A access permissions Features that control access to sharing in Windows NT Server. Permissions can be set for the following access levels: No Access—Prevents access to the shared directory, its subdirectories, and its files. Read—Allows viewing of file and subdirectory names, changing to a shared directory's subdirectory, viewing data in files, and running applications. Change—Allows viewing of file and subdirectory names, changing to a shared directory's subdirectories, viewing data in files and running application files, adding files and subdirectories to a shared directory, changing data in files, and deleting subdirectories and files. Full Control—Includes the same permissions as Change, plus changing permissions and taking ownership of files and directories only. account See user account. account lockout A Windows 2000 security feature that locks a user account if a number of failed logon attempts occur within a specified amount of time, based on security policy lockout settings. Locked accounts cannot log on. account policy Controls how passwords must be used by all user accounts in a domain or on an individual computer. Active Directory service The directory service included with Windows 2000 Server. It stores information about objects on a network and makes this information available to users and network administrators. The Active Directory service allows users to use a single logon process to access permitted resources anywhere on the network. The Active Directory service provides network administrators with an intuitive hierarchical view of the network and a single point of administration for all network objects. Active Directory Service Interfaces (ADSI) A COM-based directory service model that allows ADSI-compliant client applications to access a wide variety of distinct directory protocols, including Windows directory service and Lightweight Directory Access Protocol (LDAP), using a single, standard set of interfaces. ADSI shields the client application from the implementation and operational details of the underlying data store or protocol. Address Resolution Protocol (ARP) Determines hardware addresses (MAC addresses) that correspond to an Internet Protocol (IP) address. Administrator A person responsible for setting up and managing domain controllers or local computers and their user and group accounts, assigning passwords and permissions, and helping users with networking issues. ADSL See Asymmetric Digital Subscriber Line (ADSL). advanced program-to-program communication (APPC) A specification developed as part of IBM's Systems Network Architecture (SNA) model and designed to enable application programs running on different computers to communicate and exchange data directly. See also Systems Network Architecture (SNA). AFP See AppleTalk filing protocol (AFP). agent A program that performs a background task for a user and reports to the user when the task is done or when some expected event has taken place. American National Standards Institute (ANSI) An organization of American industry and business groups dedicated to the development of trade and communications standards. ANSI is the American representative to the International Organization for Standardization (ISO). See also International Organization for Standardization (ISO). analog Related to a continuously variable physical property, such as voltage, pressure, or rotation. An analog device can represent an infinite number of values within the range the device can handle. See also analog line, digital. analog line A communications line, such as a telephone line, that carries information in analog (continuously variable) form. To minimize distortion and noise interference, an analog line uses amplifiers to strengthen the signal periodically during transmission. ANSI See American National Standards Institute (ANSI). APPC See advanced program-to-program communication (APPC) AppleShare AppleShare is the Apple network operating system. Features include file sharing, client software that is included with every copy of the Apple operating system, and the AppleShare print server, a server-based print spooler. AppleTalk The Apple network architecture that is included in the Macintosh operating system software. It is a collection of protocols that correspond to the OSI model. Thus, network capabilities are built into every Macintosh. AppleTalk protocols support LocalTalk, Ethernet (EtherTalk), and Token Ring (TokenTalk). AppleTalk filing protocol (AFP) Describes how files are stored and accessed on the network. AFP is responsible for the Apple hierarchical filing structure of volumes, folders, and files and provides for file sharing between Macintoshes and MS-DOS-based computers. It provides an interface for communication between AppleTalk and other network operating systems, allowing Macintoshes to be integrated into any network that uses an operating system that recognizes AFP. application programming interface (API) A set of routines that an application program uses to request and carry out lower-level services performed by the operating system. ArcNet (Attached Resource Computer Network) Developed by Datapoint Corporation in 1977, designed as a baseband, token-passing, bus architecture, transmitting at 2.5 Mbps. A successor to the original ArcNet, ArcNetplus supports data transmission rates of 20 Mbps. A simple, inexpensive, flexible network architecture designed for workgroup-sized LANs, ArcNet runs on coaxial, twisted-pair, and fiber-optic cable and supports up to 255 nodes. ArcNet technology predates IEEE Project 802 standards but loosely maps to the 802.4 document. See also IEEE Project 802. ARP See Address Resolution Protocol (ARP). ARPANET (Advanced Research Projects Agency Network) A pioneering wide area network (WAN) commissioned by the Department of Defense, ARPANET was designed to facilitate the exchange of information between universities and other research organizations. ARPANET, which became operational in the 1960s, is the network from which the Internet evolved. ASCII (American Standard Code for Information Interchange) A coding scheme that assigns numeric values to letters, numbers, punctuation marks, and certain other characters. By standardizing the values used for these characters, ASCII enables computers and computer programs to exchange information. Asymmetric Digital Subscriber Line (ADSL) A recent modem technology that converts existing twisted-pair telephone lines into access paths for multimedia and high-speed data communications. These new connections can transmit more than 8 Mbps to the subscriber and up to 1 Mbps from the subscriber. ADSL is recognized as a physical layer transmission protocol for unshielded twisted-pair media. asynchronous transfer mode (ATM) An advanced implementation of packet switching that provides high-speed data transmission rates to send fixed-size cells over LANs or WANs. Cells are 53 bytes—48 bytes of data with 5 additional bytes of address. ATM accommodates voice, data, fax, real-time video, CD-quality audio, imaging, and multimegabit data transmission. ATM uses switches as multiplexers to permit several computers to put data on a network simultaneously. Most commercial ATM implementations transmit data at about 155 Mbps, but theoretically a rate of 1.2 gigabits per second is possible. asynchronous transmission A form of data transmission in which information is sent one character at a time, with variable time intervals between characters. Asynchronous transmission does not rely on a shared timer that allows the sending and receiving units to separate characters by specific time periods. Therefore, each transmitted character consists of a number of data bits (that compose the character itself), preceded by a start bit and ending in an optional parity bit followed by a 1-, 1.5-, or 2-stop bit. ATM See asynchronous transfer mode (ATM). attenuation The weakening or degrading (distorting) of a transmitted signal as it travels farther from its point of origin. This could be a digital signal on a cable or the reduction in amplitude of an electrical signal, without the appreciable modification of the waveform. Attenuation is usually measured in decibels. Attenuation of a signal transmitted over a long cable is corrected by a repeater, which amplifies and cleans up an incoming signal before sending it farther along the cable. auditing A process that tracks network activities by user accounts and a routine element of network security. Auditing can produce records of list users who have accessed—or attempted to access—specific resources; help administrators identify unauthorized activity; and track activities such as logon attempts, connection and disconnection from designated resources, changes made to files and directories, server events and modifications, password changes, and logon parameter changes. authentication Verification typically based on user name, password, and time and account restrictions. authorization A process that verifies that the user has the correct rights or permissions to access a resource. B backbone The main cable, also known as the trunk segment, from which transceiver cables connect to computers, repeaters, and bridges. back end In a client/server application, the part of the program that runs on the server. backup domain controller (BDC) In a Windows NT Server domain, a computer that receives a copy of the domain's security policy and domain database and authenticates network logons. It provides a backup if the primary domain controller (PDC) becomes unavailable. A domain is not required to have a BDC, but it is recommended to have a BDC to back up the PDC. See also domain, domain controller, primary domain controller (PDC) bandwidth In communications, the difference between the highest and lowest frequencies in a given range. For example, a telephone accommodates a bandwidth of 3000 Hz, or the difference between the lowest (300 Hz) and highest (3300 Hz) frequencies it can carry. In computer networks, greater bandwidth indicates faster or greater data-transfer capability. baseband A system used to transmit the encoded signals over cable. Baseband uses digital signaling over a single frequency. Signals flow in the form of discrete pulses of electricity or light. With baseband transmission, the entire communication-channel capacity is used to transmit a single data signal. basic input/output system (BIOS) On PC-compatible computers, the set of essential software routines that test hardware at startup, start the operating system, and support the transfer of data among hardware devices. The BIOS is stored in read-only memory (ROM) so that it can be executed when the computer is turned on. Although