3270 A class of IBM Systems Network Architecture terminal and related protocol used to communicate with IBM mainframe host systems.

5250 A class of IBM Systems Network Architecture terminal and related protocol used to communicate with AS/400 host systems.

802.1p A protocol that supports the mapping of RSVP signals to Layer 2 signals using 802.1p priority markings to enable the prioritization of traffic across Layer 2 devices, such as switches, on a network segment. IEEE 802 refers to the Layer 2 technology used by LANs including the data-link layer and the media access control layer.

8mm cassette A tape cartridge format used for data backups, similar to that used for some video cameras except that the tape is rated for data storage. The capacity is 5 GB or more of (optionally compressed) data.

AC-3 The coding system used by Dolby Digital. A standard for high quality digital audio that is used for the sound portion of video stored in digital format.

Accelerated Graphics Port (AGP) A type of expansion slot that is solely for video cards. Designed by Intel and supported by Windows 2000, AGP is a dedicated bus that provides fast, high-quality video and graphics performance.

access control entry (ACE) An entry in an access control list (ACL) containing the security ID (SID) for a user or group and an access mask that specifies which operations by the user or group are allowed, denied, or audited. See also access control list; access mask; security descriptor.

access control list (ACL) A list of security protections that apply to an entire object, a set of the object’s properties, or an individual property of an object. There are two types of access control lists: discretionary and system. See also access control entry; discretionary access control list; security descriptor; system access control list.

access mask A 32-bit value that specifies the rights that are allowed or denied in an access control entry (ACE) of an access control list (ACL). An access mask is also used to request access rights when an object is opened. See also access control entry.

access token A data structure containing security information that identifies a user to the security subsystem on a computer running Windows 2000 or Windows NT. An access token contains a user’s security ID, the security IDs for groups that the user belongs to, and a list of the user’s privileges on the local computer. See also privilege; security ID.

accessibility The quality of a system incorporating hardware or software to engage a flexible, customizable user interface, alternative input and output methods, and greater exposure of screen elements to make the computer usable by people with cognitive, hearing, physical, or visual disabilities.

accessibility status indicators Icons on the system status area of the taskbar of the Windows desktop that let the user know which accessibility features are activated.

Accessibility Wizard An interactive tool that makes it easier to set up commonly used accessibility features by specifying options by type of disability, rather than by numeric value changes.

ACPI See Advanced Configuration and Power Interface.

Active Accessibility A core component in the Windows operating system that is built on COM and defines how applications can exchange information about user interface elements.

Active Directory The directory service included with Windows 2000 Server. It stores information about objects on a network and makes this information available to users and network administrators. Active Directory gives network users access to permitted resources anywhere on the network using a single logon process. It provides network administrators with an intuitive hierarchical view of the network and a single point of administration for all network objects. See also directory; directory service.

ActiveX A set of technologies that enables software components to interact with one another in a networked environment, regardless of the language in which the components were created.

administrator See system administrator.

Advanced Configuration and Power Interface (ACPI) An open industry specification that defines power management on a wide range of mobile, desktop, and server computers and peripherals. ACPI is the foundation for the OnNow industry initiative that allows system manufacturers to deliver computers that will start at the touch of a keyboard. ACPI design is essential to take full advantage of power management and Plug and Play in Windows 2000. Check the manufacturer’s documentation to verify that a computer is ACPI-compliant. See also Plug and Play.

Advanced Power Management A software interface (designed by Microsoft and Intel) between hardware-specific power management software (such as that located in a system BIOS) and an operating system power management driver.

advertisement In Systems Management Server, a notification sent by the site server to the client access points (CAPs) specifying that a software distribution program is available for clients to use. In Windows 2000, the Software Installation snap-in generates an application advertisement script and stores this script in the appropriate locations in Active Directory and the Group Policy object.

allocation unit In file systems an allocation unit is the smallest amount of disk space that can be allocated to hold a file. All file systems used by Windows 2000 organize hard disks based on allocation units. The smaller the allocation unit size, the more efficiently a disk stores information. If no allocation unit size is specified during formatting, Windows 2000 chooses default sizes based on the size of the volume and the file system used. These defaults are selected to reduce the amount of space lost and the amount of fragmentation on the volume. Also called cluster.

American Standard Code for Information Interchange (ASCII) A standard single byte character encoding scheme used for text-based data. ASCII uses designated 7-bit or 8-bit number combinations to represent either 128 or 256 possible characters. Standard ASCII uses 7 bits to represent all uppercase and lowercase letters, the numbers 0 through 9, punctuation marks, and special control characters used in U.S. English. Most current x86 systems support the use of extended (or "high") ASCII. Extended ASCII allows the eighth bit of each character to identify an additional 128 special symbol characters, foreign-language letters, and graphic symbols. See also Unicode.

answer file A text file that you can use to provide automated input for unattended installation of Windows 2000. This input includes parameters to answer the questions required by Setup for specific installations. In some cases, you can use this text file to provide input to wizards, such as the Active Directory Installation wizard, which is used to add Active Directory to Windows 2000 Server through Setup. The default answer file for Setup is known as Unattend.txt.

API See application programming interface.

APM See Advanced Power Management.

application media pool A data repository that determines which media can be accessed by which applications and that sets the policies for that media. There can be any number of application media pools in a Removable Storage system. Applications create application media pools.

application programming interface (API) A set of routines that an application uses to request and carry out lower-level services performed by a computer’s operating system. These routines usually carry out maintenance tasks such as managing files and displaying information.

assistive technology System extensions, programs, devices, and utilities added to a computer to make it more accessible to users with disabilities.

asynchronous communication A form of data transmission in which information is sent and received at irregular intervals, one character at a time. Because data is received at irregular intervals, the receiving modem must be signaled to inform it when the data bits of a character begin and end. This is done by means of start and stop bits.

Asynchronous Transfer Mode (ATM) A high-speed connection-oriented protocol used to transport many different types of network traffic.

ATM See Asynchronous Transfer Mode.

attribute (object) In Active Directory, an attribute describes characteristics of an object and the type of information an object can hold. For each object class, the schema defines what attributes an instance of the class must have and what additional attributes it might have.

auditing To track the activities of users by recording selected types of events in the security log of a server or a workstation.

authentication A basic security function of cryptography. Authentication verifies the identity of the entities that communicate over the network. For example, the process that verifies the identity of a user who logs on to a computer either locally, at a computer’s keyboard, or remotely, through a network connection. See also cryptography; confidentiality; integrity; Kerberos authentication protocol; nonrepudiation; NTLM authentication protocol.

Authentication Header (AH) A header that provides authentication, integrity, and anti-replay for the entire packet (both the IP header and the data payload carried in the packet).

authoritative In the Domain Name System (DNS), the use of zones by DNS servers to register and resolve a DNS domain name. When a DNS server is configured to host a zone, it is authoritative for names within that zone. DNS servers are granted authority based on information stored in the zone. See also zone.

automated installation An unattended setup using one or more of several methods such as Remote Installation Services, bootable CD, and Sysprep.

automatic caching A method of automatically storing network files on a user’s hard disk drive whenever a file is open so the files can be accessed when the user is not connected to the network.

Automatic Private IP Addressing (APIPA) A feature of Windows 2000 TCP/IP that automatically configures a unique IP address from the range 169.254.0.1 to 169.254.255.254 and a subnet mask of 255.255.0.0 when the TCP/IP protocol is configured for dynamic addressing and a Dynamic Host Configuration Protocol (DHCP) is not available.

available state A state in which media can be allocated for use by applications.

averaging counter A type of counter that measures a value over time and displays the average of the last two measurements over some other factor (for example, PhysicalDisk\Avg. Disk Bytes/Transfer).

