access control list (ACL) - A list of all security descriptors that have been set up for a particular object, such as for a shared folder or a shared printer.

access server - A device that connects several different types of communication devices and telecommunication lines to a network, providing network routing for these types of communications.

account lockout - A security measure that prohibits logging on to a Windows 2000 server account after a specified number of unsuccessful attempts.

Active Directory - A Windows 2000 database of computers, users, shared printers, shared folders, and other network resources, and resource groupings that is used to manage a network and enable users to quickly find a particular resource.

active partition - The partition from which a computer boots.

Address Resolution Protocol (ARP) - A protocol in the TCP/IP suite that enables a sending station to determine the MAC address of another station on a network.

aggregate link - Linking two or more communications channels, such as ISDN channels so that they appear as one channel, but with the combined speed of all channels in the aggregate.

alert - Provides a warning of a specific Windows 2000 Server system or network event. The warning is sent to designated users.

answer file - A text file that contains a complete set of instructions for installing Windows 2000 in the unattended mode.

AppleTalk - A peer-to-peer protocol used in network communication between Macintosh computers.

application log - An event log that records information about how software applications are performing.

application program interface (API) - Functions or programming features in a system that programmers can use for network links, links to messaging services, or interfaces to other systems.

attribute - A characteristic associated with a folder or file used to help manage access and backups.

auditing - Tracking the success or failure of events associated with an object, such as writing to a file, and recording the audited events in an event log of a Windows 2000 server or workstation.

backup browser - A computer in a domain or workgroup that maintains a static list of domain/workgroup resources to provide to clients browsing the network. The backup browser periodically receives updates to the browse list from the master browser.

Bandwidth Allocation Control Protocol (BACP) - Similar to BAP, but is able to select a preferred client when two or more clients vie for the same bandwidth.

Bandwidth Allocation Protocol (BAP) - A protocol that works with Multilink in Windows 2000 Server that enables the bandwidth or speed of a remote connection to be allocated on the basis of the needs of an application, with the maximum allocation equal to the maximum speed of all channels aggregated via Multilink.

base priority class - The initial priority assigned to a program process or thread in the program code by Windows 2000 when the program is started.

basic disk - In Windows 2000, a partitioned disk that can have up to four partitions and that uses logical drive designations. This type of disk is compatible with MS-DOS, Windows 3.x, Windows 95, Windows 98, Windows NT, and Windows 2000.

basic input/output system (BIOS) - A program on a read-only or flash memory chip that establishes basic communications with components such as the monitor and disk drives. The advantage of a flash chip is that you can update the BIOS.

benchmark - A measurement standard for hardware or software used to establish performance baselines under varying loads or circumstances. Also called a baseline.

bidirectional printing - Ability of a parallel printer to conduct two-way communication between the printer and the computer, such as to provide out of paper information; also bidirectional printing supports Plug and Play and enables an operating system to query a printer about its capabilities.

bits per second (bps) - Number of binary bits (0s or 1s) sent in one second, a measure used to gauge network, modem, and telecommunications speeds.

boot partition - Holds the Windows 2000 Server \Winnt folder containing the system files.

bridge - A network transmission device that connects together different LAN segments using the same access method, for example connecting an Ethernet LAN to another Ethernet LAN or a token ring LAN to another token ring LAN. Bridge devices look at MAC addresses (OSI Layer 2) but do not look at routing information (Layer 3) in a frame.

broadcast - A transmission that sends one copy of each frame to all points on a network, regardless of whether or not a recipient has requested to communicate with the sender.

bus - A pathway in a computer used to transmit information. This pathway is used to send CPU instructions and other data to transfer within the computer.

bus mastering - A process that reduces the reliance on the CPU for input/output activities on a computer's bus. Interface cards that have bus mastering can take control of the bus for faster data flow.

cache - Storage used by a computer system to house frequently used data in quickly accessed storage, such as memory.

callback security - Used for remote communications verification, the remote server calls back the accessing workstation to verify the access is from an authorized telephone number.

capture buffer - The amount of RAM and virtual memory that is used to store data captured by Network Monitor.

certificate - An encrypted set of information associated with a workstation that is equivalent to a unique digital fingerprint and that is used to authenticate logon to a server, such as a Web server.

Challenge Handshake Authentication Protocol (CHAP) - An encrypted handshake protocol designed for standard IP- or PPP-based exchange of passwords. It provides a reasonably secure, standard, cross-platform method for sender and receiver to negotiate a connection.

CHAP with Microsoft extensions (MS-CHAP) - A Microsoft-enhanced version of CHAP that can negotiate encryption levels and that uses the highly secure RSA RC4 encryption algorithm to encrypt communications between client and host.

CHAP with Microsoft extensions version 2 (MS-CHAP v2) - An enhancement of MS-CHAP that provides better authentication and data encryption and that is especially well suited for VPNs.

client - A computer that accesses resources on another computer via a network or by a direct connection.

client access license (CAL) - A license to enable a workstation to connect to Windows 2000 Server as a client.

clock speed - Rate at which the CPU sends bursts of data through a computer's buses.

clustering - The ability to share the computing load and resources by linking two or more discrete computer systems to function as though they are one.

common name (CN) - The most basic name of an object in the Active Directory, such as the name of a printer.

community name - In SNMP communications, a password used by network agents and the network management station so that their communications cannot be easily intercepted by an unauthorized workstation or device.

compact disk (CD-ROM) - A ROM medium that typically holds up to 1 GB of information.

compact disk file system (CDFS) - A 32-bit file system used on standard capacity CD-ROMs.

Component Object Model (COM) -- Standards that enable a software object, such as a graphic, to be linked from one software component into another one. COM is the foundation that makes Object Linking and Embedding (OLE) possible.

connectionless communication - Also called a connectionless service, a communication service that provides no checks (or minimal checks) to make sure that data accurately reaches the destination node.

connection-oriented communication - Also called a connection-oriented service, this service provides several ways to ensure that data is successfully received at the destination, such as requiring an acknowledgement of receipt and using a checksum to make sure the packet or frame contents are accurate.

contiguous namespace - A namespace in which every child object contains the name of its parent object.

counter - Used by the System Monitor, this is a measurement technique for an object, such as measuring the processor performance by percentage in use.

cyclic redundancy check (CRC) - An error-checking technique used in network protocols to signal a communication problem.

data communications equipment (DCE) - A device that converts data from a DTE, such as a computer, to be transmitted over a telecommunications line.

