Glossary Of IT And XP Terms

Ctrl+F = a 'Find" screen.  Type your key Search word.  

Symbols A B C D E F G H I J K L M N O P Q R S T U V W X Y Z



A class of IBM Systems Network Architecture terminal and related protocol used to communicate with IBM mainframe host systems.


An encrypting algorithm that processes each data block three times, using a unique key each time. 3DES is much more difficult to break than straight DES. It is the most secure of the DES combinations, and is therefore slower in performance.

See also: Data Encryption Standard (DES)


A class of IBM Systems Network Architecture terminal and related protocol used to communicate with AS/400 host systems.


A protocol that supports the mapping of Resource Reservation Protocol (RSVP) signals to Layer 2 signals by using 802.1p priority markings to enable the prioritization of traffic across Layer 2 devices, such as switches, on a network segment. IEEE 802 refers to the Layer 2 technology used by LANs including the data-link layer and the media access control layer.

8mm cassette

A tape cartridge format used for data backups, similar to that used for some video cameras except that the tape is rated for data storage. The capacity is 5 GB or more of (optionally compressed) data.



The coding system used by Dolby Digital. A standard for high quality digital audio that is used for the sound portion of video stored in digital format.

Accelerated Graphics Port (AGP)

A type of expansion slot that is solely for video cards. Designed by Intel, AGP is a dedicated bus that provides fast, high-quality video and graphics performance.

access control entry (ACE)

An entry in an object's discretionary access control list (DACL) that grants permissions to a user or group. An ACE is also an entry in an object's system access control list (SACL) that specifies the security events to be audited for a user or group.

See also: access control list (ACL); access mask; discretionary access control list (DACL); object; permission; security descriptor; system access control list (SACL)

access control list (ACL)

A list of security protections that apply to an entire object, a set of the object's properties, or an individual property of an object. There are two types of access control lists: discretionary and system.

See also: access control entry (ACE); discretionary access control list (DACL); object; security descriptor; system access control list (SACL)

access mask

A 32-bit value that specifies the rights that are allowed or denied in an access control entry (ACE) of an access control list (ACL). An access mask is also used to request access rights when an object is opened.

See also: access control entry (ACE)

access token

A data structure that contains the security identifier (SID) for a security principal, SIDs for the groups that the security principal belongs to, and a list of the security principal's privileges (also called user rights) on the local computer.

See also: security ID (SID); security principal


The quality of a system incorporating hardware or software to engage a flexible, customizable user interface, alternative input and output methods, and greater exposure of screen elements to make the computer usable by people with cognitive, hearing, physical, or visual disabilities.

Accessibility Wizard

An interactive tool that makes it easier to set up commonly used accessibility features by specifying options by type of disability, rather than by numeric value changes.


See definition for: Advanced Configuration and Power Interface (ACPI)

Active Directory

The directory service that stores information about objects on a network and makes this information available to users and network administrators. Active Directory gives network users access to permitted resources anywhere on the network using a single logon process. It provides network administrators with an intuitive, hierarchical view of the network and a single point of administration for all network objects.

See also: directory; directory service

active partition

A partition from which an x86-based computer starts up. The active partition must be a primary partition on a basic disk. If you use Windows exclusively, the active partition can be the same as the system volume.

See also: basic disk; primary partition; system partition; system volume

active volume

The volume from which the computer starts up. The active volume must be a simple volume on a dynamic disk. You cannot mark an existing dynamic volume as the active volume, but you can upgrade a basic disk containing the active partition to a dynamic disk. After the disk is upgraded to dynamic, the partition becomes a simple volume that is active.

See also: active partition; basic disk; dynamic disk; dynamic volume; simple volume


A set of technologies that allows software components to interact with one another in a networked environment, regardless of the language in which the components were created.

Advanced Configuration and Power Interface (ACPI)

An open industry specification that defines power management on a wide range of mobile, desktop, and server computers and peripherals. ACPI is the foundation for the OnNow industry initiative that allows system manufacturers to deliver computers that start at the touch of a keyboard. ACPI design is essential to take full advantage of power management and Plug and Play.

See also: Plug and Play

Advanced Power Management (APM)

A software interface (designed by Microsoft and Intel) between hardware-specific power management software (such as that located in a system BIOS) and an operating system power management driver.

See also: basic input/output system (BIOS)


In Systems Management Server, a notification sent by the site server to the client access points (CAPs) specifying that a software distribution program is available for clients to use. In Windows 2000 and Windows XP, the Software Installation snap-in generates an application advertisement script and stores this script in the appropriate locations in Active Directory and the Group Policy object.

allocation unit

The smallest amount of disk space that can be allocated to hold a file. All file systems used by Windows organize hard disks based on allocation units. The smaller the allocation unit size, the more efficiently a disk stores information. If you do not specify an allocation unit size when formatting the disk, Windows picks default sizes based on the size of the volume. These default sizes are selected to reduce the amount of space that is lost and the amount of fragmentation on the volume. An allocation unit is also called a cluster.

See also: file system; volume

American Standard Code for Information Interchange (ASCII)

A standard single-byte character encoding scheme used for text-based data. ASCII uses designated 7-bit or 8-bit number combinations to represent either 128 or 256 possible characters. Standard ASCII uses 7 bits to represent all uppercase and lowercase letters, the numbers 0 through 9, punctuation marks, and special control characters used in U.S. English. Most current x86-based systems support the use of extended (or "high") ASCII. Extended ASCII allows the eighth bit of each character to identify an additional 128 special symbol characters, foreign-language letters, and graphic symbols.

See also: Unicode

answer file

A text file that you can use to provide automated input for unattended installation of Windows XP and Windows 2000. This input includes parameters to answer the questions included in Setup for specific installations. In some cases, you can use this text file to provide input to wizards, such as the Active Directory Installation Wizard, which is used to add Active Directory to Windows 2000 Server through Setup. The default answer file for Setup is known as Unattend.txt.

See also: Active Directory


See definition for: application programming interface (API)


See definition for: Advanced Power Management (APM)

application media pool

A data repository that determines which media can be accessed by which applications and that sets the policies for that media. There can be any number of application media pools in a Removable Storage system. Applications create application media pools.

See also: Removable Storage

application programming interface (API)

A set of routines that an application uses to request and carry out lower-level services performed by a computer's operating system. These routines usually carry out maintenance tasks such as managing files and displaying information.

assistive technology

System extensions, programs, devices, and tools added to a computer to make it more accessible to users with disabilities.

asynchronous communication

A form of data transmission in which information is sent and received at irregular intervals, one character at a time. Because data is received at irregular intervals, the receiving modem must be signaled to let it know when the data bits of a character begin and end. This is done by means of start and stop bits.

Asynchronous Transfer Mode (ATM)

A high-speed, connection-oriented protocol used to transport many different types of network traffic. ATM packages data in a 53-byte, fixed-length cell that can be switched quickly between logical connections on a network.

See also: protocol


See definition for: Asynchronous Transfer Mode (ATM)


For files, information that indicates whether a file is read-only, hidden, ready for archiving (backing up), compressed, or encrypted, and whether the file contents should be indexed for fast file searching.

See also: object; schema


The process that tracks the activities of users by recording selected types of events in the security log of a server or a workstation.


The process for verifying that an entity or object is who or what it claims to be. Examples include confirming the source and integrity of information, such as verifying a digital signature or verifying the identity of a user or computer.

See also: confidentiality; cryptography; integrity; Kerberos V5 authentication protocol; nonrepudiation; NTLM authentication protocol; smart card; trust relationship

Authentication Header (AH)

A header that provides authentication, integrity, and anti-replay for the entire packet (the IP header and the data payload carried in the packet).


For DNS, describes a DNS server hosting a zone, or a zone containing a name or record. When a DNS server is configured to host a zone, it is said to be authoritative for names that do exist or could exist within that zone. A DNS server is allowed to respond authoritatively to queries for domain names for which it is authoritative. A zone is said to be authoritative for a name if the name exists or could exist within a zone, and it is said to be authoritiative for a record if the owner name of the record exists or could exist within a zone.

See also: DNS server; domain name; Domain Name System (DNS)

automated installation

An unattended setup using one or more of several methods such as Remote Installation Services, bootable CD, and Sysprep.

See also: Remote Installation Services (RIS); Sysprep

automatic caching

A method of automatically storing network files on a user's hard disk drive whenever a file is open so the files can be accessed when the user is not connected to the network.

Automatic Private IP Addressing (APIPA)

A feature of Windows XP TCP/IP that automatically configures a unique IP address from the range through and a subnet mask of when the TCP/IP protocol is configured for dynamic addressing and a Dynamic Host Configuration Protocol (DHCP) is not available.

See also: Dynamic Host Configuration Protocol (DHCP); IP address; Transmission Control Protocol/Internet Protocol (TCP/IP)

available state

A state in which media can be allocated for use by applications.



A tree structure for storing database indexes. Each node in the tree contains a sorted list of key values and links that correspond to ranges of key values between the listed values. To find a specific data record given its key value, the program reads the first node, or root, from the disk and compares the desired key with the keys in the node to select a subrange of key values to search. It repeats the process with the node indicated by the corresponding link. At the lowest level, the links indicate the data records. The database system can thus rapidly search through the levels of the tree structure to find the simple index entries that contain the location of the desired records or rows.


A duplicate copy of a program, a disk, or data, made either for archiving purposes or for safeguarding valuable files from loss in case the active copy is damaged or destroyed. Some application programs automatically make backup copies of data files, maintaining both the current version and the preceding version.

backup operator

A type of local or global group that contains the user rights you need to back up and restore files and folders. Members of the Backup Operators group can back up and restore files and folders regardless of ownership, permissions, encryption, or auditing settings.

See also: auditing; global group; local group; user rights

backup types

A type that determines which data is backed up and how it is backed up. There are five backup types: copy, daily, differential, incremental, and normal.

See also: copy backup; daily backup; differential backup; incremental backup; normal backup

bad block

A disk sector that can no longer be used for data storage, usually due to media damage or imperfections. Also known as bad sector.

bad sector

A disk sector that can no longer be used for data storage, usually due to media damage or imperfections. Also known as bad block.


In analog communications, the difference between the highest and lowest frequencies in a spcific range. For example, an analog telephone line accommodates a bandwidth of 3,000 hertz (Hz), the difference between the lowest (300 Hz) and highest (3,300 Hz) frequencies it can carry. In digital communications, bandwidth is expressed in bits per second (bps).

bar code

A machine-readable label that identifies objects, such as physical media.

base file record

The first file record in the master file table (MFT) for a file that has multiple file records. The base file record is the record to which the file's file reference corresponds.

See also: master file table (MFT)


A range of measurements derived from performance monitoring that represents acceptable performance under typical operating conditions.

basic disk

A physical disk that can be accessed by MS-DOS and all Windows-based operating systems. Basic disks can contain up to four primary partitions, or three primary partitions and an extended partition with multiple logical drives. If you want to create partitions that span multiple disks, you must first convert the basic disk to a dynamic disk using Disk Management or the Diskpart.exe command-line utility.

See also: dynamic disk; extended partition; logical drive; MS-DOS (Microsoft Disk Operating System); primary partition

basic input/output system (BIOS)

On x86-based computers, the set of essential software routines that test hardware at startup, start the operating system, and support the transfer of data among hardware devices. The BIOS is stored in read-only memory (ROM) so that it can be executed when you turn on the computer. Although critical to performance, the BIOS is usually invisible to computer users.

See also: Extensible Firmware Interface (EFI); read-only memory (ROM)

basic volume

A primary partition or logical drive that resides on a basic disk.

See also: basic disk; logical drive; primary partition

batch program

An ASCII (unformatted text) file that contains one or more operating system commands. A batch program's file name has a .cmd or .bat extension. When you type the file name at the command prompt, or when the batch program is run from another program, its commands are processed sequentially. Batch programs are also called batch files.

See also: American Standard Code for Information Interchange (ASCII); logon script

bidirectional communication

Communication that occurs in two directions simultaneously. Bidirectional communication is useful in printing where jobs can be sent and printer status can be returned at the same time.


A process by which software components and layers are linked together. When a network component is installed, the binding relationships and dependencies for the components are established. Binding allows components to communicate with each other.

binding order

The sequence in which software components, network protocols, and network adapters are linked together. When a network component is installed, the binding relationships and dependencies for the components are established.


See definition for: basic input/output system (BIOS)

BIOS parameter block (BPB)

A series of fields containing data on disk size, geometry variables, and the physical parameters of the volume. The BPB is located within the boot sector.

Boot Information Negotiation Layer (BINL) service

A service that runs on the server running Windows 2000 Server that acts on client boot requests.

boot sector

A critical disk structure for starting your computer, located at sector 1 of each volume or floppy disk. It contains executable code and data that is required by the code, including information used by the file system to access the volume. The boot sector is created when you format the volume.

boot volume

The volume that contains the Windows operating system and its support files. The boot volume can be, but does not have to be, the same as the system volume.

See also: system volume; volume

bootable CD

An automated installation method that runs Setup from a CD-ROM. This method is useful for computers at remote sites with slow links and no local IT department.

See also: automated installation

bootstrap loader

A program that is run automatically when a computer is turned on, or booted. After first performing a few basic hardware tests, the bootstrap loader loads and passes control to a larger loader program, which typically then loads the operating system. The bootstrap loader typically resides in the computer's read-only memory (ROM).

See also: read-only memory (ROM)


A condition, usually involving a hardware resource, that causes the entire system to perform poorly.


A keyboard filter that assists users whose fingers bounce on the keys when pressing or releasing them.

bound trap

In programming, a problem in which a set of conditions exceeds a permitted range of values that causes the microprocessor to stop what it is doing and handle the situation in a separate routine.

Bourne shell

A UNIX command processor developed by Steven Bourne.


The process of creating and maintaining an up-to-date list of computers and resources on a network or part of a network by one or more designated computers running the Computer Browser service.


cable modem

A device that enables a broadband connection to the Internet by using cable television infrastructure. Access speeds vary greatly, with a maximum throughput of 10 megabits per second (Mbps).


For DNS and WINS, a local information store of resource records for recently resolved names of remote hosts. Typically, the cache is built dynamically as the computer queries and resolves names. It also helps optimize the time required to resolve queried names.

See also: cache file; naming service; resource record (RR)

cache file

A file used by the Domain Name System (DNS) server to preload its names cache when the service is started. Also known as the root hints file because DNS uses resource records stored in this file to help locate root servers that provide referral to authoritative servers for remote names. For Windows DNS servers, the cache file is named Cache.dns and is located in the %SystemRoot%\System32\Dns folder.

See also: authoritative; cache; Domain Name System (DNS); systemroot


The process of temporarily storing recently used data values in a special pool in memory for quicker subsequent access. For DNS, typically the ability of the DNS server to store information learned about the DNS namespace during the resolution of DNS queries. (For example, the DNS server can cache DNS records received from other DNS servers.) Caching is also available through the DNS Client service as a way for DNS clients to keep a cache of information learned during recent queries.

See also: caching resolver; DNS server; Domain Name System (DNS)

caching resolver

A client-side DNS name resolution service that performs caching of recently learned DNS domain name information. The caching resolver service provides system-wide access to DNS-aware programs for resource records obtained from DNS servers during processing of name queries. Cached data is used for a limited period of time and aged according to the active Time-to-Live (TTL) value. You can set the TTL individually for each resource record (RR). Otherwise, it defaults to the minimum TTL set in the SOA RR for the zone.

See also: cache; caching; expire interval; resolver; resource record (RR); Time to Live (TTL)

callback number

The number that a remote access server uses to call back a user. This number can be preset by the administrator or specified by the user at the time of each call, depending on how the administrator configures the user's callback options. The callback number should be the number of the phone line to which the user's modem is connected.

See also: remote access server


A 32-bit PC Card.


A unit of media of a certain type, such as 8mm tape, magnetic disk, optical disk, or CD-ROM, used by Removable Storage.

See also: Removable Storage

central processing unit (CPU)

The part of a computer that has the ability to retrieve, interpret, and execute instructions and to transfer information to and from other resources over the computer's main data-transfer path, the bus. By definition, the CPU is the chip that functions as the "brain" of a computer.


A digital document that is commonly used for authentication and secure exchange of information on open networks, such as the Internet, extranets, and intranets. A certificate securely binds a public key to the entity that holds the corresponding private key. Certificates are digitally signed by the issuing certification authority and can be issued for a user, a computer, or a service. The most widely accepted format for certificates is defined by the ITU-T X.509 version 3 international standard.

See also: certification authority (CA); International Telecommunication Union - Telecommunication [Standardization Sector] (ITU-T); private key

Certificate Services

A software service that issues certificates for a particular certification authority (CA). It provides customizable services for issuing and managing certificates for the enterprise. Certificates can be used to provide authentication support, including secure e-mail, Web-based authentication, and smart card authentication.

See also: authentication; certificate; certification authority (CA)

certificate template

A Windows construct that prespecifies format and content of certificates based on their intended usage. When requesting a certificate from a Windows enterprise certification authority (CA), certificate requestors are, depending on their access rights, able to select from a variety of certificate types that are based on certificate templates, such as User and Code Signing.

See also: certificate; certification authority (CA)

certification authority (CA)

An entity responsible for establishing and vouching for the authenticity of public keys belonging to users (end entities) or other certification authorities. Activities of a certification authority can include binding public keys to distinguished names through signed certificates, managing certificate serial numbers, and certificate revocation.