B-tree A tree structure for storing database indexes. Each node in the tree contains a sorted list of key values and links that correspond to ranges of key values between the listed values. To find a specific data record given its key value, the program reads the first node, or root, from the disk and compares the desired key with the keys in the node to select a subrange of key values to search. It repeats the process with the node indicated by the corresponding link. At the lowest level, the links indicate the data records. The database system can thus rapidly search through the levels of the tree structure to find the simple index entries that contain the location of the desired records or rows.

backup A duplicate copy of a program, a disk, or data, made either for archiving purposes or for safeguarding valuable files from loss should the active copy be damaged or destroyed. Some application programs automatically make backup copies of data files, maintaining both the current version and the preceding version.

backup operator A type of local or global group that contains the user rights needed to back up and restore files and folders. Members of the Backup Operators group can back up and restore files and folders regardless of ownership, access permissions, encryption, or auditing settings. See also auditing; global group; local group; user rights.

backup types A type that determines which data is backed up and how it is backed up. There are five backup types: copy, daily, differential, incremental, and normal. See also copy backup; daily backup; differential backup; incremental backup; normal backup.

bad block A disk sector that can no longer be used for data storage, usually due to media damage or imperfections.

bandwidth In analog communications, the difference between the highest and lowest frequencies in a given range. For example, a telephone line accommodates a bandwidth of 3,000 Hz, the difference between the lowest (300 Hz) and highest (3,300 Hz) frequencies it can carry. In digital communications, the rate at which information is sent expressed in bits per second (bps).

bar code A machine-readable label that identifies an object, such as physical media.

base file record The first file record in the master file table (MFT) for a file that has multiple file records. The base file record is the record to which the file’s file reference corresponds.

baseline A range of measurements derived from performance monitoring that represents acceptable performance under typical operating conditions.

basic disk A physical disk that contains primary partitions or extended partitions with logical drives used by Windows 2000 and all versions of Windows NT. Basic disks can also contain volume, striped, mirror, or RAID-5 sets that were created using Windows NT 4.0 or earlier. As long as a compatible file format is used, basic disks can be accessed by MS-DOS, Windows 95, Windows 98, and all versions of Windows NT.

basic input/output system (BIOS) The set of essential software routines that tests hardware at startup, assists with starting the operating system, and supports the transfer of data among hardware devices. The BIOS is stored in read-only memory (ROM) so that it can be executed when the computer is turned on. Although critical to performance, the BIOS is usually invisible to computer users.

basic volume A volume on a basic disk. Basic volumes include primary partitions, logical drives within extended partitions, as well as volume, striped, mirror, or RAID-5 sets that were created using Windows NT 4.0 or earlier. Only basic disks can contain basic volumes. Basic and dynamic volumes cannot exist on the same disk.

batch program An ASCII (unformatted text) file containing one or more Windows NT or Windows 2000 commands. A batch program’s filename has a .BAT extension. When you type the filename at the command prompt, the commands are processed sequentially. "Script" is often used interchangeably with "batch program" in the Windows NT and Windows 2000 environment.

Bidirectional communication Communication that occurs in two directions simultaneously. Bidirectional communication is useful in printing where jobs can be sent and printer status can be returned at the same time.

binding A process by which software components and layers are linked together. When a network component is installed, the binding relationships and dependencies for the components are established. Binding allows components to communicate with each other.

binding order The sequence in which software components, network protocols and network adapters are linked together. When a network component is installed, the binding relationships and dependencies for the components are established.

BIOS See basic input/output system.

BIOS parameter block (BPB) A series of fields containing data on disk size, geometry variables, and the physical parameters of the volume. The BPB is located within the boot sector.

boot sector A critical disk structure for starting your computer, located at sector 1 of each volume or floppy disk. It contains executable code and data that is required by the code, including information used by the file system to access the volume. The boot sector is created when you format the volume.

bootable CD An automated installation method that runs Setup from a CD-ROM. This method is useful for computers at remote sites with slow links and no local IT department. See also automated installation.

bottleneck A condition, usually involving a hardware resource, that causes the entire system to perform poorly.

BounceKeys A keyboard filter that assists users whose fingers bounce on the keys when pressing or releasing them.

bound trap In programming, a problem in which a set of conditions exceeds a permitted range of values that causes the microprocessor to stop what it is doing and handle the situation in a separate routine.

browsing The process of creating and maintaining an up-to-date list of computers and resources on a network or part of a network by one or more designated computers running the Computer Browser service. See Computer Browser service.

bulk encryption A process in which large amounts of data, such as files, e-mail messages, or online communications sessions, are encrypted for confidentiality. It is usually done with a symmetric key algorithm. See also encryption; symmetric key encryption.

cable modem A modem that provides broadband Internet access in the range of 10 to 30 Mbps.

cache For DNS and WINS, a local information store of resource records for recently resolved names of remote hosts. Typically, the cache is built dynamically as the computer queries and resolves names; it helps optimize the time required to resolve queried names. See also cache file; naming service; resource record.

cache file A file used by the Domain Name System (DNS) server to preload its names cache when service is started. Also known as the "root hints" file because resource records stored in this file are used by the DNS service to help locate root servers that provide referral to authoritative servers for remote names. For Windows DNS servers, the cache file is named Cache.dns and is located in the %SystemRoot%\System32\Dns folder. See also authoritative; cache; systemroot.

caching The process of storing recently-used data values in a special pool in memory where they are temporarily held for quicker subsequent accesses. For DNS, the ability of DNS servers to store information about the domain namespace learned during the processing and resolution of name queries. In Windows 2000, caching is also available through the DNS client service (resolver) as a way for DNS clients to keep a cache of name information learned during recent queries. See also caching resolver.

caching resolver For Windows 2000, a client-side Domain Name System (DNS) name resolution service that performs caching of recently learned DNS domain name information. The caching resolver service provides system-wide access to DNS-aware programs for resource records obtained from DNS servers during the processing of name queries. Data placed in the cache is used for a limited period of time and aged according to the active Time To Live (TTL) value. You can set the TTL either individually for each resource record (RR) or default to the minimum TTL set in the start of authority RR for the zone. See also cache; caching; expire interval; minimum TTL; resolver; resource record; Time To Live (TTL).

callback number The number that a RAS server uses to call back a user. This number can be preset by the administrator or specified by the user at the time of each call, depending on how the administrator configures the user’s callback status. The callback number should be the number of the phone line to which the user’s modem is connected.

CardBus A 32-bit PC Card.

cartridge A unit of media of a certain type, such as 8mm tape, magnetic disk, optical disk, or CD-ROM, used by Removable Storage.

Central Processing Unit (CPU) The part of a computer that has the ability to retrieve, interpret, and execute instructions and to transfer information to and from other resources over the computer’s main data-transfer path, the bus. By definition, the CPU is the chip that functions as the "brain" of a computer.

certificate A digital document that is commonly used for authentication and secure exchange of information on open networks, such as the Internet, extranets, and intranets. A certificate securely binds a public key to the entity that holds the corresponding private key. Certificates are digitally signed by the issuing certification authority and can be issued for a user, a computer, or a service. The most widely accepted format for certificates is defined by the ITU-T X.509 version 3 international standard. See also certification authority; private key; public key.

Certificate Services The Windows 2000 service that issues certificates for a particular CA. It provides customizable services for issuing and managing certificates for the enterprise. See also certificate; certification authority.

certification authority (CA) An entity responsible for establishing and vouching for the authenticity of public keys belonging to users (end entities) or other certification authorities. Activities of a certification authority can include binding public keys to distinguished names through signed certificates, managing certificate serial numbers, and certificate revocation. See also certificate; public key.

Certified-for-Windows Logo A specification that addresses the requirements of computer users with disabilities to ensure quality and consistency in assistive devices.