Data Link Control protocol (DLC) - Available through Microsoft Windows 2000, Windows NT, Windows 95, and Windows 98, this protocol enables communications with an IBM mainframe or minicomputer.

data terminal equipment (DTE) - A computer or computing device that prepares data to be transmitted over a telecommunications line to which it attaches by using a DCE, such as a modem.

data transfer rate - Speed at which data moves through the disk controller along the data channel to a disk drive.

data type - Way in which information is formatted in a print file.

date stamp - Documents, files, and other important information are permanently imprinted by a date stamp to record their creation date and time and to record modification dates and times.

default gateway - A computer or router that forwards a network communication from one network to another, acting as a gateway between networks.

defragmentation - A software process that rearranges data to fill in the empty spaces that develop on disks and make data easier to obtain.

device address - Same as physical address.

Dfs cache timeout - The amount of time that a Dfs shared folder is retained in the client operating system's cache for fast access.

Dfs link - A path that is established between a shared folder in a domain and a Dfs root.

Dfs root - The main Active Directory container that holds Dfs links to shared folders in a domain.

Dfs topology - Applies to a domain-based Dfs model and encompasses the Dfs root, Dfs links to the root, and servers on which the Dfs structure is replicated.

DHCP Relay Agent - A server or computer that broadcasts IP configuration information between the DHCP server on a network and the client acquiring an address, such for remote connections and when they are on different networks and thus transmissions must go through one or more routers.

digital subscriber line (DSL) - A technology that uses advanced modulation technologies on regular telephone lines for high-speed networking at speeds of up to 60 Mbps between subscribers and a telecommunications company.

digital video disk (DVD-ROM) - Also called digital versatile disk, a ROM medium that can hold from 4.7 to 17 GB of information.

Directory Service client (DSClient) - Microsoft software for Windows 95 and higher clients that connect to Windows 2000 Server that enables non-Windows-2000 clients to use Kerberos authentication security and to view information published in the Windows 2000 Active Directory, such as all network printers.

Directory Service log - Records events that are associated with the Active Directory, such as updates to the Active Directory, events related to the Active Directory's database, replication events, and startup and shutdown events.

disjointed namespace - A namespace in which the child object name does not resemble the name of its parent object.

disk access time - Amount of time it takes for a disk drive to read or write data by moving a read/write head to the location of the data.

disk duplexing - A fault tolerance method similar to disk mirroring in that it prevents data loss by duplicating data from a main disk to a backup disk; but disk duplexing places the backup disk on a different controller or adapter than is used by the main disk.

disk fragmentation - A normal and gradual process in which files become spread throughout a disk and empty pockets of space develop between files.

disk mirroring - A fault tolerance method that prevents data loss by duplicating data from a main disk to a backup disk. Some operating systems also refer to this as disk shadowing.

disk quota - Allocating a specific amount of disk space to a user or application with the ability to ensure that the user or application cannot use more disk space than is specified in the allocation.

distinguished name (DN) - A name in the Active Directory that contains all hierarchical components of an object, such as that object's organizational unit and domain, in addition to the object's common name. The distinguished name is used by an Active Directory client to access a particular object, such as a printer.

distributability - Dividing complex application program tasks among two or more computers.

Distributed Component Object Model (DCOM) - A standard built upon COM to enable object linking to take place over a network. COM is a standard that allows a software object, such as a graphic, to be linked from one software component to another (such as copying a picture from Microsoft Paint and pasting it in Microsoft Word).

Distributed File System (Dfs) - A system that enables folders shared from multiple computers to appear as though they exist in one centralized hierarchy of folders instead of on many different computers.

distribution group - A list of Windows 2000 Server users that enables one e-mail message to be sent to all users on the list. A distribution group is not used for security and thus cannot appear in an ACL.

DNS Server - A Microsoft service that resolves computer names to IP addresses, such as resolving the computer name Brown to IP address 129.77.1.10, and that resolves IP addresses to computer names.

DNS Server log - An event log that provides information about events associated with the DNS Server, such as instances in which DNS information is updated, when there are problems with the DNS service, and when the DNS Server has started successfully after booting.

domain - A grouping of resource objects, servers and user accounts, for example, that is one element of the Active Directory in Windows 2000 Server. A domain usually is a higher-level representation of how a business, government, or school is organized, such as reflecting a geographical site or major division of that organization.

domain controller (DC) - A Windows 2000 Server that contains a full copy of the Active Directory information, that is used to add a new object to the Active Directory, and that replicates all changes made to it so those changes are updated on every DC in the same domain.

domain local security group - A group that is used to manage resources - shared folders, and printers, for example - in its home domain, and that is primarily used to give global groups access to those resources.

Domain Name Service (DNS) - A TCP/IP application protocol that resolves domain and computer names to IP addresses; or IP addresses to domain and computer names.

dotted decimal notation - An addressing technique that uses four octets, such as 100000110.11011110.1100101.00000101, converted to decimal (e.g., 134.22.101.005), to differentiate individual servers, workstations, and other network devices.

driver signing - A digital signature that Microsoft incorporates into driver and system files as a way to verify the files and to ensure that they are not inappropriately overwritten.

dropped frames - Frames that are discarded because they are improperly formed, such as failing to meet the appropriate packet size.

dual-boot system - A computer set up to boot from two or more different operating systems, such as Windows 2000 Server and MS-DOS.

dynamic addressing - An addressing method where an IP (Internet Protocol) address is assigned to a workstation without the need for the network administrator to manually set it up at a workstation.

dynamic disk - In Windows 2000 Server, a disk that does not use traditional partitioning, which means that there is no restriction to the number of volumes that can be set up on one disk or the ability to extend volumes onto additional physical disks. Dynamic disks are only compatible with Windows 2000 Server.

Dynamic Host Configuration Protocol (DHCP) - A network protocol that provides a way for a server to automatically assign an IP address to a workstation on its network.

emergency repair disk (ERD) - A disk that contains repair, diagnostic, and backup information for use in case there is a problem with Windows 2000.