critical to performance, the BIOS is usually invisible to computer users. baud A measure of data-transmission speed named after the French engineer and telegrapher Jean-Maurice-Emile Baudot. It is a measure of the speed of oscillation of the sound wave on which a bit of data is carried over telephone lines. Because baud was originally used to measure the transmission speed of telegraph equipment, the term sometimes refers to the data-transmission speed of a modem. However, current modems can send at a speed higher than 1 bit per oscillation, so baud is being replaced by the more accurate bps (bits per second) as a measure of modem speed. baud rate Refers to the speed at which a modem can transmit data. Often confused with bps (the number of bits per second transmitted), baud rate actually measures the number of events, or signal changes, that occur in one second. Because one event can actually encode more than one bit in high-speed digital communication, baud rate and bps are not always synonymous, and the latter is the more accurate term to apply to modems. For example, the 9600-baud modem that encodes 4 bits per event actually operates at 2400 baud, but transmits at 9600 bps (2400 events times 4 bits per event), and thus should be called a 9600-bps modem. BDC See backup domain controller (BDC). bind To associate two pieces of information with one another. binding A process that establishes the communication channel between a protocol driver and a NIC driver. BIOS (basic input/output system) See basic input/output system (BIOS). BISDN See Broadband Integrated Services Digital Network (BISDN). bisync (binary synchronous communications protocol) A communications protocol developed by IBM. Bisync transmissions are encoded in either ASCII or EBCDIC. Messages can be of any length and are sent in units called frames, optionally preceded by a message header. Because bisync uses synchronous transmission, in which message elements are separated by a specific time interval, each frame is preceded and followed by special characters that enable the sending and receiving machines to synchronize their clocks. bit Short for binary digit: either 1 or 0 in the binary number system. In processing and storage, a bit is the smallest unit of information handled by a computer. It is represented physically by an element such as a single pulse sent through a circuit or small spot on a magnetic disk capable of storing either a 1 or 0. Eight bits make a byte. bits per second (bps) A measure of the speed at which a device can transfer data. See also baud rate. bit time The time it takes for each station to receive and store a bit. boot partition The partition that contains the Microsoft Windows 2000 operating system and its support files. The boot partition can be, but does not have to be, the same as the system partition. bottleneck The limiting factor when analyzing performance of a system or network. Poor performance results when a device uses noticeably more CPU time than it should, consumes too much of a resource, or lacks the capacity to handle the load. Potential bottlenecks can be found in the CPU, memory, NIC, and other components. bps See bits per second (bps). Broadband Integrated Services Digital Network (BISDN) A consultative committee for the CCITT that recommends definitions for voice, data, and video in the megabit-gigabit range. BISDN is also a single ISDN network that can handle voice, data, and video services. BISDN works with an optical cable transport network called Synchronous Optical Network (SONET) and an asynchronous transfer mode (ATM) switching service. Switched Multimegabit Data Services (SMDS) is a BISDN service that offers high bandwidth to WANs. See also Synchronous Optical Network (SONET), asynchronous transfer mode (ATM). broadband network A type of LAN on which transmissions travel as analog (radio-frequency) signals over separate inbound and outbound channels. Devices on a broadband network are connected by coaxial or fiber-optic cable, and signals flow across the physical medium in the form of electromagnetic or optical waves. A broadband system uses a large portion of the electromagnetic spectrum with a range of frequencies from 50 Mbps to 600 Mbps. These networks can simultaneously accommodate television, voice, data, and other services over multiple transmission channels. built-in groups One of several group accounts used by Microsoft Windows NT and Windows 2000. Built-in groups, as the name implies, are included with the network operating system. Built-in groups have been granted useful collections of rights and built-in abilities. In most cases, a built-in group provides all the capabilities needed by a particular user. For example, if a domain user account belongs to the built-in Administrators group, logging on with that account gives a user administrative capabilities over the domain and the servers in the domain. See also user account. byte A unit of information consisting of 8 bits. In computer processing or storage, a byte is equivalent to a single character, such as a letter, numeral, or punctuation mark. Because a byte represents only a small amount of information, amounts of computer memory are usually given in kilobytes (1024 bytes or 2 raised to the 10th power), megabytes (1,048,576 bytes or 2 raised to the 20th power), gigabytes (1024 megabytes), terabytes (1024 gigabytes), petabytes (1024 terabytes), or exabytes (1024 petabytes). C CA (certificate authority) See certificate authority (CA). carrier-sense multiple access with collision avoidance (CSMA/CA) access method An access method by which each computer signals its intent to transmit before it actually transmits data, thus avoiding possible transmission collisions. carrier-sense multiple access with collision detection (CSMA/CD) access method An access method generally used with bus topologies. Using CSMA/CD, a station "listens" to the physical medium to determine whether another station is currently transmitting a data frame. If no other station is transmitting, the station sends its data. A station "listens" to the medium by testing the medium for the presence of a carrier, a specific level of voltage or light—thus the term carrier-sense. The multiple access indicates that there are multiple stations attempting to access or put data on the cable at the same time. The collision detection indicates that the stations are also listening for collisions. If two stations attempt to transmit at the same time and a collision occurs, the stations must wait a random period of time before attempting to transmit. CCEP See Commercial COMSEC Endorsement Program (CCEP). CCITT (Comité Consultatif Internationale de Télégraphie et Téléphonie) An organization based in Geneva, Switzerland, and established as part of the United Nations International Telecommunications Union (ITU). The CCITT recommends use of communication standards that are recognized throughout the world. Protocols established by the CCITT are applied to modems, networks, and facsimile transmission. Cellular Digital Packet Data (CDPD) A communication standard that uses very fast technology, similar to that of cellular telephones, to offer computer data transmissions over existing analog voice networks between voice calls, when the system is not occupied with voice communication. certificate A collection of data used for authentication and secure exchange of information on nonsecured networks, such as the Internet. A certificate securely binds a public key to the entity that holds the corresponding private key. Certificates are digitally signed by the issuing CA and can be managed for a user, computer, or service. The most widely accepted format for certificates is defined by ITU-T X.509 international standards. certificate authority (CA) An entity responsible for establishing the authenticity of public keys belonging to users or other CAs. Activities of a CA may include binding public keys to distinguished names through signed certificates, managing certificate serial numbers, and revoking certificates. child domain For Domain Name System (DNS), a domain located in the namespace tree directly beneath another directory name (the parent domain). For example, example.Microsoft.com would be a child domain of the Microsoft.com parent domain. A child domain is also called a subdomain. codec (compression/decompression) Compression/decompression technology for digital video and stereo audio. Commercial COMSEC Endorsement Program (CCEP) A data-encryption standard introduced by the National Security Agency. Vendors who have the proper security clearance can join CCEP and be authorized to incorporate classified algorithms into communications systems. See also encryption. console Collections of administrative tools. contention Competition among stations on a network for the opportunity to use a communication line or network resource. Two or more computers attempt to transmit over the same cable at the same time, thus causing a collision on the cable. Such a system needs regulation to eliminate data collisions on the cable that can destroy data and bring network traffic to a halt. See also carrier-sense multiple access with collision detection (CSMA/CD) access method. CRC See cyclical redundancy check (CRC). crosstalk Signal overflow from an adjacent wire. When a second faint telephone conversation is heard in the background while one is making a phone call, crosstalk is occurring. cryptography The processes, art, and science of keeping messages and data secure. Cryptography is used to enable and ensure confidentiality, data integrity, authentication (entity and data origin), and nonrepudiation. CSMA/CD See carrier-sense multiple access with collision detection (CSMA/CD) access method. cyclical redundancy check (CRC) A form of error checking in transmitting data. The sending packet includes a number produced by a mathematical calculation made at the transmission source. When the packet arrives at its destination, the calculation is redone. If the two figures are the same, this indicates that the data in the packet has remained stable. If the calculation at the destination differs from the calculation at the source, this indicates that the data has changed during the transmission. In that case, the CRC routine either drops the packet or signals the source computer to retransmit the data. D database management system (DBMS) A layer of software between the physical database and the user. The DBMS manages all requests for database action from the user, including keeping track of the physical details of file locations and formats, indexing schemes, and so on. In addition, a DBMS permits centralized control of security and