Challenge Handshake Authentication Protocol (CHAP) A challenge-response authentication protocol for PPP connections documented in RFC 1994 that uses the industry-standard Message Digest 5 (MD5) one-way encryption scheme to hash the response to a challenge issued by the remote access server.

change journal A feature new to Windows 2000 that tracks changes to NTFS volumes, including additions, deletions, and modifications. The change journal exists on the volume as a sparse file.

changer The robotic element of an online library unit.

CHAP See Challenge Handshake Authentication Protocol.

child object An object that is the immediate subordinate of another object in a hierarchy. A child object can have only one immediate superior, or parent, object. In Active Directory, the schema determines what classes of objects can be child objects of what other classes of objects. Depending on its class, a child object can also be the parent of other objects. See also object; parent object.

CIM (COM Information Model) Object Manager A system service that handles interaction between network management applications and providers of local or remote data or system events. CIM (COM Information Model) Object Manager is also known as CIMOM.

ciphertext Text that has been encrypted using an encryption key. Ciphertext is meaningless to anyone who does not have the decryption key. See also decryption; encryption; encryption key; plaintext.

client Any computer or program connecting to, or requesting services of, another computer or program. See also server.

cluster A group of independent computer systems known as nodes or hosts, that work together as a single system to ensure that mission-critical applications and resources remain available to clients. A server cluster is the type of cluster that the Cluster service implements. Network Load Balancing provides a software solution for clustering multiple computers running Windows 2000 Server that provides networked services over the Internet and private intranets. In file systems a cluster is the smallest amount of disk space that can be allocated to hold a file. All file systems used by Windows 2000 organize hard disks based on clusters. The smaller the cluster size, the more efficiently a disk stores information. If no cluster size is specified during formatting, Windows 2000 chooses default sizes based on the size of the volume and the file system used. These defaults are selected to reduce the amount of space lost and the amount of fragmentation on the volume. Also called allocation units.

cluster remapping A recovery technique used when Windows 2000 returns a bad sector error to NTFS. NTFS dynamically replaces the cluster containing the bad sector and allocates a new cluster for the data. If the error occurs during a read, NTFS returns a read error to the calling program, and the data is lost. If the error occurs during a write, NTFS writes the data to the new cluster, and no data is lost.

code page A page that maps character codes to individual characters. Different code pages include different special characters, typically customized for a language or a group of languages. The system uses code pages to translate keyboard input into character values for non-Unicode based applications, and to translate character values into characters for non-Unicode based output displays.

COM See Component Object Model.

COM port Short for communications port, the logical address assigned by MS-DOS (versions 3.3 and higher) and Microsoft Windows (including Windows 95, Windows 98, Windows NT and Windows 2000) to each of the four serial ports on an IBM Personal Computer or a PC compatible. COM ports are also known as the actual serial ports on a PC’s CPU where peripherals, such as printers, scanners, and external modems, are plugged in.

commit a transaction To record in the log file the fact that a transaction is complete and has been recorded in the cache.

Common Internet File System (CIFS) A protocol and a corresponding API used by application programs to request higher level application services. CIFS was formerly known as SMB (Server Message Block).

Compact Disc File System (CDFS) A 32-bit protected-mode file system that controls access to the contents of CD-ROM drives in Windows 2000.

compact disc-recordable (CD-R) A type of CD-ROM that can be written on a CD recorder and read on a CD-ROM drive.

complementary metal-oxide semiconductor (CMOS) The battery-packed memory that stores information, such as disk types and amount of memory, used to start the computer.

Component Object Model (COM) An object-based programming model designed to promote software interoperability; it allows two or more applications or components to easily cooperate with one another, even if they were written by different vendors, at different times, in different programming languages, or if they are running on different computers running different operating systems. COM is the foundation technology upon which broader technologies can be built. Object linking and embedding (OLE) technology and ActiveX are both built on top of COM.

Computer Browser service A service that maintains an up-to-date list of computers and provides the list to applications when requested. The Computer Browser service provides the computer lists displayed in the My Network Places, Select Computer, and Select Domain dialog boxes and (for Windows 2000 Server only) in the Server Manager window.

confidentiality A basic security function of cryptography. Confidentiality provides assurance that only authorized users can read or use confidential or secret information. Without confidentiality, anyone with network access can use readily available tools to eavesdrop on network traffic and intercept valuable proprietary information. For example, an Internet Protocol security service that ensures a message is disclosed only to intended recipients by encrypting the data. See also cryptography; authentication; integrity; nonrepudiation.

console tree The tree view pane in a Microsoft Management Console (MMC) that displays the hierarchical namespace. By default it is the left pane of the console window, but it can be hidden. The items in the console tree (for example, Web pages, folders, and controls) and their hierarchical organization determines the management capabilities of a console. See also Microsoft Management Console (MMC); namespace.

container object An object that can logically contain other objects. For example, a folder is a container object. See also noncontainer object; object.

copy backup A backup that copies all selected files but does not mark each file as having been backed up (that is, the archive bit is not set). A copy backup is useful between normal and incremental backups because copying does not affect these other backup operations. See also daily backup; differential backup; incremental backup; normal backup.

CPU See Central Processing Unit.

cryptography The art and science of information security. It provides four basic information security functions: confidentiality, integrity, authentication, and nonrepudiation. See also confidentiality; integrity; authentication; nonrepudiation.

daily backup A backup that copies all selected files that have been modified the day the daily backup is performed. The backed-up files are not marked as having been backed up (that is, the archive bit is not set). See also copy backup; differential backup; incremental backup; normal backup.

data confidentiality A service provided by cryptographic technology to assure that data can be read only by authorized users or programs. In a network, data confidentiality ensures that data cannot be read by intruders. Windows 2000 uses access control mechanisms and encryption, such as DES, 3DES and RSA encryption algorithms, to ensure data confidentiality.

Data Encryption Standard (DES) An encryption algorithm that uses a 56-bit key, and maps a 64-bit input block to a 64-bit output block. The key appears to be a 64-bit key, but one bit in each of the 8 bytes is used for odd parity, resulting in 56 bits of usable key.

data integrity A service provided by cryptographic technology that ensures data has not been modified. In a network environment, data integrity allows the receiver of a message to verify that data has not been modified in transit. Windows 2000 uses access control mechanisms and cryptography, such as RSA public-key signing and shared symmetric key one way hash algorithms, to ensure data integrity.

Data Link Control (DLC) A protocol used primarily for IBM mainframe computers and printer connectivity.

data packet A unit of information transmitted as a whole from one device to another on a network.

deallocate To return media to the available state after they have been used by an application.

decommissioned state A state that indicates that media have reached their allocation maximum.

decryption The process of making encrypted data readable again by converting ciphertext to plaintext. See also ciphertext; encryption; plaintext.

default gateway A configuration item for the TCP/IP protocol that is the IP address of a directly reachable IP router. Configuring a default gateway creates a default route in the IP routing table.

defragmentation The process of rewriting parts of a file to contiguous sectors on a hard disk to increase the speed of access and retrieval. When files are updated, the computer tends to save these updates on the largest continuous space on the hard disk, which is often on a different sector than the other parts of the file. When files are thus fragmented, the computer must search the hard disk each time the file is opened to find all of the parts of the file, which slows down response time. In Active Directory, defragmentation rearranges how the data is written in the directory database file to compact it. See also fragmentation.

dependent client For Message Queuing, a computer that requires synchronous access to a Message Queuing server to perform all standard message queuing operations, such as sending and receiving messages and creating queues. See also independent client; Message Queuing server.

desktop The on-screen work area in which windows, icons, menus, and dialog boxes appear.

destination directory The directory (or folder) to which files are copied or moved. See also source directory.

destination queue The queue on a target computer where messages sent from a source computer are delivered to and stored. As they traverse a Message Queuing network, the messages can be stored temporarily on intermediary Message Queuing routing servers. See also Message Queuing; Message Queuing routing; Message Queuing routing server; Message Queuing service.

device driver A program that allows a specific device, such as a modem, network adapter, or printer, to communicate with Windows 2000. Although a device can be installed on a system, Windows 2000 cannot use the device until the appropriate driver has been installed and configured. If a device is listed in the Hardware Compatibility List (HCL), a driver is usually included with Windows 2000. Device drivers load (for all enabled devices) when a computer is started, and thereafter run invisibly. See also Hardware Compatibility List (HCL).