See also: certificate

Challenge Handshake Authentication Protocol (CHAP)

A challenge-response authentication protocol for PPP connections documented in RFC 1994 that uses the industry-standard Message Digest 5 (MD5) one-way encryption scheme to hash the response to a challenge issued by the remote access server.

See also: Point-to-Point Protocol (PPP)

change journal

A feature new to Windows 2000 that tracks changes to NTFS volumes, including additions, deletions, and modifications. The change journal exists on the volume as a sparse file.

See also: NTFS file system; volume


The robotic element of an online library unit.

child object

An object that resides in another object. A child object implies relation. For example, a file is a child object that resides in a folder, which is the parent object.

See also: object; parent object


Text that has been encrypted using an encryption key. Ciphertext is meaningless to anyone who does not have the decryption key.

See also: decryption; encryption; encryption key; plaintext


Any computer or program connecting to, or requesting the services of, another computer or program. Client can also refer to the software that enables the computer or program to establish the connection.

For a local area network (LAN) or the Internet, a computer that uses shared network resources provided by another computer (called a server).

See also: server


In data storage, the smallest amount of disk space that can be allocated to hold a file. All file systems used by Windows organize hard disks based on clusters, which consist of one or more contiguous sectors. The smaller the cluster size, the more efficiently a disk stores information. If no cluster size is specified during formatting, Windows picks defaults based on the size of the volume. These defaults are selected to reduce the amount of space that is lost and the amount of fragmentation on the volume. A cluster is also called an allocation unit.

In computer networking, a group of independent computers that work together to provide a common set of services and present a single-system image to clients. The use of a cluster enhances the availability of the services and the scalability and manageability of the operating system that provides the services.

See also: client; file system; volume

cluster disk

A disk on a shared bus connected to the cluster nodes, which all the cluster nodes can access (though not at the same time).

cluster remapping

A recovery technique used when NTFS detects a bad sector. NTFS dynamically replaces the cluster containing the bad sector and allocates a new cluster for the data. If the error occurs during a read, NTFS returns a read error to the calling program, and the data is lost. If the error occurs during a write, NTFS writes the data to the new cluster, and no data is lost.

See also: NTFS file system

code page

A means of providing support for character sets and keyboard layouts for different countries or regions. A code page is a table that relates the binary character codes used by a program to keys on the keyboard or to characters on the display.


Hardware that can convert audio or video signals between analog and digital forms (coder/decoder); hardware or software that can compress and uncompress audio or video data (compression/decompression); or the combination of coder/decoder and compression/decompression. Generally, a codec compresses uncompressed digital data so that the data uses less memory.


See definition for: Component Object Model (COM)

COM port

See definition for: communication port

Common Internet File System (CIFS)

A protocol and a corresponding API used by application programs to request higher level application services. CIFS was formerly known as Server Message Block (SMB).

communication port

A port on a computer that allows asynchronous communication of one byte at a time. A communication port is also called a serial port.

See also: asynchronous communication

Compact Disc File System (CDFS)

A 32-bit protected-mode file system that controls access to the contents of CD-ROM drives.

compact disc-recordable (CD-R)

A type of CD-ROM that can be written on a CD recorder and read on a CD-ROM drive.

complementary metal-oxide semiconductor (CMOS)

The battery-packed memory that stores information, such as disk types and amount of memory, used to start the computer.

Component Object Model (COM)

An object-based programming model designed to promote software interoperability; it allows two or more applications or components to easily cooperate with one another, even if they were written by different vendors, at different times, in different programming languages, or if they are running on different computers running different operating systems. Object linking and embedding (OLE) technology and ActiveX are both built on top of COM.

See also: ActiveX; object linking and embedding (OLE)


A basic security function of cryptography. Confidentiality provides assurance that only authorized users can read or use confidential or secret information. Without confidentiality, anyone with network access can use readily available tools to eavesdrop on network traffic and intercept valuable proprietary information. For example, an Internet Protocol security service that ensures a message is disclosed only to intended recipients by encrypting the data.

See also: authentication; cryptography; integrity; nonrepudiation

console tree

The left pane in Microsoft Management Console (MMC) that displays the items contained in the console. By default it is the left pane of a console window, but it can be hidden. The items in the console tree and their hierarchical organization determine the capabilities of a console.

See also: Microsoft Management Console (MMC)

container object

An object that can logically contain other objects. For example, a folder is a container object.

See also: noncontainer object; object

copy backup

A backup that copies all selected files but does not mark each file as having been backed up (in other words, the archive attribute is not cleared). Copying is useful if you want to back up files between normal and incremental backups because copying does not affect these other backup operations.

See also: daily backup; differential backup; incremental backup; normal backup


See definition for: central processing unit (CPU)


A set of information that includes identification and proof of identification that is used to gain access to local and network resources. Examples of credentials are user names and passwords, smart cards, and certificates.


An application programming interface (API) that is provided as part of Microsoft Windows. CryptoAPI provides a set of functions that allows applications to encrypt or digitally sign data in a flexible manner while providing protection for the user's sensitive private key data. Actual cryptographic operations are performed by independent modules known as cryptographic service providers (CSPs).

See also: application programming interface (API); cryptographic service provider (CSP); private key

cryptographic service provider (CSP)

The code that performs authentication, encoding, and encryption services that Windows-based applications access through CryptoAPI. A CSP is responsible for creating keys, destroying them, and using them to perform a variety of cryptographic operations. Each CSP provides a different implementation of the CryptoAPI. Some provide stronger cryptographic algorithms, while others contain hardware components, such as smart cards.

See also: CryptoAPI; smart card


The processes, art, and science of keeping messages and data secure. Cryptography is used to enable and ensure confidentiality, data integrity, authentication (entity and data origin), and nonrepudiation.

See also: authentication; confidentiality; integrity; nonrepudiation


The set of tracks that are at the same head position on a hard disk. Cylinder numbers start at 0, with cylinder 0 at the outer edge of the platters. A cylinder is approximately 8 megabytes.

See also: head; track


daily backup

A backup that copies all selected files that have been modified the day the daily backup is performed. The backed-up files are not marked as having been backed up (in other words, the archive attribute is not cleared).

See also: copy backup; differential backup; incremental backup; normal backup

data confidentiality

A service provided by cryptographic technology to ensure that data can be read only by authorized users or programs. In a network, data confidentiality ensures that data cannot be read by intruders. Windows 2000 and Windows XP Professional use access control mechanisms and encryption, such as DES, 3DES, and RSA encryption algorithms, to ensure data confidentiality.

See also: 3DES; cryptography; Data Encryption Standard (DES); RSA

Data Encryption Standard (DES)

An encryption algorithm that uses a 56-bit key, and maps a 64-bit input block to a 64-bit output block. The key appears to be a 64-bit key, but one bit in each of the 8 bytes is used for odd parity, resulting in 56 bits of usable key.

data integrity

A service provided by cryptographic technology that ensures data has not been modified. In a network environment, data integrity allows the receiver of a message to verify that data has not been modified in transit. Windows 2000 and Windows XP Professional use access control mechanisms and cryptography, such as RSA public-key signing and shared symmetric key one-way hash algorithms, to ensure data integrity.

See also: cryptography

data packet

A unit of information transmitted as a whole from one device to another on a network.

data-link layer

A layer that packages raw bits from the physical layer into frames (logical, structured packets for data). This layer is responsible for transferring frames from one computer to another, without errors. After sending a frame, the data-link layer waits for an acknowledgment from the receiving computer.


To return media to the available state after they have been used by an application.

decommissioned state

A state that indicates that media have reached their allocation maximum.


The process of making encrypted data readable again by converting ciphertext to plaintext.

See also: ciphertext; encryption; plaintext

default gateway

A configuration item for the TCP/IP protocol that is the IP address of a directly reachable IP router. Configuring a default gateway creates a default route in the IP routing table.


The process of rewriting parts of a file to contiguous sectors on a hard disk to increase the speed of access and retrieval.

See also: fragmentation

denial-of-service attack

An attack in which an attacker exploits a weakness or a design limitation of a network service to overload or halt the service, so that the service is not available for use. This type of attack is typically launched to prevent other users from using a network service such as a Web server or a file server.


The on-screen work area on which windows, icons, menus, and dialog boxes appear.

destination directory

The directory (or folder) to which files are copied or moved.

See also: source directory

device driver

A program that allows a specific device, such as a modem, network adapter, or printer, to communicate with the operating system. Although a device might be installed on your system, Windows cannot use the device until you have installed and configured the appropriate driver.

If a device is listed in the Hardware Compatibility List (HCL), a driver is usually included with Windows. Device drivers load automatically (for all enabled devices) when a computer is started, and thereafter run invisibly.

See also: Hardware Compatibility List (HCL)

Device Manager

An administrative tool that can be used to manage the devices on your computer. Use Device Manager to view and change device properties, update device drivers, configure device settings, and remove devices.

device tree

A hierarchical tree that contains the devices configured on a computer.


See definition for: Dynamic Host Configuration Protocol (DHCP)

DHCP service

A service that enables a computer to function as a DHCP server and configure DHCP-enabled clients on a network. DHCP runs on a server, enabling the automatic, centralized management of IP addresses and other TCP/IP configuration settings for network clients.

dial-up connection

The connection to your network if you are using a device that uses the telephone network. This includes modems with a standard phone line, ISDN cards with high-speed ISDN lines, or X.25 networks.

If you are a typical user, you might have one or two dial-up connections, for example, to the Internet and to your corporate network. In a more complex server situation, multiple network modem connections might be used to implement advanced routing.

differential backup

A backup that copies files created or changed since the last normal or incremental backup. It does not mark files as having been backed up (in other words, the archive attribute is not cleared). If you are performing a combination of normal and differential backups, restoring files and folders requires that you have the last normal as well as the last differential backup.

See also: copy backup; daily backup; incremental backup; normal backup

differential data

Saved copies of changed data that can be applied to an original volume to generate a volume shadow copy.

See also: volume; volume shadow copy

digital audio tape (DAT)

A magnetic medium for recording and storing digital audio data.

digital certificate

An electronic certification issued by certification authorities that shows where a program comes from and proves that the installation package has not been altered. Administrators should sign their code with a digital certificate if planning to distribute an Internet Explorer package over the Internet.

See also: certification authority (CA)

digital linear tape (DLT)

A magnetic medium for backing up data. DLT can transfer data faster than many other types of tape media.

digital signature

A means for originators of a message, file, or other digitally encoded information to bind their identity to the information. The process of digitally signing information entails transforming the information, as well as some secret information held by the sender, into a tag called a signature. Digital signatures are used in public key environments, and they provide nonrepudiation and integrity services.

See also: public key cryptography; timestamp

digital subscriber line (DSL)

A special communication line that uses modulation technology to maximize the amount of data that can be sent over copper wires. DSL is used for connections from telephone switching stations to a subscriber rather than between switching stations.

digital video disc (DVD)

A type of optical disc storage technology. A digital video disc (DVD) looks like a CD-ROM disc, but it can store greater amounts of data. DVDs are often used to store full-length movies and other multimedia content that requires large amounts of storage space.

See also: DVD decoder; DVD drive

direct hosting

For Microsoft networking, the sending of messages directly over the IPX protocol without the use of NetBIOS. While direct hosting may be more efficient, a direct hosting client can connect only to a direct hosting server. Windows XP Professional does not support direct hosting.

See also: Internetwork Packet Exchange (IPX); network basic input/output system (NetBIOS); NWLink

direct memory access (DMA)

Memory access that does not involve the microprocessor. DMA is frequently used for data transfer directly between memory and a peripheral device such as a disk drive.

See also: hardware configuration


An information source that contains information about users, computer files, or other objects. In a file system, a directory stores information about files. In a distributed computing environment (such as a Windows domain), the directory stores information about objects such as printers, fax servers, applications, databases, and other users.

See also: domain

directory service

Both the directory information source and the service that makes the information available and usable. A directory service enables the user to find an object when given any one of its attributes.

See also: Active Directory; directory


To make a device nonfunctional. For example, if you disable a device in a hardware configuration, you cannot use the device when your computer uses that hardware configuration. Disabling a device frees the resources that were allocated to the device.

See also: hardware configuration

discretionary access control list (DACL)

The part of an object's security descriptor that grants or denies specific users and groups permission to access the object. Only the owner of an object can change permissions granted or denied in a DACL; thus, access to the object is at the owner's discretion.

See also: access control entry (ACE); object; security descriptor; security group; system access control list (SACL)

disk bottleneck

A condition that occurs when disk performance is reduced to the extent that overall system performance is affected.

disk quota

The maximum amount of disk space available to a user.


To remove a removable tape or disc from a drive.

See also: library; mount

Distributed File System (DFS)

A service that allows system administrators to organize distributed network shares into a logical namespace, enabling users to access files without specifying their physical location and providing load sharing across network shares.

distribution folder

The folder created on the Windows 2000-based distribution server to contain the Setup files.


See definition for: direct memory access (DMA)


See definition for: Domain Name System (DNS)

DNS client

A client computer that queries Domain Name System (DNS) servers in an attempt to resolve DNS domain names. DNS clients maintain a temporary cache of resolved DNS domain names.

See also: DNS server; Domain Name System (DNS)

DNS dynamic update protocol

An updated specification to the DNS standard that permits hosts that store name information in DNS to dynamically register and update their records in zones maintained by DNS servers that can accept and process dynamic update messages.

See also: DNS; DNS server

DNS server

A server that maintains information about a portion of the Domain Name System (DNS) database and that responds to and resolves DNS queries.

See also: DNS client; Domain Name System (DNS)

DNS zone

In a DNS database, a zone is a contiguous portion of the DNS tree that is administered as a single separate entity by a DNS server. The zone contains resource records for all the names within the zone.


In Active Directory, a collection of computers defined by the administrator. These computers share a common directory database, security policies, and security relationships with other domains.

In DNS, any tree or subtree within the DNS namespace. Although the names for DNS domains often correspond to Active Directory domains, DNS domains should not be confused with Active Directory domains.

See also: Active Directory; Domain Name System (DNS)

domain controller

In an Active Directory forest, a server that contains a writable copy of the Active Directory database, participates in Active Directory replication, and controls access to network resources. Administrators can manage user accounts, network access, shared resources, site topology, and other directory objects from any domain controller in the forest.

See also: Active Directory; authentication; directory; shared resource

domain DFS

An implementation of DFS in which DFS topological information is stored in Active Directory. Because this information is made available on multiple domain controllers in the domain, domain DFS provides fault-tolerance for any distributed file system in the domain.

See also: fault tolerance

domain local group

A security or distribution group that can contain universal groups, global groups, other domain local groups from its own domain, and accounts from any domain in the forest. Domain local security groups can be granted rights and permissions on resources that reside only in the same domain where the domain local group is located.

See also: domain tree; forest; global group; security group; universal group

domain name

The name given by an administrator to a collection of networked computers that share a common directory. Part of the Domain Name System (DNS) naming structure, domain names consist of a sequence of name labels separated by periods.

See also: domain; Domain Name System (DNS)

Domain Name System (DNS)

A hierarchical, distributed database that contains mappings of DNS domain names to various types of data, such as IP addresses. DNS enables the location of computers and services by user-friendly names, and it also enables the discovery of other information stored in the database.

See also: domain; IP address; Transmission Control Protocol/Internet Protocol (TCP/IP)

domain tree

In DNS, the inverted hierarchical tree structure that is used to index domain names. Domain trees are similar in purpose and concept to the directory trees used by computer filing systems for disk storage. For example, when numerous files are stored on disk, directories can be used to organize the files into logical collections. When a domain tree has one or more branches, each branch can organize domain names used in the namespace into logical collections.

In Active Directory, a hierarchical structure of one or more domains, connected by transitive, bidirectional trusts, that forms a contiguous namespace. Multiple domain trees can belong to the same forest.

See also: Active Directory; domain; domain name; Domain Name System (DNS); forest

dual boot

A computer configuration that can start two different operating systems.

See also: multiple boot; startup environment

DVD decoder

A hardware or software component that allows a digital video disc (DVD) drive to display movies on your computer screen.

See also: digital video disc (DVD); DVD drive; hardware decoder; software decoder

DVD drive

A disk storage device that uses digital video disc (DVD) technology. A DVD drive reads both CD-ROM and DVDs; however, you must have a DVD decoder to display DVD movies on your computer screen.

See also: digital video disc (DVD); DVD decoder

Dvorak keyboard

An alternative keyboard with a layout that makes the most frequently typed characters more accessible to people who have difficulty typing on the standard QWERTY layout.

dynamic disk

A physical disk that can be accessed only by Windows 2000 and Windows XP. Dynamic disks provide features that basic disks do not, such as support for volumes that span multiple disks. Dynamic disks use a hidden database to track information about dynamic volumes on the disk and other dynamic disks in the computer. You convert basic disks to dynamic by using the Disk Management snap-in or the DiskPart command-line tool. When you convert a basic disk to dynamic, all existing basic volumes become dynamic volumes.

See also: active volume; basic disk; basic volume; dynamic volume; partition; volume

Dynamic Host Configuration Protocol (DHCP)

A TCP/IP service protocol that offers dynamic leased configuration of host IP addresses and distributes other configuration parameters to eligible network clients. DHCP provides safe, reliable, and simple TCP/IP network configuration, prevents address conflicts, and helps conserve the use of client IP addresses on the network.

DHCP uses a client/server model where the DHCP server maintains centralized management of IP addresses that are used on the network. DHCP-supporting clients can then request and obtain lease of an IP address from a DHCP server as part of their network boot process.