Encrypting File System (EFS) - Set by an attribute of NTFS, this file system enables a user to encrypt the contents of a folder or a file so that it can only be accessed via private key code by the user who encrypted it. EFS adheres to the Data Encryption Standard's expanded version for data protection.

Enhanced Small Device Interface (ESDI) - An early device interface for computer peripherals and hard disk drives.

enterprise network - A network that often reaches throughout a large area, such as a college campus, a city, or across several states. The main distinguishing factor of an enterprise network is that it brings together an array of network resources such as many kinds of servers, mainframes, intranets, printers, and the Internet.

error checking and correcting memory (ECC) - Memory that can correct some types of memory problems without causing computer operations to halt.

Ethernet - A network transport system that uses a carrier sensing and collision detection method to regulate data transmissions.

event log - One of several logs in which Windows 2000 Server records information about server events, such as errors, warnings, or informational events.

Extended Industry Standard Architecture (EISA) - A computer bus design that incorporates 32-bit communications within a computer. It is an industry standard used by several computer manufacturers.

extended partition - A partition that is created from unpartitioned free disk space and is linked to a primary partition in order to increase the available disk space.

Extensible Authentication Protocol (EAP) - A protocol used to provide a range of security services for different manufacturer' s security devices, such as smart cards. EAP is used with other remote access protocols, such as for security through the Internet.

Extensible Authentication Protocol (EAP) - An authentication protocol employed by network clients that use special security devices such as smart cards, token cards, and others that use certificate authentication.

fault tolerance - Techniques that employ hardware and software to provide assurance against equipment failures, computer service interruptions, and data loss.

Fibre Channel - A high-speed method for connecting computer peripherals, such as disk drives, to servers and other host computers through copper and fiber-optic cable. Current implementations of Fibre Channel in Windows 2000 servers provide data transfer rates of up to 1 Gbps.

File Allocation Table (FAT) file system - A file system based on the use of a File Allocation Table, a flat table that records the clusters used to store the data contained in each file stored on disk. FAT is used by several operating systems, including MS-DOS, Windows 95, Windows 98, and Windows 2000. Security and auditing are not supported on FAT partitions.

file lock - Flagging a file so that it cannot be updated by more then one user at a time, giving the first user to access it the ability to perform an update.

File Replication Service log - An event log that contains information about file replication events such as changes to file replication, when the service has started, and completed replication tasks.

File Transfer Protocol (FTP) - Available through the TCP/IP protocol, FTP enables files to be transferred across a network or the Internet between computers or servers.

filter - A capacity in network monitoring software that enables a network or server administrator to view only designated protocols, network events, network nodes, or other specialized views of the network.

firmware - Software that is stored on a chip in a device, such as in a ROM, and that is used to control basic functions of the device such as communications with a disk drive.

for better server response; and on multiple network servers, distributing resources across two or more servers for better server and network performance.

forest - A grouping of trees that each have contiguous namespaces within their own domain structure, but that have disjointed namespaces between trees. The trees and their domains use the same schema and global catalog.

format - An operation that divides a disk into small sections called tracks and sectors for storage of files.

formatting - A process that prepares a hard disk partition for a specific file system.

forward lookup zone - A DNS zone or table that maps computers names to IP addresses.

frame - A unit of data that is transmitted on a network that contains control and address information, but not routing information.

frame relay - A WAN communications technology that relies on packet switching and virtual connection techniques to transit at from 56 Kbps to 45 Mbps.

full backup - A backup of an entire system, including all system files, programs, and data files.

full duplex - The capacity to send and receive signals at the same time.

Gateway Service for NetWare (GSNW) - A service included with Windows NT and Windows 2000 Server that provides connectivity to NetWare resources for Windows NT and Windows 2000 servers and their clients with the Windows NT/2000 server acting as a gateway.

global catalog - A grand repository for all objects and the most frequently used attributes for each object in all domains. Each tree has one global catalog.

global security group - A group that typically contains user accounts from its home domain - and that is a member of domain local groups in the same or other domains as a way to give that global group's member accounts access to the resources defined to the domain local groups.

globally unique identifier (GUID) - A unique number, up to 16 characters long, that is associated with an Active Directory object.

graphics device interface (GDI) - An interface on a Windows network print client that works with a local software application, such as Microsoft Word, and a local printer driver to format a file to be sent to a local printer or a network print server.

half duplex - The ability to send or receive signals, but not simultaneously.

handle - A resource, such as a file, used by a program and that has its own identification so the program is able to access it.

hard page fault - When a program does not have enough physical memory to execute a given function and must obtain information from disk.

Hardware Abstraction Layer (HAL) - A set of program routines that enable an operating system to control a hardware component, such as the processor, from within the operating system kernel.

hardware compatibility list (HCL) - A list of computer hardware tested by Microsoft and determined to be compatible with Windows 2000 Server.

hardware profile - A consistent setup of hardware components associated with one or more user accounts.

hibernate - A mode in which the computer components are shut down and information in memory is automatically saved to disk before the disk is powered off. The power supply and CPU remain active, monitoring to startup all components when you press a key or move the mouse.

Hierarchical Storage Management (HSM) - A storage management system that enables administrators to establish storage policies, archiving techniques, and disk capacity planning through automated procedures and the coordinated use of different media including tapes, CD-ROMs, hard drives, and zip drives.

hive - A set of related Registry keys and subkeys stored as a file.

home folder or home directory - A server folder that is associated with a user's account and that is a designated workspace for the user to store files.

host address (A) resource record - A record in a DNS forward lookup zone that consists of a computer name correlated to an IP version 4 address.

Hypertext Markup Language (HTML) - A formatting process that is used to enable documents and graphics images to be read on the World Wide Web. HTML also provides for fast links to other documents, to graphics, and to Web sites. The World Wide Web is a series of file servers with software such as Microsoft's Internet Information Server (IIS), that make HTML and other Web documents available for workstations to access.

Hypertext Transfer Protocol (HTTP) - A protocol in the TCP/IP suite that transports HTML documents over the Internet (and through intranets) for access by Web compliant browsers.

I/O address- The address in memory through which data is transferred between a computer component and the processor.

incremental backup - A backup of new or changed files.