Device Manager An administrative tool that can be used to manage the devices on your computer. Use Device Manager to view and change device properties, update device drivers, configure device settings, and remove devices.

Device Tree A hierarchical tree that contains the devices configured on the computer.

differential backup A backup that copies files created or changed since the last normal or incremental backup. It does not mark files as having been backed up (that is, the archive bit is not set). If you are performing a combination of normal and differential backups, restoring files and folders requires that you have the last normal as well as the last differential backup. See also copy backup; daily backup; incremental backup; normal backup.

digital audio tape (DAT) A magnetic medium for recording and storing digital audio data.

digital certificate See certificate.

digital linear tape (DLT) A magnetic medium for backing up data. DLT can transfer data faster than many other types of tape media.

digital signature A means for originators of a message, file, or other digitally-encoded information to bind their identity to the information. The process of digitally signing information entails transforming the information, as well as some secret information held by the sender, into a tag called a signature. Digital signatures are used in public key environments and they provide nonrepudiation and integrity services. See also public key cryptography.

digital subscriber line (DSL) A special communication line that uses modulation technology to maximize the amount of data that can be sent over copper wires. DSL is used for connections from telephone switching stations to a subscriber rather than between switching stations.

direct hosting A feature that allows Windows 2000 computers using Microsoft file and print sharing to communicate over a communications protocol, such as TCP or IPX, bypassing the NetBIOS layer.

direct memory access (DMA) Memory access that does not involve the microprocessor. DMA is frequently used for data transfer directly between memory and a peripheral device, such as a disk drive.

directory An information source that contains information about computer files or other objects. In a file system, a directory stores information about files. In a distributed computing environment (such as a Windows 2000 domain), the directory stores information about objects such as printers, applications, databases, and users.

directory service Both the directory information source and the service that make the information available and usable. A directory service enables the user to find an object given any one of its attributes. See also Active Directory; directory.

disable To make a device nonfunctional. For example, if a device in a hardware profile is disabled, the device cannot be used while using that hardware profile. Disabling a device frees the resources that were allocated to the device.

discretionary access control list (DACL) The part of an object’s security descriptor that grants or denies specific users and groups permission to access the object. Only the owner of an object can change permissions granted or denied in a DACL; thus access to the object is at the owner’s discretion. See also access control entry; object; security descriptor; system access control list.

disk bottleneck A condition that occurs when disk performance is reduced to the extent that overall system performance is affected.

disk quota The maximum amount of disk space available to a user.

dismount To remove a removable tape or disc from a drive. See also library.

distinguished name A name that uniquely identifies an object by using the relative distinguished name for the object, plus the names of container objects and domains that contain the object. The distinguished name identifies the object as well as its location in a tree. Every object in Active Directory has a distinguished name. An example of a distinguished name is CN=MyName,CN=Users,DC=Reskit,DC=Com.

This distinguished name identifies the "MyName" user object in the reskit.com domain.

Distributed file system (Dfs) A Windows 2000 service consisting of software residing on network servers and clients that transparently links shared folders located on different file servers into a single namespace for improved load sharing and data availability.

distribution folder The folder created on the Windows 2000 distribution server to contain the Setup files.

DMA See direct memory access.

DNS See Domain Name System.

DNS server A computer that runs DNS server programs containing name-to-IP address mappings, IP address-to-name mappings, information about the domain tree structure, and other information. DNS servers also attempt to resolve client queries.

DNS zone In a DNS database, a zone is a contiguous portion of the DNS tree that is administered as a single separate entity, by a DNS server. The zone contains resource records for all the names within the zone.

domain In Windows 2000 and Active Directory, a collection of computers defined by the administrator of a Windows 2000 Server network that share a common directory database. A domain has a unique name and provides access to the centralized user accounts and group accounts maintained by the domain administrator. Each domain has its own security policies and security relationships with other domains and represents a single security boundary of a Windows 2000 computer network. Active Directory is made up of one or more domains, each of which can span more than one physical location. For DNS, a domain is any tree or subtree within the DNS namespace. Although the names for DNS domains often correspond to Active Directory domains, DNS domains should not be confused with Windows 2000 and Active Directory networking domain.

domain controller For a Windows NT Server or Windows 2000 Server domain, the server that authenticates domain logons and maintains the security policy and the security accounts master database for a domain. Domain controllers manage user access to a network, which includes logging on, authentication, and access to the directory and shared resources.

domain local group A Windows 2000 group only available in native mode domains that can contain members from anywhere in the forest, in trusted forests, or in a trusted pre-Windows 2000 domain. Domain local groups can only grant permissions to resources within the domain in which they exist. Typically, domain local groups are used to gather security principals from across the forest to control access to resources within the domain.

domain name In Windows 2000 and Active Directory, the name given by an administrator to a collection of networked computers that share a common directory. For DNS, domain names are specific node names in the DNS namespace tree. DNS domain names use singular node names, known as "labels," joined together by periods (.) that indicate each node level in the namespace. See also Domain Name System (DNS); namespace.

Domain Name System (DNS) A hierarchical naming system used for locating domain names on the Internet and on private TCP/IP networks. DNS provides a service for mapping DNS domain names to IP addresses, and vice versa. This allows users, computers, and applications to query the DNS to specify remote systems by fully qualified domain names rather than by IP addresses. See also domain; Ping.

domain tree In DNS, the inverted hierarchical tree structure that is used to index domain names. Domain trees are similar in purpose and concept to the directory trees used by computer filing systems for disk storage. See also domain name; namespace.

dongle A device that attaches to a computer to control access to a particular application. Dongles provide the most effective means of copy protection. Typically, the dongle attaches to a computer’s parallel port.

DOT4 See IEEE 1284.4

DSL See digital subscriber line.

dual boot A computer configuration that can start two different operating systems. See also multiple boot.

DVD decoder A hardware or software component that allows a digital video disc (DVD) drive to display movies on your computer screen. See also DVD disc; DVD drive.

DVD disc A type of optical disc storage technology. A digital video disc (DVD) looks like a CD-ROM disc, but it can store greater amounts of data. DVD discs are often used to store full-length movies and other multimedia content that requires large amounts of storage space. See also DVD decoder; DVD drive.

DVD drive A disk storage device that uses digital video disc (DVD) technology. A DVD drive reads both CD-ROM and DVD discs; however, a DVD decoder is necessary to display DVD movies on your computer screen. See also DVD decoder; DVD disc.

Dvorak keyboard An alternative keyboard with a layout that makes the most frequently typed characters more accessible to people who have difficulty typing on the standard QWERTY layout.

dynamic disk A physical disk that is managed by Disk Management. Dynamic disks can contain only dynamic volumes (that is, volumes created by using Disk Management). Dynamic disks cannot contain partitions or logical drives, nor can they be accessed by MS-DOS. See also dynamic volume; partition.