See also: IP address; Transmission Control Protocol/Internet Protocol (TCP/IP)

dynamic volume

A volume that resides on a dynamic disk. Windows supports five types of dynamic volumes: simple, spanned, striped, mirrored, and RAID-5. A dynamic volume is formatted by using a file system, such as FAT or NTFS, and has a drive letter assigned to it.

See also: basic disk; basic volume; dynamic disk; mirrored volume; RAID-5 volume; simple volume; spanned volume; striped volume; volume

dynamic-link library (DLL)

An operating system feature that allows executable routines (generally serving a specific function or set of functions) to be stored separately as files with .dll extensions. These routines are loaded only when needed by the program that calls them.



See definition for: Extensible Authentication Protocol (EAP)

EFI system partition

On Itanium-based computers, a portion on a GUID partition table (GPT) disk that is formatted with the FAT file system and contains the files necessary to start the computer. Every Itanium-based computer must have at least one GPT disk with an EFI system partition. The EFI system partition serves the same purpose as the system volume found on x86-based computers.

See also: Extensible Firmware Interface (EFI); GUID partition table (GPT); Microsoft Reserved (MSR) partition

Encapsulating Security Payload (ESP)

An IPSec protocol that provides confidentiality, in addition to authentication, integrity, and anti-replay. ESP can be used alone, in combination with AH, or nested with the Layer Two Tunneling Protocol (L2TP). ESP does not normally sign the entire packet unless it is being tunneled. Ordinarily, just the data payload is protected, not the IP header.

See also: authentication; Authentication Header (AH); integrity; Internet Protocol security (IPSec); Layer Two Tunneling Protocol (L2TP)

Encrypting File System (EFS)

A feature in this version of Windows that enables users to encrypt files and folders on an NTFS volume disk to keep them safe from access by intruders.

See also: NTFS file system


The process of disguising a message or data in such a way as to hide its substance.

See also: public key encryption

encryption key

A bit string that is used in conjunction with an encryption algorithm to encrypt and decrypt data.

See also: private key; symmetric key

environment variable

A string consisting of environment information, such as a drive, path, or file name, associated with a symbolic name that can be used by Windows. You use System in Control Panel or the set command from the command prompt to define environment variables.

See also: variable


An IEEE 802.3 standard for contention networks. Ethernet uses a bus or star topology and relies on the form of access known as Carrier Sense Multiple Access with Collision Detection (CSMA/DC) to regulate communication line traffic. Network nodes are linked by coaxial cable, fiber-optic cable, or by twisted-pair wiring. Data is transmitted in variable-length frames containing delivery and control information and up to 1,500 bytes of data. The Ethernet standard provides for baseband transmission at 10 megabits (10 million bits) per second.


Approximately one quintillion bytes, or one billion billion bytes.

expire interval

For DNS, the number of seconds that DNS servers operating as secondary masters for a zone will use to determine if zone data should be expired when the zone is not refreshed and renewed.

See also: DNS server; Domain Name System (DNS)


In Network File System (NFS), to make a file system available by a server to a client for mounting.

See also: Network File System (NFS)

Extended Industry Standard Architecture (EISA)

A 32-bit bus standard introduced in 1988 by a consortium of nine computer-industry companies. EISA maintains compatibility with the earlier Industry Standard Architecture (ISA) but provides for additional features.

See also: Industry Standard Architecture (ISA)

extended partition

A type of partition that you can create only on basic master boot record (MBR) disks. Extended partitions are useful if you want to create more than four volumes on a basic MBR disk. Unlike primary partitions, you do not format an extended partition with a file system and then assign a drive letter to it. Instead, you create one or more logical drives within the extended partition. After you create a logical drive, you format it and assign it a drive letter. An MBR disk can have up to four primary partitions, or three primary partitions, one extended partition, and multiple logical drives.

See also: basic disk; logical drive; master boot record (MBR); partition; primary partition; unallocated space; volume

Extensible Authentication Protocol (EAP)

An extension to the Point-to-Point Protocol (PPP) that allows for arbitrary authentication mechanisms to be employed for the validation of a PPP connection.

See also: Point-to-Point Protocol (PPP)

Extensible Firmware Interface (EFI)

In computers with the Intel Itanium processor, the interface between a computer's firmware, hardware, and the operating system. The Extensible Firmware Interface (EFI) defines a new partition style called GUID partition table (GPT). EFI serves the same purpose for Itanium-based computers as the BIOS found in x86-based computers. However, it has expanded capabilities that provide a consistent way to start any compatible operating system and an easy way to add EFI drivers for new bootable devices without the need to update the computer's firmware.

See also: basic input/output system (BIOS); GUID partition table (GPT)

Extensible Markup Language (XML)

A meta-markup language that provides a format for describing structured data. This facilitates more precise declarations of content and more meaningful search results across multiple platforms. In addition, XML enables a new generation of Web-based data viewing and manipulation applications.



A derivative of the file allocation table (FAT) file system. FAT32 supports smaller cluster sizes and larger volumes than FAT, which results in more efficient space allocation on FAT32 volumes.

See also: file allocation table (FAT)

fault tolerance

The ability of computer hardware or software to ensure data integrity when hardware failures occur. Fault tolerant features appear in many server operating systems and include mirrored volumes, RAID-5 volumes, and server clusters.

See also: cluster; mirrored volume; RAID-5 volume


See definition for: Fiber Distributed Data Interface (FDDI)

Fiber Distributed Data Interface (FDDI)

A type of network media designed for use with fiber-optic cabling.

file allocation table (FAT)

A file system used by MS-DOS and other Windows operating systems to organize and manage files. The file allocation table (FAT) is a data structure that Windows creates when you format a volume by using the FAT or FAT32 file systems. Windows stores information about each file in the FAT so that it can retrieve the file later.

See also: FAT32; file system; NTFS file system

file record

The row in the master file table (MFT) that corresponds to a particular disk file. The file record is identified by its file reference.

file system

In an operating system, the overall structure in which files are named, stored, and organized. NTFS, FAT, and FAT32 are types of file systems.

See also: FAT32; NTFS file system

file system cache

An area of physical memory that holds frequently used pages. It allows applications and services to locate pages rapidly and reduces disk activity.

File Transfer Protocol (FTP)

A member of the TCP/IP suite of protocols, used to copy files between two computers on the Internet. Both computers must support their respective FTP roles: one must be an FTP client and the other an FTP server.

See also: Transmission Control Protocol/Internet Protocol (TCP/IP)


For Indexing Service, software that extracts content and property values from a document in order to index them.

For IPSec, a specification of IP traffic that provides the ability to trigger security negotiations for a communication based on the source, destination, and type of IP traffic.


A keyboard feature that instructs your keyboard to ignore brief or repeated keystrokes. You can also adjust the keyboard repeat rate, which is the rate at which a key repeats when you hold it down.

See also: ToggleKeys


A combination of hardware and software that provides a security system, usually to prevent unauthorized access from outside to an internal network or intranet. A firewall prevents direct communication between network and external computers by routing communication through a proxy server outside of the network. The proxy server determines whether it is safe to let a file pass through to the network. A firewall is also called a security-edge gateway.


See definition for: IEEE 1394

Folder Redirection

A Group Policy option that allows you to redirect designated folders to the network.


A graphic design applied to a collection of numbers, symbols, and characters. A font describes a certain typeface, along with other qualities such as size, spacing, and pitch.

See also: OpenType fonts; PostScript fonts; screen font; Type 1 fonts


A collection of one or more Active Directory domain trees that share a common schema, configuration, and global catalog and are linked with two-way transitive trusts.

See also: domain; domain tree; schema


The scattering of parts of the same disk file over different areas of the disk. Fragmentation occurs as files on a disk are deleted and new files are added. It slows disk access and degrades the overall performance of disk operations, although usually not severely.

See also: defragmentation

free media pool

A logical collection of unused data-storage media that can be used by applications or other media pools. When media are no longer needed by an application, they are returned to a free media pool so that they can be used again.

See also: media pool; Removable Storage

free space

Available space that you use to create logical drives within an extended partition.

See also: extended partition; logical drive; unallocated space



A server that uses a directory to perform name-to-IP address translation, admission control, and call management services in H.323 conferencing.

See also: H.323


A device connected to multiple physical TCP/IP networks capable of routing or delivering IP packets between them. A gateway translates between different transport protocols or data formats (for example, IPX and IP) and is generally added to a network primarily for its translation ability.

In the context of interoperating with Novell NetWare networks, a gateway acts as a bridge between the server message block (SMB) protocol used by Windows networks and the NetWare Core Protocol (NCP) used by NetWare networks. A gateway is also called an IP router.

global group

A security or distribution group that can contain users, groups, and computers from its own domain as members. Global security groups can be granted rights and permissions on resources in any domain in its forest.

Global groups cannot be created or maintained on computers running Windows XP Professional. However, for Windows XP Professional-based computers that participate in a domain, domain global groups can be granted rights and permissions at those workstations and can become members of local groups at those workstations.

See also: group; local group; permission; user account

globally unique identifier (GUID)

A 16-byte value generated from the unique identifier on a device, the current date and time, and a sequence number. A GUID is used to identify a particular device or component.


See definition for: GUID partition table (GPT)

GPT disk

A disk that uses the GUID partition table (GPT) partition style. A partition style is the method that Windows XP uses to organize partitions on the disk. The GPT partition style supports volumes up to 18 exabytes and 128 partitions per disk. Only Itanium-based computers can use GPT disks.

See also: GUID partition table (GPT)

Graphical Identification and Authentication (GINA)

A DLL loaded during the Windows 2000 Winlogon process, which displays the standard logon dialog box and collects and processes user logon data for verification.

See also: dynamic-link library (DLL)

graphical user interface (GUI)

A display format, like that of Windows, that represents a program's functions with graphic images such as buttons and icons. GUIs allow a user to perform operations and make choices by pointing and clicking with a mouse.


A collection of users, computers, contacts, and other groups. Groups can be used as security or as e-mail distribution collections. Distribution groups are used only for e-mail. Security groups are used both to grant access to resources and as e-mail distribution lists.

See also: domain; global group; local group

group memberships

The groups to which a user account belongs. Permissions and rights granted to a group are also provided to its members. In most cases, the actions a user can perform in Windows are determined by the group memberships of the user account to which the user is logged on.

See also: group; user account

Group Policy

The Microsoft Management Console (MMC) snap-in that is used to edit Group Policy objects.

Group Policy object

A collection of Group Policy settings. Group Policy objects are essentially the documents created by the Group Policy snap-in, a Windows tool. Group Policy objects are stored at the domain level, and they affect users and computers contained in sites, domains, and organizational units. In addition, each Windows computer has exactly one group of settings stored locally, called the local Group Policy object.

See also: Group Policy; object

GUI mode

The portion of Setup that uses a graphical user interface (GUI).

GUID partition table (GPT)

A disk-partitioning scheme that is used by the Extensible Firmware Interface (EFI) in Itanium-based computers. GPT offers more advantages than master boot record (MBR) partitioning because it allows up to 128 partitions per disk, provides support for volumes up to 18 exabytes in size, allows primary and backup partition tables for redundancy, and supports unique disk and partition IDs (GUIDs).

See also: Extensible Firmware Interface (EFI); globally unique identifier (GUID); master boot record (MBR)



The ITU-T standard for multimedia communications over networks that do not provide a guaranteed quality of service (QoS). This standard provides specifications for workstations, devices, and services to carry real-time video, audio, and data or any combination of these elements.

See also: International Telecommunication Union - Telecommunication [Standardization Sector] (ITU-T); Quality of Service (QoS)

hardware abstraction layer (HAL)

A thin layer of software provided by the hardware manufacturer that hides, or abstracts, hardware differences from higher layers of the operating system. By means of the filter provided by the HAL, different types of hardware look alike to the rest of the operating system. This allows the operating system to be portable from one hardware platform to another. The HAL also provides routines that allow a single device driver to support the same device on all platforms.

Hardware Compatibility List (HCL)

A hardware list that Microsoft compiles for a specific product. The Windows HCL, which is posted on the Web, lists the hardware devices and computer systems that are compatible with specific versions of Windows.

hardware configuration

Resource settings that have been allocated for a specific device. Each device on your computer has a hardware configuration, which can consist of interrupt request (IRQ) lines, DMA, an I/O port, or memory address settings.

See also: direct memory access (DMA); input/output (I/O) port

hardware decoder

A type of digital video disc (DVD) decoder that allows a DVD drive to display movies on your computer screen. A hardware decoder uses both software and hardware to display movies.

See also: DVD decoder; DVD drive; software decoder

hardware malfunction message

A character-based, full-screen error message displayed on a blue background. It indicates that the microprocessor detected a hardware error condition from which the system cannot recover.


The mechanism that reads data from and writes data to a hard disk. Hard disks use one head for each side of each platter. The heads are attached to a common head-movement area, so that all heads move in unison. The heads are always positioned over the same logical track on each side of each platter.

See also: track

high byte

The byte containing the most significant bits (bits 8 through 15) in a 2-byte grouping representing a 16-bit (bits 0 through 15) value.


In data communications, one segment of the path between routers on a geographically dispersed network. A hop is comparable to one "leg" of a journey that includes intervening stops between the starting point and the destination. The distance between each of those stops (routers) is a communications hop.

Hosts file

A local text file in the same format as the 4.3 Berkeley Software Distribution (BSD) UNIX /etc/hosts file. This file maps host names to IP addresses, and it is stored in the \%Systemroot%\System32\Drivers\Etc folder.

See also: systemroot


See definition for: Hypertext Markup Language (HTML)


A feature in Microsoft Internet Explorer 5 that adds timing and media synchronization support to HTML pages. Using a few Extensible Markup Language (XML)-based elements and attributes, you can add images, video, and sounds to an HTML page, and synchronize them with HTML text elements over a specified amount of time. In short, you can use HTML+TIME technology to quickly and easily create multimedia-rich, interactive presentations, with little or no scripting.


See definition for: Hypertext Transfer Protocol (HTTP)

hubbed mode

A mode in which the ARP/MARS provides ATM addresses to requesting clients in the form of a multicast server (MCS) list value. In this mode, the ARP/MARS acts as a multicast server, providing active forwarding of all multicast and broadcast traffic destined for IP addresses contained within the ranges specified in the list.

See also: Asynchronous Transfer Mode (ATM); IP address

Human Interface Device (HID)

A firmware specification that is a new standard for input and output devices such as drawing tablets, keyboards, USB speakers, and other specialized devices designed to improve accessibility.

See also: universal serial bus (USB)

Hypertext Markup Language (HTML)

A simple markup language used to create hypertext documents that are portable from one platform to another. HTML files are simple ASCII text files with codes embedded (indicated by markup tags) to denote formatting and hypertext links.

See also: American Standard Code for Information Interchange (ASCII)

Hypertext Transfer Protocol (HTTP)

The protocol used to transfer information on the World Wide Web. An HTTP address (one kind of Uniform Resource Locator [URL]) takes the form:


I/O request packet (IRP)

Data structures that drivers use to communicate with each other.


See definition for: Image Color Management (ICM)


See definition for: integrated device electronics (IDE)

IEEE 1284.4

An IEEE specification for supporting multifunction peripherals (MFPs). Windows 2000 has a driver that creates different port settings for each function of an MFP, enabling Windows 2000 print servers to simultaneously send data to multiple parts of an MFP.

IEEE 1394

A standard for high-speed serial devices such as digital video and digital audio editing equipment.


See definition for: Internet Information Services (IIS)


See definition for: Internet locator service (ILS)

Image Color Management (ICM)

The process of image output correction. ICM attempts to make the output more closely match the colors that are input or scanned.

import media pool

A logical collection of data-storage media that has not been cataloged by Removable Storage. Media in an import media pool should be cataloged as soon as possible so that they can be used by an application.

See also: media pool; Removable Storage

incremental backup

A backup that copies only those files created or changed since the last normal or incremental backup. It marks files as having been backed up (in other words, the archive attribute is cleared). If you use a combination of normal and incremental backups to restore your data, you will need to have the last normal backup and all incremental backup sets.

See also: copy backup; daily backup; differential backup; normal backup

independent client

A computer with Message Queuing installed that can host queues and store messages locally. Independent clients do not require synchronous access to a Message Queuing server to send and receive messages, but they can use Message Queuing servers with routing enabled for efficient message routing.

independent software vendors (ISVs)

A third-party software developer; an individual or an organization that independently creates computer software.

Industry Standard Architecture (ISA)

A bus design specification that allows components to be added as cards plugged into standard expansion slots in IBM Personal Computers and IBM-compatible computers.

infrared (IR)

Light that is beyond red in the color spectrum. While the light is not visible to the human eye, infrared transmitters and receivers can send and receive infrared signals.

See also: Infrared Data Association (IrDA); infrared device; infrared port

Infrared Data Association (IrDA)

The industry organization of computer, component, and telecommunications vendors who establish the standards for infrared communication between computers and peripheral devices, such as printers.

See also: infrared (IR)

infrared device

A computer, or a computer peripheral such as a printer, that can communicate by using infrared light.

See also: infrared (IR)

infrared port

An optical port on a computer that enables communication with other computers or devices by using infrared light, without cables. Infrared ports can be found on some portable computers, printers, and cameras.

See also: infrared (IR); infrared device


In security, a mechanism that allows a specific access control entry (ACE) to be copied from the container where it was applied to all children of the container. Inheritance can be used to manage access to a whole subtree of objects in a single update operation.

