Glossary


%HomeDrive%

The drive letter assigned to a user account's home directory.



%HomePath%

The full UNC path to the user account's home directory.



%SystemRoot%

The directory for the local operating system installation, such as C:\Windows\ or C:\WinNT\ .



%UserName%

Used to create a home directory folder, named for the current user, within a common file store location.



.NET Passport Authentication

A method of IIS authentication that provides a single, unified logon through SSL, HTTP redirects, cookies, and JavaScript using encrypted passwords.



Account Operators

A group whose members can create, modify, and delete computer and user accounts, with the exception of administrators, domain admins, and domain controllers.



Active Directory

The directory services system for Windows 2000 and Windows Server 2003 contains and controls all objects such that every object is fully controllable as to what it can do to another object and what that object can do to it.



Active Directory Domains and Trusts

Microsoft MMC snap-in used to manage the domains and trusts of a forest.



Active Directory Sites and Services

Microsoft MMC snap-in used to manage server replication.



Active Directory Users and Computers

Microsoft MMC snap-in used to manage computer and user accounts, groups, printers, and organizational units within a domain.



Active Directory “Integrated Zone

A securable zone whose data is transferred between domain controllers during the normal Active Directory replication.



Administrator

The predefined master administration account.



Administrators

A group whose members have full control over the domain.



Adprep

Command-line utility that can be used to prepare an existing Windows 2000 domain for upgrade to Windows Server 2003.



Advanced Digest Authentication

A method of IIS authentication that requires a user account and password, transferring user credentials using stored MD5 hash values.



Anonymous Authentication

A method of IIS authentication that requires no username or password.



Anonymous Logon

A Windows identity whose members automatically include anyone who accesses resources without using an authenticated logon and password.



Application Pool

A self-contained unit of resources allocated to Web sites and applications.



ASP.NET

Active Server Pages (.NET version) allow for the display and presentation of active Web content using the .NET Common Runtime Library.



ASPNET

The account used by the .NET Framework to run ASP.NET processes.



ASR (Automatic System Recovery)

A tool that enables the rapid recovery of a Windows Server 2003, including the server's System State, hardware configuration, and installed applications.



Authenticated Users

A Windows identity whose members automatically include anyone who accesses resources through a logon process.



Authoritative Restore

A restoration of the System State, overwriting more recent versions stored elsewhere in the directory during the next replication cycle. Used to restore objects that were mistakenly deleted.



Backup Operators

A group whose members can log in to, shut down, back up, and restore the files from any system in the domain, including domain controllers.



Basic Authentication

A method of IIS authentication that requires a user account and password, but the password is sent across the network in plain text.



Batch

A Windows identity whose members automatically include all processes and accounts that access resources through a batch job.



Biometric Authentication

A method of authentication that makes use of a quality (metric) of the user's physiology (bio), such as a fingerprint or retinal image.



Bootcfg

Command-line utility that can be used to configure, change, or review Boot.ini settings.



Caching-Only

A DNS server that does not host any zones and is not authoritative for a domain. Generally used in small, remote offices with relatively slow links to the main office.



Cert Publishers

A group whose members can publish security certificates for accounts.



Certificate Authentication

A method of IIS authentication that establishes a secure connection between client and server by using Secure Sockets Layer (SSL).



Change

A share-level permission that allows for the ability to create, modify, and delete resources within the share.



Choice

Command-line utility that can be used to prompt a user to select from a listing of choices.



Click Scripts and Executables

An IIS execute privilege that allows an authenticated user to run any application.



Client Automatic Updates

The SUS client component that is configured to connect to the SUS Server or the Windows Update Web site.



Clip

Command-line utility that can be used to send command-line output to the Windows Clipboard.



Cmd

Executable command that opens the command-line shell interface.



Cmdkey

Command-line utility that can be used to review, create, and delete stored usernames and passwords.



Compatws.inf

A security template used to relax security settings to allow users to make use of applications that do not conform to the requirements for the Windows Logo Program for Software.



Conditional Forwarding

A feature that allows DNS servers in one network to perform name resolution for another network's namespace.



Creator Group

A Windows identity whose members are inherited by sharing group membership with the account that created the resource.



Creator Owner

A Windows identity representing the account that created a particular resource.