Dynamic Host Configuration Protocol (DHCP) A networking protocol that provides safe, reliable, and simple TCP/IP network configuration and offers dynamic configuration of Internet Protocol (IP) addresses for computers. DHCP ensures that address conflicts do not occur and helps conserve the use of IP addresses through centralized management of address allocation.

dynamic priority The priority value to which a thread’s base priority is adjusted to optimize scheduling.

dynamic volume A logical volume that is created using Disk Management. Dynamic volumes include simple, spanned, striped, mirrored, and RAID-5 volumes. Dynamic volumes must be created on dynamic disks. See also dynamic disk; volume.

dynamic-link library (DLL) A feature of the Microsoft Windows family of operating systems and the OS/2 operating system. DLLs allow executable routines, generally serving a specific function or set of functions, to be stored separately as files with .dll extensions, and to be loaded only when needed by the program that calls them.

EAP See Extensible Authentication Protocol.

EIDE See Enhanced Integrated Drive Electronics.

embedded object Information created in another application that has been pasted inside a document. When information is embedded, you can edit it in the new document by using toolbars and menus from the original program. When you double-click the embedded icon, the toolbars and menus from the program used to create the information appear. Embedded information is not linked to the original file. If you change information in one place, it is not updated in the other. See also linked object.

emergency repair disk (ERD) A disk, created by the Backup utility, that contains copies of three of the files stored in the %SystemRoot%/Repair folder, including Setup.log that contains a list of system files installed on the computer. This disk can be used during the Emergency Repair Process to repair your computer if it will not start or if your system files are damaged or erased.

encapsulating security payload (ESP) An IPSec protocol that provides confidentiality, in addition to authentication, integrity, and anti-replay. ESP can be used alone, in combination with AH, or nested with the Layer Two Tunneling Protocol (L2TP). ESP does not normally sign the entire packet unless it is being tunneled. Ordinarily, just the data payload is protected, not the IP header.

Encrypting File System (EFS) A new feature in Windows 2000 that protects sensitive data in files that are stored on disk using the NTFS file system. It uses symmetric key encryption in conjunction with public key technology to provide confidentiality for files. It runs as an integrated system service, which makes EFS easy to manage, difficult to attack, and transparent to the file owner and to applications.

encryption The process of disguising a message or data in such a way as to hide its substance.

encryption key A bit string that is used in conjunction with an encryption algorithm to encrypt and decrypt data. See also public key; private key; symmetric key.

Enhanced Integrated Drive Electronics (EIDE) An extension of the IDE standard, EIDE is a hardware interface standard for disk drive designs that houses control circuits in the drives themselves. It allows for standardized interfaces to the system bus, while providing for advanced features, such as burst data transfers and direct data access.

Enterprise Resource Planning (ERP) A software system designed to support and automate the processes of an organization, including manufacturing and distribution, accounting, project management and personnel functions.

environment variable A string consisting of environment information, such as a drive, path, or filename, associated with a symbolic name that can be used by Windows NT and Windows 2000. Use the System option in Control Panel or the set command from the command prompt to define environment variables.

ERD See emergency repair disk.

Ethernet An IEEE 802.3 standard for contention networks. Ethernet uses a bus or star topology and relies on the form of access known as Carrier Sense Multiple Access with Collision Detection (CSMA/DC) to regulate communication line traffic. Network nodes are linked by coaxial cable, fiber-optic cable, or by twisted-pair wiring. Data is transmitted in variable-length frames containing delivery and control information and up to 1,500 bytes of data. The Ethernet standard provides for baseband transmission at 10 megabits (10 million bits) per second.

exabyte Approximately one quintillion bytes, or one billion billion bytes.

expire interval For DNS, the number of seconds that DNS servers operating as secondary masters for a zone use to determine if zone data should be expired when the zone is not refreshed and renewed. See also zone.

explicit trust relationship A trust relationship from Windows NT in which an explicit link is made in one direction only. Explicit trusts can also exist between Windows NT domains and Windows 2000 domains, and between forests.

export In NFS, to make a file system available by a server to a client for mounting.

Extended Industry Standard Architecture (EISA) A 32-bit bus standard introduced in 1988 by a consortium of nine computer-industry companies. EISA maintains compatibility with the earlier Industry Standard Architecture (ISA) but provides for additional features.

extended partition A portion of a basic disk that can contain logical drives. To have more than four volumes on your basic disk, you need to use an extended partition. Only one of the four partitions allowed per physical disk can be an extended partition, and no primary partition needs to be present to create an extended partition. You can create extended partitions only on basic disks. See also basic disk; logical drive; partition; primary partition; unallocated space.

Extensible Authentication Protocol (EAP) An extension to PPP that allows for arbitrary authentication mechanisms to be employed for the validation of a PPP connection.

Extensible Markup Language (XML) A meta-markup language that provides a format for describing structured data. This facilitates more precise declarations of content and more meaningful search results across multiple platforms. In addition, XML will enable a new generation of Web-based data viewing and manipulation applications.

FAT See file allocation table.

FAT32 A derivative of the file allocation table file system. FAT32 supports smaller cluster sizes than FAT in the same given disk space, which results in more efficient space allocation on FAT32 drives. See also file allocation table (FAT); NTFS file system.

fault tolerance The assurance of data integrity when hardware failures occur. On the Windows NT and Windows 2000 platforms, fault tolerance is provided by the Ftdisk.sys driver.

FDDI See Fiber Distributed Data Interface.

Fiber Distributed Data Interface (FDDI) A type of network media designed to be used with fiber-optic cabling. See also LocalTalk; Token Ring.

file allocation table (FAT) A file system based on a file allocation table (FAT) maintained by some operating systems, including Windows NT and Windows 2000, to keep track of the status of various segments of disk space used for file storage.

file record The row in the master file table (MFT) that corresponds to a particular disk file. The file record is identified by its file reference.

file system In an operating system, the overall structure in which files are named, stored, and organized. NTFS, FAT, and FAT32 are types of file systems.

file system cache An area of physical memory that holds frequently-used pages. It allows applications and services to locate pages rapidly and reduces disk activity.

File Transfer Protocol (FTP) A protocol that defines how to transfer files from one computer to another over the Internet. FTP is also a client/server application that moves files using this protocol.

filter In IPSec, a rule that provides the ability to trigger security negotiations for a communication based on the source, destination, and type of IP traffic. See also search filter.

FilterKeys A Windows 2000 accessibility feature that allows people with physical disabilities to adjust keyboard response time. See also BounceKeys; RepeatKeys; SlowKeys.

firewall A combination of hardware and software that provides a security system, usually to prevent unauthorized access from outside to an internal network or intranet. A firewall prevents direct communication between network and external computers by routing communication through a proxy server outside of the network. The proxy server determines whether it is safe to let a file pass through to the network. A firewall is also called a security-edge gateway.

folder redirection A Group Policy option that allows you to redirect designated folders to the network.

foreground boost A mechanism that increases the priority of a foreground application.

forest A collection of one or more Windows 2000 Active Directory trees, organized as peers and connected by two-way transitive trust relationships between the root domains of each tree. All trees in a forest share a common schema, configuration, and Global Catalog. When a forest contains multiple trees, the trees do not form a contiguous namespace.

fragmentation The scattering of parts of the same disk file over different areas of the disk. Fragmentation occurs as files on a disk are deleted and new files are added. It slows disk access and degrades the overall performance of disk operations, although usually not severely. See also defragmentation.

free media pool A logical collection of unused data-storage media that can be used by applications or other media pools. When media are no longer needed by an application, they are returned to a Free media pool so that they can be used again. See also media pool; Removable Storage.

gatekeeper A server that uses a directory to perform name-to-IP address translation, admission control and call management services in H.323 conferencing.

gateway A device connected to multiple physical TCP/IP networks, capable of routing or delivering IP packets between them. A gateway translates between different transport protocols or data formats (for example, IPX and IP) and is generally added to a network primarily for its translation ability. See also IP address; IP router.

