MAC See media access control.

magazine A collection of storage locations, also called "slots," for cartridges in a library managed by Removable Storage. Magazines are usually removable.

magneto-optic (MO) disk A high-capacity, erasable storage medium which uses laser beams to heat the disk and magnetically arrange the data.

Magnifier A screen enlarger that magnifies a portion of the screen in a separate window for users with low vision and for those who require occasional screen magnification for such tasks as editing art.

manual caching A method of manually designating network files and folders so they are stored on a user’s hard disk and accessible when the user is not connected to the network.

Master Boot Record (MBR) The first sector on a hard disk, this data structure starts the process of booting the computer. It is the most important area on a hard disk. The MBR contains the partition table for the disk and a small amount of executable code called the master boot code.

master file table (MFT) The database that tracks the contents of an NTFS volume. The MFT is a table whose rows correspond to files on the volume and whose columns correspond to the attributes of each file.

maximum password age The period of time a password can be used before the system requires the user to change it.

media The physical material on which information is recorded and stored.

media access control A sublayer of the IEEE 802 specifications that defines network access methods and framing.

media label library A dynamic-link library (DLL) that can interpret the format of a media label written by a Removable Storage application.

media pool Logical collections of removable media that have the same management policies. Media pools are used by applications to control access to specific tapes or discs within libraries managed by Removable Storage. There are four media pools: Unrecognized, Import, Free, and application-specific. Each media pool can only hold either media or other media pools. See also Removable Storage.

media states Descriptions of conditions in which Removable Storage has placed a cartridge that it is managing. The states include Idle, In Use, Mounted, Loaded, and Unloaded.

memory leak A condition that occurs when applications allocate memory for use but do not free allocated memory when finished.

Message Queuing A messaging queuing service that allows Message Queuing-based applications running at different times to communicate across heterogeneous networks and systems that might be temporarily offline. Applications send messages to Message Queuing, and Message Queuing uses queues to ensure that the messages eventually reach their destination. Message Queuing provides guaranteed message delivery, efficient routing, security, and priority-based messaging.

Message Queuing routing A direct connection (or session) established by Message Queuing) using the underlying protocol if possible. When a direct connection is not possible or not allowed, Message Queuing uses its own routing system. Message Queuing routing occurs when one or more of the following conditions exist: A session cannot be established between the sender and the receiver (for example, when the target computer is offline). In-routing servers (InRSs) or out-routing servers (OutRSs) are defined for the sender or receiver. Messages must travel between two sites. See also In-routing servers (InRSs); Message Queuing; Message Queuing server; out-routing servers (InRSs).

Message Queuing routing server Supports dynamic routing and intermediate store-and-forward message queuing. Message Queuing routing servers allow computers that use different protocols to communicate. If configured to do so, Message Queuing routing servers can provide session concentration. See also Message Queuing; Message Queuing routing; Message Queuing routing server; Message Queuing server; session concentration.

Message Queuing server For Message Queuing, a computer that can provide message queuing, routing, and directory services to client computers. Message Queuing servers can be used to provide message routing and session concentration for independent clients, provide message routing between sites over routing links, create queues and store messages for dependent clients and Access information in Active Directory (if installed on a Windows 2000 domain controller). See also Active Directory; dependent client; independent client; routing link; routing services; session concentration.

Message Queuing service The Message Queuing component that provides core Message Queuing functionality. This service runs on all Message Queuing servers and independent clients. See also Message Queuing; Message Queuing server.

metric A number used to indicate the cost of a route in the IP routing table to enable the selection of the best route among possible multiple routes to the same destination.

MFP See multi-function peripherals

Microsoft Challenge Handshake Authentication Protocol version 1 (MS-CHAP v1) An encrypted authentication mechanism for PPP connections similar to CHAP. The remote access server sends a challenge to the remote access client that consists of a session ID and an arbitrary challenge string. The remote access client must return the user name and a Message Digest 4 (MD4) hash of the challenge string, the session ID, and the MD4-hashed password.

Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2) An encrypted authentication mechanism for PPP connections that provides stronger security than CHAP and MS-CHAP v1. MS-CHAP v2 provides mutual authentication and asymmetric encryption keys.

Microsoft Indexing Service Software that provides search functions for documents stored on disk, allowing users to search for specific document text or properties.

Microsoft Internet Directory A Web site provided and maintained by Microsoft used by applications such as NetMeeting to locate people to call on the Internet. The Microsoft Internet Directory is operated through an ILS server.

Microsoft Management Console (MMC) A framework for hosting administrative consoles. A console is defined by the items on its console tree, which might include folders or other containers, World Wide Web pages, and other administrative items. A console has one or more windows that can provide views of the console tree and the administrative properties, services, and events that are acted on by the items in the console tree. The main MMC window provides commands and tools for authoring consoles. The authoring features of MMC and the console tree might be hidden when a console is in User Mode. See also console tree.

Microsoft Point-to-Point Encryption (MPPE) A 128/40-bit encryption algorithm using RSA RC4. MPPE provides for packet security between the client and the tunnel server and is useful where IPSec is not available. The 40-bit version addresses localization issues based on current export restrictions. MPPE is compatible with Network Address Translation. See also IPSec.

Microsoft Tape Format (MTF) The data format used for tapes supported by the Backup application in Windows 2000. There are three major components to MTF: a Tape Data Block (Tape DBLK), otherwise known as the tape header; one or more Data Sets; and On Tape Catalog Information (On Tape Catalog Inf).

Minidrivers Relatively small, simple drivers or files that contain additional instructions needed by a specific hardware device, to interface with the universal driver for a class of devices.

minimum TTL A default Time To Live (TTL) value set in seconds for use with all resource records in a zone. This value is set in the start of authority (SOA) resource record for each zone. By default, the DNS server includes this value in query answers to inform recipients how long it can store and use resource records provided in the query answer before they must expire the stored records data. When TTL values are set for individual resource records, those values will override the minimum TTL. See also Time To Live (TTL).

mirrored volume A fault-tolerant volume that duplicates data on two physical disks. The mirror is always located on a different disk. If one of the physical disks fails, the data on the failed disk becomes unavailable, but the system continues to operate by using the unaffected disk. A mirrored volume is slower than a RAID-5 volume in read operations but faster in write operations. Mirrored volumes can only be created on dynamic disks. In Windows NT 4.0, a mirrored volume was known as a mirror set. See also dynamic disk; dynamic volume; fault tolerance; redundant array of independent disks (RAID); volume.

mixed mode The default mode setting for domains on Windows 2000 domain controllers. Mixed mode allows Windows 2000 domain controllers and Windows NT backup domain controllers to co-exist in a domain. Mixed mode does not support the universal and nested group enhancements of Windows 2000. You can change the domain mode setting to Windows 2000 native mode after all Windows NT domain controllers are either removed from the domain or upgraded to Windows 2000. See also native mode.

Mode Pruning A Windows 2000 feature that can be used to remove display modes that the monitor cannot support.

mount To place a removable tape or disc into a drive. See also library.

MouseKeys A feature in Microsoft Windows that allows use of the numeric keyboard to move the mouse pointer.

MP3 Audio compressed in the MPEG1 Layer 3 format

MPEG-2 A standard of video compression and file format developed by the Moving Pictures Experts Group. MPEG-2 offers video resolutions of 720 x 480 and 128 x 720 at 60 frames per second, with full CD-quality audio.

MS-CHAPv2 See Microsoft Challenge Handshake Authentication Protocol version 2.