Industry Standard Architecture (ISA) - An older expansion bus design dating back to the 1980s, supporting 8-bit and 16-bit cards and with a data transfer rate of 8 MB per second.

inherited permissions - Permissions of a parent object that also apply to child objects of the parent, such as to subfolders within a folder.

inherited rights - User rights that are assigned to a group and that automatically apply to all members of that group.

instance - Used by the System Monitor, when there are two or more types of elements to monitor, such as two or more threads or disk drives.

Integrated Device Electronics (IDE)- An inexpensive hard disk interface that is used on Intel-based computers from the 80286 to Pentium computers.

Integrated Services Digital Network (ISDN) - A telecommunications standard for delivering data services over digital telephone lines with a current practical limit of 1.536 Mbps and a theoretical limit of 622 Mbps.

intelligent input/output (I₂O) - A computer communications architecture that removes some of the I/O processing activities from the main processor to I₂O processors on peripherals designed for I₂O architectures, such as hard disks. I₂O devices use one general device driver for all I₂O-compliant devices.

Internet - A global network of diverse Web and information servers offering voice, video, and text data to millions of users.

Internet Authentication Service (IAS) - Used to establish and maintain security for RAS, Internet, and VPN dial-in access and can be employed with RADIUS. IAS can use certificates to authenticate client access.

Internet Control Message Protocol (ICMP) - A TCP/IP-based protocol that is used for network error reporting, particularly through routing devices.

Internet Group Management Protocol (IGMP) - Part of the TCP/IP protocol suite, the protocol that is used in multicasting and which contains addresses of clients. It is used by the server to tell a router which clients belong to the multicast group.

Internet Information Services (IIS) - A Microsoft Windows 2000 Server component that provides Internet Web, FTP, mail, newsgroup, and other services, and that is particularly offered to set up a Web server.

Internet Packet Exchange (IPX) - A protocol developed by Novell for use with its NetWare server operating system (see Sequence Packet Exchange).

Internet Printing Protocol (IPP) - A protocol that is encapsulated in HTTP and that is used to print files over the Internet.

Internet Server Application Programming Interface (ISAPI) - A group of dynamic link library (DLL) files that consist of applications and filters to enable user customized programs to interface with IIS and to trigger particular programs, such as a specialized security check or a database lookup.

interrupt request (IRQ) line - A hardware line that a computer component, such as a disk drive or serial port, uses to communicate to the processor that it is ready to send or receive information. Intel-based computers have 16 IRQ lines, with 15 of those available for computer components to use.

intranet - A private network within an organization. It uses the same Web-based software as the Internet but is highly restricted from public access. Intranets are currently used to enable managers to run high-level reports, to enable staff members to update human resources information, and to provide access to other forms of private data.

IP security (IPSec) - A set of IP-based secure communications and encryption standards created through the Internet Engineering Task Force (IETF).

Kerberos - A security system developed by the Massachusetts Institute of Technology to enable two parties on an open network to communicate without interception by an intruder, creating a unique encryption key per each communication session.

Kerberos transitive trust relationship - A set of two-way trusts between two or more domains in which Kerberos security is used.

kernel - An essential set of programs and computer code that allows a computer operating system to control processor, disk, memory, and other functions central to the basic operation of a computer.

kernel mode - Protected environment in which the Windows 2000 operating system kernel runs, consisting of a protected memory area and privileges to directly execute system services, access the CPU, run I/O operations, and conduct other basic operating system functions.

key - A category of information contained in the Windows 2000 Registry, such as hardware or software.

Last Known Good Configuration - The Windows 2000 configuration that is stored in the Registry and that is the configuration in effect prior to making a system, driver, or configuration change since the last time the computer was booted.

Layer Two Tunneling Protocol (L2TP) - A protocol that transports PPP over a VPN, intranet, or Internet. L2TP works similarly to PPTP, but unlike PPTP, L2TP uses an additional network communications standard, called Layer Two Forwarding, that enables forwarding on the basis of MAC addressing.

leaking memory - Failing to return memory for general use after a process is finished using a specific memory block.

library - Removable storage media and the drive (or drives) used by the media.

license monitoring - A process used on network servers to be certain the number of software licenses in use does not exceed the number for which the network is authorized.

line device - A DCE such as a modem or ISDN adapter that connects to a telecommunications line.

load balancing - On a single server, distributing resources across multiple server disk drives and paths

local area network (LAN) - A series of interconnected computers, printers, and other computer equipment that share hardware and software resources. The service area is usually limited to a given floor, office area, or building.

local printing - Printing on the same computer to which print devices are attached.

local security group - A group of user accounts that is used to manage resources on a standalone Windows 2000 server that is not part of a domain.

local user profile - A desktop setup that is associated with one or more accounts to determine what startup programs are used, additional desktop icons, and other customizations. A user profile is local to the computer in which it is stored.

local-only mode - A process of capturing and viewing the contents of only the frames and packets sent to and transmitted from a specific networked computer's or device's NIC.

logon script - A file that contains a series of commands to run each time a user logs onto his or her account, such as a command to map a home drive.

management information base (MIB)- A database of network performance information that is stored on a network agent that gathers information for a network management station and that stores parameters that can be configured remotely.

mandatory user profile - A user profile set up by the server administrator that is loaded from the server to the client each time the user logs on and changes that the user makes to the profile are not saved.

mapped folder or drive - A disk volume or folder that is shared on the network by a file server or workstation. It gives designated network workstations access to the files and data in its shared volume or folder. The workstation, via software, determines a drive letter for the shared volume, which is the workstation's map to the data.

master boot record (MBR) - Data created in the first sector of a disk containing startup information and information about disk partitions.

master browser - On a Microsoft network, the computer designated to keep the main list of logged on computers.

master folder - The main folder that provides master files and folders for a Dfs root or link when replication is enabled.

media access control (MAC) sublayer - A network communications function that examines physical address information in frames and controls the way devices share communications on a network

media pool - A set of removable media in which the media are used for the same purpose and that are managed in the same way, such as backup tapes for a Windows 2000 server.

member server - A server that is a member of an existing Windows 2000 domain, but that does not function as a domain controller.

metropolitan area network (MAN) - A network that links multiple LANs within a large city or metropolitan region.