Global Catalog A domain controller that contains a partial replica of every domain directory partition in the forest as well as a full replica of its own domain directory partition and the schema and configuration directory partitions. The Global Catalog holds a replica of every object in Active Directory, but each object includes a limited number of its attributes. The attributes in the Global Catalog are those most frequently used in search operations (such as a user’s first and last names) and those attributes that are required to locate a full replica of the object. The Global Catalog enables users and applications to find objects in Active Directory given one or more attributes of the target object, without knowing what domain holds the object. The Active Directory replication system builds the Global Catalog automatically. The attributes replicated into the Global Catalog include a base set defined by Microsoft. Administrators can specify additional properties to meet the needs of their installation.

global group For Windows 2000 Server, a group that can be used in its own domain, in member servers and in workstations of the domain, and in trusting domains. In all those places a global group can be granted rights and permissions and can become a member of local groups. However, a global group can contain user accounts only from its own domain. See also group; local group.

globally unique identifier (GUID) A 16-byte value generated from the unique identifier on a device, the current date and time, and a sequence number. A GUID is used to identify a particular device or component.

Graphical Identification and Authentication (GINA) A DLL loaded during the Windows 2000 Winlogon process, which displays the standard logon dialog box, collects and processes user logon data for verification.

graphical user interface (GUI) A display format, like that of Windows, that represents a program’s functions with graphic images such as buttons and icons. GUIs allow a user to perform operations and make choices by pointing and clicking with a mouse.

group A collection of users, computers, contacts, and other groups. Groups can be used as security or as e-mail distribution collections. Distribution groups are used only for e-mail. Security groups are used both to grant access to resources and as e-mail distribution lists. In a server cluster, a group is a collection of resources, and the basic unit of failover. See also domain local group; global group; native mode; universal group.

Group Identification (GID) A group identifier that uniquely identifies a group of users. UNIX uses the GID to identify the group ownership of a file, and to determine access permissions.

group memberships The groups to which a user account belongs. Permissions and rights granted to a group are also provided to its members. In most cases, the actions a user can perform in Windows 2000 are determined by the group memberships of the user account to which the user is logged on. See also group.

Group Policy An administrator’s tool for defining and controlling how programs, network resources, and the operating system operate for users and computers in an organization. In an Active Directory environment, Group Policy is applied to users or computers on the basis of their membership in sites, domains, or organizational units.

Group Policy object A collection of Group Policy settings. Group Policy objects are the documents created by the Group Policy snap-in. Group Policy objects are stored at the domain level, and they affect users and computers contained in sites, domains, and organizational units. Each Windows 2000-based computer has exactly one group of settings stored locally, called the local Group Policy object.

H.323 The ITU-T standard for multimedia communications over networks that do not provide a guaranteed quality of service. This standard provides specifications for workstations, devices, and services to carry real-time video, audio, and data or any combination of these elements. See also QoS.

hardware abstraction layer (HAL) A thin layer of software provided by the hardware manufacturer that hides, or abstracts, hardware differences from higher layers of the operating system. Through the filter provided by the HAL, different types of hardware all look alike to the rest of the operating system. This allows Windows NT and Windows 2000 to be portable from one hardware platform to another. The HAL also provides routines that allow a single device driver to support the same device on all platforms. The HAL works closely with the kernel.

Hardware Compatibility List (HCL) A list of the devices supported by Windows 2000, available from the Microsoft Web site.

hardware malfunction message A character-based, full-screen error message displayed on a blue background. It indicates the microprocessor detected a hardware error condition from which the system cannot recover.

hardware profile A set of changes to the standard configuration of devices and services (including drivers and Win32 services) loaded by Windows 2000 when the system starts. For example, a hardware profile can include an instruction to disable (that is, not load) a driver, or an instruction not to connect an undocked laptop computer to the network. Because of the instructions in this subkey, users can modify the service configuration for a particular use while preserving the standard configuration unchanged for more general uses.

hardware type A classification for similar devices. For example, Imaging Device is a hardware type for digital cameras and scanners.

heartbeat thread A thread initiated by the Windows NT Virtual DOS Machine (NTVDM) process that interrupts every 55 milliseconds to simulate a timer interrupt.

hop In data communications, one segment of the path between routers on a geographically dispersed network. A hop is comparable to one "leg" of a journey that includes intervening stops between the starting point and the destination. The distance between each of those stops (routers) is a communications hop.

Hosts A local text file in the same format as the 4.3 Berkeley Software Distribution (BSD) UNIX/etc/hosts file. This file maps host names to IP addresses. In Windows 2000, this file is stored in the \%SystemRoot%\System32\Drivers\Etc folder.

hot keys A Windows feature that allows quick activation of specified accessibility features through a combination of keys pressed in unison.

HTML See Hypertext Markup Language.

HTML+Time A new feature in Microsoft Internet Explorer 5 that adds timing and media synchronization support to HTML pages. Using a few Extensible Markup Language (XML)-based elements and attributes, you can add images, video, and sounds to an HTML page, and synchronize them with HTML text elements over a specified amount of time. In short, you can use HTML+TIME technology to quickly and easily create multimedia-rich, interactive presentations, with little or no scripting.

HTTP See Hypertext Transfer Protocol.

Human Interface Device (HID) A firmware specification that is a new standard for input and output devices such as drawing tablets, keyboards, USB speakers, and other specialized devices designed to improve accessibility.

Hypertext Markup Language (HTML) A simple markup language used to create hypertext documents that are portable from one platform to another. HTML files are simple ASCII text files with embedded codes (indicated by markup tags) to indicate formatting and hypertext links. HTML is used for formatting documents on the World Wide Web.

I/O request packet (IRP) Data structures that drivers use to communicate with each other.

ICM See Image Color Management.

IDE See Integrated device electronics.

IEEE 1284.4 An IEEE specification, also called DOT4, for supporting multi-function peripherals (MFPs). Windows 2000 has a driver called DOT4 is a driver that creates different port settings for each function of an MFP, enabling Windows 2000 print servers to simultaneously send data to multiple parts of an MFP.

IEEE 1394 Firewire A standard for high-speed serial devices such as digital video and digital audio editing equipment.

IIS See Internet Information Services.

ILS See Internet locator service.

Image Color Management (ICM) The process of image output correction. ICM attempts to make the output more closely match the colors that are input or scanned.

impersonation A circumstance that occurs when Windows NT or Windows 2000 allows one process to take on the security attributes of another.

import media pool A repository where Removable Storage puts media when it recognizes the on-media identifier (OMID), but does not have the media cataloged in the current Removable Storage database.

in-routing server (InRS) A Message Queuing routing server that provides session concentration by acting as a gateway for all incoming messages for one or more Message Queuing independent clients. Message Queuing independent clients can be configured to use an InRS. See also Message Queuing; Message Queuing routing; Message Queuing routing server; Message Queuing server; session concentration.

incremental backup A backup that copies only those files created or changed since the last normal or incremental backup. It marks files as having been backed up (that is, the archive bit is set). If a combination of normal and incremental backups is used to restore your data, you need to have the last normal backup and all subsequent incremental backup sets. See also copy backup; daily backup; differential backup; normal backup.

independent client For Message Queuing, a computer running Windows 2000 Professional that can create queues and store messages locally without synchronous access to a Message Queuing server. Independent clients can also use Message Queuing servers to provide efficient message routing. See also dependent client; Message Queuing server; routing services.

independent software vendors (ISVs) A third-party software developer; an individual or an organization that independently creates computer software.

Industry Standard Architecture (ISA) A bus design specification that allows components to be added as cards plugged into standard expansion slots in IBM Personal Computers and IBM compatible computers. Originally introduced in the IBM PC/XT with an 8-bit data path, ISA was expanded in 1984, when IBM introduced the PC/AT, to permit a 16-bit data path. A 16-bit ISA slot consists of two separate 8-bit slots mounted end-to-end so that a single 16-bit card plugs into both slots. An 8-bit expansion card can be inserted and used in a 16-bit slot (it occupies only one of the two slots), but a 16-bit expansion card cannot be used in an 8-bit slot. See also Extended Industry Standard Architecture (EISA).

infrared (IR) Light that is beyond red in the color spectrum. While the light is not visible to the human eye, infrared transmitters and receivers can send and receive infrared signals. See also Infrared Data Association; infrared device; infrared port.

