer 7 to Layer 7) connections between different machines on the network, enable reliable transfer of information between them, initiate remote operations, and support recovery from failure and rollback steps.
Specific Application Service Elements (SASE): These can include file transfer, message handling, terminal access, and other services that make use of the CASE elements and protocols.
These terms have largely been replaced with the term Application Service Elements (ASE) to describe the elements of the application layer.
NOTE
In most real-world networking, such as TCP/IP networking, many of these application layer services have no meaning.
Any service or server that acts as a proxy for client computer requests at the application’s protocols. For example, in Microsoft Proxy Server, the Web Proxy Service is an application layer proxy for the Hypertext Transfer Protocol (HTTP), Secure Hypertext Transfer Protocol (S-HTTP), File Transfer Protocol (FTP), and Gopher protocols. Application layer proxies provide security by hiding internal network addresses from the outside world.
Application layer proxies provide more support for the additional capabilities of each protocol than do circuit layer proxies. For example, application layer proxies can support virus scanning. Application layer proxies are also client-neutral and require no special software components or operating system on the client computer to enable the client to communicate with servers on the Internet using the proxy server.
Microsoft Proxy Server can grant users access to selected application layer protocols and can restrict access to remote Web sites by domain name, IP address, and subnet mask.
A Microsoft Windows NT and Windows 2000 log that records events generated by applications running on the system. The application log can be viewed and managed using Event Viewer and can contain three types of events:
Error event: Indicated by a red stop sign and signals a serious condition, such as a failed service
Warning event: Indicated by a yellow warning sign and signals a potentially serious condition, such as low disk space
Information event: Indicated by a blue information sign and signals a noteworthy event, such as a service successfully starting up
Microsoft BackOffice applications typically log events to the application log. Administrators should review the application log regularly to ensure that applications are running properly. The following screen capture shows the application log as viewed by the Event Viewer management console for Windows 2000.
Graphic A-19. Application log.
See also Event Viewer, security log, system log
A collection of programming routines and functions that an application can use to access low-level machine services. Also a set of calling conventions in a programming language that specifies how such a service is invoked through an application. Application programming interfaces (APIs) let C and assembly language routines interact with services and programming tools.
When you write applications for a high-level operating system like Microsoft Windows, you use standard Windows APIs to access standard operating system and networking services and functions. One application can then issue an API call to another application in order to execute that API function. Details of APIs are primarily of interest to developers.
Windows operating systems provide predefined sets of APIs for various purposes, such as Telephony Application Programming Interface (TAPI) for accessing functions related to making voice, data, or fax calls; Messaging Application Programming Interface (MAPI) for messaging functions; and so on.
Example
An example of an API function in Windows NT is NetServerEnum. When a computer on a network issues a net view command to obtain the list of resources or computers that can be accessed using Network Neighborhood or Windows Explorer, the client computer issues a NetServerEnum API call to the Computer Browser service.
A general term for a company that offers software services to business customers across a wide area network (WAN) such as the Internet, particularly services involving outsourcing of Web and e-business applications. Application service providers (ASPs) are often Internet service providers (ISPs), software vendors, or system integrators that have “repackaged” themselves to appeal to business customers.
In a broad sense, an ASP is a company that rents applications to business clients over the Web. These are typically prepackaged line-of-business applications but can also include custom software applications developed especially for the client. In contrast with simple Web hosting companies that offer their clients access to database applications and scripting tools but little else, ASPs also host the client’s business logic and data at their remote data centers and provide a full range of supporting services to the client. Another umbrella term used to describe the range of services offered by ASPs is “Websourcing.”
The ASP sector is rapidly increasing in popularity, especially among small to medium-sized businesses. The International Data Corporation (IDC) projects that this sector might grow from $150 million in 1999 to almost $2 billion by 2003. ASPs are beginning to offer everything from e-commerce applications to enterprise resource planning (ERP) services.
TIP
Use of an ASP can reduce corporate IT costs and speed deployment of e-business applications. The ASP approach is particularly attractive to newer, rapidly growing companies that have limited IT personnel and expertise. When you look for an ASP, consider its ability to provide additional capacity as your business grows. Also consider whether you are willing to trust an outside company with sensitive internal corporate data, whether you need a general contractor or a one-stop shopping solution, and how well outsourced solutions will integrate with your existing enterprise applications.
On the Web
•
ASP News Review : http://www.aspnews.com
See also Internet service provider (ISP)
See Advanced Peer-to-Peer Networking (APPN)
An attribute of files and folders that, when marked or set by the Microsoft Windows NT Backup program, indicates that the file or folder has been backed up. Then, when the backup program is run again, if the archive bit is still set, the file is not backed up because it has not been modified. If the file is modified in the interim, the archive attribute is cleared, indicating that the file needs to be backed up again.
The archive attribute for a file can also be set or cleared manually by opening the file’s property sheet.
TIP
If you use the xcopy command to copy files using Windows 95 or Windows 98, the destination files created will always have the archive attribute set.
See also backup, backup type
The process of long-term storage of important data for security and recovery reasons. Archived data is usually stored in a compressed format because it is required infrequently.
Some of the files that a Microsoft Windows NT administrator might consider archiving regularly include
Event log files for the system, security, and application logs
Performance monitor files for monitoring trends in memory, disk, processor, and network usage over time
Log files for applications such as Microsoft Internet Information Services (IIS)
TIP
When you archive event log files, you can save these files in log file format, text file format, or comma-delimited text file format. The actual binary data of an event is saved only if you archive it in event log format, but saving the information in a comma-delimited text file format allows you to import these logs into a spreadsheet program to analyze trends.
Acronym for Attached Resource Computer Network, an early local area network (LAN) architecture developed in 1976 by Datapoint Corporation. ARCNET predates Ethernet and uses RG/62 93-ohm coaxial cabling, RS485 twisted-pair cabling, or fiber-optic cabling to transmit data at 2.5 Mbps and a maximum of 255 nodes. A newer implementation called ARCNET Plus operates at a data rate of 20 Mbps and a maximum of 2047 nodes.
ARCNET is a baseband networking technology that is similar to standards for token-passing bus networks running over broadband cabling. ARCNET uses a token-passing bus architecture with nodes forming a logical ring but a physical bus or star pattern.
TIP
A computer running Microsoft Windows NT on an ARCNET network will have difficulty communicating with computers running Windows 95 and Windows 98 on the same network. This is because Windows NT uses Raw ARCNET, while Windows 95 and Windows 98 use Encapsulated ARCNET. The workaround solution is to install the 16-bit TCP/IP stack with Novell Open Data-link Interface (ODI) drivers on the machines running Windows 95 and Windows 98.
Acronym for Advanced RISC Computing path. Syntax for naming partitions of a disk on a system, used in the boot.ini file of Microsoft Windows NT. The ARC path specifies the location of the partition that contains the Windows NT operating system files. In other words, the ARC path locates the system partition on the machine.
Example
A typical ARC path on an x86-based computer could be the following:
multi(0)disk(0)rdisk(0)partition(2)\WINNT="Windows NT Server Version 4.00"
In this syntax
Multi(0) indicates that the system is using Integrated Device Electronics (IDE), Enhanced Small Device Interface (ESDI), or Small Computer System Interface (SCSI) drives and that it relies on the computer BIOS to load system files using INT 13 BIOS calls. The number in parentheses here should always be 0.
