Networking and Windows 2000 Terms

 

A records   Host name to IP address mappings in the DNS database that are used in host name resolution.
access control list (ACL)   A list of all security descriptors that have been set up for a particular object, such as for a shared folder or a shared printer.
access server   A device that connects several different types of communication devices and telecommunication lines to a network, providing network routing for these types of communications.
account lockout   A security measure that prohibits logging on to a Windows 2000 server account after a specified number of unsuccessful attempts.
Accounting provider   Server (typically a RADIUS server) that logs the activity and connection time for a remote user. This is often used to charge remote clients for online time, as in the case of an ISP providing Internet service.
Active Directory   A Windows 2000 database of computers, users, shared printers, shared folders, and other network resources, and resource groupings that is used to manage a network and enable users to quickly find a particular resource.
Active Directory (AD) services   Enterprise-level directory service designed to combine domain structures into a manageable, extensible, network structure.
active directory integrated zones   DNS zones stored in the Active Directory database and replicated along with other Active Directory information.
Active Directory Users and Computers   Tool used to configure the objects in the Windows 2000 Active Directory. Among other things, you use this tool to configure the properties of user accounts. Dial-in properties for a user include whether the user may dial in to the RRAS server and whether a callback number should be used.
active partition   The partition from which a computer boots. 
Address Resolution Protocol (ARP)   Lower-layer protocol that resolves a known IP address to a MAC address.
Address Resolution Protocol (ARP)   Low-level protocol that resides within the IP protocol. It is used as a way of resolving IP addresses to MAC addresses.
Address Resolution Protocol (ARP)   A protocol in the TCP/IP suite that enables a sending station to determine the MAC address of another station on a network.
Advanced Research Projects Agency Network (ARPANet)   Original name for the Internet; ARPA was the government agency responsible for sponsoring the research that lead to the TCP/IP protocol stack and the modern-day Internet.
aggregate link   Linking two or more communications channels, such as ISDN channels so that they appear as one channel, but with the combined speed of all channels in the aggregate. 
alert   Provides a warning of a specific Windows 2000 Server system or network event. The warning is sent to designated users.
ANDing   Logically combining binary numbers; the results are similar to multiplying binary numbers; ANDing a 1 and a 1 gives a 1. All other combinations (1 and 0, and 0 and 0) result in 0.
answer file   A text file that contains a complete set of instructions for installing Windows 2000 in the unattended mode.
AppleTalk   A peer-to-peer protocol used in network communication between Macintosh computers. 
application log   An event log that records information about how software applications are performing. 
application program interface (API)   Functions or programming features in a system that programmers can use for network links, links to messaging services, or interfaces to other systems.
Application Programming Interface (API)   Standardized set of commands and programming parameters used to simplify the interaction between applications and lower-level networking components.
area border routers   OSPF router that has an interface in more than one OSPF area.
areas   OSPF division of the internetwork into collections of contiguous networks that help keep routing tables from growing too large. Each router only keeps a link-state database for those areas connected to the router.
Asynchronous Transfer Mode (ATM)   Cell-based LAN/WAN networking technology that can handle voice, video, and data traffic; Windows 2000 provides native ATM support.
attribute   A characteristic associated with a folder or file used to help manage access and backups.
attributes   Specific values associated with an object; an example is the attribute of First or Last name for the User object.
auditing   Tracking the success or failure of events by recording selected types of events in an event log of a server or a workstation.
auditing   Tracking the success or failure of events associated with an object, such as writing to a file, and recording the audited events in an event log of a Windows 2000 server or workstation.
authentication   Process of verifying a user’s credentials so that the user may log on to the system. Authentication is normally performed using a username and password. Authentication may be unencrypted (clear text) or use any of a number of encryption types.
authentication   A method for validating the identity of a user or a computer. IPSec supports three modes of encryption: Kerberos, certificates, and pre-shared keys.
authority   Ability to control what resource records, subdomains, and other attributes are associated with a particular DNS domain.