Infrared Data Association (IrDA) A networking protocol used to transmit data created by infrared devices. Infrared Data Association is also the name of the industry organization of computer, component, and telecommunications vendors who establish the standards for infrared communication between computers and peripheral devices, such as printers. See also infrared; infrared device; infrared port.

infrared device A computer, or a computer peripheral such as a printer, that can communicate using infrared light. See also infrared.

infrared port An optical port on a computer that enables communication with other computers or devices by using infrared light, without cables. Infrared ports can be found on some portable computers, printers, and cameras. See also infrared device.

input/output (I/O) port A channel through which data is transferred between a device and the microprocessor. The port appears to the microprocessor as one or more memory addresses that it can use to send or receive data.

insert/eject (IE) port IE ports, also called "mailslots," offer limited access to the cartridges in a library managed by Removable Storage. When an administrator adds cartridges to a library through an IE port, the cartridges are placed in the IE port and then the library uses the transport to move the cartridges from the IE port to a slot. Some libraries have no IE ports; others have several. Some IE ports handle only one cartridge at a time; others can handle several at one time.

instantaneous counter A type of counter that displays the most recent measurement taken by the Performance console.

Institute of Electrical and Electronics Engineers (IEEE) An organization of engineering and electronics professionals that are notable for developing standards for hardware and software.

integrated device electronics (IDE) A type of disk-drive interface in which the controller electronics reside on the drive itself, eliminating the need for a separate adapter card. IDE offers advantages such as look-ahead caching to increase overall performance.

Integrated Services Digital Network (ISDN) A type of phone line used to enhance WAN speeds. ISDN lines can transmit at speeds of 64 or 128 kilobits per second, as opposed to standard phone lines, which typically transmit at 28.8 kilobits per second. An ISDN line must be installed by the phone company at both the server site and the remote site. See also wide area network (WAN).

integrity A basic security function of cryptography. Integrity provides verification that the original contents of information have not been altered or corrupted. Without integrity, someone might alter information or the information might become corrupted, but the alteration can go undetected. For example, an Internet Protocol security property that protects data from unauthorized modification in transit, ensuring that the data received is exactly the same as the data sent. Hash functions sign each packet with a cryptographic checksum, which the receiving computer checks before opening the packet. If the packet-and therefore signature-has changed, the packet is discarded. See also cryptography; authentication; confidentiality; nonrepudiation.

IntelliMirror A set of Windows 2000 features used for desktop change and configuration management. When IntelliMirror is used in both the server and client, the users’ data, applications, and settings follow them when they move to another computer.

inter-site routing The process of routing Message Queuing messages between Windows 2000 sites. See also intra-site routing; Message Queuing; Message Queuing routing; Message Queuing routing server; Message Queuing server.

interactive logon A network logon from a computer keyboard, when the user types information in the Logon Information dialog box displayed by the computer’s operating system.

Internet A worldwide public TCP/IP internetwork consisting of thousands of networks, connecting research facilities, universities, libraries, and private companies.

Internet Control Message Protocol (ICMP) A required maintenance protocol in the TCP/IP suite that reports errors and allows simple connectivity. ICMP is used by the Ping tool to perform TCP/IP troubleshooting.

Internet Information Services (IIS) Software services that support Web site creation, configuration, and management, along with other Internet functions. Internet Information Services include Network News Transfer Protocol (NNTP), File Transfer Protocol (FTP), and Simple Mail Transfer Protocol (SMTP). See also File Transfer Protocol (FTP); Network News Transfer Protocol (NNTP); Simple Mail Transfer Protocol (SMTP).

Internet Key Exchange (IKE) A protocol that establishes the security association and shared keys necessary for two parties to communicate with Internet Protocol security.

Internet locator service (ILS) An optional component of Microsoft Site Server that creates a dynamic directory of videoconferencing users.

Internet Printing Protocol (IPP) The protocol that uses the Hypertext Transfer Protocol (HTTP) to send print jobs to printers throughout the world. Windows 2000 supports Internet Printing Protocol (IPP) version 1.0.

Internet Protocol (IP) A routable protocol in the TCP/IP protocol suite that is responsible for IP addressing, routing, and the fragmentation and reassembly of IP packets.

Internet Protocol security (IPSec) A set of industry-standard, cryptography-based protection services and protocols. IPSec protects all protocols in the TCP/IP protocol suite and Internet communications using L2TP. See also Layer Two Tunneling Protocol (L2TP).

Internet service provider (ISP) A company that provides individuals or companies access to the Internet and the World Wide Web. An ISP provides a telephone number, a user name, a password and other connection information so users can connect their computers to the ISP’s computers. An ISP typically charges a monthly and/or hourly connection fee.

Internetwork Packet Exchange (IPX) A network protocol native to NetWare that controls addressing and routing of packets within and between LANs. IPX does not guarantee that a message will be complete (no lost packets). See also Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX).

Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX) Transport protocols used in Novell NetWare and other networks.

interrupt A request for attention from the processor. When the processor receives an interrupt, it suspends its current operations, saves the status of its work, and transfers control to a special routine known as an interrupt handler, which contains the instructions for dealing with the particular situation that caused the interrupt.

interrupt request (IRQ) A signal sent by a device to get the attention of the processor when the device is ready to accept or send information. Each device sends its interrupt requests over a specific hardware line, numbered from 0 to 15. Each device must be assigned a unique IRQ number.

intra-site routing The process of routing Message Queuing messages within a Windows 2000 site. See also inter-site routing; Message Queuing; Message Queuing routing; Message Queuing routing server; Message Queuing server.

intranet A network within an organization that uses Internet technologies and protocols, but is available only to certain people, such as employees of a company. An intranet is also called a private network.

IP See Internet Protocol.

IP address A 32-bit address used to identify a node on an IP internetwork. Each node on the IP internetwork must be assigned a unique IP address, which is made up of the network ID, plus a unique host ID. This address is typically represented with the decimal value of each octet separated by a period (for example, 192.168.7.27). In Windows 2000, the IP address can be configured manually or dynamically through DHCP. See also Dynamic Host Configuration Protocol (DHCP); node.

IP router A system connected to multiple physical TCP/IP networks that can route or deliver IP packets between the networks. See also packet; router; routing; Transmission Control Protocol/Internet Protocol.

IPP See Internet Printing Protocol.

IPSec See Internet Protocol security.

IPSec driver A driver that uses the IP Filter List from the active IPSec policy to watch for outbound IP packets that must be secured and inbound IP packets that need to be verified and decrypted.

IPSec filter A part of IPSec security rules which make up an IPSec security policy. IPSec filters determine whether a data packet needs an IPSec action and what the IPSec action is, such as permit, block, or secure. Filters can classify traffic by criteria including source IP address, source subnet mask, destination IP address, IP protocol type, source port, and destination port. Filters are not specific to a network interface. See also IPSec security rules.

IPSec security rules Rules contained in the IPSec policy that govern how and when an IPSec is invoked. A rule triggers and controls secure communication when a particular source, destination, or traffic type is found. Each IPSec policy may contain one or many rules; any of which may apply to a particular packet. Default rules are provided which encompass a variety of clients and server-based communications or rules can be modified to meet custom requirements.

IPX See Internetwork Packet Exchange.

IrDA See Infrared Data Association.

IRP See I/O request packet.

IRQ See Interrupt Request.