See also: access control entry (ACE); Active Directory


In Disk Management, the process of detecting a disk or volume and assigning it a status (for example, healthy) and a type (for example, dynamic).

See also: basic disk; basic volume; dynamic disk; dynamic volume

Input language

A Regional and Language Options setting that specifies the combination of the language being entered and the keyboard layout, Input Method Editor (IME), speech-to-text converter, or other device being used to enter it. Formerly known as input locale.

input locale

See definition for: Input language

input/output (I/O) port

A channel through which data is transferred between a device and the microprocessor. The port appears to the microprocessor as one or more memory addresses that it can use to send or receive data.

insert/eject port

A port that offers limited access to the cartridges in a library managed by Removable Storage. Also known as a mailslot.

See also: cartridge; library; Removable Storage


When referring to software, to add program files and folders to your hard disk and related data to your registry so that the software runs properly. Installing contrasts with upgrading, where existing program files, folders, and registry entries are updated to a more recent version.

When referring to hardware, to physically connect the device to your computer, to load device drivers onto your computer, and to configure device properties and settings.

See also: device driver; registry; uninstall

Institute of Electrical and Electronics Engineers (IEEE)

An organization of engineering and electronics professionals that are notable for developing standards for hardware and software.

integrated device electronics (IDE)

A type of disk-drive interface in which the controller electronics reside on the drive itself, eliminating the need for a separate adapter card. IDE offers advantages such as look-ahead caching to increase overall performance.


A basic security function of cryptography. Integrity provides verification that the original contents of information have not been altered or corrupted. Without integrity, someone might alter information or the information might become corrupted, but the alteration can go undetected. For example, an Internet Protocol security property that protects data from unauthorized modification in transit, ensuring that the data received is exactly the same as the data sent. Hash functions sign each packet with a cryptographic checksum, which the receiving computer checks before opening the packet. If the packet—and therefore signature—has changed, the packet is discarded.


A set of directory-based change and configuration management features introduced in Windows 2000 and enhanced in Windows XP. When IntelliMirror is used in both the server and client, the users' data, applications, and settings follow them when they move to another computer.

interactive logon

A network logon from a computer keyboard, when the user types information in the Logon Information dialog box displayed by the computer's operating system.

International Telecommunication Union - Telecommunication [Standardization Sector] (ITU-T)

The sector of the International Telecommunication Union (ITU) responsible for telecommunication standards. ITU-T replaces the Comite Consultatif International Telegraphique et Telephonique (CCITT). Its responsibilities include standardizing modem design and operations, and standardizing protocols for networks and facsimile transmission. ITU is an international organization within which governments and the private sector coordinate global telecom networks and services.


internet. Two or more network segments connected by routers. Another term for internetwork.

Internet. A worldwide network of computers. If you have access to the Internet, you can retrieve information from millions of sources, including schools, governments, businesses, and individuals.

See also: World Wide Web

Internet Control Message Protocol (ICMP)

A required maintenance protocol in the TCP/IP suite that reports errors and allows simple connectivity. ICMP is used by the Ping tool to perform TCP/IP troubleshooting.

See also: Internet Protocol (IP); protocol; Transmission Control Protocol/Internet Protocol (TCP/IP)

Internet Information Services (IIS)

Software services that support Web site creation, configuration, and management, along with other Internet functions. Internet Information Services include Network News Transfer Protocol (NNTP), File Transfer Protocol (FTP), and Simple Mail Transfer Protocol (SMTP).

See also: File Transfer Protocol (FTP); Simple Mail Transfer Protocol (SMTP)

Internet Key Exchange (IKE)

A protocol that establishes the security association and shared keys necessary for two parties to communicate by using Internet Protocol security.

See also: Internet Protocol security (IPSec)

Internet locator service (ILS)

An optional component of Microsoft Site Server that creates a dynamic directory of videoconferencing users.

Internet Printing Protocol (IPP)

The protocol that uses the Hypertext Transfer Protocol (HTTP) to send print jobs to printers throughout the world. Windows 2000 and Windows XP Professional support Internet Printing Protocol (IPP) version 1.0.

Internet Protocol (IP)

A routable protocol in the TCP/IP protocol suite that is responsible for IP addressing, routing, and the fragmentation and reassembly of IP packets.

See also: packet; Transmission Control Protocol/Internet Protocol (TCP/IP); voluntary tunnel

Internet Protocol security (IPSec)

A set of industry-standard, cryptography-based protection services and protocols. IPSec protects all protocols in the TCP/IP protocol suite and Internet communications by using L2TP.

See also: Layer Two Tunneling Protocol (L2TP); protocol; Transmission Control Protocol/Internet Protocol (TCP/IP)

Internet service provider (ISP)

A company that provides individuals or companies access to the Internet and the World Wide Web. An ISP provides a telephone number, a user name, a password, and other connection information so users can connect their computers to the ISP's computers. An ISP typically charges a monthly or hourly connection fee.

Internetwork Packet Exchange (IPX)

A network protocol native to NetWare that controls addressing and routing of packets within and between LANs. IPX does not guarantee that a message will be complete (no lost packets).

See also: Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX); local area network (LAN); Routing Information Protocol over IPX (RIPX)

Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX)

Transport protocols used in Novell NetWare networks, which together correspond to the combination of TCP and IP in the TCP/IP protocol suite. Windows implements IPX through NWLink.

See also: Internetwork Packet Exchange (IPX); NWLink; Transmission Control Protocol/Internet Protocol (TCP/IP)


A request for attention from the processor. When the processor receives an interrupt, it suspends its current operations, saves the status of its work, and transfers control to a special routine known as an interrupt handler, which contains the instructions for dealing with the particular situation that caused the interrupt.

interrupt request (IRQ)

A signal sent by a device to get the attention of the processor when the device is ready to accept or send information. Each device sends its interrupt requests over a specific hardware line. Each device must be assigned a unique IRQ number.


A network within an organization that uses Internet technologies and protocols, but is available only to certain people, such as employees of a company. An intranet is also called a private network.


See definition for: Internet Protocol (IP)

IP address

A 32-bit address used to identify a node on an IP internetwork. Each node on the IP internetwork must be assigned a unique IP address, which is made up of the network ID, plus a unique host ID. This address is typically represented with the decimal value of each octet separated by a period (for example, You can configure the IP address statically or dynamically by using DHCP.

See also: Dynamic Host Configuration Protocol (DHCP)

IP router

A system connected to multiple physical TCP/IP networks that can route or deliver IP packets between the networks.


See definition for: Internet Printing Protocol (IPP)


See definition for: Internet Protocol security (IPSec)

IPSec driver

A driver that uses the IP Filter List from the active IPSec policy to watch for outbound IP packets that must be secured and inbound IP packets that need to be verified and decrypted.

See also: IPSec


See definition for: Internetwork Packet Exchange (IPX)


See definition for: Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX)


See definition for: Infrared Data Association (IrDA)


See definition for: I/O request packet (IRP)


See definition for: interrupt request (IRQ)


A protocol that transfers images from cameras to computers by using infrared transmissions, making a physical cable connection unnecessary.

See also: infrared (IR)


Time dependent. Refers to processes where data must be delivered within certain time constraints. Multimedia streams require an isochronous transport mechanism to ensure that data is delivered as fast as it is displayed, and to ensure that the audio is synchronized with the video.


There are no glossary terms that begin with this letter.


Kerberos V5 authentication protocol

An authentication mechanism used to verify user or host identity. The Kerberos V5 authentication protocol is the default authentication service for Windows 2000. Internet Protocol security (IPSec) and the QoS Admission Control Service use the Kerberos protocol for authentication.

See also: Internet Protocol security (IPSec); Key Distribution Center (KDC)


The core of layered architecture that manages the most basic operations of the operating system and the computer's processor. The kernel schedules different blocks of executing code, called threads, for the processor to keep it as busy as possible and coordinates multiple processors to optimize performance. The kernel also synchronizes activities among Executive-level subcomponents, such as I/O Manager and Process Manager, and handles hardware exceptions and other hardware-dependent functions. The kernel works closely with the hardware abstraction layer.


In Registry Editor, a folder that appears in the left pane of the Registry Editor window. A key can contain subkeys and value entries. For example, Environment is a key of HKEY_CURRENT_USER.

In IP security (IPSec), a value used in combination with an algorithm to encrypt or decrypt data. Key settings for IP security are configurable to provide greater security.

Key Distribution Center (KDC)

A network service that supplies session tickets and temporary session keys used in the Kerberos V5 authentication protocol. In Windows 2000 and Windows XP, the KDC runs as a privileged process on all domain controllers.

See also: Kerberos V5 authentication protocol

keyboard filters

Special timing and other devices that compensate for erratic motion tremors, slow response time, and other mobility impairments.

Korn shell (ksh)

A command shell that provides the following functionality: file input and output redirection; command-line editing by using vi; command history; integer arithmetic; pattern matching and variable substitution; command name abbreviation (aliasing); and built-in commands for writing shell programs.



See definition for: Layer Two Tunneling Protocol (L2TP)


See definition for: local area network (LAN)

Language for non-Unicode programs

A Regional and Language Options setting that specifies the default code pages and associated bitmap font files for a specific computer that affects all of that computer's users. The default code pages and fonts enable a non-Unicode application written for one operating system language version to run correctly on another operating system language version. Formerly known as system locale.

Last Known Good Configuration

A hardware configuration available by pressing F8 during startup. If the current hardware settings prevent the computer from starting, the last known good configuration can allow you to start the computer and examine the configuration. When the last known good configuration is used, later configuration changes are lost.

Layer 2 forwarding (L2F)

Permits the tunneling of the link layer of higher-level protocols. Using these tunnels, it is possible to separate the location of the initial dial-up server from the physical location at which the dial-up protocol connection is terminated and access to the network is provided.

See also: tunnel

Layer Two Tunneling Protocol (L2TP)

An industry-standard Internet tunneling protocol that provides encapsulation for sending Point-to-Point Protocol (PPP) frames across packet-oriented media. For IP networks, L2TP traffic is sent as User Datagram Protocol (UDP) messages. In Microsoft operating systems, L2TP is used in conjunction with Internet Protocol security (IPSec) as a virtual private network (VPN) technology to provide remote access or router-to-router VPN connections. L2TP is described in RFC 2661.

See also: Internet Protocol security (IPSec); Point-to-Point Protocol (PPP); tunnel


A data-storage system, usually managed by Removable Storage. A library consists of removable media (such as tapes or discs) and a hardware device that can read from or write to the media. There are two major types of libraries: robotic libraries (automated multiple-media, multidrive devices) and stand-alone drive libraries (manually operated, single-drive devices). A robotic library is also called a jukebox or changer.

See also: Removable Storage

library request

A request for an online library or stand-alone drive to perform a task. This request can be issued by an application or by Removable Storage.

Lightweight Directory Access Protocol (LDAP)

The primary access protocol for Active Directory. LDAP version 3 is defined by a set of Proposed Standard documents in Internet Engineering Task Force (IETF) RFC 2251.

See also: Active Directory; protocol

Line Printer

A connectivity tool that runs on client systems and is used to print files to a computer running an LPD server.

Line Printer Daemon (LPD)

A service on the print server that receives documents (print jobs) from Line Printer Remote (LPR) tools running on client systems.

See also: Line Printer Remote (LPR); print job; print server

Line Printer Port Monitor

A port monitor that is used to send jobs over TCP/IP from the client running Lprmon.dll to a print server running a Line Printer Daemon (LPD) service. Line Printer Port Monitor can be used to enable Internet printing, UNIX print servers, or Windows 2000 print servers over a TCP/IP network.

See also: Line Printer Daemon (LPD); Transmission Control Protocol/Internet Protocol (TCP/IP)

Line Printer Remote (LPR)

A connectivity tool that runs on client systems and is used to print files to a computer running an LPD server.

See also: Line Printer Daemon (LPD)

local area network (LAN)

A communications network connecting a group of computers, printers, and other devices located within a relatively limited area (for example, a building). A LAN allows any connected device to interact with any other on the network.

See also: NetBIOS Extended User Interface (NetBEUI); network basic input/output system (NetBIOS); virtual local area network (VLAN); workgroup

local group

A security group that can be granted rights and permissions on only resources on the computer on which the group is created. Local groups can have any user accounts that are local to the computer as members, as well as users, groups, and computers from a domain to which the computer belongs.

See also: global group; user account

Local Security Authority (LSA)

A protected subsystem that authenticates and logs users on to the local system. In addition, the LSA maintains information about all aspects of local security on a system (collectively known as the local security policy), and provides various services for translation between names and identifiers.

local security policy

Security information about all aspects of local security on a system. The local security policy identifies who is assigned privileges and what security auditing is to be performed.

local user profile

A computer-based record about an authorized user that is created automatically on the computer the first time a user logs on to a workstation or server computer.


The standard print monitor for use with printers connected directly to your computer. If you add a printer to your computer using a serial or parallel port (such as COM1 or LPT1), this is the monitor that is used.

locator service

In a distributed system, a feature that allows a client to find a shared resource or server without providing an address or full name. Generally associated with Active Directory, which provides a locator service.

logical drive

A volume that you create within an extended partition on a basic master boot record (MBR) disk. Logical drives are similar to primary partitions, except that you are limited to four primary partitions per disk, whereas you can create an unlimited number of logical drives per disk. A logical drive can be formatted and assigned a drive letter.

See also: basic disk; basic volume; extended partition; master boot record (MBR); primary partition; volume

logical printer

The software interface between the operating system and the printer in Windows. While a printer is the device that does the actual printing, a logical printer is its software interface on the print server. This software interface determines how a print job is processed and how it is routed to its destination (to a local or network port, to a file, or to a remote print share). When you print a document, it is spooled (or stored) on the logical printer before it is sent to the printer itself.

See also: printer

logical volume

A volume created within an extended partition on a basic disk. You can format and assign a drive letter to a logical drive. Only basic disks can contain logical drives. A logical drive cannot span multiple disks.

See also: basic disk; extended partition; logical drive

logon script

Files that can be assigned to user accounts. Typically a batch file, a logon script runs automatically every time the user logs on. It can be used to configure a user's working environment at every logon, and it allows an administrator to influence a user's environment without managing all aspects of it. A logon script can be assigned to one or more user accounts.

See also: user account

long name

A folder name or file name longer than the 8.3 file name standard (up to eight characters followed by a period and an extension of up to three characters) of the FAT file system. This version of Windows supports long file names up to 255 characters.

See also: file allocation table (FAT); MS-DOS (Microsoft Disk Operating System)

loopback address

The address of the local computer used for routing outgoing packets back to the source computer. This address is used primarily for testing.



See definition for: media access control


A collection of storage locations, also known as slots, for cartridges in a library managed by Removable Storage. Magazines are usually removable.

See also: cartridge; library; Removable Storage


A screen enlarger that magnifies a portion of the screen in a separate window for users with low vision and for those who require occasional screen magnification for such tasks as editing art.

mandatory user profile

A user profile that is not updated when the user logs off. It is downloaded to the user's desktop each time the user logs on, and is created by an administrator and assigned to one or more users to create consistent or job-specific user profiles. Only members of the Administrators group can change profiles.

See also: roaming user profile

manual caching

A method of manually designating network files and folders so they are stored on a user's hard disk and accessible when the user is not connected to the network.

master boot record (MBR)

The first sector on a hard disk, which begins the process of starting the computer. The MBR contains the partition table for the disk and a small amount of executable code called the master boot code.

See also: Recovery Console

master file table (MFT)

An NTFS system file on NTFS-formatted volumes that contains information about each file and folder on the volume. The MFT is the first file on an NTFS volume.

See also: file allocation table (FAT); NTFS file system; volume

maximum password age

The period of time a password can be used before the system requires the user to change it.

MBR disk

A disk that uses the master boot record (MBR) partition style. A partition style is the method that Windows XP uses to organize partitions on the disk. All x86-based computers use MBR disks. Itanium-based computers can use MBR disks and GPT disks.

See also: GPT disk; master boot record (MBR)


Any fixed or removable objects that store computer data. Examples include hard disks, floppy disks, tapes, and compact discs.

media access control

A sublayer of the IEEE 802 specifications that defines network access methods and framing.

media pool

A logical collection of removable media that have the same management policies. Media pools are used by applications to control access to specific tapes or discs within libraries managed by Removable Storage. There are four media pools: unrecognized, import, free, and application-specific. Each media pool can only hold either media or other media pools.

See also: free media pool; import media pool; Removable Storage

memory leak

A condition that occurs when applications allocate memory for use but do not free allocated memory when finished.


A number used to indicate the cost of a route in the IP routing table that enables the selection of the best route among possible multiple routes to the same destination.

Microsoft Challenge Handshake Authentication Protocol version 1 (MS-CHAP v1)

An encrypted authentication mechanism for PPP connections similar to CHAP. The remote access server sends a challenge to the remote access client that consists of a session ID and an arbitrary challenge string. The remote access client must return the user name and a Message Digest 4 (MD4) hash of the challenge string, the session ID, and the MD4-hashed password.

See also: Challenge Handshake Authentication Protocol (CHAP); Point-to-Point Protocol (PPP)

Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2)

An encrypted authentication mechanism for PPP connections that provides stronger security than CHAP and MS-CHAP v1. MS-CHAP v2 provides mutual authentication and asymmetric encryption keys.