Multicast IP IP packets sent from a single destination IP address but received and processed by multiple IP hosts, regardless of their location on an IP internetwork.

multicasting The process of sending a message simultaneously to more than one destination on a network.

multihomed computer A computer that has multiple network adapters or that has been configured with multiple IP addresses for a single network adapter.

multiple boot A computer configuration that runs two or more operating systems. For example, Windows 98, MS-DOS, and Windows 2000 operating systems can be installed on the same computer. When the computer is started, any one of the operating systems can be selected. See also dual boot.

name devolution A process by which a DNS resolver appends one or more domain names to an unqualified domain name, making it a fully qualified domain name, and then submits the fully qualified domain name to a DNS server.

namespace A set of unique names for resources or items used in a shared computing environment. The names in a namespace can be resolved to the objects they represent. For Microsoft Management Console (MMC), the namespace is represented by the console tree, which displays all of the snap-ins and resources that are accessible to a console. For Domain Name System (DNS), namespace is the vertical or hierarchical structure of the domain name tree. For example, each domain label, such as "host1" or "example," used in a fully qualified domain name, such as "host1.example.microsoft.com," indicates a branch in the domain namespace tree. For Active Directory, namespace corresponds to the DNS namespace in structure, but resolves Active Directory object names.

naming service A service, such as that provided by WINS or DNS, that allows friendly names to be resolved to an address or other specially defined resource data that is used to locate network resources of various types and purposes.

Narrator A synthesized text-to-speech utility for users who have low vision. Narrator reads aloud most of what the screen displays.

native mode The condition in which all domain controllers within a domain are Windows 2000 domain controllers and an administrator has enabled native mode operation (through Active Directory Users and Computers). See also mixed mode.

NDIS miniport drivers A type of minidriver that interfaces network class devices to NDIS.

nested groups A Windows 2000 capability available only in native mode that allows the creation of groups within groups. See also domain local group; forest; global group; trusted forest; universal group.

NetBEUI See NetBIOS Extended User Interface.

NetBIOS Extended User Interface (NetBEUI) A network protocol native to Microsoft Networking, that is usually used in local area networks of one to 200 clients. NetBEUI uses Token Ring source routing as its only method of routing. It is the Microsoft implementation of the NetBIOS standard.

NetBIOS over TCP/IP (NetBT) A feature that provides the NetBIOS programming interface over the TCP/IP protocol. It is used for monitoring routed servers that use NetBIOS name resolution.

NetWare Novell’s network operating system.

network adapter Software or a hardware plug-in board that connects a node or host to a local area network.

network basic input/output system (NetBIOS) An application programming interface (API) that can be used by applications on a local area network or computers running MS-DOS, OS/2, or some version of UNIX. NetBIOS provides a uniform set of commands for requesting lower level network services.

Network Control Protocol (NCP) A protocol within the PPP protocol suite that negotiates the parameters of an individual LAN protocol such as TCP/IP or IPX.

Network Driver Interface Specification (NDIS) A software component that provides Windows 2000 network protocols a common interface for communications with network adapters. NDIS allows more than one transport protocol to be bound and operate simultaneously over a single network adapter card.

network file system (NFS) A service for distributed computing systems that provides a distributed file system, eliminating the need for keeping multiple copies of files on separate computers.

Network Information Service (NIS) Formerly known as Yellow Pages, NIS is a distributed database service that allows for a shared set of system configuration files on UNIX-based systems, including password, hosts, and group files.

Network News Transfer Protocol (NNTP) A member of the TCP/IP suite of protocols, used to distribute network news messages to NNTP servers and clients, or news-readers, on the Internet. NNTP is designed so that news articles are stored on a server in a central database, and the user selects specific items to read. See also Transmission Control Protocol/Internet Protocol (TCP/IP).

Network security administrators Users who manage network and information security. Network security administrators should implement a security plan that addresses network security threats.

node In tree structures, a location on the tree that can have links to one or more items below it. In local area networks (LANs), a device that is connected to the network and is capable of communicating with other network devices. In a server cluster, a server that has Cluster service software installed and is a member of the cluster. See also local area network (LAN).

noncontainer object An object that cannot logically contain other objects. A file is a noncontainer object. See also container object; object.

nonrepudiation A basic security function of cryptography. Nonrepudiation provides assurance that a party in a communication cannot falsely deny that a part of the communication occurred. Without nonrepudiation, someone can communicate and then later deny the communication or claim that the communication occurred at a different time. See also cryptography; authentication; confidentiality; integrity.

nonresident attribute A file attribute whose value is contained in one or more runs, or extents, outside the master file table (MFT) record and separate from the MFT.

nontransitive trust relationship A type of trust relationship that is bounded by the two domains in the relationship. For example, if domain A trusts domain B and domain B trusts domain C, there is no trust relationship between domain A and domain C. A nontransitive trust relationship can be a one-way or two-way relationship. It is the only type of trust relationship that can exist between a Windows 2000 domain and a Windows NT domain or between Windows 2000 domains in different forests. See also trust relationship; transitive trust relationship.

normal backup A backup that copies all selected files and marks each file as backed up (that is, the archive bit is set). With normal backups, only the most recent copy of the backup file or tape is needed to restore all of the files. A normal backup is usually performed the first time a backup set is created. See also copy backup; daily backup; differential backup; incremental backup.

Novell Directory Services (NDS) On networks running Novell NetWare 4.x and NetWare 5.x, a distributed database that maintains information about every resource on the network and provides access to these resources.

NT-1 (Network Terminator 1) A device that terminates an ISDN line at the connection location, commonly through a connection port.

NTFS file system A recoverable file system designed for use specifically with Windows NT and Windows 2000. NTFS uses database, transaction-processing, and object paradigms to provide data security, file system reliability, and other advanced features. It supports file system recovery, large storage media, and various features for the POSIX subsystem. It also supports object-oriented applications by treating all files as objects with user-defined and system-defined attributes.

NTLM A security package that provides authentication between clients and servers. See also NTLM authentication protocol.

NTLM authentication protocol A challenge/response authentication protocol. The NTLM authentication protocol was the default for network authentication in Windows NT version 4.0 and earlier. The protocol continues to be supported in Windows 2000 but no longer is the default. See also authentication.

NWLink An implementation of the Internetwork Packet Exchange (IPX), Sequenced Packet Exchange (SPX), and NetBIOS protocols used in Novell networks. NWLink is a standard network protocol that supports routing and can support NetWare client/server applications, where NetWare-aware Sockets-based applications communicate with IPX/SPX Sockets-based applications. See also Internetwork Packet Exchange (IPX); network basic input/output system (NetBIOS).

object An entity, such as a file, folder, shared folder, printer, or Active Directory object, described by a distinct, named set of attributes. For example, the attributes of a File object include its name, location, and size; the attributes of an Active Directory User object might include the user’s first name, last name, and e-mail address. For OLE and ActiveX objects, an object can also be any piece of information that can be linked to, or embedded into, another object. See also attribute; child object; container object; noncontainer object; parent object.

object linking and embedding (OLE) A method for sharing information among applications. Linking an object, such as a graphic, from one document to another inserts a reference to the object into the second document. Any changes you make in the object in the first document will also be made in the second document. Embedding an object inserts a copy of an object from one document into another document. Changes you make in the object in the first document will not be updated in the second unless the embedded object is explicitly updated. See also ActiveX.

offline media Media that are not connected to the computer and require external assistance to be accessed.

on-media identifier (OMID) A label that is electronically recorded on each medium in a Removable Storage system. Removable Storage uses on-media identifiers to track media in the Removable Storage database. An application on-media identifier is a subset of the media label.

on-screen keyboard A utility that displays a virtual keyboard on a computer screen and allows users with mobility impairments to type using a pointing device or joystick.