Automatic Private IP Addressing (APIPA)   New feature in Windows 98 and Windows 2000 that allows DHCP clients to select an IP address from the private range 169.254.0.0/16 whenever they cannot find a DHCP server on the local segment.
autonomous system   One in which a set of networks and routers are all under the same administration.
backbone area   OSPF areas connected by a special type of area called a backbone area.
backbone router   Any router configured in an OSPF backbone area.
backup browser   A computer in a domain or workgroup that maintains a static list of domain/workgroup resources to provide to clients browsing the network. The backup browser periodically receives updates to the browse list from the master browser.
Bandwidth Allocation Control Protocol (BACP)   See Bandwidth Allocation Protocol (BAP).
Bandwidth Allocation Control Protocol (BACP)   Similar to BAP, but is able to select a preferred client when two or more clients vie for the same bandwidth.
Bandwidth Allocation Protocol (BAP)   Together with the Bandwidth Allocation Control Protocol (BACP), allows a client to add and remove links dynamically during a multilink session to adjust for changes in bandwidth needs.
Bandwidth Allocation Protocol (BAP)   A protocol that works with Multilink in Windows 2000 Server that enables the bandwidth or speed of a remote connection to be allocated on the basis of the needs of an application, with the maximum allocation equal to the maximum speed of all channels aggregated via Multilink.
base priority class   The initial priority assigned to a program process or thread in the program code by Windows 2000 when the program is started.
basic disk   In Windows 2000, a partitioned disk that can have up to four partitions and that uses logical drive designations. This type of disk is compatible with MS-DOS, Windows 3.x, Windows 95, Windows 98, Windows NT, and Windows 2000. 
basic input/output system (BIOS)   A program on a read-only or flash memory chip that establishes basic communications with components such as the monitor and disk drives. The advantage of a flash chip is that you can update the BIOS.
benchmark   A measurement standard for hardware or software used to establish performance baselines under varying loads or circumstances. Also called a baseline.
bidirectional printing   Ability of a parallel printer to conduct two-way communication between the printer and the computer, such as to provide out of paper information; also bidirectional printing supports Plug and Play and enables an operating system to query a printer about its capabilities.
binary format   IP address displayed as four sets of eight binary numbers separated by periods.
binding   Associating or connecting a network layer protocol (or even a network service) to a specific network interface card.
binding   Process of associating a protocol with a NIC or a network service.
bits per second (bps)   Number of binary bits (0s or 1s) sent in one second, a measure used to gauge network, modem, and telecommunications speeds.
b-node   NetBIOS node type that uses broadcasts to resolve NetBIOS names to IP addresses.
boot partition   Holds the Windows 2000 Server \Winnt folder containing the system files.
BootP   Older alternative to DHCP that diskless workstations used to obtain IP addresses.
Border Gateway Protocol (BGP)   Newer and more powerful exterior routing protocol that has largely replaced the older Exterior Gateway Protocol.
boundary layers   Layers in the Windows 2000 networking architecture that act as intermediaries between upper layers, the network protocols, and lower layers of the model.
bridge   A network transmission device that connects together different LAN segments using the same access method, for example connecting an Ethernet LAN to another Ethernet LAN or a token ring LAN to another token ring LAN. Bridge devices look at MAC addresses (OSI Layer 2) but do not look at routing information (Layer 3) in a frame.
broadcast   A transmission that sends one copy of each frame to all points on a network, regardless of whether or not a recipient has requested to communicate with the sender.
broadcast domain   That portion of a network where broadcasts are propagated; normally broadcast domains are created by router placement in a network.
bus   A pathway in a computer used to transmit information. This pathway is used to send CPU instructions and other data to transfer within the computer. 
bus mastering   A process that reduces the reliance on the CPU for input/output activities on a computer’s bus. Interface cards that have bus mastering can take control of the bus for faster data flow. 
cache   Storage used by a computer system to house frequently used data in quickly accessed storage, such as memory.
caching-only servers   DNS server configured without any zone files; a caching-only server contains IP addresses of DNS servers it can query to answer client requests and then store the information in a local cache.
callback security   Used for remote communications verification, the remote server calls back the accessing workstation to verify the access is from an authorized telephone number. 
call-back security   Used for remote communications verification, the remote server calls back the accessing workstation to verify the access is from an authorized telephone number. 
capture buffer   The amount of RAM and virtual memory that is used to store data captured by Network Monitor.
certificate   An encrypted set of information associated with a workstation that is equivalent to a unique digital fingerprint and that is used to authenticate logon to a server, such as a Web server.