data integrity requirements. Data Communications Equipment (DCE) One of two types of hardware connected by an RS-232 serial connection, the other being a data terminal equipment (DTE) device. A DCE device takes input from a DTE device and often acts as an intermediary device, transforming the input signal in some way before sending it to the actual recipient. For example, an external modem is a DCE device that accepts data from a microcomputer (DTE), modulates it, then sends the data along a telephone connection. In communication, an RS-232 DCE device receives data over line 2 and transmits over line 3. In contrast, a DTE device receives over line 3 and transmits over line 2. See also Data Terminal Equipment (DTE). data encryption See encryption. data encryption standard (DES) A commonly used, highly sophisticated algorithm developed by the U.S. National Bureau of Standards for encrypting and decoding data. See also encryption. data frames Logical, structured packages in which data can be placed. Data being transmitted is segmented into small units and combined with control information such as message start and message end indicators. Each package of information is transmitted as a single unit, called a frame. The data-link layer packages raw bits from the physical layer into data frames. The exact format of the frame used by the network depends on the topology. See also frame. data stream An undifferentiated, byte-by-byte flow of data. Data Terminal Equipment (DTE) According to the RS-232 hardware standard, a device, such as a microcomputer or a terminal, that has the ability to transmit information in digital form over a cable or a communication line. A DTE is one of two types of hardware connected by an RS-232 serial connection, the other being a DCE (Data Communications Equipment) device, such as a modem, that normally connects the DTE to the communication line itself. In communication, an RS-232 DTE device transmits data over line 2 and receives it over line 3. A DCE receives over line 2 and transmits over line 3. See also Data Communications Equipment (DCE). DBMS See database management system (DBMS). DCE See Data Communications Equipment (DCE). DECnet Digital Equipment Corporation hardware and software products that implement the Digital Network Architecture (DNA). DECnet defines communication networks over Ethernet LANs, Fiber Distributed Data Interface metropolitan area networks (FDDI MANs), and WANs that use private or public data transmission facilities. It can use TCP/IP and OSI protocols as well as Digital's DECnet protocols. See also Fiber Distributed Data Interface (FDDI), metropolitan area network (MAN). dedicated server A computer on a network that functions only as a server and is not also used as a client. DES See data encryption standard (DES). Dfs (Distributed File System) See Distributed File System (Dfs). DHCP See Dynamic Host Configuration Protocol (DHCP). DHCP client Any network-enabled device that supports the ability to communicate with a DHCP server for the purpose of obtaining dynamic leased Internet Protocol (IP) configuration and related optional parameters information. DHCP scope A range of Internet Protocol (IP) addresses that are available to be leased or assigned to DHCP clients by the DHCP service. DHCP server In Microsoft Windows 2000 Server, a computer running the Microsoft DHCP service that offers dynamic configuration of Internet Protocol (IP) addresses and related information to DHCP-enabled clients. dial-up connection The connection to your network if you are using a device that uses the telephone network. This includes modems with a standard phone line, ISDN cards with high-speed ISDN lines, or X.25 networks. If you are a typical user, you may have one or two dial-up connections, perhaps to the Internet and to your corporate network. In a more complex server situation, multiple network modem connections might be used to implement advanced routing. digital A system that encodes information numerically, such as 0 and 1, in a binary context. Computers use digital encoding to process data. A digital signal is a discrete binary state, either on or off. See also analog. digital line A communication line that carries information only in binary-encoded (digital) form. To minimize distortion and noise interference, a digital line uses repeaters to regenerate the signal periodically during transmission. See also analog line. digital signature A means for originators of a message, file, or other digitally encoded information to bind their identity to the information. The process of signing information entails transforming the information, as well as some secret information held by the sender, into a tag called a signature. Digital signatures are used in public key environments and they provide nonrepudiation and integrity services. directory service Provides the methods for storing directory data and making this data available to network users and administrators. For example, Active Directory stores information about user accounts, such as names, passwords, phone numbers, and so on, and enables other authorized users on the same network to access this information. Distributed File System (Dfs) A single, logical, hierarchical file system. Dfs organizes shared folders on different computers in a network to provide a logical tree structure for file system resources. DNS See Domain Name System (DNS). domain For Microsoft networking, a collection of computers and users that share a common database and security policy that are stored on a Windows NT Server domain controller. Each domain has a unique name. See also workgroup. domain controller For Microsoft networking, the Windows NT Server-based computer that authenticates domain logons and maintains the security policy and master database for a domain. See also backup domain controller (BDC), primary domain controller (PDC). domain model A grouping of one or more domains with administration and communication links between them that is arranged for the purpose of user and resource management. domain namespace The database structure used by the Domain Name System (DNS). Domain Name System (DNS) A general-purpose distributed, replicated, data-query service used primarily on the Internet for translating host names into Internet addresses. downtime The amount of time a computer system or associated hardware remains nonfunctioning. Although downtime can occur because hardware fails unexpectedly, it can also be a scheduled event, such as when a network is shut down to allow time for maintaining the system, changing hardware, or archiving files. driver A software component that permits a computer system to communicate with a device. For example, a printer driver is a device driver that translates computer data into a form understood by the target printer. In most cases, the driver also manipulates the hardware to transmit the data to the device. DTE See Data Terminal Equipment (DTE). duplex transmission Also called full-duplex transmission. Communication that takes place simultaneously, in both directions, between the sender and the receiver. Alternative methods of transmission are simplex, which is one way only, and half-duplex, which is two-way communication that occurs in only one direction at a time. Dynamic Host Configuration Protocol (DHCP) A protocol for automatic TCP/IP configuration that provides static and dynamic address allocation and management. See also Transmission Control Protocol/Internet Protocol (TCP/IP). E EBCDIC See Extended Binary Coded Decimal Interchange Code (EBCDIC). EFS (encrypting file system) See encrypting file system (EFS). encrypting file system (EFS) Windows 2000 file system that enables users to encrypt files and folders on an NTFS volume to keep them safe from intruders who have physical access to the disk. encryption The process of making information indecipherable to protect it from unauthorized viewing or use, especially during transmission or when the data is stored on a transportable magnetic medium. A key is required to decode the information. See also Commercial COMSEC Endorsement Program (CCEP), data encryption standard (DES). Ethernet A LAN developed by Xerox in 1976. Ethernet became a widely implemented network from which the IEEE 802.3 standard for contention networks was developed. It uses a bus topology, and the original Ethernet relies on CSMA/CD to regulate traffic on the main communication line. EtherTalk Allows the AppleTalk network protocols to run on Ethernet coaxial cable. The EtherTalk card allows a Macintosh computer to connect to an 802.3 Ethernet network. See also AppleTalk. event An action or occurrence to which a program might respond. Examples of events are mouse clicks, key presses, and mouse movements. Also, any significant occurrence in the system or in a program that requires users to be notified or an entry to be added to a log. Extended Binary Coded Decimal Interchange Code (EBCDIC) A coding scheme developed by IBM for use with IBM mainframe and personal computers as a standard method of assigning binary (numeric) values to alphabetic, numeric, punctuation, and transmission-control characters. extended partition A portion of a basic disk that can contain logical drives. Use an extended partition if you want to have more than four volumes on your basic disk. Only one of the four partitions allowed per physical disk can be an extended partition, and no primary partition needs to be present to create an extended partition. Extended partitions can be created only on basic disks. F FAT (file allocation table) See file allocation table (FAT). fault tolerance The ability of a computer or an operating system to respond to an event such as a power outage or a hardware failure in such a way that no data is lost and any work in progress is not corrupted. Fiber Distributed Data Interface (FDDI) A standard developed by the ANSI for high-speed, fiber- optic local area networks. FDDI provides specifications for transmission rates of 100 Mbps on networks based on the Token Ring standard. fiber-optic cable Cable that uses optical fibers to carry digital data signals in the form of modulated pulses of light. file allocation table (FAT) A table or list maintained by some operating systems to keep track of the status of various segments of disk space used for file storage. file replication service (FRS) Provides multimaster file replication for designated directory trees between Windows 2000 servers. The directory trees must be on disk partitions formatted with the version of NTFS used with Windows 2000. FRS is used by the Microsoft Distributed File System (Dfs) to automatically synchronize content between assigned