MicroChannel Architecture (MCA) - A bus architecture that is used in older IBM Intel-based computers. It provides 32-bit communications within the computer.

Microsoft Point-to-Point Encryption (MPPE) - A starting to ending point encryption technique that uses special encryption keys varying in length from 40 to 128 bits.

mirrored volume - Two dynamic disks that are set up for RAID level 1 so that data on one disk is stored on a redundant disk.

mixed mode - When the Active Directory has both Windows NT 4.0 domain controllers (PDC and BDCs) and Windows 2000 Server domain controllers (DCs).

modem - A modulator/demodulator that converts a transmitted digital signal to an analog signal for a telephone line. It also converts a received analog signal to a digital signal for use by a computer.

mounted drive - A physical disk, CD-ROM, or Zip drive that appears as a folder and that is accessed through a path like any other folder.

multicast - A transmission method in which a server divides recipients of an application, such as a multimedia application, into groups. Each data stream is a one-time transmission that goes to one group of multiple addresses, instead of sending a separate transmission to each address for each data stream. The result is less network traffic.

Multilink or Multilink PPP - A capability of RAS to aggregate multiple data streams into one logical network connection for the purpose of using more than one modem, ISDN channel, or other communication line in a single logical connection.

multimaster replication - In Windows 2000 Server, there can be multiple servers, called DCs that store the Active Directory and replicate it to one another. Because each DC acts as a master, replication does not stop when one is down and updates to the Active Directory continue, such as creating a new account.

multitasking - The capability of a computer to run two or more programs at the same time.

multithreading - Running several program processes or parts (threads) at the same time.

name resolution - A process used to translate a computer's domain name into the object that it represents, such as to a dotted decimal address associated with a computer, and vice versa.

named pipes - A communication link between two processes, which may be local to the server or remote, such as between the server and a workstation.

namespace - A logical area on a network that contains directory services, named objects, and that has the ability to perform name resolution.

native mode - An Active Directory context in which there are only Windows 2000 Server domain controllers (DCs).

NetBIOS Extended User Interface (NetBEUI) - A communication protocol native to Microsoft network communications. It is an enhancement of NetBIOS, which was developed for network peer-to-peer communications among workstations with Microsoft operating systems installed on a local area network.

NetWare Link (NWLink) - A network protocol that simulates the IPX/SPX protocol for Microsoft Windows 95, Windows 98, Windows NT, and Windows 2000 communications with Novell NetWare file servers and compatible devices.

network - A communications system that enables computer users to share computer equipment, software, and data, voice, and video transmissions.

Network Basic Input/Output System (NetBIOS) - A combination software interface and a network naming convention. It is available in Microsoft operation systems through the file, NetBIOS.dll.

network binding - A process that links a computer's network interface card or a dial-up connection with one or more network protocols to achieve optimum communications with network services. For Microsoft operating systems, you should always bind a protocol to each NIC that is installed.

Network Device Interface Specification (NDIS) - A set of standards developed by Microsoft for network drivers that enables communication between a NIC and a protocol; and that enables the use of multiple protocols on the same network.

network interface card (NIC) - An adapter board designed to connect a workstation, server, or other network equipment to a network medium.

Network Monitor - A Windows NT and Windows 2000 network monitoring tool that can capture and display network performance data.

Network Monitor Driver - Enables a Microsoft-based server or workstation NIC to gather network performance data for assessment by the Microsoft Network Monitor.

Network News Transfer Protocol (NNTP) - A TCP/IP-based protocol used by NNTP servers to transfer news and informational messages to client subscribers who compose "newsgroups."

network operating system (NOS) - Software that enables computers on a network to communicate and to share resources and files.

network-compatible program - Software that can operate in a multiuser environment using network or e-mail communication APIs.

NT File System (NTFS) - The native Windows 2000 file system, which has a more detailed directory structure and supports security measures not found in FAT. It also supports large disks, long filenames, and file compression.

object - A network resource, such as a server or a user account, that has distinct attributes or properties, that is usually defined to a domain, and that exists in the Windows 2000 Active Directory.

Open Database Connectivity (ODBC) - A set of rules developed by Microsoft for accessing databases and providing a standard doorway to database data.

Open Datalink Interface (ODI) - A driver that is used by Novell NetWare networks to transport multiple protocols on the same network.

Open Shortest Path First (OSFP) protocol - A TCP/IP-based routing protocol that can evaluate network paths and match a type of transmission, such as data or video, to the appropriate network path.

OpenGL - A standard for multidimensional graphics used in Microsoft's 3-D screen savers.

organizational unit (OU) - A grouping of objects, usually within a domain, as a means to establish specific policies for governing those objects and to enable object management to be delegated.

ownership - Having the privilege to change permissions and to fully manipulate an object. The account that creates an object, such as a folder or printer initially has ownership.

packet - A unit of data that is transmitted on a network that contains control and address information as well routing information.

page description language (PDL) - Printing instructions involving a programming code that produces extremely high-quality printing with extensive font options.

page file - Disk space reserved for use when memory requirements exceed the available RAM.

paging - Moving blocks of information from RAM to virtual memory on disk.

partition - A process in which a hard disk section or a complete hard disk is set up for use by an operating system. A disk can be formatted after it is partitioned.

partition table - Table containing information about each partition on a disk, such as the type of partition, size, and location. Also, the partition table provides information to the computer about how to access the disk.

partitioning - Blocking a group of tracks and sectors to be used by a particular file system, such as FAT or NTFS.

Password Authentication Protocol (PAP) - A non-encrypted plain-text password authentication protocol. This represents the lowest level of security for exchanging passwords via PPP or TCP/IP. Silva's PAP (SPAP) is a version that is used for authenticating remote access devices and network equipment manufactured by Silva (now Intel Network Systems, Inc.).

peer-to-peer network - A network where any computer can communicate with other networked computers on an equal or peer-like basis without going through an intermediary, such as a server or host.

per seat licensing - A server software license that requires that there be enough licenses for all network client workstations.

per server licensing - A server software license based on the maximum number of clients that log onto the server at one time.

performance log - Tracks system and network performance information in a log that can be viewed later or imported into a spreadsheet, such as Microsoft Excel.