OnNow See Advanced Configuration and Power Interface (ACPI).

open database connectivity (ODBC) An application programming interface (API) that enables database applications to access data from a variety of existing data sources.

Open Host Controller Interface (OHCI) Part of the IEEE 1394 standard. In Windows 2000 Professional, only OHCI-compliant host adapters are supported.

OpenType fonts Outline fonts that are rendered from line and curve commands, and can be scaled and rotated. OpenType fonts are clear and readable in all sizes and on all output devices supported by Windows 2000. OpenType is an extension of TrueType font technology. See also font; TrueType fonts.

operator request A request for the operator to perform a task. This request can be issued by an application or by Removable Storage.

original equipment manufacturer (OEM) The maker of a piece of equipment. In making computers and computer-related equipment, manufacturers of original equipment typically purchase components from other manufacturers of original equipment and then integrate them into their own products.

out-routing server (OutRS) A Message Queuing routing server that provides session concentration by acting as a gateway for all outgoing messages for one or more independent clients. Message Queuing independent clients can be configured to use an OutRS. See also Message Queuing; Message Queuing server; session concentration.

overclocking Setting a microprocessor to run at speeds above the rated specification.

package An icon that represents embedded or linked information. That information can consist of a complete file, such as a Paint bitmap, or part of a file, such as a spreadsheet cell. When a package is chosen, the application used to create the object either plays the object (if it is a sound file, for example) or opens and displays the object. If the original information is changed, linked information is then updated. However, embedded information needs to be manually updated. In Systems Management Server, an object that contains the files and instructions for distributing software to a distribution point. See also embedded object; linked object; object linking and embedding (OLE).

packet A transmission unit of fixed maximum size that consists of binary information. This information represents both data and a header containing an ID number, source and destination addresses, and error-control data.

packet assembler/disassembler (PAD) A connection used in X.25 networks. X.25 PAD boards can be used in place of modems when provided with a compatible COM driver.

PAD See packet assembler/disassembler.

page fault An error that occurs when the requested code or data cannot be located in the physical memory that is available to the requesting process.

page-description language (PDL) A computer language that describes the arrangement of text and graphics on a printed page. See also printer control language (PCL); PostScript.

paging The process of moving virtual memory back and forth between physical memory and the disk. Paging occurs when physical memory limitations are reached and only occurs for data that is not already "backed" by disk space. For example, file data is not paged out because it already has allocated disk space within a file system. See also virtual memory.

paging file A hidden file on the hard disk that Windows 2000 uses to hold parts of programs and data files that do not fit in memory. The paging file and physical memory, or RAM, comprise virtual memory. Windows 2000 moves data from the paging file to memory as needed and moves data from memory to the paging file to make room for new data. Also called a swap file. See also random access memory (RAM); virtual memory.

PAP See Password Authentication Protocol.

Parallel connection A connection that simultaneously transmits both data and control bits over wires connected in parallel. In general, a parallel connection can move data between devices faster than a serial connection.

Parallel device A device that uses a parallel connection.

Parallel ports The input/output connector for a parallel interface device. Printers are generally plugged into a parallel port.

parent object The object that is the immediate superior of another object in a hierarchy. A parent object can have multiple subordinate, or child, objects. In Active Directory, the schema determines what objects can be parent objects of what other objects. Depending on its class, a parent object can be the child of another object. See also child object; object.

partition A logical division of a hard disk. Partitions make it easier to organize information. Each partition can be formatted for a different file system. A partition must be completely contained on one physical disk, and the partition table in the Master Boot Record for a physical disk can contain up to four entries for partitions.

password authentication protocol (PAP) A simple, plaintext authentication scheme for authenticating PPP connections. The user name and password are requested by the remote access server and returned by the remote access client in plaintext.

path A sequence of directory (or folder) names that specifies the location of a directory, file, or folder within the Windows directory tree. Each directory name and file name within the path must be preceded by a backslash (\). For example, to specify the path of a file named Readme.doc located in the Windows directory on drive C, type C:\Windows\Readme.doc.

PC Card A removable device, approximately the size of a credit card, that can be plugged into a PCMCIA (Personal Computer Memory Card International Association) slot in a portable computer. PCMCIA devices can include modems, network adapters, and hard disk drives.

PCI See Peripheral Component Interconnect.

PCNFS Daemon (PCNFSD) A program that receives requests from PC-NFS clients for authentication on remote machines.

peer-to-peer network See workgroup.

performance counter In System Monitor, a data item associated with a performance object. For each counter selected, System Monitor presents a value corresponding to a particular aspect of the performance that is defined for the performance object. See also performance object.

performance object In System Monitor, a logical collection of counters that is associated with a resource or service that can be monitored. See also performance counter.

peripheral A device, such as a disk drive, printer, modem, or joystick, that is connected to a computer and is controlled by the computer’s microprocessor.

peripheral component interconnect (PCI) A specification introduced by Intel Corporation that defines a local bus system that allows up to 10 PCI-compliant expansion cards to be installed in the computer.

permission A rule associated with an object to regulate which users can gain access to the object and in what manner. Permissions are granted or denied by the object’s owner. See also access control list; object; privilege; user rights.

physical location The location designation assigned to media managed by Removable Storage. The two classes of physical locations include libraries and offline media physical locations. The offline media physical location is where Removable Storage lists the cartridges that are not in a library. The physical location of cartridges in an online library is the library in which it resides.

physical media A storage object that data can be written to, such as a disk or magnetic tape. A physical medium is referenced by its physical media ID (PMID).

physical object An object, such as an ATM card or smart card used in conjunction with a piece of information, such as a PIN number, to authenticate users. In two factor authentication, physical objects are used in conjunction with another secret piece of identification, such as a password, to authenticate users. In two factor authentication, the physical object might be an ATM card which is used in combination with a PIN to authenticate the user.

Ping A tool that verifies connections to one or more remote hosts. The ping command uses the ICMP Echo Request and Echo Reply packets to determine whether a particular IP system on a network is functional. Ping is useful for diagnosing IP network or router failures. See also Internet Control Message Protocol (ICMP).

pinning To make a network file or folder available for offline use.

plaintext Data that is not encrypted. Sometimes also called clear text. See also ciphertext; encryption; decryption.

Plug and Play A set of specifications developed by Intel that allows a computer to automatically detect and configure a device and install the appropriate device drivers.

Point and Print A way of installing network printers on a user’s local computer. Point and Print allows users to initiate a connection to a network printer and loads any required drivers onto the client’s computer. When users know which network printer they want to use, Point and Print greatly simplifies the installation process.

point of presence (POP) The local access point for a network provider. Each POP provides a telephone number that allows users to make a local call for access to online services.

Point-to-Point Protocol (PPP) An industry standard suite of protocols for the use of point-to-point links to transport multiprotocol datagrams. PPP is documented in RFC 1661.

Point-to-Point Tunneling Protocol (PPTP) A tunneling protocol that encapsulates Point-to-Point Protocol (PPP) frames into IP datagrams for transmission over an IP-based internetwork, such as the Internet or a private intranet.

Portable Operating System Interface for UNIX (POSIX) An IEEE (Institute of Electrical and Electronics Engineers) standard that defines a set of operating-system services. Programs that adhere to the POSIX standard can be easily ported from one system to another. POSIX was based on UNIX system services, but it was created in a way that allows it to be implemented by other operating systems.

POST See power-on self test.