Disk(0) is always zero when multi() is used; otherwise, it refers to the physical disk when scsi() is used instead of multi(). (Multi() means that Windows NT must use the system BIOS to load system files, while scsi() means that a SCSI device driver must be loaded to access the boot partition.)
Rdisk(0) indicates that the ordinal number for the system disk is 0. This value is usually between 0 and 3.
Partition(2) indicates the number of the partition where the system files are located.
See address record
See American Registry for Internet Numbers (ARIN)
See Address Resolution Protocol (ARP)
Acronym for Advanced Research Projects Agency Network, a U.S. Department of Defense project begun in 1969 that was designed to provide high-speed network communication links between supercomputers located at different sites around the country. ARPANET was a test-bed for the development of the TCP/IP protocol suite. The first node on the ARPANET was established in 1969 at UCLA, with other nodes at Stanford and ICSB soon following. The first Request for Comments (RFC) was proposed in the same year by Steve Croker and was entitled “Host Software.”
By 1971, ARPANET had grown to over 20 hosts, including MIT, NASA, and the RAND Corporation. The first international nodes were established two years later in Norway and England. In 1983 MILNET was split off from ARPANET, and TCP/IP officially became the standard protocol for ARPANET, at which time ARPANET started to become widely known as the Internet. ARPANET continued to evolve until NSFNET was established in 1986. ARPANET formally died in 1989.
On the Web
•
The History of ARPANET: Timeline : http://www.geocities.com/Pentagon/Quarters/4620/home.html
•
“History of ARPANET” by Michael Hauben : http://www.dei.isep.ipp.pt/docs/arpa.html
A TCP/IP utility and Microsoft Windows NT command for viewing and modifying the local Address Resolution Protocol (ARP) cache, which contains recently resolved MAC addresses of Internet Protocol (IP) hosts on the network. When one host on a TCP/IP network wants to communicate with a second host, the first host begins by using the ARP to resolve the IP address of the second host into its associated MAC address. The MAC address is needed for communication to take place over the network.
Example
Typing arp -a displays the MAC addresses of recently resolved IP addresses. A sample display could be
Interface: 172.16.8.50 Internet Address Physical Address Type 172.16.8.25 00-20-af-b4-a1-4e dynamic 172.16.8.200 00-40-95-d1-29-6c static
One of these entries is static, meaning the Internet Protocol-to-MAC address mapping has been manually added to the ARP cache using arp –s.
NOTE
The arp command is only available if TCP/IP is installed on the machine.
See autonomous system (AS)
Stands for Application System/400, a midrange IBM server computing platform for business computing. AS/400 uses 64-bit RISC technology, supports Systems Network Architecture (SNA), and runs the OS/400 operating system. Traditional SNA user interfaces to AS/400 systems use either text-based 5250 terminals or desktop PCs running 5250 emulation software. But IBM has released a version of OS/400 that turns the AS/400 into a Web server and allows AS/400 applications to be interfaced using TCP/IP from a standard Web browser such as Microsoft Internet Explorer.
On the Web
•
IBM’s AS/400 home page : http://www.as400.ibm.com
Acronym for American Standard Code for Information Interchange, a widely accepted system for coding U.S. English text using numeric values. The purpose of ASCII is to allow human readable documents to be stored and processed as binary information by computers.
How It Works
ASCII assigns a unique numeric value to each lowercase and uppercase alphabet letter, number, punctuation mark, and to certain other characters. For example, the capital letter “A” has the ASCII code 65, while a blank space has the code 32.
ASCII is a 7-bit character set that is the same as the first 128 characters (numbers 0 to 127) of the ANSI character set. The following table shows the various characters in the ASCII character set. The first 32 characters are nonprinting control characters that can be executed from the keyboard by using the Control key combined with other keys.
The ASCII Character Set
| Char | Dec | Oct | Hex | Control Key Combination | Description |
| NUL | 0 | 0 | 0 | ^@ | Null character |
| SOH | 1 | 1 | 1 | ^A | Start of heading |
| STX | 2 | 2 | 2 | ^B | Start of text |
| ETX | 3 | 3 | 3 | ^C | End of text |
| EOT | 4 | 4 | 4 | ^D | End of transmission |
| ENQ | 5 | 5 | 5 | ^E | Enquiry |
| ACK | 6 | 6 | 6 | ^F | Acknowledge |
| BEL | 7 | 7 | 7 | ^G | Bell |
| BS | 8 | 10 | 8 | ^H | Backspace |
| HT | 9 | 11 | 9 | ^I | Horizontal tab |
| LF | 10 | 12 | a | ^J | Line feed |
| VT | 11 | 13 | b | ^K | Vertical tab |
| FF | 12 | 14 | c | ^L | Form feed |
| CR | 13 | 15 | d | ^M | Carriage return |
| SO | 14 | 16 | e | ^N | Shift out |
| SI | 15 | 17 | f | ^O | Shift in |
| DLE | 16 | 20 | 10 | ^P | Data link escape |
| DC1 | 17 | 21 | 11 | ^Q | Device control 1 (XON) |
| DC2 | 18 | 22 | 12 | ^R | Device control 2 |
| DC3 | 19 | 23 | 13 | ^S | Device control 3 (XOFF) |
| DC4 | 20 | 24 | 14 | ^T | Device control 4 |
| NAK | 21 | 25 | 15 | ^U | Negative acknowledge |
| SYN | 22 | 26 | 16 | ^V | Synchronous idle |
| ETB | 23 | 27 | 17 | ^W | End transmission block |
| CAN | 24 | 30 | 17 | ^X | Cancel line |
| EM | 25 | 31 | 19 | ^Y | End of medium |
| SUB | 26 | 32 | 1a | ^Z | Substitute |
| ESC | 27 | 33 | 1b | ^[ | Escape |
| FS | 28 | 34 | 1c | ^\ | File separator |
| GS | 29 | 35 | 1d | ^] | Group separator |
| RS | 30 | 36 | 1e | ^^ | Record separator |
| US | 31 | 37 | 1f | ^_ | Unit separator |
| SP | 32 | 40 | 20 | Space | |
| ! | 33 | 41 | 21 | Exclamation mark | |
| " | 34 | 42 | 22 | Quotation mark | |
| # | 35 | 43 | 23 | Cross hatch | |
| $ | 36 | 44 | 24 | Dollar sign | |
| % | 37 | 45 | 25 | Percent sign | |
| & | 38 | 46 | 26 | Ampersand | |
| ‘ | 39 | 47 | 27 | Apostrophe | |
| ( | 40 | 50 | 28 | Opening parenthesis | |
| ) | 41 | 51 | 29 | Closing parenthesis | |
| * | 42 | 52 | 2a | Asterisk | |
| + | 43 | 53 | 2b | Plus | |
| , | 44 | 54 | 2c | Comma | |
| - | 45 | 55 | 2d | Hyphen | |
| . | 46 | 56 | 2e | Period | |
| / | 47 | 57 | 2f | Forward slash | |
| 0 | 48 | 60 | 30 | Zero | |
| 1 | 49 | 61 | 31 | One | |
| 2 | 50 | 62 | 32 | Two | |
| 3 | 51 | 63 | 33 | Three | |
| 4 | 52 | 64 | 34 | Four | |
| 5 | 53 | 65 | 35 | Five | |
| 6 | 54 | 66 | 36 | Six | |
| 7 | 55 | 67 | 37 | Seven | |
| 8 | 56 | 70 | 38 | Eight | |
| 9 | 57 | 71 | 39 | Nine | |