Peripheral Computer Interface (PCI) - A computer bus design that supports 32-bit and 64-bit bus communications for high-speed operations.

permissions -In Windows 2000, privileges to access and manipulate resource objects, such as folders and printers; for example, privilege to read a file, or to create a new file.

physical address - Also called a device address, a unique hexadecimal number associated with a device's network interface card.

Plug and Play (PnP) - Ability of added computer hardware, such as an adapter or modem, to identify itself to the computer operating system for installation.

pointer (PTR) resource record - A record in a DNS reverse lookup zone that consists of an IP (version 4 or 6) address correlated to a computer name.

Point-to-Point Protocol (PPP) - A widely used remote communication protocol that supports IPX/SPX, NetBEUI, and TCP/IP for point-to-point communication (such as between a remote PC and a Windows 2000 server on a network).

Point-to-Point Tunneling Protocol (PPTP) - A remote communication protocol that enables connectivity to a network through the Internet and connectivity through intranets and VPNs.

Portable Operating System Interface (POSIX) - Standards set by the Institute of Electrical and Electronics Engineers (IEEE) for portability of applications.

PostScript printer - A printer that has special firmware or cartridges to print using a page description language (PDL).

Pre-Boot eXecution Environment (PXE) - Services on a Windows 2000 remote boot-enabled ROM or a remote boot disk that enable a prospective client to obtain an IP address and to connect to a RIS server in order to install Windows 2000 Professional.

primary group - A group designation when setting up a Windows 2000 Server account for workstations running Macintosh or POSIX. Windows 2000 Server requires that these systems be members of a global security group.

primary partition - Partition or portion of a hard disk that is bootable.

print client - Client computer that generates a print job.

print device - A device, such as a printer or fax, that uses the Spooler services in Windows 2000 Server.

print queue - A stack or line-up of print jobs, with the first job submitted at the top of the stack and the last job submitted at the bottom and all of the jobs waiting to be sent from the spooler to the printer.

print server - Network computer or server device that connects printers to the network for sharing and that receives and processes print requests from print clients.

Printer Control Language (PCL) - A printer language used by non-PostScript Hewlett-Packard and compatible laser printers.

printer driver - A file containing information needed to control a specific printer, implementing customized printer control codes, font, and style information.

printer pooling - Linking two or more identical printers with one printer setup or printer share.

privileged mode - A protected memory space allocated for the Windows 2000 kernel that cannot be directly accessed by software applications.

process - An executable program that is currently running, such as Microsoft Word. A process may launch additional processes that are linked to it, such as a help process to view documentation or a search process to find a file.

process tree - All of the process that run directly or indirectly in association with an original process.

processor cache - A special data storage area used only by the system processor and located on either the processor chip or a chip separate from the processor.

promiscuous mode - The process of capturing and viewing the contents of all frames and packets sent across a NIC or network device, regardless of the destination of those frames and packets.

protocol - A strictly defined set of rules for communication across a network that specifies how networked data is formatted for transmission, how it is transmitted, and how it is interpreted at the receiving end.

Quality of Service (QoS) - Mechanisms used to measure and allocate network resources on the basis of transmission speed, quality, throughput, and reliability.

RAID-5 volume - Three or more dynamic disks that use RAID level 5 fault tolerance through disk striping and creating parity blocks for data recovery.

recovery console - A recovery tool that enables you to access the Windows 2000 Server command line to perform recovery and troubleshooting operations. The recovery console can be added as a boot option, started from the Windows 2000 Server CD-ROM, or started from the Windows 2000 Server floppy installation disks.

redundant array of inexpensive (or independent) disks (RAID) - A set of standards to extended the life of hard disk drives and to prevent data loss from a hard disk failure.

Registry - A database used to store information about the configuration, program setup, devices, drivers, and other data important to the setup of a computer running Windows 2000, Windows NT, Windows 98, or Windows 95.

relative distinguished name (RDN) - An object name in the Active Directory that has two or more related components, such as the RDN of a user account name that consists of User and the first and last name of the actual user.

Remote Access Services (RAS) - Microsoft software services that enable off-site workstations to access a Windows 2000 server through telecommunications lines, the Internet, or intranets.

Remote Authentication Dial-In User Service (RADIUS) - A protocol and service set up on one RAS or VPN server, such as in a domain when there are multiple RAS or VPN servers to coordinate authentication and to keep track of remote dial-in statistics for all RAS and VPN servers.

Remote Installation Services (RIS) - Services installed on a Windows 2000 Server that enable you to remotely install Windows 2000 Professional on one or more client computers.

replica set - A grouping of shared folders in a Dfs root that are replicated or copied to all servers that participate in Dfs replication. When changes are made to Dfs shared folders, all of the participating servers are automatically or manually synchronized so that they have the same copy.

resource - On an Windows 2000 Server network, a file server, shared printer, or shared directory that can be accessed by users. On a workstation a resource is an IRQ, I/O address, or memory that is allocated to a computer component, such as a disk drive or communications port.

Resource Reservation Protocol (RSVP) - Enables an application to reserve the network resources it needs, such as network paths with higher speeds.

reverse lookup zone - A DNS server zone or table that maps IP addresses to computer names.

right - In Windows 2000, access privileges for high-level activities such as logging on to a server from the network, shutting down a server, and the ability to log on locally.

roaming profile - Desktop settings that are associated with an account so that the same settings are employed no matter what computer is used to access the account (the profile is downloaded to the client).

robotic library - A library of removable media and drives in which multiple media, such as tapes, can be mounted and dismounted automatically

root key - Also called a subtree, the highest category of data contained in the Registry. There are five root keys.

router - A device that connects networks, that can read IP addresses, and that can route packets to designated networks because it reads routing information in packets (Layer 3) and keeps tables of information about the fastest route from one network to another.

Routing Information Protocol (RIP) - A TCP/IP-based protocol that enables routing devices to share information about a network.

Run as / runas - A shortcut menu and command line option that enables you to run a Windows 2000 program or utility from one account, such as Administrator, while logged on as another account.

safe mode - A boot mode that enables Windows 2000 Server to be booted using the most generic default settings, such as for the display, disk drives, and pointing device - and only those services needed to boot a basic configuration.

scalable - A computer operating system that can be used on small to large computers, such as those with a single Intel-based processor and larger computers, such as those with multiple Intel or RISC processors.

schema - Elements used in the definition of each object contained in the Active Directory, including the object class and its attributes.

scope - A range of IP addresses that a DHCP server can assign to clients.

scope of influence - The reach of a type of group, such as access to resources in a single domain or access to all resources in all domains in a forest (see domain local, global, and universal groups).

sector - A portion of a disk track. Disk tracks are divided into equal segments or sectors.