PostScript A page-description language (PDL) developed by Adobe Systems for printing with laser printers. PostScript offers flexible font capability and high-quality graphics. It is the standard for desktop publishing because it is supported by imagesetters, the high-resolution printers used by printing services for commercial typesetting. See also printer control language (PCL); page-description language (PDL).

power-on self test (POST) A set of routines stored in read-only memory (ROM) that tests various system components such as RAM, the disk drives, and the keyboard, to see if they are properly connected and operating. If problems are found, these routines alert the user with a series of beeps or a message, often accompanied by a diagnostic numeric value. If the POST is successful, it passes control to the bootstrap loader.

PPTP See Point-to-Point Tunneling Protocol.

primary partition A volume created using unallocated space on a basic disk. Windows 2000 and other operating systems can start from a primary partition. As many as four primary partitions can be created on a basic disk, or three primary partitions and an extended partition. Primary partitions can be created only on basic disks and cannot be subpartitioned. See also basic disk; dynamic volume; extended partition; partition.

printer control language (PCL) The page-description language (PDL) developed by Hewlett Packard for their laser and inkjet printers. Because of the widespread use of laser printers, this command language has become a standard in many printers. See also page-description language (PDL); PostScript.

priority A precedence ranking that determines the order in which the threads of a process are scheduled for the processor.

priority inversion The mechanism that allows low-priority threads to run and complete execution rather than being preempted and locking up a resource such as an I/O device.

private branch exchange (PBX) An automatic telephone switching system that enables users within an organization to place calls to each other without going through the public telephone network. Users can also place calls to outside numbers.

private key The secret half of a cryptographic key pair that is used with a public key algorithm. Private keys are typically used to digitally sign data and to decrypt data that has been encrypted with the corresponding public key. See also public key.

privilege A user’s right to perform a specific task, usually one that affects an entire computer system rather than a particular object. Privileges are assigned by administrators to individual users or groups of users as part of the security settings for the computer. See also access token; permission; user rights.

privileged mode Also known as kernel mode, the processing mode that allows code to have direct access to all hardware and memory in the system.

process throttling A method of restricting the amount of processor time a process consumes, for example, using job object functions.

processor queue An instantaneous count of the threads that are ready to run on the system but are waiting because the processor is running other threads.

protocol A set of rules and conventions by which two computers pass messages across a network. Networking software usually implements multiple levels of protocols layered one on top of another. Windows NT and Windows 2000 include NetBEUI, TCP/IP, and IPX/SPX-compatible protocols.

proxy server A firewall component that manages Internet traffic to and from a local area network and can provide other features, such as document caching and access control. A proxy server can improve performance by supplying frequently requested data, such as a popular Web page, and can filter and discard requests that the owner does not consider appropriate, such as requests for unauthorized access to proprietary files. See also firewall.

public key The non-secret half of a cryptographic key pair that is used with a public key algorithm. Public keys are typically used to verify digital signatures or decrypt data that has been encrypted with the corresponding private key. See also private key.

public key cryptography A method of cryptography in which two different but complimentary keys are used: a public key and a private key for providing security functions. Public key cryptography is also called asymmetric key cryptography. See also cryptography; public key; private key.

public switched telephone network (PSTN) Standard analog telephone lines, available worldwide.

QoS See Quality of Service.

QoS Admission Control Service A software service that controls bandwidth and network resources on the subnet to which it is assigned. Important applications can be given more bandwidth, less important applications less bandwidth. The QoS Admission Control Service can be installed on any network-enabled computer running Windows 2000.

Quality of Service (QoS) A set of quality assurance standards and mechanisms for data transmission, implemented in Windows 2000.

quantum Also known as a time slice, the maximum amount of time a thread can run before the system checks for another ready thread of the same priority to run.

quarter-inch cartridge (QIC) An older storage technology used with tape backup drives and cartridges. A means of backing up data on computer systems, QIC represents a set of standards devised to enable tapes to be used with drives from different manufacturers. The QIC standards specify the length of tape, the number of recording tracks, and the magnetic strength of the tape coating, all of which determine the amount of information that can be written to the tape. Older QIC-80 drives can hold up to 340 MB of compressed data. Newer versions can hold more than 1 GB of information.

RAID-5 volume A fault-tolerant volume with data and parity striped intermittently across three or more physical disks. Parity is a calculated value that is used to reconstruct data after a failure. If a portion of a physical disk fails, you can recreate the data that was on the failed portion from the remaining data and parity. Also known as a striped volume with parity.

raster fonts Fonts that are stored as bitmaps; also called bit-mapped fonts. Raster fonts are designed with a specific size and resolution for a specific printer and cannot be scaled or rotated. If a printer does not support raster fonts, it will not print them.

rate counter Similar to an averaging counter, a counter type that samples an increasing count of events over time; the change in the count is divided by the change in time to display a rate of activity.

read-only memory (ROM) A semiconductor circuit that contains information that cannot be modified.

recoverable file system A file system which ensures that if a power outage or other catastrophic system failure occurs, the file system will not be corrupted and disk modifications will not be left incomplete. The structure of the disk volume is restored to a consistent state when the system restarts.

Recovery Console A startable, text-mode command interpreter environment separate from the Windows 2000 command prompt that allows the system administrator access to the hard disk of a computer running Windows 2000, regardless of the file format used, for basic troubleshooting and system maintenance tasks.

redundant array of independent disks (RAID) A method used to standardize and categorize fault-tolerant disk systems. Six levels gauge various mixes of performance, reliability, and cost. Windows 2000 provides three of the RAID levels: Level 0 (striping) which is not fault-tolerant, Level 1 (mirroring), and Level 5 (striped volume with parity). See also fault tolerance; mirrored volume; RAID-5 volume; striped volume.

registry In Windows 2000, Windows NT, Windows 98, and Windows 95, a database of information about a computer’s configuration. The registry is organized in a hierarchical structure and consists of subtrees and their keys, hives, and entries.

relative ID (RID) The part of a security ID (SID) that uniquely identifies an account or group within a domain. See also security ID.

remote access server A Windows 2000 Server--based computer running the Routing and Remote Access service and configured to provide remote access.

remote procedure call (RPC) A message-passing facility that allows a distributed application to call services that are available on various computers in a network. Used during remote administration of computers.

Removable Storage A service used for managing removable media (such as tapes and discs) and storage devices (libraries). Removable Storage allows applications to access and share the same media resources. See also library.

reparse points New NTFS file system objects that have a definable attribute containing user-controlled data and are used to extend functionality in the input/output (I/O) subsystem.

RepeatKeys A feature that allows users with mobility impairments to adjust the repeat rate or to disable the key-repeat function on the keyboard. (See FilterKeys)

Request for Comments (RFC) A document that defines a standard. RFCs are published by the Internet Engineering Task Force (IETF) and other working groups.

resident attribute A file attribute whose value is wholly contained in the file’s file record in the master file table (MFT).

resolver DNS client programs used to look up DNS name information. Resolvers can be either a small "stub" (a limited set of programming routines that provide basic query functionality) or larger programs that provide additional lookup DNS client functions, such as caching. See also caching, caching resolver.

resource publishing The process of making an object visible and accessible to users in a Windows 2000 domain. For example, a shared printer resource is published by creating a reference to the printer object in Active Directory.

resource record (RR) Information in the DNS database that can be used to process client queries. Each DNS server contains the resource records it needs to answer queries for the portion of the DNS namespace for which it is authoritative.

response time The amount of time required to do work from start to finish. In a client/server environment, this is typically measured on the client side.