replicas, and by Active Directory to automatically synchronize content of the system volume information across domain controllers. File Transfer Protocol (FTP) A process that provides file transfers between local and remote computers. FTP supports several commands that allow bidirectional transfer of binary and ASCII files between computers. The FTP client is installed with the TCP/IP connectivity utilities. See also ASCII (American Standard Code for Information Interchange), Transmission Control Protocol/Internet Protocol (TCP/IP). firewall A security system, usually a combination of hardware and software, intended to protect a network against external threats coming from another network, including the Internet. Firewalls prevent an organization's networked computers from communicating directly with computers that are external to the network, and vice versa. Instead, all incoming and outgoing communication is routed through a proxy server outside the organization's network. Firewalls also audit network activity, recording the volume of traffic and information about unauthorized attempts to gain access. See also proxy server. FQDN (fully qualified domain name) See fully qualified domain name (FQDN). frame A package of information transmitted on a network as a single unit. Frame is a term most often used with Ethernet networks. A frame is similar to the packet used in other networks. See also data frames, packet. frame preamble Header information, added to the beginning of a data frame in the physical layer of the OSI reference model. frame relay An advanced, fast-packet, variable-length, digital, packet-switching technology. It is a point-to-point system that uses a private virtual circuit (PVC) to transmit variable-length frames at the data-link layer of the OSI reference model. Frame relay networks can also provide subscribers with bandwidth, as needed, that allows users to make nearly any type of transmission. front end In a client/server application, front end refers to the part of the program carried out on the client computer. FRS (file replication service) See file replication service (FRS). FTP See File Transfer Protocol (FTP). full-duplex transmission Also called duplex transmission. Communication that takes place simultaneously in both directions. See also duplex transmission. fully qualified domain name (FQDN) A DNS domain name that has been stated unambiguously so as to indicate with absolute certainty its location in the domain namespace tree. Fully qualified domain names differ from relative names in that they can be stated with a trailing period (.), for example, host.example.microsoft.com, to qualify their position to the root of the namespace. G global group One of four kinds of group accounts used by Microsoft Windows NT and Windows NT Server. Used across an entire domain, global groups are created on a primary domain controller (PDC) in the domain in which the user accounts reside. Global groups can contain only user accounts from the domain in which the global group is created. Members of global groups obtain resource permissions when the global group is added to a local group. See also group, primary domain controller (PDC). group In networking, an account containing other accounts that are called members. The permissions and rights granted to a group are also provided to its members; thus, groups offer a convenient way to grant common capabilities to collections of user accounts. H half-duplex transmission Two-way communication occurring in only one direction at a time. handshaking A term applied to modem-to-modem communication. Refers to the process by which information is transmitted between the sending and receiving devices to maintain and coordinate data flow between them. Proper handshaking ensures that the receiving device will be ready to accept data before the sending device transmits. HDLC See High-Level Data Link Control (HDLC). header In network data transmission, one of the three sections of a packet component. It includes an alert signal to indicate that the packet is being transmitted, the source address, the destination address, and clock information to synchronize transmission. hierarchical namespace A namespace, such as the Domain Name System (DNS) and Active Directory, that has a tiered structure allowing names and objects to be nested within each other. High-Level Data Link Control (HDLC) HDLC is a widely accepted international protocol, developed by the International Organization for Standardization (ISO), that governs information transfer. HDLC is a bit-oriented, synchronous protocol that applies to the data-link (message packaging) layer of the OSI reference model. Under the HDLC protocol, data is transmitted in frames, each of which can contain a variable amount of data, but must be organized in a particular way. See also data frames, frame. hop In routing through a mesh environment, the transmission of a data packet through a router. host name The name of a device on a network. For a device on a Windows 2000 network, this can be the same as the computer name. HTML See Hypertext Markup Language (HTML). Hypertext Markup Language (HTML) A language developed for writing pages for the World Wide Web. HTML allows text to include codes that define fonts, layout, embedded graphics, and hypertext links. Hypertext provides a method for presenting text, images, sound, and videos that are linked together in a nonsequential web of associations. Hypertext Transfer Protocol (HTTP) The method by which World Wide Web pages are transferred over the network. I IAB See Internet Architecture Board (IAB). IBM cabling system Used in a Token Ring environment. Introduced by IBM in 1984 to define cable connectors, face plates, distribution panels, and cable types. Many parameters are similar to non-IBM specifications. Uniquely shaped, the IBM connector is hermaphroditic. ICMP See Internet Control Message Protocol (ICMP). IEEE See Institute of Electrical and Electronics Engineers (IEEE). IEEE Project 802 A networking model developed by the IEEE. Named for the year and month it began (February 1980), Project 802 defines LAN standards for the physical and data-link layers of the OSI reference model. Project 802 divides the data-link layer into two sublayers: Media Access Control (MAC) and Logical Link Control (LLC). incremental backup Backs up only the files created or changed since the last normal (or incremental) backup, and marks the files as having been backed up. infrared transmission Electromagnetic radiation with frequencies in the electromagnetic spectrum in the range just below that of visible red light. In network communications, infrared technology offers extremely high transmission rates and wide bandwidth in line-of-sight communications. Institute of Electrical and Electronics Engineers (IEEE) An organization of engineering and electronics professionals; noted in networking for developing the IEEE 802.x standards for the physical and data-link layers of the OSI reference model, applied in a variety of network configurations. Integrated Services Digital Network (ISDN) A worldwide digital communication network that evolved from existing telephone services. The goal of the ISDN is to replace current telephone lines, which require digital-to-analog conversions, with completely digital switching and transmission facilities capable of carrying data ranging from voice to computer transmissions, music, and video. The ISDN is built on two main types of communications channels: B channels that carry voice, data, or images at a rate of 64 Kbps, and a D channel that carries control information, signaling, and link-management data at 16 Kbps. Standard ISDN Basic Rate desktop service is called 2B+D. Computers and other devices connect to ISDN lines through simple, standardized interfaces. International Organization for Standardization (ISO) An organization made up of standards- setting groups from various countries. For example, the United States member is the American National Standards Institute (ANSI). The ISO works to establish global standards for communications and information exchange. Primary among its accomplishments is development of the widely accepted OSI reference model. Note that the ISO is often wrongly identified as the International Standards Organization, probably because of the abbreviation ISO; however, ISO is derived from isos, which means equal in Greek, rather than an acronym. International Telecommunications Union (ITU) The organization responsible for setting the standards for international telecommunications. International Telecommunications Union-Telecommunication (ITU-T) The sector of the ITU responsible for telecommunication standards. Its responsibilities include standardizing modem design and operations and standardizing protocols for networks and facsimile transmission. ITU is an international organization within which governments and the private sector coordinate global telecom networks and services. Internet Architecture Board (IAB) A body that develops and maintains Internet architectural standards as part of the Internet Society (ISOC). It also adjudicates disputes in the standards process. Internet Control Message Protocol (ICMP) Used by IP and higher-level protocols to send and receive status reports about information being transmitted. Internet Information Services (IIS) Software services that support Web site creation, configuration, and management, along with other Internet functions. Microsoft Internet Information Services include Network News Transfer Protocol (NNTP), File Transfer Protocol (FTP), and Simple Mail Transfer Protocol (SMTP). Internet Protocol (IP) The TCP/IP protocol for packet forwarding. See also Transmission Control Protocol/Internet Protocol (TCP/IP). internetworking The intercommunication in a network that is made up of smaller networks. Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX) A protocol stack that is used in Novell networks. IPX is the NetWare protocol for packet forwarding and routing. It is a relatively small and fast protocol on a LAN, is a derivative of Xerox Network System (XNS), and supports routing. SPX is a connection-oriented protocol used to guarantee the delivery of the data being sent. NWLink is the Microsoft implementation of the IPX/SPX protocol. IP See Internet Protocol (IP). See also Transmission Control Protocol/Internet Protocol (TCP/IP). IP address A 32-bit address used to identify a node on an IP network. Each node on the IP network must be unique. An IP address consists of a network identifier and a host identifier. This address is typically represented in dotted-decimal notation, with the decimal value of each octet separated by a period, for example, 192.168.7.27. In Microsoft Windows 2000, you can configure the IP address statically or dynamically through DHCP. ipconfig A diagnostic command that displays all current TCP/IP network configuration values. It is of particular use on systems running DHCP because it allows users to determine which TCP/IP configuration values have been configured by the DHCP server. See also winipcfg. IPX/SPX See Internetwork Packet Exchange/ Sequenced Packet Exchange (IPX/SPX). ISDN See Integrated Services Digital Network (ISDN). ISO See International Organization for Standardization (ISO). ITU See International Telecommunications Union (ITU). ITU-T See International Telecommunications Union-Telecommunication (ITU-T). K Kerberos V5 An Internet standard security protocol for handling authentication of user or system identity. With Kerberos V5, passwords that are sent across network lines are encrypted, not sent as plaintext. Kerberos V5 also includes other security features. L LAN See local area network (LAN). LAN requester See requester (LAN requester). LAT See local area transport (LAT). Layer 2 Tunneling Protocol (L2TP) An industry standard Internet tunneling protocol. Unlike Point-to-Point Tunneling Protocol (PPTP), L2TP does not require Internet Protocol (IP) connectivity between the client workstation and the server. L2TP requires only that the tunnel medium provide packet-oriented point-to-point connectivity. The protocol can be used over media such as Asynchronous Transfer Mode (ATM), frame relay, and X.25. L2TP provides the same functionality as PPTP. Based on Layer 2 Forwarding (L2F) and PPTP specifications, L2TP allows clients to set up tunnels across intervening networks. layering The coordination of various protocols in a specific architecture that allows the protocols to work together to ensure that the data is prepared, transferred, received, and acted on as intended. load balancing A technique used to scale the performance of a server-based program (such as a Web server) by distributing its client requests across multiple servers within the cluster. Typically, each host can specify the load percentage that it will handle, or the load can be equally distributed across all the hosts. If a host fails, the load is dynamically redistributed among the remaining hosts. local area network (LAN) Computers connected in a geographically confined network, such as in the same building, campus, or office park. local area transport (LAT) A nonroutable protocol from Digital Equipment Corporation. local group One of four kinds of group accounts used by Microsoft Windows NT and Windows NT Server. Implemented in each local computer's account database, local groups contain user accounts and other global groups that need to have access, rights, and permissions assigned to a resource on a local computer. Local groups cannot contain other local groups. LocalTalk Cabling components used in an AppleTalk network, including cables, connector modules, and cable extenders. These components are normally used in a bus or tree topology. A LocalTalk segment supports a maximum of 32 devices. Because of LocalTalk's limitations, clients often turn to vendors other than Apple for AppleTalk cabling. Farallon PhoneNet, for example, can accommodate 254 devices. M MAN (metropolitan area network) See metropolitan area network (MAN). media The vast majority of LANs today are connected by some sort of wire or cabling that acts as the LAN transmission medium, carrying data between computers. The cabling is often referred to as the media. metropolitan area network (MAN) A data network designed for a town or city. In geographic breadth, MANs are larger than local area networks but smaller than wide area networks. MANs are usually characterized by very-high-speed connections using fiber-optic cable or other digital media. Microsoft Management Console (MMC) A framework for hosting administrative tools, called consoles. A console may contain tools, folders, or other containers, World Wide Web pages, and other administrative items. These items are displayed in the left pane of the console, called a console tree. A console has one or more windows that can provide views of the console tree. The main MMC window provides commands and tools for authoring consoles. The authoring features of MMC and the console tree itself may be hidden when a console is in User Mode. Microsoft Technical Information Network (TechNet) Provides informational support for all aspects of networking, with an emphasis on Microsoft products. mixed mode The default domain mode setting on Microsoft Windows 2000 domain controllers. Mixed mode allows Windows NT and Windows 2000 backup domain controllers to coexist in a domain. Mixed mode does not support the universal and nested group enhancements of Windows 2000. The domain mode setting can be changed to Windows 2000 native mode when all Windows NT domain controllers are removed from a domain. MMC (Microsoft Management Console) See Microsoft Management Console (MMC). N name resolution The process of translating a name into some object or information that the name represents. A telephone book forms a namespace in which the names of the telephone subscribers can be resolved to telephone numbers. The Microsoft Windows NT file system (NTFS) forms a namespace in which the name of a file can be resolved to the file itself. The Active Directory forms a namespace in which the name of an object in the directory can be resolved to the object itself. namespace A set of unique names for resources or items used in a shared computing environment. For MMC, the namespace is represented by the console tree, which displays all of the snap-ins and resources that are accessible to a console. See also Microsoft Management Console (MMC), resource, snap-in. For DNS, namespace is the vertical or hierarchical structure of the domain name tree. For example, each domain label, such as host1 or example, used in a fully qualified domain name, such as host1.example. microsoft.com, indicates a branch in the domain namespace tree. NAS (network access server) See network access server (NAS). nbtstat A diagnostic command that displays protocol statistics and current TCP/IP connections using NBT (NetBIOS over TCP/IP). This command is available only if the TCP/IP protocol has been installed. See also netstat. NDIS See Network Device Interface Specification (NDIS). NetBEUI (NetBIOS Enhanced User Interface) A protocol supplied with all Microsoft network products. NetBEUI advantages include small stack size (important for MS-DOS-based computers), speed of data transfer on the network medium, and compatibility with all Microsoft-based networks. The major drawback of NetBEUI is that it is a LAN transport protocol and therefore does not support routing. It is also limited to Microsoft-based networks. NetBIOS (network basic input/output system) An application programming interface (API) that can be used by application programs on a LAN consisting of IBM-compatible microcomputers running MS-DOS, OS/2, or some version of UNIX. Primarily of interest to programmers, NetBIOS provides application programs with a uniform set of commands for requesting the lower-level network services required to conduct sessions between nodes on a network and transmit information between them. netstat A diagnostic command that displays protocol statistics and current TCP/IP network connections. This command is available only if the TCP/IP protocol has been installed. See also nbtstat. network access server (NAS) The device that accepts PPP connections and places clients on the network that the NAS serves. Network Device Interface Specification (NDIS) A standard that defines an interface for communication between the Media Access Control (MAC) sublayer and protocol drivers. NDIS allows for a flexible environment of data exchange. It defines the software interface, called the NDIS interface, which is used by protocol drivers to communicate with the network interface card. The advantage of NDIS is that it offers protocol multiplexing so that multiple protocol stacks can be used at the same time. network monitors Monitors that track all or a selected part of network traffic. They examine frame-level packets and gather information about packet types, errors, and packet traffic to and from each computer. Network News Transfer Protocol (NNTP) A protocol defined in RFC 977. It is a de facto protocol standard on the Internet used for the distribution, inquiry, retrieval, and posting of Usenet news articles over the Internet. NNTP See Network News Transfer Protocol (NNTP). Novell NetWare One of the leading network architectures. NSLOOKUP A command-line utility that allows you to make Domain Name System (DNS) queries for testing and troubleshooting your DNS installation. NTFS See NTFS file system. NTFS file system An advanced file system designed for use specifically within the Microsoft Windows 2000 operating system. It supports file system recovery, extremely large storage media, long filenames, and various features for the Portable Operating System Interface for UNIX (POSIX) subsystem. It also supports object- oriented applications by treating all files as objects with user-defined and system-defined attributes. O object An entity such as a file, folder, shared folder, printer, or Active Directory object described by a distinct, named set of attributes. For example, the attributes of a file object include its name, location, and size; the attributes of an Active Directory user object might include the user's first name, last name, and e-mail address. Open Shortest Path First (OSPF) A routing protocol for IP networks, such as the Internet, that allows a router to calculate the shortest path to each node for sending messages. Open Systems Interconnection (OSI) reference model A seven-layer architecture that standardizes levels of service and types of interaction for computers exchanging information through a network. It is used to describe the flow of data between the physical connection to the network and the end-user application. This model is the best known and most widely used model for describing networking environments. OSI See Open Systems Interconnection (OSI) reference model. OSPF See Open Shortest Path First (OSPF). P packet A unit of information transmitted as a whole from one device to another on a network. In packet-switching networks, a packet is defined more specifically as a transmission unit of fixed maximum size that consists of binary digits representing data; a header containing an identification number, source, and destination addresses; and sometimes error-control data. See also frame. Packet