Secure Sockets Layer (SSL) - A dual-key encryption standard for communication between an Internet server and a client.

Secure Sockets Layer/Transport Layer Security (SSL/TLS) - An authentication method that uses certificates to verify users to access a remote server, such as a Web server.

security descriptor - An individual security property associated with a Windows 2000 Server object, such as enabling the account MGardner (the security descriptor) to access the folder, Databases.

security group - A group of Windows 2000 Server users that is used to assign access privileges to objects and services. Security groups appear in ACLs.

security log - An event log that records access and security information about logon accesses, file, folder, and system policy changes.

separate forest - An Active Directory model that links two or more forests in a partnership, but the forests cannot have Kerberos transitive trusts or use the same schema.

Sequence Packet Exchange (SPX) - A Novell connection-oriented protocol used for network transport when there is a particular need for data reliability (see Internet Packet Exchange).

Serial Line Internet Protocol (SLIP) - An older remote communications protocol that is used by UNIX computers. The modern compressed SLIP (CSLIP) version uses header compression to reduce communications overhead.

server-based network - A model in which access to the network, to resources, and the management of resources is accomplished through one or more servers.

Service Advertising Protocol (SAP) - An IPX/SPX compatible protocol that is used by NetWare clients to identify servers and the network services provided by each server.

service ticket - A Kerberos security key that gives a client access to specific services on a server or in a domain for a designated period of time.

share permissions - Special permissions that apply to a particular shared object, such as a shared folder or printer.

shared disk model - Linking two or more servers to operate as one and to equally share resources that include disk, CD-ROM, and tape storage.

shared nothing model - Linking two or more servers to operate as one, but each owns particular disk, CD-ROM, and tape resources.

Shiva's Password Authentication Protocol (SPAP) - See Password Authentication Protocol.

Simple Mail Transfer Protocol (SMTP) - An e-mail protocol used by systems having TCP/IP network communications.

Simple Network Management Protocol (SNMP) - A TCP/IP-based protocol that enables servers, workstations, and network devices to gather standardized data about network performance and identify problems.

simple volume - A portion of a disk or an entire disk that is set up as a dynamic disk.

single forest - An Active Directory model in which there is only one forest with interconnected trees and domains that use the same schema and global catalog.

site - An option in the Active Directory to interconnect IP subnets so that it can determine the fastest route to connect clients for authentication and to connect DCs for replication of the Active Directory. Site information also enables the Active Directory to create redundant routes for DC replication.

site link bridge - An Active Directory object that combines individual site link objects to create faster routes when there are three or more site links.

site link object - An object created in the Active Directory to indicate one or more physical links between two different sites.

slip streaming - Installing only a specific portion of a service pack instead of the entire update.

Small Computer System Interface (SCSI) - A 32- or 64-bit computer adapter that transports data between one or more attached devices, such as hard disks, and the computer. There are several types of SCSI adapters, including SCSI, SCSI-2, SCSI-3, SCSI wide, SCSI narrow, wide Ultra SCSI, and Ultra2 SCSI. All are used to provide high-speed data transfer to reduce bottlenecks within the computer.

smart card - A security device that contains information such as access keys, passwords, and a personal identification number (PIN). The smart card is about the size of a credit card and can be plugged into a computer.

spanned volume - Two or more Windows 2000 dynamic disks that are combined to appear as one disk.

spool file - A print file written to disk until it can be transmitted to a printer.

spooler - In the Windows 95, 98, NT, and 2000 environment, a group of DLLs, information files, and programs that process print jobs for printing.

spooling - A process working in the background to enable several print files to go to a single printer. Each file is placed in temporary storage until its turn comes to be printed.

stand-alone drive library - A library consisting of media and a drive in which the media are mounted manually one at a time.

standalone server - A server that is not a member of a domain, but that is a member of an existing workgroup or that establishes its own workgroup, such as in peer-to-peer networking.

standby - A mode in which the computer components are shut down and information in memory is cleared without automatically saving it to disk. The power supply and CPU remain active, monitoring to start up all components when you press a key or move the mouse.

static addressing - An IP (Internet Protocol) addressing method that requires the network administrator to manually assign and set up a unique network address on each workstation connected to a network.

streaming - Playing a multimedia audio, video, or combined file received over a network before the entire file is received at the client.

stripe set - Two or more basic disks set up so that files are spread in blocks across the disks.

striped volume - Two or more dynamic disks that using striping so that files are spread in blocks across the disks.

striping - A data storage method that breaks up data files across all volumes of a disk set to minimize wear on a single volume.

subkey - A key within a Registry key, similar to a subfolder under a folder.

subnet mask - A designated portion of an IP address that is used to indicate the class of addressing on a network and to divide a network into subnetworks as a way to control traffic and enforce security.

subtree - Same as root key.

symmetric multiprocessor (SMP) - A type of computer with two or more CPUs that share the processing load.

symmetric multiprocessor (SMP) - A type of computer with two or more CPUs that share the processing load.

system log - An event log that records information about system-related events such as hardware errors, driver problems, and hard drive errors.

System Monitor - The Windows 2000 utility used to track system or application objects. For each object type there are one or more counters that can be logged for later analysis, or tracked in real time for immediate system monitoring.

system partition - Partition that contains boot files, such as Boot.ini and Ntldr in Windows 2000 Server.

SYSVOL - A shared folder, which is set up when the Active Directory is installed and that contains publicly available files that users and DCs need for domain access. SYSVOL folders are replicated among DCs.

T-carrier - A dedicated leased telephone line that can be used for data communications over multiple channels for speeds of up to 44.736 Mbps.

Telephone Application Programming Interface (TAPI) - An interface for communication line devices (such as modems) that provides line device functions, such as call holding, call receiving, call hang-up, and call forwarding.