See also: Challenge Handshake Authentication Protocol (CHAP); Point-to-Point Protocol (PPP)

Microsoft Management Console (MMC)

A framework for hosting administrative tools called snap-ins. A console might contain tools, folders or other containers, World Wide Web pages, and other administrative items. These items are displayed in the left pane of the console, called a console tree. A console has one or more windows that can provide views of the console tree. The main MMC window provides commands and tools for authoring consoles. The authoring features of MMC and the console tree itself might be hidden when a console is in User Mode.

See also: console tree; snap-in

Microsoft Reserved (MSR) partition

A required partition on every GUID partition table (GPT) disk. System components can allocate portions of the MSR partition into new partitions for their own use. For example, when you convert a basic GPT disk to dynamic, the system allocates a portion of the MSR partition to be used as the Logical Disk Manager (LDM) metadata partition. The MSR partition varies in size based on the size of the GPT disk. For disks smaller than 16 GB, the MSR partition is 32 MB. For disks larger than 16 GB, the MSR partition is 128 MB. The MSR partition is not visible in Disk Management, and you cannot store data on the MSR partition or delete it.

See also: GUID partition table (GPT); partition

Microsoft Tape Format (MTF)

The data format used for tapes supported by the Backup feature of Windows 2000.

Mini-Setup wizard

A wizard that starts the first time a computer boots from a hard disk that has been duplicated. The wizard gathers any information that is needed for the newly duplicated hard disk.


A relatively small, simple driver or file that contains additional instructions needed by a specific hardware device to interface with the universal driver for a class of devices.


One of the two volumes that make up a mirrored volume. Each mirror of a mirrored volume resides on a different disk. If one mirror becomes unavailable (due to a disk failure, for example), Windows can use the remaining mirror to gain access to the volume's data.

See also: fault tolerance; mirrored volume; volume

mirror set

A fault-tolerant partition created with Windows NT 4.0 or earlier that duplicates data on two physical disks. You can only repair, resynchronize, break, or delete mirror sets in Windows 2000. To create new volumes that are mirrored, use mirrored volumes on dynamic disks.

See also: dynamic disk; mirrored volume

mirrored volume

A fault-tolerant volume that duplicates data on two physical disks. A mirrored volume provides data redundancy by using two identical volumes, which are called mirrors, to duplicate the information contained on the volume. A mirror is always located on a different disk. If one of the physical disks fails, the data on the failed disk becomes unavailable, but the system continues to operate in the mirror on the remaining disk. You can create mirrored volumes only on dynamic disks.

See also: dynamic disk; dynamic volume; fault tolerance; RAID-5 volume; volume

mixed mode

In a Windows 2000 domain, the default domain mode setting. Mixed mode allows Windows NT-based backup domain controllers to coexist with Windows 2000-based domain controllers. Mixed mode does not support universal groups or the nesting of groups. You can change the domain mode setting to native mode when all Windows NT-based domain controllers are removed from a domain.

See also: native mode


See definition for: Microsoft Management Console (MMC)

Mode Pruning

A Windows 2000 feature that can be used to remove display modes that the monitor cannot support.


To place a removable tape or disc into a drive.

See also: dismount; library


Audio compressed in the MPEG1 Layer 3 format.


A standard of video compression and file format developed by the Moving Pictures Experts Group. MPEG-2 offers video resolutions of 720 x 480 and 128 x 720 at 60 frames per second, with full CD-quality audio.


See definition for: Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2)

MS-DOS (Microsoft Disk Operating System)

An operating system used on all personal computers and compatibles. As with other operating systems, such as OS/2, it translates user keyboard input into operations the computer can perform. MS-DOS can be easily accessed by using the command prompt, while MS-DOS-based programs can be accessed through the use of shortcuts on the desktop.


The process of sending a message simultaneously to more than one destination on a network.

multihomed computer

A computer that has multiple network adapters or that has been configured with multiple IP addresses for a single network adapter.

See also: IP address; network adapter; virtual IP address

multiple boot

A computer configuration that runs two or more operating systems.

See also: dual boot; startup environment


name devolution

A process by which a DNS resolver appends one or more domain names to an unqualified domain name, making it a fully qualified domain name, and then submits the fully qualified domain name to a DNS server.

naming service

A service, such as that provided by WINS or DNS, that allows friendly names to be resolved to an address, or other specially defined resource data used to locate network resources of various types and purposes.

See also: Domain Name System (DNS); Windows Internet Name Service (WINS)


A synthesized text-to-speech tool for users who have low vision. Narrator reads aloud most of what the screen displays.

native mode

The condition in which all domain controllers in a domain are running Windows 2000 and a domain administrator has switched the domain operation mode from mixed mode to native mode.

NDIS miniport drivers

A type of minidriver that interfaces network class devices to NDIS.

nested groups

A Windows 2000 capability available only in native mode that allows the creation of groups within groups.

See also: group; native mode

Net Logon service

A service that runs in the Windows 2000 security subsystem in user mode, and performs the following functions; Replication of Windows NT 3.x and Windows NT 4.0 backup domain controllers with the Windows 2000 PDC emulator; NTLM pass-through authentication; Periodic password updates for computer accounts and interdomain trust relationships; Domain controller discovery using NetBIOS naming for non-directory-aware domain controllers (domain controllers that run Windows NT 3.5 and Windows NT 4.0); Domain controller discovery in closest site using NetBIOS naming or DNS naming for directory-aware domain controllers (domain controllers that run Windows 2000).


See definition for: NetBIOS Extended User Interface (NetBEUI)

NetBIOS Extended User Interface (NetBEUI)

A network protocol native to Microsoft Networking. It is usually used in small, department-size local area networks (LANs) of 1 to 200 clients. It can use Token Ring source routing as its only method of routing. It is the Microsoft implementation of the NetBIOS standard.

See also: local area network (LAN); network basic input/output system (NetBIOS); protocol

NetBIOS over TCP/IP (NetBT)

A feature that provides the NetBIOS programming interface over the TCP/IP protocol. It is used for monitoring routed servers that use NetBIOS name resolution.


Novell's network operating system.

network adapter

A device that connects your computer to a network. This device is sometimes called an adapter card or network interface card.

network basic input/output system (NetBIOS)

An application programming interface (API) that can be used by programs on a local area network (LAN). NetBIOS provides programs with a uniform set of commands for requesting the lower-level services required to manage names, conduct sessions, and send datagrams between nodes on a network.

See also: application programming interface (API); basic input/output system (BIOS); local area network (LAN); node

network card driver

A device driver that works directly with the network card, acting as an intermediary between the card and the protocol driver.

See also: device driver

Network Control Protocol (NCP)

A protocol within the PPP protocol suite that negotiates the parameters of an individual LAN protocol such as TCP/IP or IPX.

See also: Internetwork Packet Exchange (IPX); local area network (LAN); Point-to-Point Protocol (PPP); Transmission Control Protocol/Internet Protocol (TCP/IP)

Network Driver Interface Specification (NDIS)

A Microsoft/3Com specification establishing a common shared interface for Microsoft operating systems to support protocol-independent transport of multiple network transport protocols (such as TCP/IP, NetBEUI, IPX/SPX, and AppleTalk). NDIS allows more than one transport protocol to be bound and to operate simultaneously over a single network adapter.

See also: Internetwork Packet Exchange (IPX); Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX); NetBIOS Extended User Interface (NetBEUI); Transmission Control Protocol/Internet Protocol (TCP/IP)

Network File System (NFS)

A service for distributed computing systems that provides a distributed file system, eliminating the need for keeping multiple copies of files on separate computers.

network security administrator

A users who manages network and information security. A network security administrator should implement a security plan that addresses network security threats.


For tree structures, a location on the tree that can have links to one or more items below it.

For local area networks (LANs), a device that is connected to the network and is capable of communicating with other network devices.

See also: local area network (LAN)

noncontainer object

An object that cannot logically contain other objects. For example, a file is a noncontainer object.

See also: container object; object


A basic security function of cryptography that ensures that a party in a communication cannot falsely deny that a part of the communication occurred. Without nonrepudiation, someone can communicate and then later deny the communication or claim that the communication occurred at a different time.

nonresident attribute

A file attribute whose value is contained in one or more runs, or extents, outside the master file table (MFT) record and separate from the MFT.

See also: master file table (MFT)

nontransitive trust

A type of trust relationship that is bounded by the two domains in the relationship. For example, if domain A trusts domain B and domain B trusts domain C, there is no trust relationship between domain A and domain C.

Nontransitive trusts can be one-way or two-way relationships. This is the only type of trust that can exist between a Windows 2000 domain and a Windows NT domain or between Windows 2000 domains in different forests.

See also: forest

normal backup

A backup that copies all selected files and marks each file as having been backed up (in other words, the archive attribute is cleared). With normal backups, you need only the most recent copy of the backup file or tape to restore all of the files. You usually perform a normal backup the first time you create a backup set.

See also: copy backup; daily backup; differential backup; incremental backup

notification area

The area on the taskbar to the right of the taskbar buttons. The notification area displays the time and can also contain shortcuts that provide quick access to programs, such as Volume Control and Power Options. Other shortcuts can appear temporarily, providing information about the status of activities. For example, the printer shortcut icon appears after a document has been sent to the printer and disappears when printing is complete.

NT-1 (Network Terminator 1)

A device that terminates an ISDN line at the connection location, commonly through a connection port.

NTFS file system

An advanced file system that provides performance, security, reliability, and advanced features that are not found in any version of FAT. For example, NTFS guarantees volume consistency by using standard transaction logging and recovery techniques. If a system fails, NTFS uses its log file and checkpoint information to restore the consistency of the file system. In Windows 2000 and Windows XP, NTFS also provides advanced features such as file and folder permissions, encryption, disk quotas, and compression.

See also: FAT32; file allocation table (FAT); file system


A security package that provides authentication between clients and servers.

NTLM authentication protocol

A challenge/response authentication protocol. The NTLM authentication protocol was the default for network authentication in Windows NT version 4.0 and earlier and Windows Millennium Edition and earlier. The protocol continues to be supported in Windows 2000 and Windows XP but no longer is the default.

null modem cable

Special cabling that eliminates the modem's need for asynchronous communications between two computers over short distances. A null modem cable emulates modem communication.


An implementation of the Internetwork Packet Exchange (IPX), Sequenced Packet Exchange (SPX), and NetBIOS protocols used in Novell networks. NWLink is a standard network protocol that supports routing and can support NetWare client-server applications, where NetWare-aware Sockets-based applications communicate with IPX/SPX Sockets-based applications.

See also: Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX); network basic input/output system (NetBIOS); Routing Information Protocol over IPX (RIPX)



An entity, such as a file, folder, shared folder, printer, or Active Directory object, described by a distinct, named set of attributes. For example, the attributes of a File object include its name, location, and size; the attributes of an Active Directory User object might include the user's first name, last name, and e-mail address.

For OLE and ActiveX, an object can also be any piece of information that can be linked to, or embedded into, another object.

See also: attribute; child object; parent object

object linking and embedding (OLE)

A method for sharing information among applications. Linking an object, such as a graphic, from one document to another inserts a reference to the object into the second document. Any changes you make in the object in the first document will also be made in the second document. Embedding an object inserts a copy of an object from one document into another document. Changes you make in the object in the first document will not be updated in the second unless the embedded object is explicitly updated.

offline media

Media that are not connected to the computer and require external assistance to be accessed.

on-media identifier (OMID)

A label that is electronically recorded on each medium in a Removable Storage system. Removable Storage uses on-media identifiers to track media in the Removable Storage database. An application on-media identifier is a subset of the media label.

on-screen keyboard

A tool that displays a virtual keyboard on a computer screen and allows users with mobility impairments to type using a pointing device or joystick.


See definition for: Advanced Configuration and Power Interface (ACPI)

open database connectivity (ODBC)

An application programming interface (API) that enables database applications to access data from a variety of existing data sources.

See also: application programming interface (API)

OpenType fonts

Outline fonts that are rendered from line and curve commands, and can be scaled and rotated. OpenType fonts are clear and readable in all sizes and on all output devices supported by Windows. OpenType is an extension of TrueType font technology.

See also: font; TrueType fonts

operator request

A request for the operator to perform a task. This request can be issued by an application or by Removable Storage.

organizational unit

An Active Directory container object used within domains. An organizational unit is a logical container into which users, groups, computers, and other organizational units are placed. It can contain objects only from its parent domain. An organizational unit is the smallest scope to which a Group Policy object can be linked, or over which administrative authority can be delegated.

See also: Active Directory; container object; Group Policy object

original equipment manufacturer (OEM)

A company that typically purchases computer components from other manufacturers, uses the components to build a personal computer, preinstalls Windows onto that computer, and then sells the computer to the public.


A member of a mirrored volume or a RAID-5 volume that has failed due to a severe cause, such as a loss of power or a complete hard-disk head failure. When this happens, the fault-tolerant driver determines that it can no longer use the orphaned member and directs all new reads and writes to the remaining members of the fault-tolerant volume.

See also: fault tolerance; mirrored volume; RAID-5 volume


The client-side wizard that walks a user through the installation of an operating system or provides access to maintenance and troubleshooting utilities.

out-of-process application

An application that runs in an isolated process and does not share the same memory and CPU resources (process boundaries) as the application or server that calls it.


Setting a microprocessor to run at speeds above the rated specification.



An Open Systems Interconnection (OSI) network layer transmission unit that consists of binary information representing both data and a header containing an identification number, source and destination addresses, and error-control data.

packet header

In network protocol communications, a specially reserved field of a defined bit length that is attached to the front of a packet for carry and transfer of control information. When the packet arrives at its destination, the field is then detached and discarded as the packet is processed and disassembled in a corresponding reverse order for each protocol layer.

See also: packet

page fault

The interrupt that occurs when software attempts to read from or write to a virtual memory location that is marked not present.

In Task Manager, page fault is the number of times data has to be retrieved from disk for a process because it was not found in memory. The page fault value accumulates from the time the process started.

See also: virtual memory

page-description language (PDL)

A computer language that describes the arrangement of text and graphics on a printed page.

See also: PostScript; PostScript fonts; Printer Control Language (PCL)

paged pool

The system-allocated virtual memory that has been charged to a process and that can be paged. Paging is the moving of infrequently-used parts of a program's working memory from RAM to another storage medium, usually the hard disk.

In Task Manager, the amount of system-allocated virtual memory, in kilobytes, used by a process.

See also: registry size limit (RSL); virtual memory


The process of moving virtual memory back and forth between physical memory and the disk. Paging occurs when physical memory limitations are reached and only occurs for data that is not already "backed" by disk space. For example, file data is not paged out because it already has allocated disk space within a file system.

paging file

A hidden file on the hard disk that Windows uses to hold parts of programs and data files that do not fit in memory. The paging file and physical memory, or RAM, comprise virtual memory. Windows moves data from the paging file to memory as needed and moves data from memory to the paging file to make room for new data. Paging file is also called a swap file.

See also: registry size limit (RSL); virtual memory


See definition for: Password Authentication Protocol (PAP)

parallel connection

A connection that simultaneously transmits both data and control bits over wires connected in parallel. In general, a parallel connection can move data between devices faster than a serial connection.

parallel device

A device that uses a parallel connection.

parallel port

The input/output connector for a parallel interface device. Printers are generally plugged into a parallel port.

parent object

An object in which another object resides. For example, a folder is a parent object in which a file, or child object, resides. An object can be both a parent and a child object. For example, a subfolder that contains files is both the child of the parent folder and the parent folder of the files.

See also: child object; object


A calculated value that is used to reconstruct data after a failure. RAID-5 volumes stripe data and parity intermittently across a set of disks. When a disk fails, some server operating systems use the parity information together with the data on good disks to recreate the data on the failed disk.

See also: fault tolerance; RAID-5 volume; striped volume

parity bit

In asynchronous communications, an extra bit used in checking for errors in groups of data bits transferred within or between computer systems. In modem-to-modem communications, a parity bit is often used to check the accuracy with which each character is transmitted.

See also: parity


A portion of a physical disk that functions as though it were a physically separate disk. After you create a partition, you must format it and assign it a drive letter before you can store data on it.

On basic disks, partitions are known as basic volumes, which include primary partitions and logical drives. On dynamic disks, partitions are known as dynamic volumes, which include simple, striped, spanned, mirrored, and RAID-5 volumes.

See also: basic disk; basic volume; dynamic volume; extended partition; primary partition; system partition

partition table

On a hard disk, the data structure that stores the offset (location) and size of each primary partition on the disk. On MBR disks, the partition table is located in the master boot record. On GPT disks, the partition table is located in the GUID partition entry array.

See also: globally unique identifier (GUID); GPT disk; master boot record (MBR); MBR disk; partition

Password Authentication Protocol (PAP)

A simple, plaintext authentication scheme for authenticating PPP connections. The user name and password are requested by the remote access server and returned by the remote access client in plaintext.

See also: Point-to-Point Protocol (PPP); remote access


A sequence of directory (or folder) names that specifies the location of a directory, file, or folder within the Windows directory tree. Each directory name and file name within the path must be preceded by a backslash (\). For example, to specify the path of a file named Readme.doc located in the Windows directory on drive C, type C:\Windows\Readme.doc.

PC Card

A removable device, approximately the size of a credit card, that can be plugged into a Personal Computer Memory Card International Association (PCMCIA) slot in a portable computer. PCMCIA devices can include modems, network cards, and hard disk drives.