Csvde

Command-line utility that can be used to import and export Active Directory data using a comma-separated file format ( .csv ).



Data Encryption Standard ( DES )

A data encryption method that uses a private key selected at random from a large number of available keys.



DC Security.inf

A security template representing the default security template for domain controllers.



Device Manager

A graphical user interface utility that provides a graphical view of all the hardware installed on your computer.



DHCP (Dynamic Host Configuration Protocol)

A protocol that dynamically assigns Internet Protocol (IP) addresses to clients .



DHCP Administrators

A local group whose members can administer the DHCP service and its configuration.



DHCP Users

A local group whose members can view the DHCP service settings and its configuration.



Dial-Up

A Windows identity whose members automatically include anyone who accesses resources through a dial-up modem connection.



Differential Backup

A backup of all selected data that has changed since the last full backup.



Digest Authentication

A method of IIS authentication that requires a user account and password, with user credentials sent in a hashed message digest.



Digital Signature

An electronic signature that can be used to verify the originator of a file or email, and to verify also that its contents have not been modified since transmission.



Dispart

Command-line utility that can be used to manage disks, partitions, and volumes .



Distribution Group

A group used for email distribution lists when an integrated electronic mail service such as Exchange is present.



DNS (Domain Name System)

The Domain Name System is a service that provides a translation between a fully qualified domain name (FQDN) and its matching IP address (forward lookup), or between an IP address and its matching FQDN (reverse lookup).



DnsAdmins

A group whose members can administer the DNS service.



DnsUpdateProxy

A group whose members can perform dynamic DNS updates for other accounts.



Domain Admins

A group whose members have full rights over all resources in the domain and are members of the Administrators group on each computer in the domain.



Domain Controller

A Windows server that has been designated to provide authentication services within an Active Directory deployment.



Domain Controllers

A group whose members automatically include all domain controller computers joined to a domain.



Domain Guests

A group whose members have no rights assigned by default.



Domain Local Group

A group used to assign permissions over resources located only in their own domain.



Domain Users

A group whose members automatically include all user accounts in a domain.



Dsadd

Command-line utility that can be used to add a new object to the directory (user, computer, contact, group, or organizational unit).



Dsget

Command-line utility that can be used to display selected attributes of an object in the directory.



Dsmod

Command-line utility that can be used to modify an existing Active Directory object.



Dsmove

Command-line utility that can be used to rename an object or move an object to a new location within the same domain.



Dsquery

Command-line utility that can be used to display a list of objects within the directory that meet the specified search criteria.



Dsrm

Command-line utility that can be used to delete an object from the directory.



EFS (Encrypting File System)

Allows users to configure an NTFS-formatted folder so as to encrypt its contents, thereby preventing recovery by anyone other than the owner and the file recovery agent.



Enterprise Admins

A group whose members have full control over all domains in a forest and inherit membership in the Administrators group on all domain controllers. By default, the only member of this group is the administrator of the forest's root domain.



Enterprise Domain Controllers

A Windows identity whose members automatically include any domain controller computers with enterprisewide roles.



Event Viewer

A graphical user interface utility that allows review of the various event logs.



Eventcreate

Command-line utility that can be used to create an event in a specified event log.



Everyone

A Windows identity whose members automatically include all accounts logged on to the network, even if from another domain.



File Server Management MMC Snap-In

An MMC snap-in component that invokes the Share a Folder Wizard.



Forfiles

Command-line utility that can be used to specify files to use in batch processing.



Forward Lookup Zone

A DNS zone used to associate IP addresses to their hierarchical FQDN names , allowing the translation from FQDN to matching IP address.



Forwarding

The process of passing a DNS name-resolution query to the next-higher-order DNS server if the requested name is not present in the cache or zones of the requested DNS server.



FQDN (Fully Qualified Domain Name)

A portion of the uniform reference locator address that designates a system's hierarchical human-readable name. For example: myserver.mycorp.com .



FTP (File Transfer Protocol)

A member of the TCP/IP suite of protocols utilized for rapid transfer of files between the host and a client using ports 20 and 21 by default.



Full Backup

A complete backup of all selected data.



Full Control

An NTFS- or share-level permission that encapsulates all the other permissions of the appropriate type, along with the capability to later change the assigned permissions.