| : | 58 | 72 | 3a | Colon | |
| ; | 59 | 73 | 3b | Semicolon | |
| < | 60 | 74 | 3c | Less than sign | |
| = | 61 | 75 | 3d | Equals sign | |
| > | 62 | 76 | 3e | Greater than sign | |
| ? | 63 | 77 | 3f | Question mark | |
| @ | 64 | 100 | 40 | At sign | |
| A | 65 | 101 | 41 | Uppercase A | |
| B | 66 | 102 | 42 | Uppercase B | |
| C | 67 | 103 | 43 | Uppercase C | |
| D | 68 | 104 | 44 | Uppercase D | |
| E | 69 | 105 | 45 | Uppercase E | |
| F | 70 | 106 | 46 | Uppercase F | |
| G | 71 | 107 | 47 | Uppercase G | |
| H | 72 | 110 | 48 | Uppercase H | |
| I | 73 | 111 | 49 | Uppercase I | |
| J | 74 | 112 | 4a | Uppercase J | |
| K | 75 | 113 | 4b | Uppercase K | |
| L | 76 | 114 | 4c | Uppercase L | |
| M | 77 | 115 | 4d | Uppercase M | |
| N | 78 | 116 | 4e | Uppercase N | |
| O | 79 | 117 | 4f | Uppercase O | |
| P | 80 | 120 | 50 | Uppercase P | |
| Q | 81 | 121 | 51 | Uppercase Q | |
| R | 82 | 122 | 52 | Uppercase R | |
| S | 83 | 123 | 53 | Uppercase S | |
| T | 84 | 124 | 54 | Uppercase T | |
| U | 85 | 125 | 55 | Uppercase U | |
| V | 86 | 126 | 56 | Uppercase V | |
| W | 87 | 127 | 57 | Uppercase W | |
| X | 88 | 130 | 58 | Uppercase X | |
| Y | 89 | 131 | 59 | Uppercase Y | |
| Z | 90 | 132 | 5a | Uppercase Z | |
| [ | 91 | 133 | 5b | Opening square bracket | |
| \ | 92 | 134 | 5c | Backslash | |
| ] | 93 | 135 | 5d | Closing square bracket | |
| ^ | 94 | 136 | 5e | Caret | |
| _ | 95 | 137 | 5f | Underscore | |
| ‘ | 96 | 140 | 60 | Opening single quote | |
| a | 97 | 141 | 61 | Lowercase a | |
| b | 98 | 142 | 62 | Lowercase b | |
| c | 99 | 143 | 63 | Lowercase c | |
| d | 100 | 144 | 64 | Lowercase d | |
| e | 101 | 145 | 65 | Lowercase e | |
| f | 102 | 146 | 66 | Lowercase f | |
| g | 103 | 147 | 67 | Lowercase g | |
| h | 104 | 150 | 68 | Lowercase h | |
| i | 105 | 151 | 69 | Lowercase i | |
| j | 106 | 152 | 6a | Lowercase j | |
| k | 107 | 153 | 6b | Lowercase k | |
| l | 108 | 154 | 6c | Lowercase l | |
| m | 109 | 155 | 6d | Lowercase m | |
| n | 110 | 156 | 6e | Lowercase n | |
| o | 111 | 157 | 6f | Lowercase o | |
| p | 112 | 160 | 70 | Lowercase p | |
| q | 113 | 161 | 71 | Lowercase q | |
| r | 114 | 162 | 72 | Lowercase r | |
| s | 115 | 163 | 73 | Lowercase s | |
| t | 116 | 164 | 74 | Lowercase t | |
| u | 117 | 165 | 75 | Lowercase u | |
| v | 118 | 166 | 76 | Lowercase v | |
| w | 119 | 167 | 77 | Lowercase w | |
| x | 120 | 170 | 78 | Lowercase x | |
| y | 121 | 171 | 79 | Lowercase y | |
| z | 122 | 172 | 7a | Lowercase z | |
| { | 123 | 173 | 7b | Opening curly brace | |
| | | 124 | 174 | 7c | Vertical line (pipe) | |
| } | 125 | 175 | 7d | Closing curly brace | |
| ~ | 126 | 176 | 7e | Tilde | |
| DEL | 127 | 177 | 7f | Delete |
NOTE
Some people create e-mail signatures for themselves using ASCII text characters, a practice called ASCII art. If you have the time and want to become an expert at this, read the FAQ on the Web at http://non.com/news.answers/ascii-art-faq.html.
TIP
When you download files using File Transfer Protocol (FTP), you can choose whether to transfer the files as binary files or text files (ASCII files). Use only the ASCII file setting when downloading plain text files—otherwise, files will not be correctly transferred.
A file that contains unformatted ASCII text: only characters, numbers, punctuation, tabs, and carriage return characters. You can create and edit an ASCII file using Microsoft Notepad. If you save it with the extension .txt, it is usually referred to as a text file, but you can save it with other extensions such as .bat or .cmd for batch files, and .ini for initialization files.
ASCII files are often used for logon scripts and other batch files. Another common use is storing configuration information for operating systems and applications. Microsoft Windows 3.1 platforms used ASCII files for storing system and software configuration settings. These configuration files have the extension .ini and are referred to as INI files. More recent Windows operating systems save this information in the registry. Most versions of the UNIX operating system still store their configuration settings in ASCII files.
Because ASCII files contain unformatted text, they can be read and understood by any platform and are useful for sharing information between platforms and between applications. Shared information is often saved in a comma-delimited text file, or .csv file, with the fields separated by commas. Microsoft Exchange Server can export mailbox properties and other information in .csv files, which can then be imported into spreadsheet programs such as Microsoft Excel for manipulation and analysis.
See Automatic Skip Driver Agent (ASD)
See Advanced Streaming Format (ASF)
See Abstract Syntax Notation One (ASN.1)
See Active Server Pages (ASP), application service provider (ASP)
The oldest and largest educational and scientific computing society in the world. The Association for Computing Machinery (ACM) provides a forum for the exchange of information, ideas, and discoveries relating to many aspects of computing. The ACM has a worldwide membership of 80,000 computer professionals representing a wide variety of interests. The ACM also sponsors a number of special interest groups (SIGs) that bring together ACM members with shared interests. These SIGs publish technical newsletters, host conferences, and help develop standards.
One SIG of interest to networking professionals is the ACM Special Interest Group on Data Communication (SIGCOMM), which provides a forum for data communication professionals. SIGCOMM focuses on standards for network protocols and architectures. SIGCOMM publishes the ACM/IEEE Transactions on Networking Journal, sponsors conferences, and publishes a quarterly newsletter called the Computer Communication Review (CCR) in conjunction with the Institute of Electrical and Electronics Engineers (IEEE).
On the Web
•
ACM home page : http://www.acm.org
•
SIGCOMM : http://www.acm.org/sigcomm
A nonprofit trade association serving U.S. Internet access and electronic commerce industries. The Association of Online Professionals (AOP) was founded in 1994 with a mission to promote the growth of e-commerce, online communities, and online communication. The AOP provides its members with information, service, and support. In addition, it serves as an advocate for issues of privacy, copyright, taxation, self-regulation, and e-commerce.
The AOP runs a number of special interest groups (SIGs), including the Online Services Council, Web Professionals Council, ISP Council, and Electronic Commerce Council.