See definition for: peripheral component interconnect (PCI)

PCMCIA device

A removable device, approximately the size of a credit card, that can be plugged into a PCMCIA slot in a portable computer. PCMCIA devices can include modems, network adapters, and hard disk drives.

Some PCMCIA cards can be connected to and disconnected from your computer without restarting it. Before you remove the PCMCIA card, however, you should use the Add Hardware Wizard to notify Windows that you are doing so. Windows will then notify you when you can remove the device.


A program that receives requests from PCNFS clients for authentication on remote computers.

peer-to-peer network

See definition for: workgroup

performance counter

In System Monitor, a data item that is associated with a performance object. For each counter selected, System Monitor presents a value corresponding to a particular aspect of the performance that is defined for the performance object.


A device, such as a disk drive, printer, modem, or joystick, that is connected to a computer and is controlled by the computer's microprocessor.

peripheral component interconnect (PCI)

A specification introduced by Intel Corporation that defines a local bus system that allows up to 10 PCI-compliant expansion cards to be installed in the computer.


A rule associated with an object to regulate which users can gain access to the object and in what manner. Permissions are granted or denied by the object's owner.

physical location

The location designation assigned to media managed by Removable Storage. The two classes of physical locations include libraries and offline media physical locations. The offline media physical location is where Removable Storage lists the cartridges that are not in a library. The physical location of cartridges in an online library is the library in which it resides.

physical media

A storage object that data can be written to, such as a disk or magnetic tape. A physical medium is referenced by its physical media ID (PMID).

physical object

An object, such as an ATM card or smart card used in conjunction with a piece of information, such as a personal identification number (PIN), to authenticate users. In two-factor authentication, physical objects are used in conjunction with another secret piece of identification, such as a password, to authenticate users. In two-factor authentication, the physical object might be an ATM card, which is used in combination with a PIN to authenticate the user.


To make a network file or folder available for offline use.

PKCS #10

The Certification Request Syntax Standard, developed and maintained by RSA Data Security, Inc.

See also: certificate; RSA

PKCS #12

The Personal Information Exchange Syntax Standard, developed and maintained by RSA Data Security, Inc. This syntax standard specifies a portable format for storing or transporting a user's private keys, certificates, and miscellaneous secrets.

See also: certificate


The Cryptographic Message Syntax Standard. It is a general syntax, developed and maintained by RSA Data Security, Inc., for data to which cryptography may be applied, such as digital signatures and encryption. It also provides a syntax for disseminating certificates or certificate revocation lists.

See also: certificate; encryption


Data that is not encrypted. Sometimes also called cleartext.

Plug and Play

A set of specifications developed by Intel Corporation that allows a computer to automatically detect and configure a device and install the appropriate device drivers.

See also: universal serial bus (USB)

Point and Print

A way of installing network printers on a user's local computer. Point and Print allows users to initiate a connection to a network printer and loads any required drivers onto the client's computer. When users know which network printer they want to use, Point and Print greatly simplifies the installation process.

point of presence (POP)

The local access point for a network provider. Each POP provides a telephone number that allows users to make a local call for access to online services.

Point-to-Point Protocol (PPP)

An industry standard suite of protocols for the use of point-to-point links to transport multiprotocol datagrams. PPP is documented in RFC 1661.

See also: remote access; Transmission Control Protocol/Internet Protocol (TCP/IP); voluntary tunnel

Point-to-Point Tunneling Protocol (PPTP)

Networking technology that supports multiprotocol virtual private networks (VPNs), enabling remote users to access corporate networks securely across the Internet or other networks by dialing into an Internet service provider (ISP) or by connecting directly to the Internet. PPTP tunnels, or encapsulates, IP, IPX, or NetBEUI traffic inside of IP packets. This means that users can remotely run applications that are dependent upon particular network protocols.

See also: Internet Protocol (IP); Internetwork Packet Exchange (IPX); NetBIOS Extended User Interface (NetBEUI); packet; tunnel; virtual private network (VPN)

Portable Operating System Interface for UNIX (POSIX)

An Institute of Electrical and Electronics Engineers (IEEE) standard that defines a set of operating-system services. Programs that adhere to the POSIX standard can be easily ported from one system to another. POSIX was based on UNIX system services, but it was created in a way that allows it to be implemented by other operating systems.


See definition for: Portable Operating System Interface for UNIX (POSIX)


See definition for: power-on self test (POST)


A page-description language (PDL), developed by Adobe Systems for printing on laser printers. PostScript offers flexible font capability and high-quality graphics. It is the standard for desktop publishing because it is supported by imagesetters, the high-resolution printers used by printing services for commercial typesetting.

See also: page-description language (PDL); PostScript fonts; Printer Control Language (PCL); Type 1 fonts

PostScript fonts

Fonts that are defined in terms of the PostScript page-description language (PDL) rules and are intended to be printed on a PostScript-compatible printer. When a document displayed in a screen font is sent to a PostScript printer, the printer uses the PostScript version if the font exists. If the font doesn't exist but a version is installed on the computer, that font is downloaded to the printer. If there is no PostScript font installed in either the printer or the computer, the bit-mapped (raster) font is translated into PostScript and the printer produces text using the bit-mapped font. PostScript fonts are distinguished from bit-mapped fonts by their smoothness, detail, and faithfulness to standards of quality established in the typographic industry.

See also: font; page-description language (PDL); PostScript; raster fonts

power-on self test (POST)

A set of routines stored in read-only memory (ROM) that tests various system components such as RAM, the disk drives, and the keyboard, to see if they are properly connected and operating. If problems are found, these routines alert the user with a series of beeps or a message, often accompanied by a diagnostic numeric value. If the POST is successful, it passes control to the bootstrap loader.

See also: bootstrap loader


See definition for: Point-to-Point Tunneling Protocol (PPTP)

predefined key

A key that represents one of the main divisions of the registry. Each predefined key is displayed in a separate Registry Editor window, with the key's name appearing in the window's title bar. For example, HKEY_CLASSES_ROOT is a predefined key.

See also: key; registry

primary partition

A type of partition that you can create on basic disks. A primary partition is a portion of a physical disk that functions as though it were a physically separate disk. On basic master boot record (MBR) disks, you can create up to four primary partitions on a basic disk, or three primary partitions and an extended partition with multiple logical drives. On basic GPT disks, you can create up to 128 primary partitions. Primary partitions are also known as volumes.

See also: basic disk; extended partition; GPT disk; GUID partition table (GPT); logical drive; master boot record (MBR); partition; volume

print job

The source code that contains both the data to be printed and the commands for print. Print jobs are classified into data types based on what modifications, if any, the spooler must make to the job for it to print correctly.

See also: printing pool

print server

A computer that is dedicated to managing the printers on a network. The print server can be any computer on the network.


A device that puts text or images on paper or other print media. Examples are laser printers or dot-matrix printers.

See also: logical printer; printing pool

Printer Control Language (PCL)

The page-description language (PDL) developed by Hewlett-Packard for their laser and inkjet printers. Because of the widespread use of laser printers, this command language has become a standard in many printers.

See also: page-description language (PDL); PostScript

printer driver

A program designed to allow other programs to work with a particular printer without concerning themselves with the specifics of the printer's hardware and internal language. By using printer drivers that handle the subtleties of each printer, programs can communicate properly with a variety of printers.

See also: device driver

printing pool

Two or more identical printers that are connected to one print server and act as a single printer. In this case, when you print a document, the print job will be sent to the first available printer in the pool.

See also: print job; printer

priority inversion

The mechanism that allows low-priority threads to run and complete execution rather than being preempted and locking up a resource such as an I/O device.

private branch exchange (PBX)

An automatic telephone switching system that enables users within an organization to place calls to each other without going through the public telephone network. Users can also place calls to outside numbers.

private key

The secret half of a cryptographic key pair that is used with a public key algorithm. Private keys are typically used to decrypt a symmetric session key, digitally sign data, or decrypt data that has been encrypted with the corresponding public key.

See also: public key encryption

privileged mode

Also known as kernel mode, the processing mode that allows code to have direct access to all hardware and memory in the system.


An operating system object that consists of an executable program, a set of virtual memory addresses, and one or more threads. When a program runs, a process is created.

process throttling

A method of restricting the amount of processor time a process consumes, for example, using job object functions.

Product Key

A 25-character, alpha-numeric string. Customers must enter this string to activate their installation of Windows. The product key is located on the certificate of authenticity.


A set of rules and conventions for sending information over a network. These rules govern the content, format, timing, sequencing, and error control of messages exchanged among network devices.

proxy server

A firewall component that manages Internet traffic to and from a local area network (LAN) and can provide other features, such as document caching and access control. A proxy server can improve performance by supplying frequently requested data, such as a popular Web page, and can filter and discard requests that the owner does not consider appropriate, such as requests for unauthorized access to proprietary files.

See also: firewall

public key certificate

A digital passport that serves as proof of identity. Public key certificates are issued by a certification authority (CA).

public key cryptography

A method of cryptography in which two different keys are used: a public key for encrypting data and a private key for decrypting data. Public key cryptography is also called asymmetric cryptography.

See also: cryptography; private key

public key encryption

A method of encryption that uses two encryption keys that are mathematically related. One key is called the private key and is kept confidential. The other is called the public key and is freely given out to all potential correspondents. In a typical scenario, a sender uses the receiver's public key to encrypt a message. Only the receiver has the related private key to decrypt the message. The complexity of the relationship between the public key and the private key means that, provided the keys are long enough, it is computationally infeasible to determine one from the other. Public key encryption is also called asymmetric encryption.

See also: encryption; private key

public key infrastructure (PKI)

The laws, policies, standards, and software that regulate or manipulate certificates and public and private keys. In practice, it is a system of digital certificates, certification authorities, and other registration authorities that verify and authenticate the validity of each party involved in an electronic transaction. Standards for PKI are still evolving, even though they are being widely implemented as a necessary element of electronic commerce.

See also: certificate; certification authority (CA)

Public Switched Telephone Network (PSTN)

Standard analog telephone lines, available worldwide.


Quality of Service (QoS)

A set of quality assurance standards and mechanisms for data transmission, implemented in this version of Windows.


Also known as a time slice, the maximum amount of time a thread can run before the system checks for another ready thread of the same priority to run.

quarter-inch cartridge (QIC)

An older storage technology used with tape backup drives and cartridges. A means of backing up data on computer systems, QIC represents a set of standards devised to enable tapes to be used with drives from different manufacturers. The QIC standards specify the length of tape, the number of recording tracks, and the magnetic strength of the tape coating, all of which determine the amount of information that can be written to the tape. Older QIC-80 drives can hold up to 340 MB of compressed data. Newer versions can hold more than 1 GB of information.


RAID-5 volume

A fault-tolerant volume with data and parity striped intermittently across three or more physical disks. Parity is a calculated value that is used to reconstruct data after a failure. If a portion of a physical disk fails, Windows recreates the data that was on the failed portion from the remaining data and parity. You can create RAID-5 volumes only on dynamic disks, and you cannot mirror or extend RAID-5 volumes.

See also: dynamic disk; dynamic volume; fault tolerance; parity; volume

raster fonts

Fonts that are stored as bitmaps. Raster fonts are designed with a specific size and resolution for a specific printer and cannot be scaled or rotated. If a printer does not support raster fonts, it will not print them. The five raster fonts are Courier, MS Sans Serif, MS Serif, Small, and Symbol. Raster fonts are also called bit-mapped fonts.

See also: font; printer

read-only memory (ROM)

A semiconductor circuit that contains information that cannot be modified.

recoverable file system

A file system that ensures that if a power outage or other catastrophic system failure occurs, the file system will not be corrupted and disk modifications will not be left incomplete. The structure of the disk volume is restored to a consistent state when the system restarts.

Recovery Console

A command-line interface that provides a limited set of administrative commands that are useful for repairing a computer.

See also: NTFS file system

Redundant Array of Independent Disks (RAID)

A method used to standardize and categorize fault-tolerant disk systems. RAID levels provide various mixes of performance, reliability, and cost. Some servers provide three of the RAID levels: Level 0 (striping), Level 1 (mirroring), and Level 5 (RAID-5).


A database repository for information about a computer's configuration. The registry contains information that Windows continually references during operation, such as:

  • Profiles for each user.
  • The programs installed on the computer and the types of documents each can create.
  • Property settings for folders and program icons.
  • What hardware exists on the system.
  • Which ports are being used.

The registry is organized hierarchically as a tree and is made up of keys and their subkeys, hives, and entries.

See also: key; registry size limit (RSL); subkey

registry size limit (RSL)

A universal maximum for the space that registry files (hives) can consume in the paged pool. This maximum prevents an application from filling the paged pool with registry data.

See also: paged pool; registry

relative ID (RID)

The part of a security ID (SID) that uniquely identifies an account or group within a domain.

See also: domain; forest; group; security ID (SID)

remote access

Part of the integrated Routing and Remote Access service that provides remote networking for telecommuters, mobile workers, and system administrators who monitor and manage servers at multiple branch offices. Users can use Network Connections to dial in to remotely access their networks for services such as file and printer sharing, electronic mail, scheduling, and SQL database access.

See also: remote access server

remote access server

A Windows-based computer running the Routing and Remote Access service and configured to provide remote access.

See also: remote access

remote installation boot floppy (RBFG.exe)

A tool used to generate a remote installation boot floppy disk. The remote installation boot floppy disk is used to start the process of remote operating system installation for computers which lack a supported Pre-Boot eXecution Environment (PXE)-based remote boot ROM.

Remote Installation Preparation wizard (RIPrep.exe)

A component in Remote Installation Services that is used to create operating system images and to install them on the RIS server.

Remote Installation Services (RIS)

Software services that allow an administrator to set up new client computers remotely, without having to visit each client. The target clients must support remote booting.

See also: Single Instance Store (SIS)

remote procedure call (RPC)

A message-passing facility that allows a distributed application to call services that are available on various computers on a network. Used during remote administration of computers.

Removable Storage

A service used for managing removable media (such as tapes and discs) and storage devices (libraries). Removable Storage allows applications to access and share the same media resources.

See also: library

reparse points

NTFS file system objects that have a definable attribute containing user-controlled data and are used to extend functionality in the input/output (I/O) subsystem.


A feature that allows users with mobility impairments to adjust the repeat rate or to disable the key-repeat function on the keyboard.

Request for Comments (RFC)

An official document of the Internet Engineering Task Force (IETF) that specifies the details for networking protocols, such as those included in the TCP/IP family, and other aspects of computer communication.

See also: protocol; Transmission Control Protocol/Internet Protocol (TCP/IP)

resident attribute

A file attribute whose value is wholly contained in the file's file record in the master file table (MFT).


DNS client programs used to look up DNS name information. Resolvers can be either a small stub (a limited set of programming routines that provide basic query functionality) or larger programs that provide additional lookup DNS client functions, such as caching.

See also: caching; caching resolver; Domain Name System (DNS)


Generally, any part of a computer system or network, such as a disk drive, printer, or memory, that can be allotted to a running program or a process.

For Device Manager, any of four system components that control how the devices on a computer work. These four system resources are interrupt request (IRQ) lines, direct memory access (DMA) channels, input/output (I/O) ports, and memory addresses.

See also: direct memory access (DMA); input/output (I/O) port; node

resource publishing

The process of making an object visible and accessible to users in a Windows 2000 domain. For example, a shared printer resource is published by creating a reference to the printer object in Active Directory.

See also: Active Directory

resource record (RR)

A standard DNS database structure containing information used to process DNS queries. For example, an address (A) resource record contains an IP address corresponding to a host name. Most of the basic resource record types are defined in RFC 1035, but additional RR types have been defined in other RFCs and approved for use with DNS.

See also: Domain Name System (DNS); Request for Comments (RFC)

response time

The amount of time required to do work from start to finish. In a client/server environment, this is typically measured on the client side.


The initials of red, green, and blue. Used to describe a color monitor or color value.

roaming user profile

A server-based user profile that is downloaded to the local computer when a user logs on and that is updated both locally and on the server when the user logs off. A roaming user profile is available from the server when logging on to a workstation or server computer. When logging on, the user can use the local user profile if it is more current than the copy on the server.

See also: local user profile; mandatory user profile

route table

See definition for: routing table


In a Windows environment, hardware that helps LANs and WANs achieve interoperability and connectivity, and can link LANs that have different network topologies (such as Ethernet and Token Ring). Routers match packet headers to a LAN segment and choose the best path for the packet, optimizing network performance.

See also: local area network (LAN); packet header; routing; Routing Information Protocol over IPX (RIPX); static routes; wide area network (WAN)


The process of forwarding a packet through an internetwork from a source host to a destination host.

See also: packet

Routing Information Protocol (RIP)

An industry standard, distance vector routing protocol used in small to medium sized IP and IPX internetworks.

See also: Internet Protocol (IP); Internetwork Packet Exchange (IPX); protocol

Routing Information Protocol over IPX (RIPX)

A protocol used by routers to exchange information between routers on an IPX network and by hosts to determine the best router to use when forwarding IPX traffic to a remote IPX network.

See also: Internetwork Packet Exchange (IPX); NWLink; protocol; router

routing table

A database of routes containing information on network IDs, forwarding addresses, and metrics for reachable network segments on an internetwork.


A widely used public/private key algorithm. It is the default cryptographic service provider (CSP) for Windows. It was patented by RSA Data Security, Inc. in 1977.