Gettype

Command-line utility that can be used to identify the version of Windows being used.



Global Group

A group used to manage permissions over resources located in any domain within the forest.



GPMC (Group Policy Management Console)

A downloadable utility that brings together many standard management functions for the manipulation of GPOs and their links.



GPO (Group Policy Object)

A collection of settings that can be linked to one or more sites, domains, or organizational units within the Active Directory to be inherited by its members.



Gpresult

A command-line utility used to display Group Policy settings and the Resultant Set of Policy (RsoP) of a target user or computer account.



Gpupdate

A command-line utility used to refresh Group Policy settings.



Group

A unit of organization that can be used to allow or deny access over resources to its members through inheritance.



Group Policy

The functionality that allows assignment of complex rights and restrictions to users in a site, domain, or organizational unit.



Group Policy Creator Owner

A group whose members can create, delete, and modify Group Policy settings within a domain. Membership in this group does not give permissions to link a group policy to a container.



Groups

Administrative tool used to provide access rights and restrictions for member accounts and members of member groups. Through inheritance, member accounts can be granted additional privileges and access rights to distributed resources, and can also be restricted from accessing the same.



Guest

An unprivileged account created in a disabled condition. The guest account can be given minimal permissions so that a guest user can access a particular resource for a brief period of time without the need to create an actual user account.



Guests

A group whose members are not granted rights by default.



HelpServicesGroup

A local group whose members can be granted any desired standard rights and permissions granted to support staff accounts and the Remote Assistance group.



Hisecdc.inf

A security template used to implement the Highly Secure template for domain controllers.



Hisecws.inf

A security template used to implement the Highly Secure template for workstations.



Home Folder

The UNC path specifying the location in which a user's home file storage will be located.



HTTP (Hypertext Transfer Protocol)

A member of the TCP/IP suite of protocols utilized by Web servers to provide textual and graphical information to a client browser using port 80 by default.



Identity

A pseudo-group that can be used for assignment of access rights and restrictions based on automatic membership criteria.



IIS (Internet Information Services)

Provides support for Web (HTTP), FTP, and basic SMTP services. IIS is disabled by default on all Windows Server 2003 versions, with the exception of the Web Server Edition.



IIS_WPG

A memberless group used by the worker processes serving namespaces within IIS 6.0.



IISBack

Command-line utility that can be used to create and manage backups of the IIS configuration settings.



IISCnfg

Command-line utility that can be used to import and export IIS configuration details.



IISFtp

Command-line utility that can be used to start, stop, pause, resume, review, create, and delete FTP sites.



IISFtpdr

Command-line utility that may be used to create and delete FTP site virtual directories.



IISVdir

Command-line utility that can be used to create and delete Web site virtual directories.



IISWeb

Command-line utility that can be used to start, stop, pause, resume, review, create, and delete Web sites.



Incoming Forest Trust Builders

A group whose members can create a one-way, incoming-only trust to another forest to provide access to resources in the other forest.



Incremental Backup

A backup of all selected data that has changed since the last full or incremental backup.



InetOrgPerson

A new security principal type used in migrating from or interfacing with other non-Microsoft LDAP and X.500 directory services.



Integrated Windows Authentication

A method of IIS authentication that requires Kerberos as the authentication protocol.



Interactive

A Windows identity whose members automatically include any users logged in to a computer and accessing a particular local resource.



Inuse

Command-line utility that can be used to replace in-use operating system files.



Kerberos

An authentication method that makes use of an encrypted ticket to allow access to a protected resource.



LAN (Local Area Network)

A network utilizing network protocols to manage connectivity within a relatively centralized and well-connected site.



LDAP (Lightweight Directory Access Protocol)

A protocol that is used to identify the location of an object based on its location within the Active Directory.



Ldifde

A powerful command-line tool able to import and export Active Directory data and extend the schema, as well as to create, modify, and delete objects within the directory.



LKGC (Last Known Good Configuration)

An advanced startup mode that rolls back all drivers to their state at the last successful logon event.



LocalService

An account used to run system services that might need to generate system audit events in the security log.



LocalSystem

An account used to run many system services that require only local logon rights.



Logman

Command-line utility that can be used to schedule performance counter and trace log collection.