On the Web
•
AOP home page : http://www.aop.org
A telco service that provides subscribers with high-speed digital telephone services. Asymmetric Digital Subscriber Line (ADSL) is a newer technology that competes with Integrated Services Digital Network (ISDN) to provide a faster alternative to analog modems for the traditional analog local loop that joins subscribers to a telco’s high-speed digital backbone networks. ADSL specifies how to implement high-speed, full-duplex transmission over the existing twisted-pair copper cabling of the Plain Old Telephone Service (POTS). ADSL can be used to simultaneously transmit voice and data over a single telephone line and can support high-speed Internet access for both homes and businesses. Should the data link go down, POTS voice service would still be available using ADSL.
Graphic A-20. Asymmetric Digital Subscriber Line (ADSL).
How It Works
ADSL is a form of Digital Subscriber Line (DSL) that enhances the data-carrying capacity of the twisted-pair copper phone lines that join most homes and offices with their local telco’s switching facilities. ADSL is asymmetric, meaning the upstream and downstream transmission rates are not equal. Over regular copper phone lines, ADSL can achieve upstream speeds of up to 1.5 Mbps and downstream speeds of up to 9 Mbps, usually in a 10:1 ratio. ADSL is therefore ideal for providing high-speed Internet access to homes and businesses where download speeds are more critical than upload speeds.
ADSL uses frequency-division multiplexing (FDM) to separate voice and data into a baseband voice channel, upstream data channel, and downstream data channel. Each channel occupies a different portion of the frequency spectrum, as shown in the illustration. The baseband voice channel is split from the data channels to guarantee phone services in case the data channel fails. Data transmission rates in the upstream direction range from 9.6 to 640 Kbps, and those in the downstream direction range from 1.544 to 8 Mbps, depending on the local loop length and wire gauge of the telephone cable. (The longer the distance, the slower the speed supported.) ADSL can use any of the following modulation systems for the data channels:
Carrierless amplitude/phase (CAP)
Discrete multitone (DMT)
Discrete wavelet multitone (DWMT)
In a typical implementation, an ADSL modem is used to connect your computer to a standard analog POTS phone line. The ADSL modem contains a POTS splitter chip that splits the bandwidth of the phone line into a voice and a data channel. The data channel is split, using a channel separator chip, into an upstream and a downstream channel, with the downstream channel having the larger portion of bandwidth. The voice band uses frequencies up to 4 kHz, while the data channels use the higher frequencies. Carrying capacity depends on the thickness of the wire and other line conditions.
At the other end of the subscriber’s local loop is an ADSL modem at the telco central office. The telco’s modem separates voice from data using a splitter and routes voice calls through the POTS, while the data is routed to either a similar ADSL modem or a Digital Subscriber Line Access Multiplexer (DSLAM) unit. The DSLAM unit combines multiple ADSL lines into a single fiber-optic Asynchronous Transfer Mode (ATM) backbone connection to the Internet.
ADSL has numerous advantages over standard analog modem access to the Internet, including much higher data rates, instant connection, simultaneous voice/data over a single phone line, and greater security. The negative side is the higher equipment cost and limited availability of ADSL in current telco markets.
On the Web
•
ADSL Forum : http://www.adsl.com
An approach to distributing processing load on a multiprocessor computer (a computer with more than one CPU) in which each processor is assigned specific tasks to perform. For example, one processor might be dedicated to managing I/O requests, another to executing network requests, another to running a user application, and so on. This is in contrast to symmetric multiprocessing (SMP), in which the operating system evenly distributes the application load across multiple processors. In SMP, individual processes are not mapped to specific processors but instead are assigned to available processors by the operating system.
NOTE
Microsoft Windows NT and Windows 2000 support SMP but not asymmetric multiprocessing (AMP).
See asynchronous transmission
A high-speed, broadband transmission data communication technology based on packet switching, which is used by telcos, long distance carriers, and campus-wide backbone networks to carry integrated data, voice, and video information. Asynchronous Transfer Mode (ATM) can be used as the underlying technology for Fiber Distributed Data Interface (FDDI), Synchronous Optical Network (SONET), and other high-speed networks. Plus, ATM can run on any media including coax, twisted-pair, or fiber-optic.
ATM is a connection-oriented protocol that can work with either permanent virtual circuits (PVCs) or switched virtual circuits (SVCs), depending on your wide area network (WAN) traffic needs. ATM networks use bandwidth at maximum efficiency, while maintaining guaranteed quality of service (QoS) for users and applications that require it. The two main benefits of ATM are its high transmission speeds and its flexible bandwidth-on-demand capability.
How It Works
The “asynchronous” in ATM means ATM devices do not send and receive information at fixed speeds or using a timer, but instead negotiate transmission speeds based on hardware and information flow reliability. The “transfer mode” in ATM refers to the fixed-size cell structure used for packaging information. This cell-based transmission is in contrast to typical local area network (LAN) variable-length packet mechanisms, which means that ATM connections are predictable and can be managed so that no single data type or connection can monopolize the transmission path.
ATM technology originated in broadband ISDN (B-ISDN) technology and works primarily at layer 2 of the Open Systems Interconnection (OSI) reference model. ATM connects devices over a WAN using virtual channels (VCs) and virtual paths (VPs). Virtual channels consist of one or more physical ATM links connected in a series for transmitting data between remote stations. A VC exists only while data is being transmitted on it, and all cells in a given ATM transmission follow the same VC to ensure reliable data transmission. A virtual path is a collection of VCs having the same source and destination points that can be used to pool traffic being transmitted to a given destination.
ATM is a connection-oriented technology that requires the establishment of a specific network path between two points before data can be transported between them. Typically a subscriber would lease a T1 or T3 line to connect their customer premises equipment (CPE) to the telecommunication carrier’s ATM network, but frame relay or SONET can also be used to connect a site to an ATM network. The kind of CPE needed varies with the access method employed—for example, Channel Service Unit (CSU) for T1 line, frame relay access device (FRAD) or router for frame relay, and so on. Large corporate networks using an ATM backbone might use a switch-to-switch connection to the carrier’s network instead of CPE.
ATM uses fixed-size packets called “cells.” Each 53-byte ATM cell contains 48 bytes of data payload and 5 bytes of control and routing information in the header. The header provides addressing information for switching the packet to its destination. The payload section carries the actual information, which can be data, voice, or video. The payload is properly called the user information field. The reason for choosing 48 bytes as the payload size is to compromise between the optimal cell sizes for carrying voice information (32 bytes) and data information (64 bytes). The fixed size of an ATM cell makes ATM traffic simple and predictable, and makes it possible for ATM to operate at high speeds. Typical ATM speeds vary with transmission media and can include
25 Mbps over unshielded twisted-pair (UTP) category 5 cabling
155 Mbps over either UTP or fiber-optic cabling
622 Mbps and 4.8 Gbps over fiber-optic cabling only
ATM also includes a mechanism for allocating bandwidth dynamically; that is, bandwidth is allocated only in required amounts and the required direction. As a result, when an ATM link is idle, it utilizes no bandwidth, which can result in considerable cost savings depending on the needs of your network.
ATM optimizes performance through different classes of service, which can be allocated through QoS settings. This is different from frame relay, which is a classless service. The four classes of ATM services that subscribers can specify depending on their needs are
Constant Bit Rate (CBR): This service level is suitable for applications that are sensitive to cell delay and cell loss, must have continual availability, and do not require much bandwidth (for example, voice traffic).
Variable Bit Rate/Realtime (VBR-RT): This level is suitable for applications that are sensitive to cell delay and cell loss and require a large amount of bandwidth (for example, videoconferencing).