IrTran-p A protocol that transfers images from cameras to Windows 2000 computers using infrared transmissions, making a physical cable connection unnecessary.

isochronous Time dependent. Refers to processes where data must be delivered within certain time constraints. Multimedia streams require an isochronous transport mechanism to ensure that data is delivered as fast as it is displayed, and to ensure that the audio is synchronized with the video.

job object A feature in the Win32 API set that makes it possible for groups of processes to be managed with respect to their processor usage and other factors.

Kerberos authentication protocol An authentication mechanism used to verify user or host identity. The Kerberos v5 authentication protocol is the default authentication service for Windows 2000. Internet Protocol security and the QoS Admission Control Service use the Kerberos protocol for authentication. See also Internet Protocol security (IPSec); NTLM authentication protocol; QoS Admission Control Service.

kernel The core of layered architecture that manages the most basic operations of the operating system and the computer’s processor for Windows NT and Windows 2000. The kernel schedules different blocks of executing code, called threads, for the processor to keep it as busy as possible and coordinates multiple processors to optimize performance. The kernel also synchronizes activities among Executive-level subcomponents, such as I/O Manager and Process Manager, and handles hardware exceptions and other hardware-dependent functions. The kernel works closely with the hardware abstraction layer.

key A secret code or number required to read, modify, or verify secured data. Keys are used in conjunction with algorithms to secure data. Windows 2000 automatically handles key generation. For the registry, a key is an entry in the registry that can contain both subkeys and entries. In the registry structure, keys are analogous to folders, and entries are analogous to files. In the Registry Editor window, a key appears as a file folder in the left pane. In an answer file, keys are character strings that specify parameters from which Setup obtains the needed data for unattended installation of the operating system.

keyboard filters Special timing and other devices that compensate for erratic motion tremors, slow response time, and other mobility impairments.

Korn shell (ksh) A command shell which provides the following functionality: file input and output redirection; command line editing using vi; command history; integer arithmetic; pattern matching and variable substitution; command name abbreviation (aliasing); built-in commands for writing shell programs.

L2TP See Layer Two Tunneling Protocol.

LAN See local area network.

Last Known Good Configuration A hardware configuration available by pressing F8 during startup. If the current hardware settings prevent the computer from starting, the Last Known Good Configuration can allow the computer to be started and the configuration to be examined. When the Last Known Good Configuration is used, later configuration changes are lost.

layer 2 forwarding (L2F) Permits the tunneling of the link layer of higher-level protocols. Using these tunnels, it is possible to separate the location of the initial dial-up server from the physical location at which the dial-up protocol connection is terminated and access to the network is provided. See also L2TP; tunnel.

Layer two Tunneling Protocol (L2TP) A tunneling protocol that encapsulates PPP frames to be sent over IP, X.25, Frame Relay, or ATM networks. L2TP is a combination of the Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Forwarding (L2F), a technology proposed by Cisco Systems, Inc.

legend The area of the System Monitor graph or histogram display that shows computer name, object name, counter name, instances, and other information as a reference to the lines in the graph or the bars in the histogram.

library A data-storage system, usually managed by Removable Storage. A library consists of removable media (such as tapes or discs) and a hardware device that can read from or write to the media. There are two major types of libraries: robotic libraries (automated multiple-media, multidrive devices) and stand-alone drive libraries (manually operated, single-drive devices). A robotic library is also called a jukebox or changer. See also Removable Storage.

library request A request for an online library or stand-alone drive to perform a task. This request can be issued by an application or by Removable Storage.

Lightweight Directory Access Protocol (LDAP) A directory service protocol that runs directly over TCP/IP and the primary access protocol for Active Directory. LDAP version 3 is defined by a set of Proposed Standard documents in Internet Engineering Task Force (IETF) RFC 2251. See also Lightweight Directory Access Protocol application programming interface (LDAP API).

Lightweight Directory Access Protocol application programming interface (LDAP API) An API for experienced C programmers who want to enable new or existing applications to connect to, search, and update LDAP servers. You can use the LDAP API to write directory-enabled applications that allow LDAP client applications to search for and retrieve information from an LDAP server. LDAP API enables the modification of directory objects, where such modifications are permitted. There are also functions that provide access control for servers, by allowing clients to authenticate themselves.

The LDAP API is delivered with Windows 2000 and is found in the Wldap32.dll file. The Microsoft LDAP API is compatible with both version 2 and version 3 of the LDAP standard.

Line Printer A connectivity tool that runs on client systems and is used to print files to a computer running an LPD server. See also Line Printer Daemon (LPD).

Line Printer Daemon (LPD) A service on the print server that receives documents (print jobs) from line printer remote (LPR) tools running on client systems. See also Line Printer Remote (LPR).

Line Printer Port Monitor A port monitor that is used to send jobs over TCP/IP from the client running Lprmon.dll to a print server running an LPD (Line Printer Daemon) service. Line Printer Port Monitor can be used to enable Internet printing, UNIX print servers, or Windows 2000 print servers over a TCP/IP network.

Line Printer Remote (LPR) See Line Printer.

An object that is inserted into a document but still exists in the source file. When information is linked, the new document is updated automatically if the information in the original document changes. See also embedded object.

local area network (LAN) A communications network connecting a group of computers, printers, and other devices located within a relatively limited area (for example, a building). A LAN allows any connected device to interact with any other on the network. See also wide area network (WAN).

local computer A computer that can be accessed directly without using a communications line or a communications device, such as a network adapter or a modem. Similarly, running a local program means running the program on your computer, as opposed to running it from a server.

local group For computers running Windows 2000 Professional and member servers, a group that is granted permissions and rights from its own computer to only those resources on its own computer on which the group resides. See also global group.

Local Security Authority (LSA) A protected subsystem that authenticates and logs users onto the local system. In addition, the LSA maintains information about all aspects of local security on a system (collectively known as the local security policy), and provides various services for translation between names and identifiers.

local user profile A computer-based record maintained about an authorized user that is created automatically on the computer the first time a user logs on to a computer running Windows 2000.

localmon.dll The standard print monitor for use with printers connected directly to your computer. If you add a printer to your computer using a serial or parallel port (such as COM1 or LPT1), this is the monitor that is used.

LocalTalk The Apple networking hardware built into every Macintosh computer. LocalTalk includes the cables and connector boxes to connect components and network devices that are part of the AppleTalk network system. LocalTalk was formerly known as the AppleTalk Personal Network.

locator service In a distributed system, a feature that allows a client to find a shared resource or server without providing an address or full name. Generally associated with Active Directory, which provides a locator service.

logical drive A volume created within an extended partition on a basic disk. You can format and assign a drive letter to a logical drive. Only basic disks can contain logical drives. A logical drive cannot span multiple disks. See also basic disk; basic volume; extended partition.

logical volume A volume created within an extended partition on a basic disk. You can format and assign a drive letter to a logical drive. Only basic disks can contain logical drives. A logical drive cannot span multiple disks. See also basic disk; basic volume; extended partition.

logon script Files that can be assigned to user accounts. Typically a batch file, a logon script runs automatically every time the user logs on. It can be used to configure a user’s working environment at every logon, and it allows an administrator to influence a user’s environment without managing all aspects of it. A logon script can be assigned to one or more user accounts. See also batch program.

long file name (LFN) A folder name or file name on the FAT file system that is longer than the 8.3 file name standard (up to eight characters followed by a period and an extension of up to three characters). Windows 2000 supports long file names up to the file-name limit of 255 characters. Macintosh users can assign long names to files and folders on the server and, using Services for Macintosh, long names to Macintosh-accessible volumes can be assigned when created. Windows 2000 automatically translates long names of files and folders to 8.3 names for MS-DOS and Windows 3.x users. See also name mapping.

loopback address The address of the local computer used for routing outgoing packets back to the source computer. This address is used primarily for testing.