Telnet - A TCP/IP application protocol that provides terminal emulation services.

terminal - A device that consists of a monitor and keyboard to communicate with host computers that run the programs. The terminal does not have a processor to use for running programs locally.

terminal adapter (TA) - Popularly called a digital modem, links a computer or a fax to an ISDN line.

terminal server - A server configured to offer terminal services so that clients can run applications on the server, similar to having clients respond as terminals.

thin client - A specialized personal computer or terminal device that has a minimal Windows-based operating system. A thin client is designed to connect to a host computer that does most or all of the processing. The thin client is mainly responsible for providing a graphical user interface and network connectivity.

thread - A block of program code executing within a running process. One process may launch one or more threads..

token ring - Using a ring topology, a network transport method that passes a token from node to node. The token is used to coordinate transmission of data, because only the node possessing the token can send data.

topology - The physical layout of the cable and the logical path followed by network packets and frames sent on the cable.

total cost of ownership (TCO) - The cost of installing and maintaining computers and equipment on a network, which includes hardware, software, maintenance, and support costs.

track - Concentric rings that cover an entire disk like grooves on a phonograph record. Each ring is divided into sectors in which to store data.

transitive trust - A trust relationship between two or more domains in a tree in which each domain has access to objects in the others.

Transmission Control Protocol/Internet Protocol (TCP/IP) - A protocol that is particularly well suited for medium and large networks. The TCP portion was originally developed to ensure reliable connections on government, military, and educational networks. It performs extensive error checking to ensure data is delivered successfully. The IP portion consists of rules for packaging data and ensuring it reaches the correct destination address.

trap - A specific situation or event detected by SNMP that a network administrator may want to be warned about or to track via a network management station, such as when a network device is unexpectedly down or offline.

tree - Related domains that use a contiguous namespace, share the same schema, and have two-way, transitive trust relationships.

trigger - Used as a way to have Network Monitor perform a specific function when a predefined situation occurs, such as stopping a capture of network data when the capture buffer is 50% full.

trusted domain - A domain that has been granted security access to resources in another domain.

trusting domain - A domain that allows another domain security access to its resources and objects, such as servers.

two-way trust - A domain relationship in which both domains are trusted and trusting, enabling one to have access to objects in the other.

unicast - A transmission method in which one copy of each packet is sent to each targeted destination, a transmission method that can generate considerable network traffic when compared to multicasting, when the transmission is a multimedia application.

Uniform Resource Locator (URL) - An addressing format used to find an Internet Web site or page.

uninterruptible power supply (UPS) - A device built into electrical equipment or a separate device that provides immediate battery power to equipment during a power failure or brownout.

uniqueness database file (UDF) - A text file that contains an answer set of unique instructions for installing Windows 2000 in the unattended mode and that is used with an answer file.

Universal Disk Format (UDF) - A removable disk formatting standard used for large capacity CD-ROMs and DVD-ROMs.

Universal Modem Driver - A modem driver standard used on recently developed modems.

Universal Naming Convention (UNC) - A naming convention that designates network servers, computers, and shared resources. The format for a UNC name is \\servername(or computername)\sharename\folder\file.

universal security group - A group that is used to provide access to resources in any domain within a forest. A common implementation is to make global groups that contain accounts members of a universal group that has access to resources.

Universal Serial Bus (USB) - A bus standard that enables you to attach all types of devices - keyboards, cameras, pointing devices, telephones, and tape drives, for example - to one bus port on a computer. Up to 127 devices can be attached to one port and it is not necessary to power off the computer when you attach a device. USB was developed to replace the traditional serial and parallel bus technologies on computers.

User Datagram Protocol (UDP) - A protocol used with IP as an alternative to TCP and that offers low-overhead connectionless communications.

user mode - A special operating mode in Windows 2000 used for running programs in a memory area kept separate from that used by the kernel and in which the program cannot directly access the kernel or operating system services except through an API.

user principle name (UPN) - A name that combines an account name with the domain name, such as RBrown@tracksports.org, for easy identification such as in e-mail.

value - A data parameter in the Registry stored as a value in decimal, binary, or text format.

virtual directory - A URL formatted address that provides an Internet location (virtual location) for an actual physical folder on a Web server that is used to publish Web documents.

virtual DOS machine - In Windows 2000, a process that emulates an MS-DOS window in which to run MS-DOS or 16-bit Windows programs in a designated area of memory.

virtual memory - Disk space allocated to link with memory to temporarily hold data when there is not enough free RAM.

virtual private network (VPN) - A private network that is like a tunnel through a larger network - such as the Internet, an enterprise network, or both - that is restricted only to designated member clients.

volume - A basic disk partition that has been formatted for a particular file system, a primary partition, a volume set, an extended volume, a stripe set, a stripe set with parity, or a mirror set. Or a dynamic disk that is set up as a simple volume, spanned volume, RAID-5 volume, or mirrored volume.

volume set - Two or more formatted basic disk partitions (volumes) that are combined to look like one volume with a single drive letter.

Web browser - Software that uses the HTTP to locate and communicate with Web sites and that interprets HTML documents, video, and sound to give the user a sound and video GUI presentation of the HTML document contents.

wide area network (WAN) - A far reaching system of networks that can extend across state lines and across continents.

Windows Internet Naming Service (WINS) - A Windows 2000 Server service that enables the server to convert NetBIOS workstation names to IP addresses for Internet communications.

Windows NT LAN Manager (NTLM) - An authentication protocol used in Windows NT Server 3.5, or 3.51, and 4.0 that is retained in Windows 2000 Server for backward compatibility with clients that cannot support Kerberos, such as MS-DOS and windows 3.1x.

workgroup - As used in Microsoft networks, a number of users who share drive and printer resources in an independent peer-to-peer relationship.

working set - Amount of RAM allocated to a running process.

workstation - A computer that has its own CPU and may be used as a standalone computer for word processing, spreadsheet creation, or other software applications. It also may be used to access another computer such as a mainframe computer or file server, as long as the necessary network hardware and software are installed.

World Wide Web (Web) - A vast network of servers throughout the world that provide access to voice, text, video, and data files.

X.25 - An older packet-switching protocol for connecting remote networks at speeds up to 2.048 Mbps.

Zero Administration for Windows (ZAW) - A combination of management options and tools that enable an organization to reduce the total cost of ownership (TCO).