Variable Bit Rate/Non-Realtime (VBR-NRT): This level is suitable for applications that require a large amount of bandwidth but can tolerate some cell delay and cell loss (for example, video playback).
Unspecified Bit Rate (UBR) or Available Bit Rate (ABR): This level is suitable for network services that do not have special bandwidth or cell latency/loss needs (for example, file transfer or e-mail).
ATM provides the following advantages:
High-speed, fast-switched integrated data, voice, and video communication that is not bound by the physical or architectural design constraints of traditional LAN networking technologies.
A standards-based solution formalized by the International Telecommunication Union (ITU) that allows ATM to easily replace existing telephony network infrastructures. ATM provides a global telephony standard, and over 70 percent of U.S. telcos have migrated their internal networks to ATM.
Interoperability with standard LAN/WAN technologies. ATM networks can be interconnected with Ethernet and token ring LANs using LAN emulation (LANE) services to provide TCP/IP over ATM.
QoS technologies that enable a single network connection to reliably carry voice, data, and video simultaneously and manage bandwidth on a per-connection basis depending on the priority of the service required.
Microsoft Windows 2000 supports direct connectivity to ATM networks with up to four ATM adapters in a single computer.
On the Web
•
ATM Forum : http://www.atmforum.com
See also telecommunications services
A mode of serial transmission for modems and other telecommunication devices in which the data is transmitted as a continuous stream of bytes separated by start and stop bits. This is in contrast to synchronous transmission in which some timer or clocking mechanism is used to ensure a steady flow of data between the devices.
How It Works
In asynchronous communication, only about 80 percent of the transmitted bits actually contain data, while the other 20 percent contain signaling information in the form of start and stop bits. Each data frame starts with a start bit and ends with a stop bit, with data bits in between. When the receiving station receives a start bit, it knows that pure data will follow. When a stop bit is received, it knows the data frame has ended and waits for the next one.
Asynchronous transmission is essentially character-based with additional bits between characters to enable synchronization and error correction. An optional parity bit for error checking can be located immediately before the stop bit in each frame. With parity correction, an 8-bit character requires 3 bits of control information (start, stop, and parity bits), which means an actual overhead of 3/8 or 38 percent.
Asynchronous communication is not synchronized by a timer mechanism or clock, and asynchronous devices are not bound to send or receive information at an exact transmission rate. Instead, the sender and receiver negotiate transmission speeds based on hardware limitations and the need to maintain a reliable flow of information. Asynchronous transmission is mainly suitable for low-speed transmission, but speeds can be increased by using data compression.
See also synchronous transmission
A Microsoft Windows NT and Windows 2000 command that can be used to schedule the execution of commands, batch files, and executables. For example, you could use the at command to schedule a backup to occur at a specific time of the day on certain days of the week. You can also use the at command to view commands that have already been scheduled and to delete a scheduled command.
Example
at 02:00 /every:Su runback.bat runs the batch file runback.bat every Sunday at 2 A.M.
NOTE
The at command requires that Windows NT Schedule service is running on the machine. You must be a member of the Administrators group to use the at command. For Windows 2000, you can schedule tasks using the Scheduled Tasks folder within My Computer.
TIP
The Windows NT Server Resource Kit includes a GUI version of the at command that is easier to use than the command-line version and has essentially the same functionality.
See Asynchronous Transfer Mode (ATM)
The loss of signal strength with long distances when signals travel along cabling. Attenuation values for actual cables are measured in units of decibels (dB)—a standard measurement value used in communication for expressing the ratio of two values of voltage, power, or some other signal-related quantity. For example, a drop of 3 dB corresponds to a decrease in signal strength of 50 percent or 2:1, while a drop of 6 dB corresponds to a decrease of 75 percent or 4:1. Attenuation values for cabling media are expressed in units of decibels per 1000 feet, which express the amount of attenuation in decibels for a standard 1000-foot length of cabling composed of that media.
Copper cabling has much greater attenuation than fiber-optic cabling; therefore, copper is suitable only for relatively short cable runs. Typical attenuation values for copper category 5 cabling vary with frequency and are shown in the table that follows. Attenuation for lower-grade cable is slightly higher.
Attenuation Values for Copper Category 5 Cabling
| Signal Frequency | Attenuation |
| 4 MHz | 13 dB/1000 feet |
| 10 MHz | 20 dB/1000 feet |
| 20 MHz | 28 dB/1000 feet |
| 100 MHz | 67 dB/1000 feet |
TIP
Attenuation is caused by signal absorption, connector loss, and coupling loss. To minimize attenuation, use high-grade cabling such as enhanced category 5 cabling. Also try to minimize the number of connector devices or couplers, ensuring that these are high-grade components as well. When a signal attenuates a large amount, the receiving device might not be able to detect it or might misinterpret it, therefore causing errors.
Graphic A-21. Attenuation.
The ratio of the received strength of a signal on a pair of wires to the amount of crosstalk between the wires. The higher the attenuation to crosstalk ratio (ACR) for a given cable, the less chance of signal errors. ACR is calculated as the difference between the attenuation value and the near-end crosstalk value at a specific frequency. This is because both attenuation and crosstalk are usually expressed in units of decibels for cabling media. The decibel scale is logarithmic in nature, which means that a difference in decibel values corresponds to a ratio of actual signal voltage or power levels.
For copper category 5 cabling, the ACR value is typically about 10 dB, at a frequency up to about 100 MHz. This value decreases slightly with increasing frequency until crosstalk and attenuation values converge, at which point transmission becomes error prone and the cabling ineffective for communication.
A Microsoft Windows command that can be used to display and modify the attributes of files and directories. You can use the attrib command to display and modify the archive, system, hidden, and read-only attributes that can be assigned to files and directories. For example, if you need to manually modify the boot.ini file on a machine running Windows NT, you can use the attrib command to remove its read-only, hidden, and system attributes.
Example
attrib –r –h –s boot.ini removes the read-only, hidden, and system attributes from the boot.ini file, allowing you to manually edit the file.
A type of marker that can be set or cleared for files stored on the file allocation table (FAT) or NTFS file system. Attributes indicate whether a file is
Read-only, meaning that it cannot be modified
Hidden, meaning that the file will not appear when its parent directory is listed at the command line
System, meaning that the file is a critical operating system file and should not be moved or modified
Archived, meaning that the file has been backed up
NOTE
The above attributes can be set or cleared for files on both FAT and NTFS partitions. In addition, files on an NTFS volume can be marked as compressed. NTFS uses a number of other extended attributes internally. The term “attribute” can also refer generally to other file system information, such as time stamps, file size, link counts, and so on.
TIP
To view or modify the attributes of a file, open the file’s property sheet and check or clear the appropriate check box. You can also use the attrib command to modify some attributes of a file.
A property of an object in Active Directory. Attributes are the actual information stored in an object. For example, a user class object is composed of attributes, such as a First Name attribute for a user account object.
Attributes define the actual characteristics of objects in Active Directory. Every class of objects has its own defining set of attributes. Different objects within this class are distinguished by the values of their attributes. Some attributes, such as the First Name attribute for a user account object, must have a value assigned to them when they are created. Other attributes, such as Phone Number, can optionally be left unvalued.
Each attribute in Active Directory is defined only once and can be used for many different object classes. All objects of the same type have the same set of attributes. Different objects of the same type are distinguished by different attribute values. It is therefore the values of the attributes of a particular object that make that object unique in Active Directory.