RGB The initials of red, green, blue. Used to describe a color monitor or color value.

roaming user profile A server-based user profile that is downloaded to the local computer when a user logs on and is updated both locally and on the server when the user logs off. A roaming user profile is available from the server when logging on to any computer that is running Windows 2000 Professional or Windows 2000 Server.

ROM See read-only memory.

route table See routing table

router A network device that helps LANs and WANs achieve interoperability and connectivity and that can link LANs that have different network topologies, such as Ethernet and Token Ring.

routing The process of forwarding a packet through an internetwork from a source host to a destination host.

Routing Information Protocol (RIP) An industry standard distance vector routing protocol used in small to medium sized IP and IPX internetworks.

routing link For Message Queuing, a communications link established between Windows 2000 sites for routing messages. Specially configured Message Queuing servers with routing services enabled are used to create a routing link between sites. See also Message Queuing; routing services; routing-link cost.

routing services For Message Queuing, a service on a Message Queuing server that provides message routing services. If so configured, this feature can be used on a Message Queuing server to, enable computers that use different network protocols to communicate, reduce the number of sessions by acting as a gateway for all incoming or outgoing messages for independent clients and route messages between sites over a routing link. See also Message Queuing server; routing link; independent client.

routing table A database of routes containing information on network IDs, forwarding addresses, and metrics for reachable network segments on an internetwork.

routing-link cost For Message Queuing, a number used to determine the route that messages can take between two sites. This number represents the relative monetary cost of communication over a link. A routing link has a default routing-link cost of 1 and should not be changed unless you have multiple routing links between two sites and you want to enforce message routing over a specific routing link. See also intersite routing; routing link.

RPC See Remote Procedure Call.

rules An IPSec policy mechanism that governs how and when an IPSec policy protects communication. A rule provides the ability to trigger and control secure communication based on the source, destination, and type of IP traffic. Each rule contains a list of IP filters and a collection of security actions that take place upon a match with that filter list.

Safe Mode A method of starting Windows 2000 using basic files and drivers only, without networking. Safe Mode is available by pressing the F8 key when prompted during startup. This allows the computer to start when a problem prevents it from starting normally.

screen-enlargement utility A utility that allows the user to magnify a portion of the screen for greater visibility. (Also called a screen magnifier or large-print program.)

script A type of program consisting of a set of instructions to an application or utility program. A script usually expresses instructions by using the application’s or utility’s rules and syntax, combined with simple control structures such as loops and if/then expressions. "Batch program" is often used interchangeably with "script" in the Windows environment.

SCSI See Small Computer System Interface.

SCSI connection A standard high-speed parallel interface defined by the X3T9.2 committee of the American National Standards Institute (ANSI). A SCSI interface is used to connect microcomputers to SCSI peripheral devices, such as many hard disks and printers, and to other computers and local area networks.

search filter An argument in an LDAP search that allows certain entries in the subtree and excludes others. Filters allow you to define search criteria and give you better control to achieve more effective and efficient searches.

Secure Sockets Layer (SSL) A proposed open standard developed by Netscape Communications for establishing a secure communications channel to prevent the interception of critical information, such as credit card numbers. Primarily, it enables secure electronic financial transactions on the World Wide Web, although it is designed to work on other Internet services as well.

Security Accounts Manager (SAM) A protected subsystem that manages user and group account information. In Windows NT 4.0, both local and domain security principals are stored by SAM in the registry. In Windows 2000, workstation security accounts are stored by SAM in the local computer registry, and domain controller security accounts are stored in Active Directory.

security association (SA) A set of parameters that defines the services and mechanisms necessary to protect Internet Protocol security communications. See also Internet Protocol security (IPSec).

security descriptor A data structure that contains security information associated with a protected object. Security descriptors include information about who owns the object, who may access it and in what way, and what types of access will be audited. See also access control list; object.

security event types Different categories of events about which Windows 2000 can create auditing events. Account logon or object access are examples of security event types.

security ID (SID) A data structure of variable length that uniquely identifies user, group, service, and computer accounts within an enterprise. Every account is issued a SID when the account is first created. Access control mechanisms in Windows 2000 identify security principals by SID rather than by name. See also relative ID; security principal.

security method A process that determines the Internet Protocol security services, key settings, and algorithms that will be used to protect the data during the communication.

Security Parameters Index (SPI) A unique, identifying value in the SA used to distinguish among multiple security associations existing at the receiving computer.

security principal An account-holder, such as a user, computer, or service. Each security principal within a Windows 2000 domain is identified by a unique security ID (SID). When a security principal logs on to a computer running Windows 2000, the Local Security Authority (LSA) authenticates the security principal’s account name and password. If the logon is successful, the system creates an access token. Every process executed on behalf of this security principal will have a copy of its access token. See also access token; security ID; security principal name.

security principal name A name that uniquely identifies a user, group, or computer within a single domain. This name is not guaranteed to be unique across domains. See also security principal.

seek time The amount of time required for a disk head to position itself at the right disk cylinder to access requested data.

Serial Bus Protocol (SBP-2) A standard for storage devices, printers, and scanners that is a supplement to the IEEE 1394 specification.

Serial connection A connection that exchanges information between computers or between computers and peripheral devices one bit at a time over a single channel. Serial communications can be synchronous or asynchronous. Both sender and receiver must use the same baud rate, parity, and control information.

Serial device A device that uses a serial connection.

SerialKeys A Windows feature that uses a communications aid interface device to allow keystrokes and mouse controls to be accepted through a computer’s serial port.

server A computer that provides shared resources to network users.

Server Message Block (SMB) A file-sharing protocol designed to allow networked computers to transparently access files that reside on remote systems over a variety of networks. The SMB protocol defines a series of commands that pass information between computers. SMB uses four message types: session control, file, printer, and message.

service access point A logical address that allows a system to route data between a remote device and the appropriate communications support.

Service Pack A software upgrade to an existing software distribution that contains updated files consisting of patches and fixes.

Service Profile Identifier (SPID) A 14-digit number that identifies a specific ISDN line. When establishing ISDN service, your telephone company assigns a SPID to your line. See also ISDN.

service provider In TAPI, a dynamic link library (DLL) that provides an interface between an application requesting services and the controlling hardware device. TAPI supports two classes of service providers, media service providers and telephony service providers.

session concentration For Message Queuing, a feature that typically reduces network bandwidth within a site, and the number of sessions between sites. Specially configured Message Queuing servers with routing services provide session concentration. See also Message Queuing server; routing services.

session key A key used primarily for encryption and decryption. Session keys are typically used with symmetric encryption algorithms where the same key is used for both encryption and decryption. For this reason, session and symmetric keys usually refer to the same type of key. See also symmetric key encryption.

Sfmmon A port monitor that is used to send jobs over the AppleTalk protocol to printers such as LaserWriters or those configured with AppleTalk or any AppleTalk spoolers.

shared folder permissions Permissions that restrict a shared resource’s availability over the network to certain users. See also permission.

Shiva Password Authentication Protocol (SPAP) A two-way, reversible encryption mechanism for authenticating PPP connections employed by Shiva remote access servers.

shortcut key navigation indicators Underlined letters on a menu or control. (Also called access keys or quick-access letters.)

ShowSounds A global flag that instructs programs to display captions for speech and system sounds to alert users with hearing impairments or people who work in a noisy location such as a factory floor.

Simple Mail Transfer Protocol (SMTP) A protocol used on the Internet to transfer mail. SMTP is independent of the particular transmission subsystem and requires only a reliable, ordered, data stream channel.