Certificate Authority (CA)   Any trusted source willing to verify the identities of people to whom it issues certificates and to associate those people with certain public and private keys.
certificate enrollment   Process whereby a client obtains a certificate from a certificate authority.
Certificate Revocation Lists (CRL)   List of revoked certificates and the codes defining the reasons for revocation.
certificate services   Networking service in Windows 2000 that creates and manages a public key infrastructure within an organization.
Certificate Store   Database created during the installation of a CA. Installing certificate services on an Enterprise root CA, creates the store in the Active Directory. Installing services on a Stand-alone root CA creates the store on the local server.
Certificate Trust List (CTL)   Holds the set of all root CAs whose certificates users and computers can trust. 
certificates   Allow verification of the claim that a given public key actually belongs to a given individual. This helps prevent an impersonator from using a phony key.
Challenge Handshake Authentication Protocol (CHAP)   Type of authentication in which the authentication agent sends the client program a key for encrypting the username and password. 
Challenge Handshake Authentication Protocol (CHAP)   An encrypted handshake protocol designed for standard IP- or PPP-based exchange of passwords. It provides a reasonably secure, standard, cross-platform method for sender and receiver to negotiate a connection.
CHAP with Microsoft extensions (MS-CHAP)   A Microsoft-enhanced version of CHAP that can negotiate encryption levels and that uses the highly secure RSA RC4 encryption algorithm to encrypt communications between client and host. 
CHAP with Microsoft extensions version 2 (MS-CHAP v2)   An enhancement of MS-CHAP that provides better authentication and data encryption and that is especially well suited for VPNs.
client   A computer that accesses resources on another computer via a network or by a direct connection.
client access license (CAL)   A license to enable a workstation to connect to Windows 2000 Server as a client.
clock speed   Rate at which the CPU sends bursts of data through a computer’s buses.
clustering   The ability to share the computing load and resources by linking two or more discrete computer systems to function as though they are one.
clustering support   Ability of an operating system to connect multiple servers in a fault-tolerant group. If one server in the cluster fails, all processing continues on another server. Clusters ensure high availability and reliable performance.
common name (CN)   The most basic name of an object in the Active Directory, such as the name of a printer.
community name   In SNMP communications, a password used by network agents and the network management station so that their communications cannot be easily intercepted by an unauthorized workstation or device. 
compact disk (CD-ROM)   A ROM medium that typically holds up to 1 GB of information.
compact disk file system (CDFS)   A 32-bit file system used on standard capacity CD-ROMs.
Component Object Model (COM) Standards that enable a software object, such as a graphic, to be linked from one software component into another one. COM is the foundation that makes Object Linking and Embedding (OLE) possible.
connectionless communication   Also called a connectionless service, a communication service that provides no checks (or minimal checks) to make sure that data accurately reaches the destination node.
connection-oriented communication   Also called a connection-oriented service, this service provides several ways to ensure that data is successfully received at the destination, such as requiring an acknowledgement of receipt and using a checksum to make sure the packet or frame contents are accurate. 
contiguous namespace   A namespace in which every child object contains the name of its parent object.
converged   Status of an internetwork when all its routers have the correct routing information in their tables.
Convergence time   When a link or router fails, the time taken for all routers on the network to reconfigure themselves with the proper information. 
counter   Used by the System Monitor, this is a measurement technique for an object, such as measuring the processor performance by percentage in use.
cyclic redundancy check (CRC)   An error-checking technique used in network protocols to signal a communication problem.
data communications equipment (DCE)   A device that converts data from a DTE, such as a computer, to be transmitted over a telecommunications line.