Internet Groper (ping) A simple utility that tests if a network connection is complete, from the server to the workstation, by sending a message to the remote computer. If the remote computer receives the message, it responds with a reply message. The reply consists of the remote workstation's IP address, the number of bytes in the message, how long it took to reply—given in milliseconds (ms)—and the length of Time to Live (TTL) in seconds. Ping works at the IP level and will often respond even when higher-level TCP-based services cannot. packet switching A message delivery technique in which small units of information (packets) are relayed through stations in a computer network along the best route available between the source and the destination. Data is broken into smaller units and then repacked in a process called packet assembly and disassembly (PAD). Although each packet can travel along a different path, and the packets composing a message can arrive at different times or out of sequence, the receiving computer reassembles the original message. Packet-switching networks are considered fast and efficient. Standards for packet switching on networks are documented in the CCITT recommendation X.25. page-description language (PDL) A language that communicates to a printer how printed output should appear. The printer uses the PDL to construct text, and graphics to create the page image. PDLs are like blueprints in that they set parameters and features such as type sizes and fonts, but leave the drawing to the printer. PBX Private Branch Exchange (PABX Private Automated Branch Exchange) A switching telephone network that allows callers within an organization to place intraorganizational calls without going through the public telephone system. PDC See primary domain controller (PDC). PDL See page-description language (PDL). PDN See public data network (PDN). performance counter In System Monitor, a data item associated with a performance object. For each counter selected, System Monitor presents a value corresponding to a particular aspect of the performance defined for the performance object. performance monitor A tool for monitoring network performance that can display statistics, such as the number of packets sent and received, server-processor utilization, and the amount of data going into and out of the server. performance object In System Monitor, a logical collection of counters that is associated with a resource or service that can be monitored. ping See Packet Internet Groper (ping). PKI (public key infrastructure) See public key infrastructure (PKI). pointer (PTR) resource record A resource record used in a reverse lookup zone created within the in-addr.arpa domain to designate a reverse mapping of a host Internet Protocol (IP) address to a host Domain Name System (DNS) domain name. point-to-point configuration Dedicated circuits that are also known as private, or leased, lines. They are the most popular WAN communication circuits in use today. The carrier guarantees full-duplex bandwidth by setting up a permanent link from each endpoint, using bridges and routers to connect LANs through the circuits. See also Point-to-Point Protocol (PPP), Point-to-Point Tunneling Protocol (PPTP), duplex transmission. Point-to-Point Protocol (PPP) A data-link protocol for transmitting TCP/IP packets over dial-up telephone connections, such as between a computer and the Internet. PPP was developed by the Internet Engineering Task Force in 1991. Point-to-Point Tunneling Protocol (PPTP) PPTP is an extension of the Point-to-Point Protocol that is used for communication on the Internet. It was developed by Microsoft to support virtual private networks (VPNs), which allow individuals and organizations to use the Internet as a secure means of communication. PPTP supports encapsulation of encrypted packets in secure wrappers that can be transmitted over a TCP/IP connection. See also virtual private network (VPN). PPP See Point-to-Point Protocol (PPP). PPTP See Point-to-Point Tunneling Protocol (PPTP). primary domain controller (PDC) The server that maintains the master copy of the domain's user-accounts database and validates logon requests. Every network domain is required to have one, and only one, PDC. See also domain, domain controller. primary zone database file The master zone database file. Changes to a zone, such as adding domains or hosts, are performed on the server that contains the primary zone database file. private key The secret half of a cryptographic key pair that is used with a public key algorithm. Private keys are typically used to decrypt a symmetric session key, digitally sign data, or decrypt data that has been encrypted with the corresponding public key. protocol The system of rules and procedures that govern communication between two or more devices. Many varieties of protocols exist, and not all are compatible, but as long as two devices are using the same protocol, they can exchange data. Protocols exist within protocols as well, governing different aspects of communication. Some protocols, such as the RS-232 standard, affect hardware connections. Other standards govern data transmission, including the parameters and handshaking signals such as XON/OFF used in asynchronous (typically, modem) communications, as well as such data-coding methods as bit- and byte-oriented protocols. Still other protocols, such as the widely used XMODEM, govern file transfer, and others, such as CSMA/CD, define the methods by which messages are passed around the stations on a LAN. Protocols represent attempts to ease the complex process of enabling computers of different makes and models to communicate. Additional examples of protocols include the OSI model, IBM's SNA, and the Internet suite, including TCP/IP. See also Systems Network Architecture (SNA), Transmission Control Protocol/Internet Protocol (TCP/IP). protocol driver The driver responsible for offering four or five basic services to other layers in the network, while "hiding" the details of how the services are actually implemented. Services performed include session management, datagram service, data segmentation and sequencing, acknowledgment, and possibly routing across a WAN. protocol stack A layered set of protocols that work together to provide a set of network functions. proxy server A firewall component that manages Internet traffic to and from a local area network (LAN). The proxy server decides whether it is safe to let a particular message or file pass through to the organization's network, providing access control to the network, and filters and discards requests as specified by the owner, including requests for unauthorized access to proprietary data. See also firewall. public data network (PDN) A commercial packet-switching or circuit-switching WAN service provided by local and long-distance telephone carriers. public key The nonsecret half of a cryptographic key pair that is used with a public key algorithm. Public keys are typically used when encrypting a session key, verifying a digital signature, or encrypting data that can be decrypted with the corresponding private key. public key cryptography A method of cryptography in which two different keys are used: a public key for encrypting data and a private key for decrypting data. public key infrastructure (PKI) The term generally used to describe the laws, policies, standards, and software that regulate or manipulate certificates and public and private keys. In practice, it is a system of digital certificates, certification authorities, and other registration authorities that verify and authenticate the validity of each party involved in an electronic transaction. Standards for PKI are still evolving, even though they are being widely implemented as a necessary element of electronic commerce. Q QoS (quality of service) See quality of service (QoS). quality of service (QoS) A set of quality-assurance standards and mechanisms for data transmission, implemented in Windows 2000. R RADIUS (Remote Authentication Dial-In User Service) See Remote Authentication Dial-In User Service (RADIUS). RAS See Remote Access Server (RAS). redirector Networking software that accepts I/O requests for remote files, named pipes, or mail slots, and sends (redirects) the requests to a network service on another computer. Remote Access Server (RAS) Any Microsoft Windows 2000-based computer configured to accept remote access connections. Remote Authentication Dial-In User Service (RADIUS) A security authentication protocol based on clients and servers and widely used by Internet service providers (ISPs) on non-Microsoft remote servers. RADIUS is the most popular means of authenticating and authorizing dial-up and tunneled network users today. remote computer A computer that can be accessed only by using a communications line or a communications device, such as a network card or a modem. remote user A user who dials in to the server over modems and telephone lines from a remote location. Request for Comments (RFC) The official documents of the Internet Engineering Task Force (IETF) that specify the details for protocols included in the Transmission Control Protocol/Internet Protocol (TCP/IP) family. requester (LAN requester) Software that resides in a computer and forwards requests for network services from the computer's application programs to the appropriate server. See also redirector. resource Any part of a computer system. Users on a network can share computer resources, such as hard disks, printers, modems, CD-ROM drives, and even the processor. resource record Standard database record types used in zones to associate Domain Name System (DNS) domain names to related data for a given type of network resource, such as a host Internet Protocol (IP) address. Most of the basic resource record types are defined in RFC 1035, but additional resource record types are defined in other RFCs and approved for use with DNS. reverse lookup In Domain Name System (DNS), a query process by which the Internet Protocol (IP) address of a host computer is searched to find its friendly DNS domain name. RFC See Request for Comments (RFC). RIP See Routing Information Protocol (RIP). Routing Information Protocol (RIP) A protocol that uses distance-vector algorithms to determine routes. With RIP, routers transfer information among other routers to update their internal routing tables, and use that information to determine the best routes based on hop counts between routers. TCP/IP and IPX support RIP. S SAP (service access point) See service access point (SAP). SAP (Service Advertising Protocol) See Service Advertising Protocol (SAP). SDLC See Synchronous Data Link