Simple Network Management Protocol (SNMP) A network management protocol installed with TCP/IP and widely used on TCP/IP and Internet Package Exchange (IPX) networks. SNMP transports management information and commands between a management program run by an administrator and the network management agent running on a host. The SNMP agent sends status information to one or more hosts when the host requests it or when a significant event occurs.

Single Sign-On Daemon (SSOD) A program installed on a UNIX-based system to handle password synchronization requests.

single-switch device An alternative input device, such as a voice activation program, that allows a user to scan or select using a single switch.

slot Storage locations for cartridges in a library managed by Removable Storage.

SlowKeys A Windows feature that instructs the computer to disregard keystrokes that are not held down for a minimum period of time, which allows the user to brush against keys without any effect. See also FilterKeys.

Small Computer System Interface (SCSI) A standard high-speed parallel interface defined by the X3T9.2 committee of the American National Standards Institute (ANSI). A SCSI interface is used for connecting microcomputers to peripheral devices, such as hard disks and printers, and to other computers and local area networks.

Small Office/Home Office (SOHO) An office with a few computers that can be considered a small business or part of a larger network.

smart card A credit card-sized device that is used with a PIN number to enable certificate-based authentication and single sign-on to the enterprise. Smart cards securely store certificates, public and private keys, passwords, and other types of personal information. A smart card reader attached to the computer reads the smart card. See also authentication; certificate; nonrepudiation.

SNA Server Client Software that allows workstations to communicate through SNA Server and support SNA Server advanced host integration features. SNA Server Client software also provides application programming interfaces (APIs) that are used by third-party vendors to gain access to IBM host systems and applications.

SNA Server Manager A graphical Microsoft Management Console (MMC) snap-in that supports simultaneous monitoring, diagnosis, and management of SNA Server resources and services.

SNMP See Simple Network Management Protocol.

software trap In programming, an event that occurs when a microprocessor detects a problem with executing an instruction, which causes it to stop.

SoundSentry A Windows feature that produces a visual cue, such as a screen flash or a blinking title bar instead of system sounds.

source directory The folder that contains the file or files to be copied or moved. See also destination directory.

SPAP See Shiva Password Authentication Protocol.

sparse file A file that is handled in a way that requires less disk space than would otherwise be needed by allocating only meaningful non-zero data. Sparse support allows an application to create very large files without committing disk space for every byte.

speech synthesizer An assistive device that produces spoken words, either by splicing together prerecorded words or by programming the computer to produce the sounds that make up spoken words.

stand-alone drive An online drive that is not part of a library unit. Removable Storage treats stand-alone drives as online libraries with one drive and a port.

status area The area on the taskbar to the right of the taskbar buttons. The status area displays the time and can also contain icons that provide quick access to programs, such as Volume Control and Power Options. Other icons can appear temporarily, providing information about the status of activities. For example, the printer icon appears after a document has been sent to the printer and disappears when printing is complete.

StickyKeys An accessibility feature built into Windows that causes modifier keys such as SHIFT, CTRL, WINDOWS LOGO, or ALT to stay on after they are pressed, eliminating the need to press multiple keys simultaneously. This feature facilitates the use of modifier keys for users who are unable to hold down one key while pressing another.

Stop error A serious error that affects the operating system and that could place data at risk. The operating system generates an obvious message, a screen with the Stop message, rather than continuing on and possibly corrupting data. Also known as a fatal system error. See also Stop message.

Stop message A character-based, full-screen error message displayed on a blue background. A Stop message indicates that the Windows 2000 kernel detected a condition from which it cannot recover. Each message is uniquely identified by a Stop error code (a hexadecimal number) and a string indicating the error’s symbolic name. Stop messages are usually followed by up to four additional hexadecimal numbers, enclosed in parentheses, which identify developer-defined error parameters. A driver or device may be identified as the cause of the error. A series of troubleshooting tips are also displayed, along with an indication that, if the system was configured to do so, a memory dump file was saved for later use by a kernel debugger. See also Stop error.

streaming media servers Software (such as Microsoft Media Technologies) that provides multimedia support, allowing you to deliver content by using Advanced Streaming Format over an intranet or the Internet.

streams A sequence of bits, bytes, or other small structurally uniform units.

striped volume A volume that stores data in stripes on two or more physical disks. Data in a striped volume is allocated alternately and evenly (in stripes) to these disks. Striped volumes offer the best performance of all volumes available in Windows 2000, but they do not provide fault tolerance. If a disk in a striped volume fails, the data in the entire volume is lost. You can create striped volumes only on dynamic disks. Striped volumes cannot be mirrored or extended. In Windows NT 4.0, a striped volume was known as a stripe set. See also dynamic disk, dynamic volume, fault tolerance, volume.

subkey In the registry, a key within a key. Subkeys are analogous to subdirectories in the registry hierarchy. Keys and subkeys are similar to the section header in .ini files; however, subkeys can carry out functions. See also key.

subnet A subdivision of an IP network. Each subnet has its own unique subnetted network ID.

subnet mask A 32-bit value expressed as four decimal numbers from 0 to 255, separated by periods (for example, 255.255.0.0). This number allows TCP/IP to determine the network ID portion of an IP address.

subnet prioritization The ordering of multiple IP address mappings from a DNS server so that the resolver orders local resource records first. This reduces network traffic across subnets by forcing computers to connect to network resources that are closer to them.

Subpicture A data stream contained within a DVD. The Subpicture stream delivers the subtitles and any other add-on data, such as system help or director’s comments, which can be displayed while playing multimedia.

symmetric key A single key that is used with symmetric encryption algorithms for both encryption and decryption. See also bulk encryption; encryption; decryption; session key.

symmetric key encryption An encryption algorithm that requires the same secret key to be used for both encryption and decryption. This is often called secret key encryption. Because of its speed, symmetric encryption is typically used rather than public key encryption when a message sender needs to encrypt large amounts of data.

Synchronization Manager In Windows 2000, the tool used to ensure that a file or directory on a client computer contains the same data as a matching file or directory on a server.

syntax The order in which a command must be typed and the elements that follow the command.

system access control list (SACL) The part of an object’s security descriptor that specifies which events are to be audited per user or group. Examples of auditing events are file access, logon attempts, and system shutdowns. See also access control entry (ACE); discretionary access control list (DACL); object; security descriptor.

system administrator A person that administers a computer system or network, including administering user accounts, security, storage space, and backing up data.

system files Files that are used by Windows to load, configure, and run the operating system. Generally, system files must never be deleted or moved.

system media pool A pool used to hold cartridges that are not in use. The free pool holds unused cartridges that are available to applications, and the unrecognized and import pools are temporary holding places for cartridges that have been newly placed in a library.

system policy In network administration, the part of Group Policy that is concerned with the current user and local computer settings in the registry. In Windows 2000, system policy is sometimes called software policy and is one of several services provided by Group Policy, a Microsoft Management Console (MMC) snap-in. The Windows NT 4.0 System Policy Editor, Poledit.exe, is included with Windows 2000 for backward compatibility. That is, administrators need it to set system policy on Windows NT 4.0 and Windows 95 computers. See also Microsoft Management Console (MMC); registry.

System Policy Editor The utility Poledit.exe, used by administrators to set system policy on Windows NT 4.0 and Windows 95 computers.

system state data A collection of system-specific data that can be backed up and restored. For all Windows 2000 operating systems, the System State data includes the registry, the class registration database, and the system boot files.

system volume The volume that contains the hardware-specific files needed to load Windows 2000. The system volume can be (but does not have to be) the same volume as the boot volume. See also volume.

systemroot The path and folder name where the Windows 2000 system files are located. Typically, this is C:\Winnt, although a different drive or folder can be designated when Windows 2000 is installed. The value %systemroot% can be used to replace the actual location of the folder that contains the Windows 2000 system files. To identify your systemroot folder, click Start, click Run, and then type %systemroot%.