Attributes are defined in a special portion of Active Directory. An attribute definition includes
The syntax (type of information) of the attribute, such as integer, date, or string
Whether the attribute is single-valued or multivalued
Each syntax type is specified by an object identifier, which is a globally unique identifier (GUID) issued by the International Organization for Standardization (ISO). The allowable syntax types for attributes of objects in Active Directory are shown in this table.
Allowable Syntax Types for Object Attributes
| Syntax | Object Identifier | Description |
| Undefined | 2.5.5.0 | Not a legal syntax |
| Distinguished name | 2.5.5.1 | The fully qualified name of an object in the directory |
| Object identifier | 2.5.5.2 | Identifies an object |
| Case-sensitive string | 2.5.5.3 | Differentiates uppercase and lowercase |
| Case-insensitive string | 2.5.5.4 | Does not differentiate uppercase and lowercase |
| Print case string | 2.5.5.5 | Printable string |
| Numeric string | 2.5.5.6 | A sequence of digits |
| OR name | 2.5.5.7 | An x400 e-mail address |
| Boolean | 2.5.5.8 | TRUE or FALSE |
| Integer | 2.5.5.9 | A 32-bit number |
| Octet string | 2.5.5.10 | A string of bytes |
| Time | 2.5.5.11 | The number of seconds elapsed since 1/1/1970 |
| Unicode | 2.5.5.12 | Wide string |
| Address | 2.5.5.13 | Internal |
| Distname-address | 2.5.5.14 | Internal |
| NT security descriptor | 2.5.5.15 66 | Windows NT Security Descriptor |
| Large integer | 2.5.5.16 | A 64-bit number |
| Security identifier (SID) | 2.5.5.17 4 | SID |
See also Active Directory schema
The process of tracking and monitoring actions is performed on servers. Auditing is an important component of a general security policy for a corporate network. Auditing can be used to detect attempts at unauthorized access to network resources and to track the usage of shared resources. Auditing creates a record of which files have been accessed, who has logged on to the network, who has attempted to use a shared resource, and so on. Specifically, auditing records information in the security log about
What action was performed
Who performed the action
When the action occurred
Whether the action succeeded or failed
How It Works
In Microsoft Windows NT, auditing must first be enabled by configuring an Audit policy for the domain being audited. If you are auditing access to files and other objects, you must specifically enable auditing on the files and objects you want to audit by using the Security tab on the file or object’s property sheet.
Windows NT records two kinds of auditing information in the security log:
Success audits: Symbolized by keys and are usually used to track resource usage for capacity and resource planning
Failure audits: Symbolized by padlocks and are usually used to monitor network resources for unauthorized access attempts
See also Audit policy, Event Viewer, security log
A policy established on a domain in Microsoft Windows NT and Windows 2000 to specify which kinds of security events are recorded in the security log.
How It Works
An Audit policy can be configured using the Policies menu in User Manager for Domains. When an Audit policy is configured on a domain controller using this tool, the policy affects the security logs for all domain controllers in that domain. If the Audit policy is configured on a member server or workstation, it is valid only for that machine. The following table shows the different kinds of events that can be audited by establishing an Audit policy. You can view the results of establishing your Audit policy by using Event Viewer.
Events That Can Be Audited
| Type of Event | Description |
| Logon and logoff | Users logging on and off and forming network connections |
| File and object access | Users accessing a file, folder, or printer on a network |
| Use of user rights | A right has been exercised—for example, backing up files and directories |
| User and group management | An account has been modified, created, or deleted |
| Security policy changes | A change has been made to an Audit policy, a trust relationship, or user rights |
| Restart, shutdown, and system | The system has been shut down or restarted, or system security has changed |
| Process tracking | A process has been started or stopped, or some related activity has occurred |
These are the requirements for establishing an Audit policy in Windows NT:
The user must be a member of the Administrators local group on the domain controllers or on the member server to be audited.
Server Operators can view and archive security logs, but only administrators can enable auditing.
File auditing can take place only on volumes formatted using the NTFS file system.
NOTE
To configure an Audit policy in Windows 2000, use the Computer Management administrative tool, open the System Tools folder, and select the Group Policy Editor.
TIP
Be careful when enabling auditing for File and Object Access or Process Tracking, as logging these events can generate a large amount of overhead on your system. To audit access to a file, folder, or printer, first enable File and Object Access auditing in your Audit policy, and then access the Security tab on the object’s property sheet.
See also auditing, Event Viewer, security log
Acronym for Attachment Unit Interface connector, a standard 15-pin connector device for thicknet or 10Base5 cabling. The AUI connector on the free end of the drop cable attaches to the DB15 connector on the network interface card (NIC). The NIC has an AUI port connector for connecting the drop cable. The other end of the drop cable typically connects to a transceiver. The transceiver is then joined to the thicknet cabling using a vampire tap that pierces the cable jacket and insulation to make a connection.
A new built-in group for Microsoft Windows NT or Windows 2000 that is created when Windows NT 4.0 Service Pack 3 or later is applied. The Authenticated Users group is similar to the built-in Everyone group, except that anonymous logon users are never members of the Authenticated Users group. The built-in security identifier (SID) for this group is S-1-5-11. The Authenticated Users group can be used to provide additional security when running Microsoft Internet Information Services (IIS) because the anonymous user account has the ability to enumerate share names and list domain usernames. Using the Authenticated Users group can restrict this ability for the anonymous user account. You should generally use the Authenticated Users group instead of the Everyone group if you want to carefully control anonymous access to your network resources.
NOTE
In Windows NT, some editing of the registry is required to implement this new feature. For information, see Microsoft TechNet and the Readme file for Service Pack 3. In Windows 2000, the Authenticated Users group is one of the built-in system groups.
The process of validating users’ credentials to allow them access to resources on a network. On a Microsoft Windows NT or Windows 2000 network, authentication can be handled in one of two ways:
Logging on to a member server or workstation: Authentication is performed by the member server or workstation itself using its local Security Accounts Manager (SAM) database.
Logging on to a domain in Windows NT and Windows 2000: Authentication is performed by a domain controller on the network.
Authentication can be further classified according to how the credentials are passed over the network and includes the following methods:
Anonymous access: This method is supported by Microsoft Internet Information Services (IIS) and allows anonymous users on the Internet access to Web content on your server.
Basic Authentication: This method transmits passwords as clear text and is often used in UNIX networks and for File Transfer Protocol (FTP) services.
Windows NT Challenge/Response Authentication: This is the standard secure authentication method for Windows NT domain controllers.
Kerberos v5 Security Protocol: This is the standard secure authentication method for Windows 2000 domain controllers.
See also logon
In Internet Connection Services for Microsoft Remote Access Service (RAS), a database for providing authentication, access, and accounting information for the users in a given realm. An authentication provider is a server that is used by Internet Authentication Service (IAS) to map a Remote Authentication Dial-In User Service (RADIUS) authentication request to a database containing user credentials. The authentication provider can verify or deny whether the individual exists in the database and return this information to the IAS server. Choices for authentication providers are
A Microsoft Window NT or Windows 2000 domain controller
A Local Users file on the IAS server
An open database connectivity (ODBC)–compliant database
A Microsoft Commercial Internet System (MCIS) membership database
A Microsoft security technology that certifies the identity of the publisher of software to ensure the software has not been tampered with.
How It Works
An Internet software publisher first obtains a digital certificate from a certificate authority (CA) and uses Authenticode signing tools to digitally sign his or her application. When a user tries to download the application from the Internet, client-side Authenticode software in Microsoft Internet Explorer and Microsoft Windows 98 displays the publisher’s certificate information to help the user make a more informed decision about whether to install the software on his or her machine.