MAN (Metropolitan Area Network)

A network spanning multiple distributed network sites located within a particular geographic or politically designated zone, such as a city.



Metabase.xml

The IIS configuration file.



MMC (Microsoft Management Console)

A graphical user interface that provides a standard customizable container for many service and functionality snap-ins.



MMC Snap-in

A service or functionality- related module that may be imported into the Microsoft Management Console.



Modify

An NTFS-level permission that allows the creation, modification, and deletion of files and folders.



Net accounts

A command-line net service utility used to modify password and logon settings for all accounts.



Net config

A command-line net service utility used to display or modify the settings of available configurable services.



Net file

A command-line net service utility used to display a listing of shared files. It can also close open files.



Net help

A command-line net service utility used to display a listing of network commands.



Net send

A command-line net service utility used to send a message to other users or computers.



Net session

A command-line net service utility used to display a listing of current network sessions.



Net share

A command-line net service utility used to display, create, and modify file shares.



Net start

A command-line net service utility used to display a listing of running services and to start an individual service.



Net stop

A command-line net service utility used to stop a running service.



Net use

A command-line net service utility used to connect and disconnect from a shared resource.



Network

A Windows identity whose members automatically include any users accessing a particular resource over the network.



Network Configuration Operators

A group whose members can make changes to TCP/IP settings on any system in the domain, including domain controllers.



NetworkService

An account used to run services that also require network access.



Nonauthoritative Restore

The default restoration of the System State, allowing more recent versions stored elsewhere in the directory to update the settings during the next replication cycle.



None

An IIS execute privilege setting that prevents scripts from running.



notssid.inf

A security template used to remove Windows Terminal Server security identifiers (SIDs) from the Registry and file locations when the Terminal Server service is idle.



NTFS Permissions

Detailed access rights and restrictions that may be assigned directly to a particular file or folder, or inherited from its parent container, provided the files are stored on an NTFS-formatted partition.



Openfiles

Command-line utility that can be used to review or disconnect currently open files.



Organizational Unit ( OU )

A mechanism used to group objects into a structured set of containers to which Group Policies may be applied; each object can be located in only a single OU.



Owner

The user who manages permissions on objects, and grants permissions for those objects to other users.



Performance Log Users

A group whose members can manage performance logs, counters, and alerts on any computer in the domain, including domain controllers.



Performance Monitor Users

A group whose members can monitor performance counters locally and remotely on any computer in the domain, including domain controllers.



Power Users

A local group whose members can fully administer local resources and accounts, except for accounts and resources owned by members of the Administrators group.



Pre “Windows 2000 Compatible Access

A group whose members have Read access over all accounts and groups in the domain.



Pre “Windows 2000 Logon Name

A user account designation that is used for NetBIOS account logons , as a single name or the single-word (NetBIOS) domain name followed by the logon name.



Primary Zone

A DNS zone configured to be authoritative for a domain. It replicates changes to secondary servers during a scheduled update cycle.



Principal Logon Name

A user account designation that is composed of the user logon name and the fully qualified domain name (FQDN) of the domain to which it belongs in the directory.



Print Operators

A group whose members can create, delete, share, and manage printers and print queues, as well as log on and shut down any computer in the domain, including domain controllers.



Prncnfg

Command-line utility that can be used to review and configure printer settings.



Prnjobs

Command-line utility that can be used to review, pause, resume, and cancel pending print jobs.



Profile Path

The UNC path specifying the location to be used to store a user account's profile.



Proxy

A Windows identity whose members automatically include any users accessing a particular resource through a proxy agent or delegate.



RAS and IAS Servers

A group whose member servers can access the dial-up and remote access properties on user account objects.



RDP (Remote Desktop Connection)

A protocol functioning on port 3389, allowing a remote client to display output data (such as audio and video) and accept input data (such as mouse and keyboard input) to a remote terminal session.



Read (NTFS)

An NTFS-level permission that allows the ability to read file and folder attributes, list folder contents, view files, and synchronize file access.



Read (Share)

A share-level permission that allows the ability to view file and folder names within the share, as well as the ability to view and execute files located within the shared folder.



Read & Execute

An NTFS-level permission that includes the rights of the Read permission in addition to the ability to traverse a folder and execute a file.