Control (SDLC). secondary master An authoritative Domain Name System (DNS) server for a zone that is used as a source for replication of the zone to other servers. Secondary masters update their zone data only by transferring zone data from other DNS servers. They do not have the ability to perform zone updates. security Making computers and data stored on them safe from harm or unauthorized access. security identifier or security ID (SID) A unique number that identifies user, group, and computer accounts. Every account on your network is issued a unique SID when the account is first created. Internal processes in Windows 2000 refer to an account's SID rather than the account's user or group name. If you create an account, delete it, and then create an account with the same user name, the new account will not have the rights or permissions previously granted to the old account because the accounts have different SID numbers. segment The length of cable on a network between two terminators. A segment can also refer to messages that have been broken up into smaller units by the protocol driver. Sequenced Packet Exchange (SPX) Part of Novell's IPX/SPX protocol suite for sequenced data. See also Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX). Serial Line Internet Protocol (SLIP) Defined in RFC 1055. SLIP is normally used on Ethernet, over a serial line; for example, an RS-232 serial port connected to a modem. serial transmission One-way data transfer. The data travels on a network cable with one bit following another. server message block (SMB) The protocol developed by Microsoft, Intel, and IBM that defines a series of commands used to pass information between network computers. The redirector packages SMB requests into a network control block (NCB) structure that can be sent over the network to a remote device. The network provider listens for SMB messages destined for it and removes the data portion of the SMB request so that it can be processed by a local device. service A program, routine, or process that performs a specific system function to support other programs, particularly at the hardware level. When services are provided over a network, they can be published in Active Directory, facilitating service-centric administration and usage. Some examples of Microsoft Windows 2000 services are Security Accounts Manager service, File Replication service, and Routing and Remote Access service. service access point (SAP) The interface among each of the seven layers in the OSI protocol stack that has connection points, similar to addresses, used for communication among layers. Any protocol layer can have multiple SAPs active at one time. Service Advertising Protocol (SAP) Allows service-providing nodes (including file, printer, gateway, and application servers) to advertise their services and addresses. service (SRV) resource record A resource record used in a zone to register and locate well-known Transmission Control Protocol/Internet Protocol (TCP/IP) services. The SRV resource record is specified in RFC 2052 and is used in Microsoft Windows 2000 or later to locate domain controllers for Active Directory service. session management Establishing, maintaining, and terminating connections between stations on the network. shell A piece of software, usually a separate program, that provides direct communication between the user and the operating system. This usually, but not always, takes the form of a command-line interface. Examples of shells are Macintosh Finder and the MS-DOS command interface program COMMAND.COM. SID (security identifier or security ID) See security identifier or security ID (SID). Simple Mail Transfer Protocol (SMTP) A TCP/IP protocol for transferring e-mail. See also Transmission Control Protocol/Internet Protocol (TCP/IP). Simple Network Management Protocol (SNMP) A TCP/IP protocol for monitoring networks. SNMP uses a request and response process. In SNMP, short utility programs, called agents, monitor the network traffic and behavior in key network components to gather statistical data, which they put into a management information base (MIB). To collect the information into a usable form, a special management console program regularly polls the agents and downloads the information in their MIBs. If any of the data falls either above or below parameters set by the manager, the management console program can present signals on the monitor locating the trouble and notify designated support staff by automatically dialing a pager number. SLIP See Serial Line Internet Protocol (SLIP). smart card A credit card-sized device used to securely store public and private keys, passwords, and other types of personal information. To use a smart card, you need a smart card reader attached to the computer and a personal identification number for the smart card. In Windows 2000, smart cards can be used to enable certificate-based authentication and single sign-on to the enterprise. smart card reader A standard device within the smart card subsystem. A smart card reader is an interface device (IFD) that supports bidirectional input/output to a smart card. SMB See server message block (SMB). SMTP See Simple Mail Transfer Protocol (SMTP). SNA See Systems Network Architecture (SNA). snap-in A type of tool you can add to a console supported by Microsoft Management Console (MMC). A stand-alone snap-in can be added by itself; an extension snap-in can only be added to extend the function of another snap-in. SNMP See Simple Network Management Protocol (SNMP). SONET See Synchronous Optical Network (SONET). SPX See Sequenced Packet Exchange (SPX). SQL See structured query language (SQL). stand-alone computer A computer that is not connected to any other computers and is not part of a network. stand-alone server A computer that runs Microsoft Windows 2000 Server but does not participate in a domain. A stand-alone server has only its own database of users, and it processes logon requests by itself. It does not share account information with any other computer and cannot provide access to domain accounts. start-of-authority (SOA) resource record A record that indicates the starting point or original point of authority for information stored in a zone. The SOA resource record is the first resource record created when adding a new zone. It also contains several parameters used by other computers that use Domain Name System (DNS) to determine how long they will use information for the zone and how often updates are required. structured query language (SQL) A database sublanguage used to query, update, and manage relational databases. Although not a programming language in the same sense as C or Pascal, SQL can be used either in formulating interactive queries or embedded in an application as instructions for handling data. The SQL standard also contains components for defining, altering, controlling, and securing data. subdomain A Domain Name System (DNS) domain located directly beneath another domain name (the parent domain) in the namespace tree. For example, example.microsoft.com would be a subdomain of the microsoft.com domain. A subdomain is also called a child domain. subnet A portion of a network, which may be a physically independent network segment, that shares a classful network address with other portions of the network and is distinguished by a subnet number. subnet mask A 32-bit value that allows the recipient of Internet Protocol (IP) packets to distinguish the network ID portion of the IP address from the host ID. SVC See switched virtual circuit (SVC). switched virtual circuit (SVC) A logical connection between end computers that uses a specific route across the network. Network resources are dedicated to the circuit, and the route is maintained until the connection is terminated. These are also known as point-to-multipoint connections. synchronous A form of communication that relies on a timing scheme coordinated between two devices to separate groups of bits and transmit them in blocks called frames. Special characters are used to begin the synchronization and check its accuracy periodically. Because the bits are sent and received in a timed, controlled (synchronized) fashion, start and stop bits are not required. Transmission stops at the end of one transmission and starts again with a new one. It is a start/stop approach, and more efficient than asynchronous transmission. If an error occurs, the synchronous error detection and correction scheme implements a retransmission. However, because more sophisticated technology and equipment are required to transmit synchronously, it is more expensive than asynchronous transmission. Synchronous Data Link Control (SDLC) The data link (data transmission) protocol most widely used in networks conforming to IBM's SNA. SDLC is a communications guideline that defines the format in which information is transmitted. As its name implies, SDLC applies to synchronous transmissions. SDLC is also a bit-oriented protocol and organizes information in structured units called frames. Synchronous Optical Network (SONET) A fiber-optic technology that can transmit data at more than 1 gigabit per second. Networks based on this technology are capable of delivering voice, data, and video. SONET is a standard for optical transport formulated by the Exchange Carriers Standards Association (ECSA) for the ANSI. System Monitor A tool that allows you to collect and view extensive data about the usage of hardware resources and the activity of system services on computers you administer. Systems Network Architecture (SNA) A widely used communication framework developed by IBM to define network functions and establish standards for enabling its different models of computers to exchange and process data. SNA is a design philosophy that separates network communication into five layers. Each layer, like those in the similar ISO/OSI model, represents a graduated level of function moving upward from physical connections to applications software. SYSVOL A shared directory that stores the server copy of the domain's public files, which are replicated among all domain controllers in the domain. T TCO See total cost of ownership (TCO). TCP See Transmission Control Protocol (TCP). TCP/IP See Transmission Control Protocol/Internet Protocol (TCP/IP). TDI See transport driver interface (TDI). Technet See Microsoft Technical Information Network (TechNet). Telnet The command and program used to log on from one Internet site to another. The Telnet command and program bring the user to the logon prompt of another host. Terminal Services Software services that allow client applications to be run on a server so that client computers