Data Link Control (DLC)   Nonroutable protocol used mainly to connect to Hewlett-Packard printers using Jet Direct network cards.
Data Link Control protocol (DLC)   Available through Microsoft Windows 2000, Windows NT, Windows 95, and Windows 98, this protocol enables communications with an IBM mainframe or minicomputer.
data terminal equipment (DTE)   A computer or computing device that prepares data to be transmitted over a telecommunications line to which it attaches by using a DCE, such as a modem.
data transfer rate   Speed at which data moves through the disk controller along the data channel to a disk drive.
data type   Way in which information is formatted in a print file.
date stamp   Documents, files, and other important information are permanently imprinted by a date stamp to record their creation date and time and to record modification dates and times.
dead gateway detection   Feature of Windows 2000 that allows a machine to detect when a default gateway is unreachable and then switch to a configured back-up default gateway.
decrypt   Process of decoding encrypted data.
default gateway   IP address of the router port to networks outside the local network.
default gateway   Defined on most TCP/IP hosts and simply a router where a packet is sent if its destination network is not found in a routing table.
default gateway   A computer or router that forwards a network communication from one network to another, acting as a gateway between networks.
defragmentation   A software process that rearranges data to fill in the empty spaces that develop on disks and make data easier to obtain.
demand-dial interfaces   Interface configured in RRAS that can dial a remote router whenever a connection needs to be made.
demand-dial routing   Allows an RRAS server configured as a router to dial-up a remote router whenever it needs to send messages to that router.
device address  Same as physical address.
Dfs cache timeout   The amount of time that a Dfs shared folder is retained in the client operating system’s cache for fast access.
Dfs link   A path that is established between a shared folder in a domain and a Dfs root.
Dfs root   The main Active Directory container that holds Dfs links to shared folders in a domain. 
Dfs topology   Applies to a domain-based Dfs model and encompasses the Dfs root, Dfs links to the root, and servers on which the Dfs structure is replicated.
DHCP Allocator   Simplified version of a DHCP server used by NAT to assign IP addressing information automatically to clients on the private network.
DHCP relay agent   Software component loaded via Routing and Remote Access Service to a Windows 2000 machine; allows a machine to act as a proxy for DHCP clients on a segment.
DHCP Relay Agent   When they boot up, DHCP clients broadcast a message to their local IP subnet looking for a DHCP server to provide them with IP addressing information. These broadcast messages typically do not pass through routers. One way to avoid putting a full DHCP server on every subnet is to configure a computer as a DHCP Relay Agent. This computer intercepts the DHCP client requests and forwards them across the router to the DHCP server. RRAS has the capability to serve as a DHCP Relay Agent.
DHCP Relay Agent   A server or computer that broadcasts IP configuration information between the DHCP server on a network and the client acquiring an address, such for remote connections and when they are on different networks and thus transmissions must go through one or more routers. 
DHCPAcknowledgment   Packet broadcast by a DHCP server to a DHCP client that grants the client a lease for a particular IP address; fourth step of four-step DHCP lease process.
DHCPDiscover   Packet broadcast by DHCP clients to find DHCP servers on the local segment; first step of four-step DHCP lease process.
DHCPNack   Negative acknowledgment that a DHCP server broadcasts if it must decline a client’s request for a particular IP address.
DHCPOffer   Packet broadcast by a DHCP server to a DHCP client that contains a possible IP address for lease; second step of four-step DHCP lease process.
DHCPRequest   Packet broadcast by a DHCP client requesting the IP address offered in a DHCPOffer packet; third step of four-step DHCP lease process.
Dial-Up Networking   Name given to the process and interface that most versions of Microsoft Windows use to dial in to a remote server.
digital subscriber line (DSL)   A technology that uses advanced modulation technologies on regular telephone lines for high-speed networking at speeds of up to 60 Mbps between subscribers and a telecommunications company.
digital video disk (DVD-ROM)   Also called digital versatile disk, a ROM medium that can hold from 4.7 to 17 GB of information.