Recovery Console

A command-line tool used to troubleshoot and repair Windows startup problems, including master boot record (MBR) recovery attempts.



Regedit

A command-line utility that allows modification of Registry settings.



Relative Distinguished Name

A user account designation that is used to uniquely identify the account in terms of its LDAP location in the Active Directory.



Remote Desktop

A virtual connection used to allow a local client to connect to a remote terminal session using the Remote Desktop Protocol (RDP).



Remote Desktop for Administration

A service that allows up to two concurrent administrative RDP connections.



Remote Desktop Users

A group whose members can remotely log on to any computer in the domain, including domain controllers.



Replicator

A memberless group used by domain and file replication services.



Restricted

A Windows identity whose members automatically include users with restricted access rights.



Reverse Lookup Zone

A DNS zone database file that is sorted in numerical order by IP address and is used to associate FQDN names within a range of IP addresses, allowing the translation from IP address to matching FQDN.



Rootsec.inf

A security template used to implement the root directory permissions template.



Round Robin

A feature that allows a DNS server to offer a series of IP addresses in sequential order for successive requests for the same FQDN, allowing for distribution of access across a server farm, which is transparent to the user.



RSoP (Resultant Set of Policy)

A functionality used in troubleshooting the resulting settings that are produced through the application of GPO links across many levels of container inheritance.



RunAs

An option that can be used to specify the logon credentials that should be used in the execution of a command or utility operation by a secondary logon.



Safe Mode

An advanced startup mode that loads only basic device drives to facilitate the identification and removal of incompatible or corrupt device drivers.



Sc

Command-line utility that can be used to review or configure services.



Schema

A database consisting of classes and attributes, along with the rules for their use, that is used to create Active Directory objects.



Schema Admins

A group whose members can modify the Active Directory schema for a forest.



Schtasks

Command-line utility that can be used to review, add, and delete scheduled tasks .



Scripts Only

An IIS execute privilege that allows an authenticated user to run scripts.



Secedit

A command-line utility used to analyze and configure security settings based on templates.



Secondary Zone

A DNS zone configured to accept zone data from primary servers during a scheduled update cycle.



Secure Dynamic Updates

A feature that allows an authenticated client to register its current FQDN and IP Address within an authoritative DNS Server's zone. A DHCP server may perform this process on behalf of legacy clients that are unable to perform a secure dynamic update (Examples: Windows NT/98/Me).



Securedc.inf

A security template used to implement the secure template for domain controllers.



Securews.inf

A security template used to implement the secure template for workstations.



Security Configuration and Analysis MMC Snap-in

An MMC snap-in that can be used to model and apply security template settings.



Security Group

A group used to assign or deny user rights and permissions over resources located within the Active Directory.



Security Policy MMC Snap-in

An MMC snap-in that can be used to create and modify security template settings.



Security Principal

An object that may be granted or denied access rights over resources, such as user and computer accounts.



Security Template

A standard group of settings that can be applied rapidly through a GPO. Security templates are used to standardize security across multiple containers and prevent errors.



Self

A Windows identity representing an object referencing itself.



Server Management Wizard

A Windows Server 2003 utility that allows configuration of server roles for file server, application server, domain controller, and DNS server functionality.



Server Operators

A group whose members can log on to, shut down, and manage the local resources and services on any server computer in the domain, including domain controllers.



Service

A Windows identity that represents a service referencing itself.



Setup security.inf

A security template used to restore the default security settings for a system created during initial installation.



Setx

Command-line utility that can be used to set environment variable values.



Shadow Copies of Shared Folders

A functionality that allows point-in time recovery of files located in shared folders on computers running Windows Servers 2003. Users can view, copy, and restore previous versions of their shared files.



Share Permissions

Permissions assigned to a UNC share that define the level of access that is granted when accessing resources through the share.



Shared Folders

File storage locations that expose (share) contained resources through a UNC path share.



Shutdown

Command-line utility that can be used to restart or turn off a computer.



Smart Cards

An authentication token (physical object) containing a small microchip that provides part of a user's authentication; typically used in conjunction with a personal identification number (PIN).



SMB (Server Message Block)

The protocol used by Microsoft systems to share resources such as file and print services, and may be used in conjunction with the secure*.inf templates in order to negotiate signed packet data transmission.