See also: cryptographic service provider (CSP)


An IPSec policy mechanism that governs how and when an IPSec policy protects communication. A rule provides the ability to trigger and control secure communication based on the source, destination, and type of IP traffic. Each rule contains a list of IP filters and a collection of security actions that take place upon a match with that filter list.


safe mode

A method of starting Windows using basic files and drivers only, without networking. Safe mode is available by pressing the F8 key when prompted during startup. This allows you to start your computer when a problem prevents it from starting normally.


The set of definitions for the universe of objects that can be stored in a directory. For each object class, the schema defines which attributes an instance of the class must have, which additional attributes it can have, and which other object classes can be its parent object class.

See also: attribute; object; parent object

screen font

A typeface designed for display on a computer monitor screen. A screen font often has an accompanying PostScript font for printing to PostScript-compatible printers.

See also: font; PostScript

screen-enlargement tool

A tool that allows the user to magnify a portion of the screen for greater visibility. Also called a screen magnifier or large-print program.


A type of program consisting of a set of instructions to an application or tool program. A script usually expresses instructions by using the application's or tool's rules and syntax, combined with simple control structures such as loops and if/then expressions. "Batch program" is often used interchangeably with "script" in the Windows environment.

SCSI connection

A standard high-speed parallel interface defined by the X3T9.2 committee of the American National Standards Institute (ANSI). A SCSI interface is used to connect microcomputers to SCSI peripheral devices, such as many hard disks and printers, and to other computers and local area networks.

search filter

An argument in an LDAP search that allows certain entries in the subtree and excludes others. Filters allow you to define search criteria and give you better control to achieve more effective and efficient searches.

secondary logon

The practice of logging on by using one security context and then, within the initial logon session, authenticating and using a second account is a secondary logon. To facilitate secondary logons, Windows 2000 introduced the RunAs.exe program and the RunAs.exe service.

Secure Sockets Layer (SSL)

A proposed open standard for establishing a secure communications channel to prevent the interception of critical information, such as credit card numbers. Primarily, it enables secure electronic financial transactions on the World Wide Web, although it is designed to work on other Internet services as well.

Security Accounts Manager (SAM)

A Windows service used during the logon process. SAM maintains user account information, including groups to which a user belongs.

See also: group; user account

security association (SA)

A combination of identifiers, which together define the Internet Protocol Security (IPSec) that protects communication between sender and receiver. An SA is identified by the combination of a Security Parameters Index (SPI), destination IP address, and security protocol (AH or ESP). An SA must be negotiated before secured data can be sent.

See also: Authentication Header (AH); Encapsulating Security Payload (ESP); Internet Protocol security (IPSec); Security Parameters Index (SPI)

security context

The security attributes or rules that are currently in effect. For example, the rules that govern what a user can do to a protected object are determined by security information in the user's access token and in the object's security descriptor. Together, the access token and the security descriptor form a security context for the user's actions on the object.

See also: object

security descriptor

A data structure that contains security information associated with a protected object. Security descriptors include information about who owns the object, who can access it and in what way, and what types of access are audited.

See also: discretionary access control list (DACL); group; object; permission; system access control list (SACL)

security event types

Categories of events about which Windows can create auditing events. Account logon or object access are examples of security event types.

security group

A group that can be listed in discretionary access control lists (DACLs) used to define permissions on resources and objects. A security group can also be used as an e-mail entity. Sending an e-mail message to the group sends the message to all the members of the group.

See also: discretionary access control list (DACL)

security ID (SID)

A data structure of variable length that identifies user, group, and computer accounts. Every account on a network is issued a unique SID when the account is first created. Internal processes in Windows refer to an account's SID rather than the account's user or group name.

See also: user account

security method

A process that determines the Internet Protocol security (IPSec) services, key settings, and algorithms that will be used to protect the data during the communication.

See also: Internet Protocol security (IPSec)

Security Parameters Index (SPI)

A unique, identifying value in the security association (SA) used to distinguish among multiple security associations existing at the receiving computer.

See also: security association (SA)

security principal

An account holder that is automatically assigned a security identifier (SID) for access to resources. A security principal can be a user, group, service, or computer.

See also: security ID (SID)

security principal name

A name that uniquely identifies a user, group, or computer within a single domain. This name is not guaranteed to be unique across domains.

See also: domain; group; security principal

security template

A physical file representation of a security configuration that can be applied to a local computer or imported to a Group Policy object in Active Directory. When you import a security template to a Group Policy object, Group Policy processes the template and makes the corresponding changes to the members of that Group Policy object, which can be users or computers.

See also: Active Directory; Group Policy object

Serial Bus Protocol (SBP-2)

A standard for storage devices, printers, and scanners that is a supplement to the IEEE 1394 specification.

See also: IEEE 1394

serial connection

A connection that exchanges information between computers or between computers and peripheral devices one bit at a time over a single channel. Serial communications can be synchronous or asynchronous. Both sender and receiver must use the same baud rate, parity, and control information.

See also: asynchronous communication

serial device

A device that uses a serial connection.

See also: serial connection


A Windows feature that uses a communications aid interface device to allow keystrokes and mouse controls to be accepted through a computer's serial port.


In general, a computer that provides shared resources to network users.

See also: client; shared resource

Server Message Block (SMB)

A file-sharing protocol designed to allow networked computers to transparently access files that reside on remote systems over a variety of networks. The SMB protocol defines a series of commands that pass information between computers. SMB uses four message types: session control, file, printer, and message.

service access point

A logical address that allows a system to route data between a remote device and the appropriate communications support.

Service Pack

A software upgrade to an existing software distribution that contains updated files consisting of patches and hot fixes.

Service Profile Identifier (SPID)

An 8-digit to 14-digit number that identifies the services that you order for each B-channel. For example, when you order Primary Rate ISDN, you obtain two phone numbers and two SPIDs from your ISDN provider. Typical ISDN adapters cannot operate without configuring SPIDs.

service provider

In TAPI, a dynamic-link library (DLL) that provides an interface between an application requesting services and the controlling hardware device. TAPI supports two classes of service providers, media service providers and telephony service providers.

See also: dynamic-link library (DLL); Telephony API (TAPI)

session key

A key used primarily for encryption and decryption. Session keys are typically used with symmetric encryption algorithms where the same key is used for both encryption and decryption. For this reason, session and symmetric keys usually refer to the same type of key.

See also: symmetric key encryption


To make resources, such as folders and printers, available to others.

See also: resource

shared folder permissions

Permissions that restrict a shared resource's availability over the network to only certain users.

See also: permission

shared resource

Any device, data, or program that is used by more than one program or one other device. For Windows, shared resource refers to any resource that is made available to network users, such as folders, files, printers, and named pipes. A shared resource can also refer to a resource on a server that is available to network users.

See also: resource; server

Shiva Password Authentication Protocol (SPAP)

A two-way, reversible encryption mechanism for authenticating PPP connections employed by Shiva remote access servers.

shortcut key navigation indicators

Underlined letters on a menu or control. Also called access keys or quick-access letters.


A feature that instructs programs that usually convey information only by sound to also provide all information visually, such as by displaying text captions or informative icons.

Simple Mail Transfer Protocol (SMTP)

A member of the TCP/IP suite of protocols that governs the exchange of electronic mail between message transfer agents.

See also: protocol; Transmission Control Protocol/Internet Protocol (TCP/IP)

Simple Network Management Protocol (SNMP)

A network protocol used to manage TCP/IP networks. In Windows, the SNMP service is used to provide status information about a host on a TCP/IP network.

See also: protocol; Transmission Control Protocol/Internet Protocol (TCP/IP)

simple volume

A dynamic volume made up of disk space from a single dynamic disk. A simple volume can consist of a single region on a disk or multiple regions of the same disk that are linked together. You can extend a simple volume within the same disk or onto additional disks. If you extend a simple volume across multiple disks, it becomes a spanned volume. You can create simple volumes only on dynamic disks. Simple volumes are not fault tolerant, but you can mirror them to create mirrored volumes.

See also: dynamic disk; dynamic volume; fault tolerance; mirrored volume; spanned volume; volume

Single Instance Store (SIS)

A component that saves disk space on the server by maintaining a single physical copy of all identical files found. If SIS finds a duplicate file on the server, it copies the original file into the SIS store and leaves a link where the original resided. This technology is used only with Remote Installation Services.

See also: Remote Installation Services (RIS)

Single Sign-On Daemon (SSOD)

A program installed on a UNIX-based system to handle password synchronization requests.


One or more well-connected (highly reliable and fast) TCP/IP subnets. A site allows administrators to configure Active Directory access and replication topology to take advantage of the physical network.

See also: Active Directory; subnet; Transmission Control Protocol/Internet Protocol (TCP/IP)


A storage location for cartridges in a library of removable media managed by Removable Storage.

See also: library


A Windows feature that instructs the computer to disregard keystrokes that are not held down for a minimum period of time, which allows the user to brush against keys without any effect.

small computer system interface (SCSI)

A standard high-speed parallel interface defined by the American National Standards Institute (ANSI). A SCSI interface is used for connecting microcomputers to peripheral devices such as hard disks and printers, and to other computers and local area networks (LANs).

See also: local area network (LAN)

Small Office/Home Office (SOHO)

An office with a few computers that can be considered a small business or part of a larger network.

smart card

A credit card–sized device that is used with an access code to enable certificate-based authentication and single sign-on to the enterprise. Smart cards securely store certificates, public and private keys, passwords, and other types of personal information. A smart card reader attached to the computer reads the smart card.

See also: authentication

SNA Server Client

Software that allows workstations to communicate through SNA Server and support SNA Server advanced host integration features. SNA Server Client software also provides application programming interfaces (APIs) that are used by third-party vendors to gain access to IBM host systems and applications.


A type of tool you can add to a console supported by Microsoft Management Console (MMC). A stand-alone snap-in can be added by itself; an extension snap-in can only be added to extend the function of another snap-in.

See also: Microsoft Management Console (MMC)


See definition for: Simple Network Management Protocol (SNMP)

software decoder

A type of digital video disc (DVD) decoder that allows a DVD drive to display movies on your computer screen. A software decoder uses only software to display movies.

See also: DVD decoder; DVD drive; hardware decoder


A Windows feature that produces a visual cue, such as a screen flash or a blinking title bar, whenever the computer plays a system sound.

source directory

The folder that contains the file or files to be copied or moved.

spanned volume

A dynamic volume consisting of disk space on more than one physical disk. You can increase the size of a spanned volume by extending it onto additional dynamic disks. You can create spanned volumes only on dynamic disks. Spanned volumes are not fault tolerant and cannot be mirrored.

See also: dynamic disk; dynamic volume; fault tolerance; mirrored volume; simple volume; volume


See definition for: Shiva Password Authentication Protocol (SPAP)

special permissions

On NTFS volumes, a custom set of permissions. You can customize permissions on files and directories by selecting the individual components of the standard sets of permissions.

See also: NTFS file system; permission; volume

speech synthesizer

An assistive device that produces spoken words, either by splicing together prerecorded words or by programming the computer to produce the sounds that make up spoken words.

stand-alone drive

An online drive that is not part of a library unit. Removable Storage treats stand-alone drives as online libraries with one drive and a port.

See also: Removable Storage

Standards and formats

A Regional and Language Options setting that determines the formats used to display dates, times, currency, numbers, and the sorting order of text. Formerly known as user locale.

startup environment

In dual-boot or multiple-boot systems, the configuration settings that specify which system to start and how each system should be started.

See also: dual boot; multiple boot

startup key

A random 128-bit symmetric cryptographic key created at system startup and used to encrypt all of the user's symmetric cryptographic keys.

See also: encryption; symmetric key

static routes

Routes in the routing table that are permanent. Static routes are manually configured by a network administrator. They change only if the network administrator changes them. If the routing protocol is configured to support auto-static routes (automatically added static routes), then the router can issue a request to a protocol to get an update of routing information on a specific interface. The results of such an update are then converted and kept as static routes.

See also: protocol; router; routing

status area

See definition for: notification area


A sequence of bits, bytes, or other small structurally uniform units.

streaming media servers

Software (such as Windows Media Technologies) that provides multimedia support, allowing you to deliver content by using advanced streaming format over an intranet or the Internet.

stripe set

A volume that stores data in stripes on two or more physical disks. A stripe set is created by using Windows NT 4.0 or earlier. Windows XP Professional does not support stripe sets. Instead, you must create a striped volume on dynamic disks.

See also: dynamic disk; striped volume

striped volume

A dynamic volume that stores data in stripes on two or more physical disks. Data in a striped volume is allocated alternately and evenly (in stripes) across the disks. Striped volumes offer the best performance of all the volumes that are available in Windows, but they do not provide fault tolerance. If a disk in a striped volume fails, the data in the entire volume is lost. You can create striped volumes only on dynamic disks. Striped volumes cannot be mirrored or extended.

See also: dynamic disk; dynamic volume; fault tolerance; volume


An element of the registry that contains entries or other subkeys. A tier of the registry that is immediately below a key or a subtree (if the subtree has no keys).

See also: key; registry


A subdivision of an IP network. Each subnet has its own unique subnetted network ID.

subnet mask

A 32-bit value that enables the recipient of IP packets to distinguish the network ID and host ID portions of the IP address. Typically, subnet masks use the format 255.x.x.x.

See also: IP address

subnet prioritization

The ordering of multiple IP address mappings from a DNS server so that the resolver orders local resource records first. This reduces network traffic across subnets by forcing computers to connect to network resources that are closer to them.


A data stream contained within a DVD. The subpicture stream delivers the subtitles and any other add-on data, such as system help or director's comments, that can be displayed while playing multimedia.


Any node within a tree, along with any selection of connected descendant nodes.

The highest level of the registry (for example, HKEY_LOCAL_MACHINE).

See also: key; node; registry; subkey

symmetric key

A single key that is used with symmetric encryption algorithms for both encryption and decryption.

symmetric key encryption

An encryption algorithm that requires the same secret key to be used for both encryption and decryption. This is often called secret key encryption. Because of its speed, symmetric encryption is typically used rather than public key encryption when a message sender needs to encrypt large amounts of data.

See also: public key encryption

Synchronization Manager

A tool used to ensure that a file or directory on a client computer contains the same data as a matching file or directory on a server.


The order in which a command must be typed and the elements that follow the command.


A tool that prepares the hard disk on a source computer for duplication to target computers and then runs a non-Microsoft disk-imaging process. This automated installation method is used when the hard disk on the master computer is identical to those of the target computers.

See also: security ID (SID)

system access control list (SACL)

The part of an object's security descriptor that specifies which events are to be audited per user or group. Examples of auditing events are file access, logon attempts, and system shutdowns.

See also: discretionary access control list (DACL); object; security descriptor

system files

Files used by Windows to load, configure, and run the operating system. Generally, system files must never be deleted or moved.

system locale

See definition for: Language for non-Unicode programs

system media pool

A pool used to hold cartridges that are not in use. The free pool holds unused cartridges that are available to applications, and the unrecognized and import pools are temporary holding places for cartridges that have been newly placed in a library.

system partition

The partition that contains the hardware-specific files needed to load Windows (for example, Ntldr, Osloader, Boot.ini, The system partition can be, but does not have to be, the same as the boot partition.

See also: partition

System Policy Editor

The Poledit.exe tool, used by administrators to set System Policy on Windows NT 4.0–based and Windows 95–based computers.

system volume

The volume that contains the hardware-specific files that are needed to load Windows on x86-based computers with a BIOS. The system volume can be, but does not have to be, the same volume as the boot volume.

See also: basic input/output system (BIOS); boot volume; volume


The path and folder name where the Windows system files are located. Typically, this is C:\Windows, although you can designate a different drive or folder when you install Windows. You can use the value %systemroot% to replace the actual location of the folder that contains the Windows system files.

Systems Management Server (SMS)

A Microsoft product that includes inventory collection, software deployment, and diagnostic tools. SMS automates the task of upgrading software, allows remote problem solving, provides asset management information, and monitors software usage, computers, and networks.

Systems Network Architecture (SNA)

A communications framework developed by IBM to define network functions and establish standards for enabling computers to share and process data.



The ITU-T standard for multipoint data conferencing. T.120 provides the protocols for establishing and managing data flow, connections, and conferences. Support for T.120 enables data transfer from conferencing applications, such as file transfer and application sharing, to operate in conjunction with H.323 connections.

See also: H.323; International Telecommunication Union - Telecommunication [Standardization Sector] (ITU-T)


The bar that contains the Start button and appears by default at the bottom of the desktop. You can click the taskbar buttons to switch between programs. You can also hide the taskbar, move it to the sides or top of the desktop, and customize it in other ways.

See also: desktop; notification area; taskbar button

taskbar button

A button that appears on the taskbar and corresponds to a running application.

See also: taskbar


See definition for: Transmission Control Protocol/Internet Protocol (TCP/IP)


The file that specifies whether a device supports multiple ports. If the Tcpmon.ini file indicates that a device can support multiple ports, users are prompted to pick which port should be used during device installation.

Telephony API (TAPI)

An application programming interface (API) used by communications programs to work with telephony and network services. Communications programs like HyperTerminal and Phone Dialer use TAPI to dial, answer, and route telephone calls on conventional telephony devices, including PBXs, modems, and fax machines. TAPI 3.0 also provides Internet Protocol (IP) telephony support, which Phone Dialer and other programs use to transmit, route, and control real-time audio and video signals over IP-based networks such as the Internet.

See also: application programming interface (API); Internet Protocol (IP)

Telnet 3270 (TN3270)

Terminal emulation software, similar to Telnet, that allows a personal computer to log on to an IBM mainframe over a TCP/IP network.