Directory Service client (DSClient)   Microsoft software for Windows 95 and higher clients that connect to Windows 2000 Server that enables non-Windows-2000 clients to use Kerberos authentication security and to view information published in the Windows 2000 Active Directory, such as all network printers.
Directory Service log   Records events that are associated with the Active Directory, such as updates to the Active Directory, events related to the Active Directory’s database, replication events, and startup and shutdown events. 
disjointed namespace   A namespace in which the child object name does not resemble the name of its parent object.
disk access time   Amount of time it takes for a disk drive to read or write data by moving a read/write head to the location of the data.
disk duplexing   A fault tolerance method similar to disk mirroring in that it prevents data loss by duplicating data from a main disk to a backup disk; but disk duplexing places the backup disk on a different controller or adapter than is used by the main disk. 
disk fragmentation   A normal and gradual process in which files become spread throughout a disk and empty pockets of space develop between files.
disk mirroring   A fault tolerance method that prevents data loss by duplicating data from a main disk to a backup disk. Some operating systems also refer to this as disk shadowing.
disk quota   Allocating a specific amount of disk space to a user or application with the ability to ensure that the user or application cannot use more disk space than is specified in the allocation. 
distinguished name (DN)   A name in the Active Directory that contains all hierarchical components of an object, such as that object’s organizational unit and domain, in addition to the object’s common name. The distinguished name is used by an Active Directory client to access a particular object, such as a printer.
distributability   Dividing complex application program tasks among two or more computers.
Distributed Component Object Model (DCOM)   A standard built upon COM to enable object linking to take place over a network. COM is a standard that allows a software object, such as a graphic, to be linked from one software component to another (such as copying a picture from Microsoft Paint and pasting it in Microsoft Word).
Distributed File System (Dfs)   A system that enables folders shared from multiple computers to appear as though they exist in one centralized hierarchy of folders instead of on many different computers.
distribution group   A list of Windows 2000 Server users that enables one e-mail message to be sent to all users on the list. A distribution group is not used for security and thus cannot appear in an ACL.
DNS proxying   Method of relaying DNS name resolution requests from clients on a private network through the NAT server to a DNS server on the Internet.
DNS Server   A Microsoft service that resolves computer names to IP addresses, such as resolving the computer name Brown to IP address 129.77.1.10, and that resolves IP addresses to computer names. 
DNS Server log   An event log that provides information about events associated with the DNS Server, such as instances in which DNS information is updated, when there are problems with the DNS service, and when the DNS Server has started successfully after booting.
DNS zone file   Text file, stored on a DNS server, that contains all information and resource records for a particular zone. 
DNS zones   Portion of the DNS namespace that can be administered as a single unit.
domain   A grouping of resource objects, servers and user accounts, for example, that is one element of the Active Directory in Windows 2000 Server. A domain usually is a higher-level representation of how a business, government, or school is organized, such as reflecting a geographical site or major division of that organization.
domain controller (DC)   A Windows 2000 Server that contains a full copy of the Active Directory information, that is used to add a new object to the Active Directory, and that replicates all changes made to it so those changes are updated on every DC in the same domain.
domain local security group   A group that is used to manage resources 
Domain Name Service (DNS)   A TCP/IP application protocol that resolves domain and computer names to IP addresses; or IP addresses to domain and computer names.
Domain Name System (DNS)   Network service that provides host name to TCP/IP address resolution.