Authenticode can be used to sign Microsoft ActiveX controls, .cab files, Java applets, or any other executable files.
NOTE
The Windows 98 implementation of Authenticode enables you to check online certificate revocation.
A program offered by Microsoft to secondary and post-secondary educational institutions. Approved schools are provided with tools by Microsoft to facilitate courseware delivery that prepares students for Microsoft Certified Professional (MCP) certifications. The Authorized Academic Training Program (AATP) gives schools a powerful advantage in the competitive technical education market. AATP enables schools to serve their communities by educating future employees to fill demands for technically certified computer professionals.
There is no fee for joining the AATP program. Some of the benefits of joining the program include
A 100-user software license received upon purchase of a Microsoft product—provided the product is the subject of a course being taught that uses Microsoft Official Curriculum or Microsoft Approved Study Guides. Note that these licenses are for student and instructor use in the classroom only.
Special academic pricing on Microsoft Official Curriculum and Microsoft Approved Study Guides.
Online course outlines, evaluation tools, curriculum materials, certification fact sheets, and preparatory exams.
Access to the private AATP Internet site.
On the Web
•
Microsoft AATP Welcome Page : http://www.microsoft.com/aatp
An application that can be automatically started on the user’s computer by Microsoft Connection Manager (CM) after a connection is established. Auto-applications automatically launch and close upon the start and end of a connection. This lets administrators configure services to trigger when users open their e-mail or Web browser. Auto-applications can be specified using a wizard that allows you to specify the name of the application, command-line switches or parameters, and other information. An auto-application must be a complete program file; it cannot require other files to work, and it cannot be a self-extracting executable.
A Microsoft Windows NT utility executed each time the computer reboots. Autochk.exe checks whether any volumes are dirty (for example, if the system was shut down due to a power failure). If autochk.exe finds a dirty volume, it runs chkdsk /f to attempt to repair it.
NOTE
Large volumes can take a long time for chkdsk to run. You can prevent autochk from checking specific volumes by using the utility chkntfs.exe found on Windows NT Service Pack 2 and later.
A feature of Microsoft Internet Explorer version 4.0 and later that attempts to complete a partial Uniform Resource Locator (URL) entered into the Address field of the browser. When you begin to enter a URL, the AutoComplete function checks the browser’s history folder for any URLs that match your partial URL and displays the closest match to what you have entered. This saves users from having to retype long URLs when attempting to revisit a site. This can be viewed as both an accessibility feature and a way to avoid time-wasting mistakes. If the URL that AutoComplete suggests for you is incorrect, just keep typing your URL. AutoComplete is based on the same IntelliSense technology that is implemented in certain features of Microsoft Office, such as the AutoFill feature in Microsoft Excel.
TIP
If you clear your history folder, AutoComplete will not be able to function because it uses URLs stored in that folder. The longer you leave your history folder unemptied, the larger its contents become and the more effectively AutoComplete operates.
A feature of Microsoft Windows 2000 and Windows NT that maps network resources to phonebook entries. When a user or application tries to access a network resource, Network and Dial-up Connections in Windows 2000 (Dial-Up Network in Windows NT) automatically tries to establish a connection to the resource. To configure autodial in Windows 2000, go to Control Panel in My Computer, and then open Network and Dial-up Connections. Choose Dial-up Preferences from the Advanced menu. On the Autodial tab, select the check box next to the location where you want to enable autodial, and then click OK. To configure AutoDial in Windows NT, use the User Preferences dialog box for your phonebook entry.
NOTE
Certain actions will not trigger AutoDial for Windows NT. These include
Pinging an IP address. (Pinging a fully qualified domain name, however, will cause AutoDial to engage.)
Using both a dial-up and a local area network (LAN) connection. (AutoDial engages only after an attempt to connect over the LAN has failed.)
A batch file used by the MS-DOS and Microsoft Windows 3.1 operating systems. Autoexec.bat runs immediately after the commands in the config.sys file are executed and can contain any commands that you want carried out when you start your system. These might include commands to clear the screen of startup messages, to start terminate-and-stay-resident (TSR) programs such as virus checkers, or to define a printer port. Autoexec.bat is typically located in the C:\ directory. Autoexec.bat can also include Path, Prompt, and Set statements for defining the system path and environment variables.
Windows 95 and Windows 98 also include an autoexec.bat file, but it is present only for backward compatibility of running Windows 3.1 applications under Windows 95 or Windows 98.
NOTE
If an autoexec.bat file exists in the boot partition on a machine running Windows NT, it will be parsed at startup. Any environment variables that are defined in the file will be set, and any path specification will be appended to the default system path whenever the system is started.
A batch file in %SystemRoot%\System32 on machines running Microsoft Windows NT that is used to provide a startup environment when MS-DOS applications are run using the default.pif file. You can configure autoexec.nt the same way you would configure autoexec.bat for running MS-DOS applications on Windows NT. The corresponding file config.nt performs the same function as config.sys. Once autoexec.nt and config.nt are configured, an MS-DOS application that is started in a new command window will use these files to configure the application’s environment. You can optionally create custom startup files for specific applications that cannot use your generic autoexec.nt and config.nt files.
TIP
If you make any changes to autoexec.nt or config.nt, you must first log off and then log on again for the changes to take effect on the system.
A logon process whereby the user gains access to the network through user credentials previously stored in the registry. Automatic logon can be enabled on a machine running Microsoft Windows NT by editing the registry. Use registry editor (regedit.exe) to open the following key
HKEY_LOCAL_MACHINE \Software \Microsoft \Windows NT \CurrentVersion \Winlogon
and modify or create the following REG_SZ type values:
DefaultDomainName
DefaultUserName
DefaultPassword
AutoAdminLogon
Set AutoAdminLogon equal to 1 to enable automatic logon.
NOTE
The automatic logon process can be bypassed by holding down the Shift key upon startup or logoff.
TIP
Use extreme care when making changes to the registry, as improper use of Registry Editor can make your system unbootable.
See also interactive logon
A Microsoft Windows 98 built-in utility that allows you to bypass troublesome devices so that Windows 98 can successfully boot.
How It Works
The Automatic Skip Driver Agent (ASD) identifies device failures that caused Windows 98 to stop responding on previous attempts to boot the system and marks these devices so that the boot process skips them on subsequent boot attempts. Once you have finished troubleshooting a device problem, you can use ASD to enable the device to see whether the device has begun to function properly. If the device fails again, ASD will again disable it. Disabled devices can be viewed and reenabled by running ASD again from the command line with the command asd.exe or from the System Information utility in the System Tools program group. Device Manager shows disabled devices with a yellow exclamation point.
During startup, Windows 98 tries to load device drivers for installed hardware. ASD keeps track of device driver failures by identifying which devices cannot be enumerated during startup. If attempts to load the device driver for a device fail two times, ASD disables the device so that Windows 98 can start properly.
A feature of Microsoft Windows 2000 that allows you to restore your system in the event of hard disk failure or corruption of system files. Automatic System Recovery (ASR) is designed to replace the emergency repair disk (ERD) of Windows NT as the main tool for restoring systems after boot failures. ASR integrates the processes of repair, backup, and restore into a single recovery solution in the event of a disaster.
How It Works
To use ASR, you must first configure it by running the Disaster Recovery Preparation Wizard, which is part of the Windows 2000 Backup utility. The resulting ASR disk contains configuration information that will be critical if you need to recover your system as a result of system volume damage or corruption. If you need to reinstall the system software, the ASR disk enables you to bring the system to the same configuration it had before the disaster.