Telnet 5250 (TN5250)

Terminal emulation software, similar to Telnet, that allows a personal computer to log on to an IBM AS/400 host system over a TCP/IP network.


Approximately one trillion bytes, or one million million bytes.

Terminal Services

The underlying technology on that enables Remote Desktop, Remote Assistance, and Terminal Server.

third-party accessibility aids

Non-Microsoft add-on, augmentative hardware and software devices, such as accessibility products that assist users with disabilities.


A type of object within a process that runs program instructions. Using multiple threads allows concurrent operations within a process and enables one process to run different parts of its program on different processors simultaneously. A thread has its own set of registers, its own kernel stack, a thread environment block, and a user stack in the address space of its process.

See also: kernel

thread state

A numeric value indicating the execution state of the thread. Numbered 0 through 5, the states seen most often are 1 for ready, 2 for running, and 5 for waiting.

See also: thread


For disks, the transfer capacity of the disk system.

Time to Live (TTL)

A timer value included in packets sent over TCP/IP-based networks that tells the recipients how long to hold or use the packet or any of its included data before expiring and discarding the packet or data. For DNS, TTL values are used in resource records within a zone to determine how long requesting clients should cache and use this information when it appears in a query response answered by a DNS server for the zone.

See also: DNS server; Domain Name System (DNS); packet; resource record (RR); Transmission Control Protocol/Internet Protocol (TCP/IP)

timer bar

The colored bar that moves across the screen according to the frequency of the data-collection update interval.


A certification by a trusted third party specifying that a particular message existed at a specific time and date. In a digital context, trusted third parties generate a trusted timestamp for a particular message by having a timestamping service append a time value to a message and then digitally signing the result.

See also: digital signature


A feature that sets your keyboard to beep when one of the locking keys (CAPS LOCK, NUM LOCK, or SCROLL LOCK) is turned on or off.

See also: FilterKeys; SerialKeys

Token Ring

A type of network media that connects clients in a closed ring and uses token passing to allow clients to use the network.


A thin concentric band that stores data on a hard disk. A hard disk contains multiple platters, and each platter contains many tracks. Each track is divided into units of storage called sectors. Track numbers start at 0 and progress in order with track 0 at the outer track of a hard disk.

See also: cylinder

Transmission Control Protocol/Internet Protocol (TCP/IP)

A set of networking protocols widely used on the Internet that provides communications across interconnected networks of computers with diverse hardware architectures and various operating systems. TCP/IP includes standards for how computers communicate and conventions for connecting networks and routing traffic.

See also: Internet Protocol (IP); protocol

transmitting station ID (TSID) string

A string that specifies the transmitter subscriber ID sent by the fax machine when sending a fax to a receiving machine. This string is usually a combination of the fax or telephone number and the name of the business. It is often the same as the called subscriber ID.

Transport Layer Security (TLS)

A standard protocol that is used to provide secure Web communications on the Internet or intranets. It enables clients to authenticate servers or, optionally, servers to authenticate clients. It also provides a secure channel by encrypting communications. TLS is the latest and a more secure version of the SSL protocol.

See also: authentication; protocol; Secure Sockets Layer (SSL)

transport protocol

A protocol that defines how data should be presented to the next receiving layer in the Windows NT and Windows 2000 networking model and packages the data accordingly. The transport protocol passes data to the network adapter driver through the Network Driver Interface Specification (NDIS) interface and to the redirector through the Transport Driver Interface (TDI).

See also: Network Driver Interface Specification (NDIS)

Trivial File Transfer Protocol (TFTP)

A protocol used to download the initial files needed to begin the installation process.

See also: protocol

TrueType fonts

Fonts that are scalable and sometimes generated as bitmaps or soft fonts, depending on the capabilities of your printer. TrueType fonts are device-independent fonts that are stored as outlines. They can be sized to any height, and they can be printed exactly as they appear on the screen.

See also: font

trust relationship

A logical relationship established between domains to allow pass-through authentication, in which a trusting domain honors the logon authentications of a trusted domain. User accounts and global groups defined in a trusted domain can be given rights and permissions in a trusting domain, even though the user accounts or groups don't exist in the trusting domain's directory.

See also: authentication; domain; global group; group; permission; user account

trusted forest

A forest that is connected to another forest by explicit or transitive trust.


See definition for: transmitting station ID (TSID) string


A logical connection over which data is encapsulated. Typically, both encapsulation and encryption are performed and the tunnel is a private, secure link between a remote user or host and a private network.

See also: encryption; tunnel server; voluntary tunnel

tunnel server

A server or router that terminates tunnels and forwards traffic to the hosts on the target network.

See also: router; server; tunnel


An acronym for Technology Without An Interesting Name. An industry-standard software protocol and API that provides easy integration of image data between input devices, such as scanners and still image digital cameras, and software applications.

See also: application programming interface (API)

Type 1 fonts

Scalable fonts designed to work with PostScript devices.

See also: font; PostScript



See definition for: Universal Asynchronous Receiver/Transmitter (UART)

unallocated space

Available disk space that is not allocated to any volume. The type of volume that you can create on unallocated space depends on the disk type. On basic disks, you can use unallocated space to create primary or extended partitions. On dynamic disks, you can use unallocated space to create dynamic volumes.

See also: basic disk; dynamic disk; extended partition; logical drive; object; partition; primary partition; volume

unattended Setup

An automated, hands-free method of installing Windows. During installation, unattended Setup uses an answer file to supply data to Setup instead of requiring that an administrator interactively provide the answers.


A character encoding standard developed by the Unicode Consortium that represents almost all of the written languages of the world. The Unicode character repertoire has multiple representation forms, including UTF-8, UTF-8, and UTF-32. Most Windows interfaces use the UTF-16 form.

See also: American Standard Code for Information Interchange (ASCII)


The UniDriver (or Universal Print Driver) carries out requests (such as printing text, rendering bitmaps, or advancing a page) on most types of printers. The UniDriver accepts information from a printer-specific minidriver and uses this information to complete tasks.

Uniform Resource Locator (URL)

An address that uniquely identifies a location on the Internet. A URL for a World Wide Web site is preceded by http://, as in the fictitious URL A URL can contain more detail, such as the name of a page of hypertext, usually identified by the file name extension .html or .htm.


When referring to software, the act of removing program files and folders from your hard disk and removing related data from your registry so the software is no longer available.

When referring to a device, the act of removing the corresponding device drivers from your hard disk and physically removing the device from your computer.

See also: device driver; install

uninterruptible power supply (UPS)

A device that connects a computer and a power source to ensure that electrical flow is not interrupted. UPS devices use batteries to keep the computer running for a period of time after a power failure. UPS devices usually provide protection against power surges and brownouts as well.

Universal Asynchronous Receiver/Transmitter (UART)

An integrated circuit (silicon chip) that is commonly used in microcomputers to provide asynchronous communication. The UART provides parallel-to-serial conversion of data to be transmitted and serial-to-parallel conversion of data received.

See also: asynchronous communication

Universal Disk Format (UDF)

A file system defined by the Optical Storage Technology Association (OSTA) that is the successor to the CD-ROM file system (CDFS). UDF is used for removable disk media like DVD, CD, and magneto-optic (MO) disks.

universal group

A security or distribution group that can contain users, groups, and computers from any domain in its forest as members.

Universal security groups can be granted rights and permissions on resources in any domain in the forest. Universal security groups are available only in native mode domains.

See also: domain; forest; Group Policy; security group

Universal Naming Convention (UNC)

A convention for naming files and other resources beginning with two backslashes (\), indicating that the resource exists on a network computer. UNC names conform to the \\servername\sharename syntax, where servername is the server's name and sharename is the name of the shared resource. The UNC name of a directory or file can also include the directory path after the share name, by using the following syntax: \\servername\sharename\directory\filename.

universal serial bus (USB)

An external bus that supports Plug and Play installation. Using USB, you can connect and disconnect devices without shutting down or restarting your computer. You can use a single USB port to connect up to 127 peripheral devices, including speakers, telephones, CD-ROM drives, joysticks, tape drives, keyboards, scanners, and cameras. A USB port is usually located on the back of your computer near the serial port or parallel port.

See also: Plug and Play


A powerful, multiuser, multitasking operating system initially developed at AT&T Bell Laboratories in 1969 for use on minicomputers. UNIX is considered more portable, that is, less computer-specific, than other operating systems because it is written in C language. Newer versions of UNIX have been developed at the University of California at Berkeley and by AT&T.

unrecognized media pool

A repository of blank media and media that are not recognized by Removable Storage.


When referring to software, to update existing program files, folders, and registry entries to a more recent version. Upgrading, unlike performing a new installation, leaves existing settings and files in place.

See also: registry

UPS service

A service that manages an uninterruptible power supply (UPS) connected to a computer.

See also: uninterruptible power supply (UPS)

user account

A record that consists of all the information that defines a user to Windows. This includes the user name and password required for the user to log on, the groups in which the user account has membership, and the rights and permissions the user has for using the computer and network, and accessing their resources. For Windows XP Professional and member servers, user accounts are managed with Local Users and Groups. For Windows Server domain controllers, user accounts are managed with Microsoft Active Directory Users and Computers.

See also: group; permission; resource

user identifier (UID)

An identifier for a specific user. UNIX-based systems use the UID to identify the owner of files and processes, and to determine access permissions.

user locale

See definition for: Standards and formats

user mode

The processing mode in which applications run.

user principal name (UPN)

A user account name (sometimes referred to as the user logon name) and a domain name identifying the domain in which the user account is located. This is the standard usage for logging on to a Windows domain. The format is: (as for an e-mail address).

See also: domain; domain name; user account

user rights

Tasks that a user is permitted to perform on a computer system or domain. There are two types of user rights: privileges and logon rights. An example of a privilege is the right to shut down the system. An example of a logon right is the right to log on to a computer locally. Both types are assigned by administrators to individual users or groups as part of the security settings for the computer.

See also: domain; group

user rights policy

Security settings that manage the assignment of rights to groups and user accounts.

See also: group; user account; user rights

Utility Manager

A function of Windows 2000 that allows administrators to review the status of applications and tools and to customize features and add tools more easily.



Data transmission standard that provides for up to 33,600 bits per second (bps) communications over telephone lines. It defines a full-duplex (two-way) modulation technique and includes error-correcting and negotiation.

See also: V.90


Data transmission standard that provides for up to 56,000 bits per second (bps) communications over telephone lines. The transmission speed from the client-side modem is 33,600 bps, the same as for V.34. The transmission speed from the host-side modem, such as an Internet service provider (ISP) or corporate network, is up to 56,000 bps, with an average speed of 40,000 to 50,000 bps. When the host-side modem does not support this standard, the alternative is V.34.

See also: client; Internet service provider (ISP); V.34

value bar

The area of the System Monitor graph or histogram display that shows last, average, minimum, and maximum statistics for the selected counter.


In programming, a named storage location capable of containing a certain type of data that can be modified during program execution.

See also: environment variable

vector font

A font rendered from a mathematical model, in which each character is defined as a set of lines drawn between points. Vector fonts can be cleanly scaled to any size or aspect ratio.

See also: font

vertical blanking interval (VBI)

The part of a TV transmission that is blanked, or left clear of viewable content, to allow time for the TV's electron gun to move from the bottom to the top of the screen as it scans images. This blank area is now being used to broadcast closed captioned and HTML-formatted information.

Video for Windows (VfW)

A format developed by Microsoft for storing video and audio information. Files in this format have an .avi extension. AVI files are limited to 320 x 240 resolution at 30 frames per second, neither of which is adequate for full-screen, full-motion video.

Virtual Device Driver (VxD)

Software for Windows that manages a hardware or software system resource. The middle letter in the abbreviation indicates the type of device; x is used where the type of device is not under discussion.

virtual IP address

An IP address that is shared among the hosts of a Network Load Balancing cluster. A Network Load Balancing cluster might also use multiple virtual IP addresses, for example, in a cluster of multihomed Web servers.

See also: IP address; multihomed computer

virtual local area network (VLAN)

A logical grouping of hosts on one or more LANs that allows communication to occur between hosts as if they were on the same physical LAN.

See also: local area network (LAN)

virtual memory

Temporary storage used by a computer to run programs that need more memory than it has. For example, programs could have access to 4 gigabytes (GB) of virtual memory on a computer's hard drive, even if the computer has only 32 megabytes (MB) of RAM. The program data that does not currently fit in the computer's memory is saved into paging files.

See also: paging file; Virtual Memory Size; virtual printer memory

Virtual Memory Size

In Task Manager, the amount of virtual memory, or address space, committed to a process.

See also: virtual memory

virtual printer memory

In a PostScript printer, a part of memory that stores font information. The memory in PostScript printers is divided into two areas: banded memory and virtual memory. The banded memory contains graphics and page-layout information needed to print your documents. The virtual memory contains any font information that is sent to your printer either when you print a document or when you download fonts.

See also: virtual memory

virtual private network (VPN)

The extension of a private network that encompasses encapsulated, encrypted, and authenticated links across shared or public networks. VPN connections can provide remote access and routed connections to private networks over the Internet.

See also: authentication; encryption; remote access; routing; tunnel


A program that attempts to spread from computer to computer and either cause damage (by erasing or corrupting data) or annoy users (by printing messages or altering what is displayed on the screen).

virus scanner

Software used to scan for and eradicate computer viruses, worms, and Trojan horses.

VoIP (Voice over Internet Protocol)

A method for sending voice over a LAN, a WAN, or the Internet using TCP/IP packets.

See also: local area network (LAN); Transmission Control Protocol/Internet Protocol (TCP/IP); wide area network (WAN)


An area of storage on a hard disk. A volume is formatted by using a file system, such as FAT or NTFS, and has a drive letter assigned to it. You can view the contents of a volume by clicking its icon in Windows Explorer or in My Computer. A single hard disk can have multiple volumes, and volumes can also span multiple disks.

See also: file allocation table (FAT); NTFS file system; simple volume; spanned volume

volume mount points

System objects in the version of NTFS included with Windows 2000 and Windows XP Professional that represent storage volumes in a persistent, robust manner. Volume mount points allow the operating system to graft the root of a volume onto a directory.

See also: NTFS file system; volume

volume set

A volume that consists of disk space on one or more physical disks. A volume set is created by using Windows NT 4.0 or earlier. Windows XP Professional does not support volume sets. Instead, you must create a spanned volume on dynamic disks.

See also: basic disk; dynamic disk; partition; spanned volume; volume

volume shadow copy

A volume that represents a duplicate of the original volume taken at the time the copy began.

See also: differential data; volume

voluntary tunnel

A tunnel that is initiated by the client. It tunnels PPP over IP from the client to the tunnel server, then the data is forwarded to the target host by the tunnel server.

See also: client; Internet Protocol (IP); Point-to-Point Protocol (PPP); tunnel; tunnel server


WDM Streaming class

The means by which Windows XP Professional supports digital video and audio. Enables support for such components as DVD decoders, MPEG decoders, video decoders, tuners, and audio codecs.

wide area network (WAN)

A communications network connecting geographically separated computers, printers, and other devices. A WAN allows any connected device to interact with any other on the network.

See also: local area network (LAN)

Windows File Protection (WFP)

A feature that runs in the background and protects your system files from being overwritten. When a file in a protected folder is modified, WFP determines whether the new file is the correct Microsoft version or whether the file is digitally signed. If not, the modified file is replaced with a valid version.

Windows Installer

An operating system service that allows the operating system to manage the installation process. Windows Installer technologies are divided into two parts that work in combination: a clientside installer service (Msiexec.exe) and a package (.msi) file. Windows Installer uses the information contained within a package file to install the application.

Windows Internet Name Service (WINS)

A software service that dynamically maps IP addresses to computer names (NetBIOS names). This allows users to access resources by name instead of requiring them to use IP addresses that are difficult to recognize and remember. WINS servers support clients running Windows NT 4.0 and earlier versions of Microsoft operating systems.

See also: Domain Name System (DNS); IP address; network basic input/output system (NetBIOS); resource

Windows Management Instrumentation (WMI)

A management infrastructure in Windows that supports monitoring and controlling system resources through a common set of interfaces and provides a logically organized, consistent model of Windows operation, configuration, and status.

See also: resource

Windows MultiLanguage Version

A version of Windows that extends the native language support in Windows by allowing user interface languages to be changed on a per-user basis. This version also minimizes the number of language versions you need to deploy across a network.

Windows Update

A Microsoft-owned Web site from which Windows users can install or update device drivers. By using an ActiveX control, Windows Update compares the available drivers with those on the user's system and offers to install new or updated versions.


See definition for: Windows Internet Name Service (WINS)


Windows Sockets. An application programming interface (API) standard for software that provides a TCP/IP interface under Windows.

See also: application programming interface (API); Transmission Control Protocol/Internet Protocol (TCP/IP)

work queue item

A job request to an existing library, made by an application that supports Removable Storage, which is placed in a queue and processed when the library resource becomes available.

See also: library; Removable Storage


A simple grouping of computers, intended only to help users find such things as printers and shared folders within that group. Workgroups in Windows do not offer the centralized user accounts and authentication offered by domains.

See also: authentication; domain; user account

World Wide Web

A system for exploring the Internet by using hyperlinks. When you use a Web browser, the Web appears as a collection of text, pictures, sounds, and digital movies.

See also: internet


There are no glossary terms that begin with this letter.


There are no glossary terms that begin with this letter.


There are no glossary terms that begin with this letter.


Back To The Top