Systems Management Server A part of the Windows BackOffice suite of products. Systems Management Server (SMS) includes inventory collection, deployment, and diagnostic tools. SMS can significantly automate the task of upgrading software, allow remote problem solving, provide asset management information, manage software licenses, and monitor computers and networks.

Systems Network Architecture (SNA) A communications framework developed by IBM to define network functions and establish standards for enabling computers to share and process data.

taskbar The bar that contains the Start button and appears by default at the bottom of the desktop. You can use the taskbar buttons to switch between the programs you are running. The taskbar can be hidden, moved to the sides or top of the desktop, or customized in other ways. See also desktop; taskbar button; status area.

taskbar button A button that appears on the taskbar when an application is running. See also taskbar.

TCP/IP See Transmission Control Protocol/Internet Protocol.

Tcpmon.ini The file that specifies whether a device supports multiple ports. If the Tcpmon.ini file indicates that a device can support multiple ports, users a prompted to pick which port should be used during device installation.

Telephony API (TAPI) An application programming interface (API) used by communications programs to communicate with telephony and network services. See also Internet Protocol.

Telnet 3270 (TN3270) Terminal emulation software, similar to Telnet, that allows a personal computer to log on to an IBM mainframe over a TCP/IP network.

Telnet 5250 (TN5250) Terminal emulation software, similar to Telnet, that allows a personal computer to log on to an IBM AS/400 host system over a TCP/IP network.

terabyte Approximately one trillion bytes, or one million million bytes.

Terminal Services Software services that allow client applications to be run on a server so that client computers can function as terminals rather than independent systems. The server provides a multisession environment and runs the Windows-based programs being used on the clients. See also client.

third-party accessibility aids Non-Microsoft add-on, augmentative hardware and software devices, such as accessibility products that assist users with disabilities.

thread A type of object within a process that runs program instructions. Using multiple threads allows concurrent operations within a process and enables one process to run different parts of its program on different processors simultaneously. A thread has its own set of registers, its own kernel stack, a thread environment block, and a user stack in the address space of its process.

thread state A numeric value indicating the execution state of the thread. Numbered 0 through 5, the states seen most often are 1 for ready, 2 for running, and 5 for waiting.

throughput For disks, the transfer capacity of the disk system.

Time To Live (TTL) A timer value included in packets sent over TCP/IP-based networks that tells the recipients how long to hold or use the packet or any of its included data before expiring and discarding the packet or data. For DNS, TTL values are used in resource records within a zone to determine how long requesting clients should cache and use this information when it appears in a query response answered by a DNS server for the zone.

timer bar The colored bar that moves across the screen according to the frequency of the data-collection update interval.

ToggleKeys A Windows feature that beeps when one of the locking keys (CAPS LOCK, NUM LOCK, or SCROLL LOCK) is turned on or off.

Token Ring A type of network media that connects clients in a closed ring and uses token passing to allow clients to use the network. See also Fiber Distributed Data Interface (FDDI).

total instance A unique instance that contains the performance counters that represent the sum of all active instances of an object.

transitive trust relationship The trust relationship that inherently exists between Windows 2000 domains in a domain tree or forest, or between trees in a forest, or between forests. When a domain joins an existing forest or domain tree, a transitive trust is automatically established. In Windows 2000 transitive trusts are always two-way relationships. See also domain tree; forest; nontransitive trust relationship.

Transmission Control Protocol/Internet Protocol (TCP/IP) A set of software networking protocols widely used on the Internet that provide communications across interconnected networks of computers with diverse hardware architectures and operating systems. TCP/IP includes standards for how computers communicate and conventions for connecting networks and routing traffic.

Transmitting Station ID string (TSID) A string that specifies the Transmitter Subscriber ID sent by the fax machine when sending a fax to a receiving machine. This string is usually a combination of the fax or telephone number and the name of the business. It is often the same as the Called Subscriber ID.

Transport Layer Security (TLS) A standard protocol that is used to provide secure Web communications on the Internet or intranets. It enables clients to authenticate servers or, optionally, servers to authenticate clients. It also provides a secure channel by encrypting communications.

transport protocol A protocol that defines how data should be presented to the next receiving layer in the Windows NT and Windows 2000 networking model and packages the data accordingly. The transport protocol passes data to the network adapter driver through the network driver interface specification (NDIS) interface and to the redirector through the Transport Driver Interface (TDI).

TrueType fonts Fonts that are scalable and sometimes generated as bitmaps or soft fonts, depending on the capabilities of your printer. TrueType fonts are device-independent fonts that are stored as outlines. They can be sized to any height, and they can be printed exactly as they appear on the screen. See also font.

trust relationship A logical relationship established between domains that allows pass-through authentication in which a trusting domain honors the logon authentications of a trusted domain. User accounts and global groups defined in a trusted domain can be granted rights and permissions in a trusting domain, even though the user accounts or groups do not exist in the trusting domain’s directory. See also authentication; domain; two-way trust relationship.

trusted forest A forest that is connected to another forest by explicit or transitive trust. See also explicit trust relationship; forest; transitive trust relationship.

TSID See Transmitting Station ID string.

tunnel The logical path by which the encapsulated packets travel through the transit internetwork.

TWAIN An acronym for Technology Without An Interesting Name. An industry-standard software protocol and API that provides easy integration of image data between input devices, such as scanners and still image digital cameras, and software applications.

two-way trust relationship A link between domains in which each domain trusts user accounts in the other domain to use its resources. Users can log on from computers in either domain to the domain that contains their account. See also trust relationship.

type 1 fonts Scalable fonts designed to work with PostScript devices. See also font; PostScript.

UART See Universal Asynchronous Receiver/Transmitter.

unallocated space Available disk space that is not allocated to any partition, logical drive, or volume. The type of object created on unallocated space depends on the disk type (basic or dynamic). For basic disks, unallocated space outside partitions can be used to create primary or extended partitions. Free space inside an extended partition can be used to create a logical drive. For dynamic disks, unallocated space can be used to create dynamic volumes. Unlike basic disks, the exact disk region used is not selected to create the volume. See also basic disk; dynamic disk; extended partition; logical drive; partition; primary partition; volume.

Unicode A fixed-width, 16-bit character-encoding standard capable of representing the letters and characters of the majority of the world’s languages. Unicode was developed by a consortium of U.S. computer companies.

UniDriver The UniDriver (or Universal Print Driver) carries out requests (such as printing text, rendering bitmaps, or advancing a page) on most types of printers. The UniDriver accepts information from a printer specific minidriver and uses this information to complete tasks.

Uniform Resource Locator (URL) An address that uniquely identifies a location on the Internet. A URL for a World Wide Web site is preceded with http://, as in the fictitious URL http://www.example.microsoft.com/. A URL can contain more detail, such as the name of a page of hypertext, usually identified by the file name extension .html or .htm. See also HTML; HTTP; IP address.

Universal Asynchronous Receiver/Transmitter (UART) An integrated circuit (silicon chip) that is commonly used in microcomputers to provide asynchronous communications. The UART does parallel-to-serial conversion of data to be transmitted and serial-to-parallel conversion of data received. See also asynchronous communication.