SMTP (Simple File Transfer Protocol)

A member of the TCP/IP suite of protocols commonly utilized for transfer of electronic mail using TCP port 25 by default.



Software Update Services ( SUS ) Server

The SUS server service located on an intranet server that synchronizes with the Windows Update Web site whenever new critical updates are available.



Stub Zone

A zone used to redirect conditional forward lookups to the proper authoritative DNS server.



Support

An account used by the Help and Support service to run processes and batch jobs.



SUS (Software Update Services)

An automated-update system used to retrieve security patches and operating system fixes from a server on your corporate intranet and install on them on targeted computers.



System

A Windows identity representing the operating system referencing itself.



System Information Utility

A graphical user interface utility that displays a complete list of the hardware resources, system hardware components , and software environment.



System State

The components on a Windows Server 2003 necessary to recover Active Directory and boot up operating system files, the COM+ class registration database files, the system Registry, and the contents of the SYSVOL share, which contains domain GPOs and scripts.



Systeminfo

Command-line utility that can be used to review system configuration details.



Takeown

Command-line utility that can be used to take ownership of an existing file.



Taskkill

Command-line utility that can be used to stop one or more processes.



Tasklist

Command-line utility that can be used to review a listing of running processes.



TCO (Total Cost of Ownership)

The total cost of purchasing, supporting, and maintaining a resource.



Terminal Server

A service that provides licensed virtual terminal access for Windows and non-Windows based clients using the Remote Desktop Protocol (RDP).



Terminal Server Session Directory

A service that allows a client to reconnect to a disconnected session running within a Terminal Services server farm.



Terminal Server Users

A Windows identity whose members automatically include all users logging in through Terminal Services connections.



Terminal Services

A service that provides the capability to host multiple virtual terminal sessions, accessed by remote clients able to run on downlevel (earlier) versions of the Windows operating system.



UNC (Universal Naming Convention)

A naming convention that allows the specification of a resource's location based on server and share name, without requiring more detailed specification of the storage device and location.



UNC Authentication

A method of IIS authentication that is used to verify user credentials for access to shared folders and files on a remote computer.



Universal Group

A group used to manage permissions over resources that span multiple domains.



User

An account designation that represents an individual user logon.



User Logon Name

A user account designation that is up to 20 characters in length (characters beyond 20 are ignored) and can be made up of uppercase (A “Z), lowercase (a “z), numerical (0 “9), and symbol characters (with some symbols disallowed ).



Users

A group whose members can make use of domain resources.



Waitfor

Command-line utility that can be used to synchronize networked computers on a common signal.



WAN (Wide Area Network)

A network utilizing WAN protocols to span distributed network sites which may be globally deployed.



Web.config

The configuration file used by an ASP.NET application server to apply settings to the contents of a folder and its subfolders .



Where

Command-line utility that can be used to review files that match the specified criteria.



Whoami

Command-line utility that can be used to review user configuration information.



WINS (Windows Internet Naming Service)

A service that dynamically maps NetBIOS names to Internet Protocol (IP) addresses.



WINS Users

A local group whose members are able to view WINS database information.



WMI (Windows Management Instrumentation)

A framework of functionality that allows development of custom script solutions.



WMIC (Windows Management Instrumentation Command Line)

A command-line interface for Windows Management Instrumentation scripting.



Write

An NTFS-level permission that includes the rights of the Read permission in addition to the capability to create new files and folders, modify existing files, and write file and folder attributes.



wuau.adm

A template that may be used to import Automatic Updates “related options into the Group Policy options. This component is installed by default on Windows Server 2003 systems.



Zone Transfer

The transfer of data from one DNS server to another. Primary servers transfer zone data during scheduled replication, secondary servers can be configured to notify their primary upon a registration attempt, and AD-integrated zones are transferred during the normal process of AD replication.





MCSA.MCSE Managing and Maintaining a Windows Server 2003 Environment Exam Cram 2
MCSA/MCSE Managing and Maintaining a Windows Server 2003 Environment Exam Cram 2 (Exam Cram 70-292)
ISBN: 0789730111
EAN: 2147483647
Year: 2006
Pages: 132

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net