can function as terminals rather than independent systems. The server provides a multisession environment and runs the Microsoft Windows-based programs being used on the clients. throughput A measure of the data transfer rate through a component, connection, or system. In networking, throughput is a good indicator of the system's total performance because it defines how well the components work together to transfer data from one computer to another. In this case, the throughput would indicate how many bytes or packets the network could process per second. Time to Live (TTL) A timer value included in packets sent over TCP/IP-based networks that tells routers when a packet has been forwarded too many times. For DNS, TTL values are used in resource records within a zone to determine how long requesting clients should cache, and use this information when it appears in a query response answered by a DNS server for the zone. TokenTalk An expansion card that allows a Macintosh II to connect to an 802.5 Token Ring network. total cost of ownership (TCO) The total amount of money and time associated with purchasing computer hardware and software and deploying, configuring, and maintaining the hardware and software. TCO includes hardware and software updates, training, maintenance, administration, and technical support. tracert A trace route command-line utility that shows every router interface through which a TCP/IP packet passes on its way to a destination. Transmission Control Protocol (TCP) The TCP/IP protocol for sequenced data. See also Transmission Control Protocol/Internet Protocol (TCP/IP). Transmission Control Protocol/Internet Protocol (TCP/IP) An industry-standard suite of protocols providing communications in a heterogeneous environment. In addition, TCP/IP provides a routable, enterprise networking protocol and access to the Internet and its resources. It is a transport layer protocol that actually consists of several other protocols in a stack that operates at the session layer. Most networks support TCP/IP as a protocol. transport driver interface (TDI) An interface that works between the file-system driver and the transport protocols, allowing any protocol written to TDI to communicate with the file-system drivers. transport layer The fourth layer of the OSI reference model. It ensures that messages are delivered error-free, in sequence, and without losses or duplications. This layer repackages messages for efficient transmission over the network. At the receiving end, the transport layer unpacks the messages, reassembles the original messages, and sends an acknowledgment of receipt. See also Open Systems Interconnection (OSI) reference model. transport protocols Protocols that provide for communication sessions between computers and ensure that data is able to move reliably between computers. trunk A single cable, also called a backbone or segment. trust relationship Trust relationships are links between domains that enable pass-through authentication, in which a user has only one user account in one domain, yet can access the entire network. User accounts and global groups defined in a trusted domain can be given rights and resource permissions in a trusting domain even though those accounts do not exist in the trusting domain's database. A trusting domain honors the logon authentication of a trusted domain. TTL (Time to Live) See Time to Live (TTL). U UDP See User Datagram Protocol (UDP). UNC (Universal Naming Convention) See Universal Naming Convention (UNC). uninterruptible power supply (UPS) A device connected between a computer or another piece of electronic equipment and a power source, such as an electrical outlet. The UPS ensures that the electrical flow to the computer is not interrupted because of a blackout and, in most cases, protects the computer against potentially damaging events such as power surges and brownouts. Different UPS models offer different levels of protection. All UPS units are equipped with a battery and loss-of-power sensor. If the sensor detects a loss of power, it immediately switches over to the battery so that users have time to save their work and shut off the computer. Most higher-end models have features such as power filtering, sophisticated surge protection, and a serial port so that an operating system capable of communicating with a UPS (such as Windows NT) can work with the UPS to facilitate automatic system shutdown. Universal Naming Convention (UNC) The standard used for a full Windows 2000 name of a resource on a network. It conforms to the servershare syntax, where servername is the name of the server and sharename is the name of the shared resource. UNC names of directories or files can also include the directory path under the share name, with the following syntax: servershare directoryfilename. UPS See uninterruptible power supply (UPS). user account Consists of all of the information that defines a user on a network. This includes the user name and password required for the user to log on, the groups in which the user account has membership, and the rights and permissions the user has for using the system and accessing its resources. User Datagram Protocol (UDP) A connectionless protocol responsible for end-to-end data transmission. user groups Groups of users who meet online or in person to discuss installation, administration, and other network challenges for the purpose of sharing and drawing on each other's expertise in developing ideas and solutions. user name A unique name identifying a user account to Microsoft Windows 2000. An account's user name must be unique among the other group names and user names within its own domain or workgroup. V virtual private network (VPN) A set of computers on a public network such as the Internet that communicate among themselves using encryption technology. In this way, their messages are safe from being intercepted and understood by unauthorized users. VPNs operate as if the computers were connected by private lines. W WAN See wide area network (WAN). Web server A computer that is maintained by a system administrator or Internet service provider (ISP) and responds to requests from a user's Web browser. wide area network (WAN) A computer network that uses long-range telecommunication links to connect networked computers across long distances. Windows 2000 Advanced Server A powerful departmental and application server that provides rich network operations system (NOS) and Internet services. Advanced Server supports large physical memories, clustering, and load balancing. Windows 2000 Datacenter Server The most powerful and functional server operating system in the Microsoft Windows 2000 family. It is optimized for large data warehouses, econometric analysis, large-scale simulations in science and engineering, and server consolidation projects. Windows 2000 Professional A high-performance, secure network client computer and corporate desktop operating system that includes the best features of Microsoft Windows 98, significantly extending the manageability, reliability, security, and performance of Windows NT Workstation 4.0. Windows 2000 Professional can be used as a desktop operating system, networked in a peer-to-peer workgroup environment, or used as a workstation in a Windows 2000 Server domain environment. Windows 2000 Server A file, print, and applications server, as well as a Web server platform that contains all of the features of Microsoft Windows 2000 Professional plus many new server-specific functions. This product is ideal for small-to medium-sized enterprise application deployments, Web servers, workgroups, and branch offices. Windows Internet Name Service (WINS) A software service that dynamically maps Internet Protocol (IP) addresses to computer names (NetBIOS names). This allows users to access resources by name instead of requiring them to use IP addresses that are difficult to recognize and remember. WINS servers support clients running Microsoft Windows NT 4.0 and earlier versions of Microsoft operating systems. winipcfg A diagnostic command specific to Microsoft Windows 95 and 98. Although this graphical user interface (GUI) utility duplicates the functionality of ipconfig, its GUI makes it easier to use. See also ipconfig. WINS See Windows Internet Name Service (WINS). workgroup A collection of computers grouped for sharing resources such as data and peripherals over a LAN. Each workgroup is identified by a unique name. workstation Any networked Macintosh or PC using server resources on the network. World Wide Web (the Web, WWW) The Internet multimedia service that contains a vast storehouse of hypertext documents written in HTML. See also Hypertext Markup Language (HTML). X X.25 A recommendation published by the CCITT that defines the connection between a terminal and a packet-switching network. A packet-switching network routes packets whose contents and format are controlled standards such as those defined in the X.25 recommendation. X.25 incorporates three definitions: the electrical connection between the terminal and the network, the transmission or link-access protocol, and the implementation of virtual circuits between network users. Taken together, these definitions specify a synchronous, full-duplex, terminal-to-network connection. Packets transmitted in such a network can contain either data or control commands. Packet format, error control, and other features are equivalent to portions of the HDLC protocol defined by the ISO. X.25 standards are related to the lowest three levels of the OSI reference model. X.400 A CCITT protocol for international e-mail transmissions. X.500 A CCITT protocol for file and directory maintenance across several systems. XNS (Xerox Network System) A protocol developed by Xerox for its Ethernet LANs. Z zone In a Domain Name System (DNS) database, a zone is a subtree of the DNS database that is administered as a single, separate entity. This administrative unit can consist of a single domain or a domain with subdomains. A DNS zone administrator sets up one or more name servers for the zone. zone database file The file where name-to-IP-address mappings for a zone are stored. zone transfer The process by which Domain Name System (DNS) servers interact to maintain and synchronize authoritative name data. When a DNS server is configured as a secondary master for a zone, it periodically queries another DNS server configured as its source for the zone. If the version of the zone kept by the source is different, the secondary master server will pull zone data from its source DNS server to synchronize zone data. zones Logical groupings of users and resources in an AppleTalk network. |