Universal Disk Format (UDF) A file system defined by the Optical Storage Technology Association (OSTA) that is the successor to the CD-ROM file system (CDFS). UDF is targeted for removable disk media like DVD, CD, and Magneto-Optical (MO) discs.

universal group A Windows 2000 group only available in native mode that is valid anywhere in the forest. A universal group appears in the Global Catalog but contains primarily global groups from domains in the forest. This is the simplest form of group and can contain other universal groups, global groups, and users from anywhere in the forest. See also domain local group; forest; Global Catalog.

Universal Naming Convention (UNC) A convention for naming files and other resources beginning with two backslashes (\), indicating that the resource exists on a network computer. UNC names conform to the \\SERVERNAME\SHARENAME syntax, where SERVERNAME is the server’s name and SHARENAME is the name of the shared resource. The UNC name of a directory or file can also include the directory path after the share name, with the following syntax: \\SERVERNAME\SHARENAME\DIRECTORY\FILENAME.

Universal Serial Bus (USB) A serial bus with a bandwidth of 1.5 megabits per second (Mbps) for connecting peripherals to a microcomputer. USB can connect up to 127 peripherals, such as external CD-ROM drives, printers, modems, mice, and keyboards, to the system through a single, general-purpose port. This is accomplished by daisy chaining peripherals together. USB supports hot plugging and multiple data streams.

UNIX A powerful, multi-user, multitasking operating system initially developed at AT&T Bell Laboratories in 1969 for use on minicomputers. UNIX is considered more portable—that is, less computer-specific—than other operating systems because it is written in C language. Newer versions of UNIX have been developed at the University of California at Berkeley and by AT&T.

unrecognized pool A repository for blank media and media that are not recognized by Removable Storage.

upgrade When referring to software, to update existing program files, folders, and registry entries to a more recent version. Upgrading, unlike performing a new installation, leaves existing settings and files in place.

URL See Uniform Resource Locator.

USB See Universal Serial Bus.

user account A record that consists of all the information that defines a user to Windows 2000. This includes the user name and password required for the user to log on, the groups in which the user account has membership, and the rights and permissions the user has for using the computer and network and accessing their resources. For Windows 2000 Professional and member servers, user accounts are managed by using Local Users and Groups. For Windows 2000 Server domain controllers, user accounts are managed by using Microsoft Active Directory Users and Computers. See also domain controller; group; user name.

User Identification (UID) A user identifier that uniquely identifies a user. UNIX-bases systems use the UID to identify the owner of files and processes, and to determine access permissions.

user mode The processing mode in which applications run.

user name A unique name identifying a user account to Windows 2000. An account’s user name must be unique among the other group names and user names within its own domain or workgroup.

user principal name (UPN) A friendly name assigned to security principals (users and groups) that is shorter than the distinguished name and easier to remember. The default user principal name is composed of the security principal name for the user and the DNS name of the root domain where the user object resides.

For example, user "MyName" in the tree for microsoft.com might have a user principal name of "MyName@microsoft.com". The user principal name is the preferred logon name for Windows 2000 users and is independent of the distinguished name, so a User object can be moved or renamed without affecting the user’s logon name. See also distinguished name.

user profile A file which contains configuration information for a specific user, such as desktop settings, persistent network connections, and application settings. Each user’s preferences are saved to a user profile that Windows NT and Windows 2000 use to configure the desktop each time a user logs on.

user rights Tasks a user is permitted to perform on a computer system or domain. There are two types of user rights: privileges and logon rights. An example of a privilege is the right to shut down the system. An example of a logon right is the right to log on to a computer locally (at the keyboard). Both types are assigned by administrators to individual users or groups as part of the security settings for the computer. See also permission; privilege.

user rights policy Security settings that manage the assignment of rights to groups and user accounts.

Utility Manager A function of Windows 2000 that allows administrators to review the status of applications and tools and to customize features and add tools more easily.

value bar The area of the System Monitor graph or histogram display that shows last, average, minimum and maximum statistics for the selected counter.

Vector fonts Fonts rendered from a mathematical model, in which each character is defined as a set of lines drawn between points. Vector fonts can be cleanly scaled to any size or aspect ratio.

vertical blanking interval (VBI) The part of a TV transmission that is blanked, or left clear of viewable content, to allow time for the TV’s electron gun to move from the bottom to the top of the screen as it scans images. This blank area is now being used to broadcast closed captioned and HTML-formatted information.

Video for Windows (VfW) A format developed by Microsoft for storing video and audio information. Files in this format have an .avi extension. AVI files are limited to 320 x 240 resolution at 30 frames per second, neither of which is adequate for full-screen, full-motion video.

Video Port Extensions (VPE) A DirectDraw extension to support direct hardware connections from a video decoder and autoflipping in the graphics frame buffer. VPE allows the client to negotiate the connection between the MPEG or NTSC decoder and the video port. VPE also allows the client to control effects in the video stream, such as cropping, scaling, and so on.

Virtual Device Driver (VxD) Software for Windows that manages a hardware or software system resource. The middle letter in the abbreviation indicates the type of device; x is used where the type of device is not under discussion.

virtual memory The space on the hard disk that Windows 2000 uses as memory. Because of virtual memory, the amount of memory taken from the perspective of a process can be much greater than the actual physical memory in the computer. The operating system does this in a way that is transparent to the application, by paging data that does not fit in physical memory to and from the disk at any given instant.

virtual private network (VPN) The extension of a private network that encompasses links across shared or public networks, such as the Internet.

virus scanner Software used to scan for and eradicate computer viruses, worms, and Trojan horses. See virus.

volume A portion of a physical disk that functions as though it were a physically separate disk. In My Computer and Windows Explorer, volumes appear as local disks, such as drive C or drive D.

volume mount points New system objects in the version of NTFS included with Windows 2000 that represent storage volumes in a persistent, robust manner. Volume mount points allow the operating system to graft the root of a volume onto a directory.

WDM Streaming class The means by which Windows 2000 Professional supports digital video and audio. Enables support for such components as DVD decoders, MPEG decoders, video decoders, tuners, and audio codecs.

wide area network (WAN) A communications network connecting geographically separated computers, printers, and other devices. A WAN allows any connected device to interact with any other on the network. See also local area network (LAN).

Windows 2000 MultiLanguage Version A version of Windows 2000 that extends the native language support in Windows 2000 by allowing user interface languages to be changed on a per user basis. This version also minimizes the number of language versions you need to deploy across the network.

Windows File Protection (WFP) A Windows 2000 feature that runs in the background and protects your system files from being overwritten. When a file in a protected folder is modified, WFP determines if the new file is the correct Microsoft version or if the file is digitally signed. If not, the modified file is replaced with a valid version.

A software service that dynamically maps IP addresses to computer names (NetBIOS names). This allows users to access resources by name instead of requiring them to use IP addresses that are difficult to recognize and remember. WINS servers support clients running Windows NT 4.0 and earlier versions of Windows operating systems. See also Domain Name System (DNS).

Windows Update A Microsoft-owned Web site from which Windows 98 and Windows 2000 users can install or update device drivers. By using an ActiveX control, Windows Update compares the available drivers with those on the user’s system and offers to install new or updated versions.

WINS See Windows Internet Name Service.

Winsock An application programming interface standard for software that provides TCP/IP interface under Windows. Short for Windows Sockets. See also TCP/IP.

work queue item A job request of an existing library, made by an application that supports Removable Storage, which is placed in a queue and processed when the library resource becomes available.

workgroup A simple grouping of computers, intended only to help users find such things as printers and shared folders within that group. Workgroups in Windows 2000 do not offer the centralized user accounts and authentication offered by domains.

working set For a process, the amount of physical memory assigned to a process by the operating system.