To perform ASR on an x86-based computer, you will need the three setup disks and the tape backup created by running the Disaster Recovery Preparation Wizard. After Setup Disk 3 finishes running, you will be presented with several options—select the Recover option to use the ASR disk to recover your system.
TIP
Always run the Automatic System Recovery Wizard immediately before and after you make any changes to your system configuration using the Disk Management tool. If you do this, you will be able to return your system to the stable configuration that existed prior to your change.
A feature of the Microsoft Internet Explorer Administration Kit (IEAK). Automatic Version Synchronization (AVS) runs each time the IEAK administrator runs the IEAK Wizard and checks Microsoft’s Web site for updates to Microsoft Internet Explorer. These updates are automatically downloaded and can be distributed by the administrator to users throughout the enterprise.
A Microsoft technology that enables applications to expose their functionality to other applications. Automation, formerly known as OLE Automation, is based on the Component Object Model (COM) and allows run time binding of components. Automation is used exclusively by scripting languages, such as Microsoft Visual Basic for Applications (VBA), Microsoft Visual Basic Scripting Edition (VBScript), and Microsoft JScript, to access COM components that support Automation. The advantage of Automation is that it allows various languages to access COM components at run time. The drawbacks to Automation are that it is slow and that compile-time data type checking cannot be performed.
An application that exposes its functionality through Automation is called an Automation server. An application that communicates with the server through Automation is called an Automation controller or Automation client.
How It Works
An Automation server is a COM component that typically implements the IDispatch interface. An Automation controller is a client that communicates with the Automation server, typically using IDispatch. IDispatch is a COM interface that allows a client to indirectly access all of the exposed methods and properties of the component. Therefore, IDispatch enables a client to discover and access all the various methods and properties of a component at run time through a single interface.
NOTE
In the past, Automation required communication using the IDispatch interface. Now the term Automation is more generic and refers to the programmability of an application or component.
See also Automation controller, Automation server
See Automation controller
A client that accesses the functionality of an Automation server. Automation is a way for one application to manipulate the exposed objects (properties and methods) of another application. Automation controllers are client applications that can manipulate the exposed objects of another application called an Automation server. Examples of Automation controllers include Microsoft Word, Microsoft Excel, and Microsoft Visual Basic.
There are two kinds of Automation clients:
Clients that have static information about the properties and methods of the Automation server bound to them at compile time.
Clients that dynamically obtain information about the properties and methods of the Automation server at run time. These clients do this by querying the IDispatch interface of the Automation server.
See also Automation, Automation server
A Component Object Model (COM) component that exposes its functionality to other applications. An Automation server typically implements the IDispatch interface.
Here’s an example of an Automation server: a word processing program that can expose its spell-checking functions so that Automation controllers can access them. This allows the functionality of one program (the Automation server) to be used by other programs (the Automation clients or controllers).
See also Automation, Automation controller
A feature of Microsoft Exchange Server that enables administrators to configure how e-mail aliases and other information are automatically generated when mailboxes are created. For example, using auto naming, you could automatically generate any of the following e-mail aliases for Jeff Smith’s mailbox:
JSmith
JeffS
JS
You could also devise some other custom naming scheme. These e-mail aliases then would be combined with the Domain Name System (DNS) domain name of the Exchange organization to form the user’s standard e-mail address. For example, if the domain name of the company is northwind.microsoft.com, JSmith would be combined with it to form the e-mail address JSmith@northwind.microsoft.com.
A portion of a large internetwork that is under a given administrative authority. Autonomous systems can be under the authority of a particular corporation or institution, or they can be defined by the uniform use of a particular routing protocol such as Open Shortest Path First (OSPF). Autonomous systems are part of the routing infrastructure of a large internetwork and can be subdivided into routing domains.
The Internet is the prime example of a large internetwork divided into different autonomous systems (such as CERFnet, SprintLink, and AlterNet). These autonomous systems are connected with backbone routers that use the Border Gateway Protocol (BGP) for communication among them. Each autonomous system is represented by a 16-bit integer assigned by Internet Network Information Center (InterNIC), which is used by BGP to avoid routing loops and implement policy-based routing on the Internet backbone. There are three types of autonomous systems:
Stub AS: This AS is connected to only one other AS. A corporate network that is connected to an AS is considered to have the same AS number as the AS it is connected to.
Transit AS: This AS is connected to more than one other AS and can be used for transit traffic between autonomous systems. They are usually administered by large Internet service providers (ISPs).
Multihomed AS: This AS is connected to more than one other AS but does not let transit traffic from another AS pass through itself. An example might be a corporate network with several Internet connections to different ISPs.
See also routing
Technology in which a device can determine the characteristics of an attached device and configure itself accordingly. For example, a port on an autosensing 10/100-Mbps Ethernet switch can automatically detect whether the attached station has a 10-Mbps or 100-Mbps network interface card (NIC). This is a useful feature that allows a combination of 10BaseT and Fast Ethernet connections in a single local area network (LAN). Often during migration and system upgrades you’ll find a combination of slower, legacy networking equipment and faster, more modern devices. These devices might need to coexist together for months or years, depending on the budget available for upgrades. Using autosensing hubs and switches makes this coexistence cheap and simple, and allows a full upgrade to the faster configuration later—without purchasing additional equipment.
The degree to which network resources operate without interruptions resulting from scheduled maintenance or unexpected failure. Microsoft Cluster Server (MSCS) is a tool for ensuring continuous uninterrupted 24 x 7 x 365 availability of network resources. Availability has become an important issue in the modern Internet economy in which online electronic businesses are made or broken on the basis of reliable, fault-tolerant technologies. MSCS provides the basic platform for building high-availability e-business and electronic commerce applications that can compete in today’s world. MSCS can automatically detect when an application or server fails and restart it on the surviving cluster node in moments. Users connected to the server will experience only a brief pause in service.
See Automatic Version Synchronization (AVS)
Acronym for American Wire Gauge, a specification for the diameter of conducting wires. The higher the AWG number, the thinner the wire. Category 5 cabling is usually AWG 24 wire (0.020 inch or 0.511 millimeter in diameter), while thicknet generally uses AWG 12 wire (0.080 inch or 2.050 millimeters in diameter). The following table shows some of the various AWG gauges for different diameters of wires. Note also that the thinner the wire, the higher its electrical resistance and hence the shorter the transmission distance (because resistance varies inversely with thickness).
AWG Gauges for Various Diameters of Wires
| AWG Gauge | Diameter (inches) | Diameter (millimeters) |
| 12 | 0.080 | 2.050 |
| 14 | 0.064 | 1.630 |
| 16 | 0.051 | 1.290 |
| 18 | 0.040 | 1.020 |
| 20 | 0.032 | 0.813 |
| 22 | 0.025 | 0.643 |
| 24 | 0.020 | 0.511 |
| 30 | 0.010 | 0.254 |
A type of Domain Name System (DNS) request in which a secondary DNS server requests the update of information from a master DNS server. An AXFR request always results in a full zone transfer. This can take time and use considerable network bandwidth if the zone files are large. An alternative to AXFR is the incremental zone transfer protocol described in Request for Comments (RFC) number 1995. Incremental zone transfers use an IXFR request and transfer only those portions of the zone file that have been changed. Incremental zone transfers are supported by the DNS service running on Microsoft Windows 2000.