Domain Name System (DNS)   Hierarchical naming system used to resolve host name to IP address mapping. It contains resource records.
dotted decimal   IP addresses displayed as a series of four decimal numbers separated by periods, for example, 192.168.12.2.
dotted decimal notation   An addressing technique that uses four octets, such as 100000110.11011110.1100101.00000101, converted to decimal (e.g., 134.22.101.005), to differentiate individual servers, workstations, and other network devices. 
driver signing   A digital signature that Microsoft incorporates into driver and system files as a way to verify the files and to ensure that they are not inappropriately overwritten.
dropped frames   Frames that are discarded because they are improperly formed, such as failing to meet the appropriate packet size.
dual-boot system   A computer set up to boot from two or more different operating systems, such as Windows 2000 Server and MS-DOS.
dynamic addressing   An addressing method where an IP (Internet Protocol) address is assigned to a workstation without the need for the network administrator to manually set it up at a workstation.
dynamic assignment   Configuring a host to obtain an IP address automatically using DHCP.
dynamic disk   In Windows 2000 Server, a disk that does not use traditional partitioning, which means that there is no restriction to the number of volumes that can be set up on one disk or the ability to extend volumes onto additional physical disks. Dynamic disks are only compatible with Windows 2000 Server. 
Dynamic Domain Name System (DDNS)   DNS version that allows clients to register their host names automatically with a DNS server.
Dynamic Domain Name System (DDNS)   Extension to the DNS systems that allows dynamic updates to the DNS database. The Windows 2000 DHCP server service can integrate with DDNS to allow dynamic DNS registration for clients that receive dynamic IP addresses.
Dynamic Host Configuration Protocol (DHCP)   Networking service that can distribute TCP/IP addresses to clients configured to obtain dynamic addresses.
Dynamic Host Configuration Protocol (DHCP)   Protocol used by clients to obtain IP addresses dynamically from a DHCP server.
Dynamic Host Configuration Protocol (DHCP)   Protocol used to automatically assign IP addressing and other TCP/IP information to clients. DHCP is considered easier and more reliable than manual addressing.
Dynamic Host Configuration Protocol (DHCP)   A network protocol that provides a way for a server to automatically assign an IP address to a workstation on its network.
dynamic mappings   Created when users on the private network initiate traffic with a public Internet location. The NAT service automatically translates the IP address and source ports and adds these mappings to its mapping table.
dynamic router   Routers that automatically share their routing information with other routers on the network using a router protocol such as RIP or OSPF.
EFS Recovery Key   Spare private encryption key capable of decrypting the data. The key maps to a trusted account called a Recovery Agent.
emergency repair disk (ERD)   A disk that contains repair, diagnostic, and backup information for use in case there is a problem with Windows 2000. 
encrypt   Process of sealing data using a special coding algorithm so that only intended recipients can decrypt and read it.
encrypting file system (EFS)   New file and folder attribute provided by NTFS version 5.0; allows file and folder encryption on a per-user basis.
Encrypting File System (EFS)   Protocol Windows 2000 uses to encrypt data on a computer by combining the data in those files with the public key certificate of the user logged on to the computer.
Encrypting File System (EFS)   Set by an attribute of NTFS, this file system enables a user to encrypt the contents of a folder or a file so that it can only be accessed via private key code by the user who encrypted it. EFS adheres to the Data Encryption Standard’s expanded version for data protection.
Encryption   Process of translating information into an unreadable code that can only be translated back (decrypted) by using a secret key or password. 
enhanced security   Increased security measures available in Windows 2000 via the inclusion of Kerberos version 5 security and IP security.
Enhanced Small Device Interface (ESDI)   An early device interface for computer peripherals and hard disk drives.
Enterprise CA   Acts as a CA for an enterprise and requires access to the Active Directory.
enterprise network   A network that often reaches throughout a large area, such as a college campus, a city, or across several states. The main distinguishing factor of an enterprise network is that it brings together an array of network resources such as many kinds of servers, mainframes, intranets, printers, and the Internet. 
error checking and correcting memory (ECC)   Memory that can correct some types of memory problems without causing computer operations to halt.
Ethernet   Most widely used networking architecture; contention-based architecture that uses carrier sense multiple access/collision detection as its access method.
Ethernet   A network transport system that uses a carrier sensing and collision detection method to regulate data transmissions.
event log   One of several logs in which Windows 2000 Server records information about server events, such as errors, warnings, or informational events. 
event logging   Most applications in Windows (and Windows itself) log events to a file. Events are bits of information and any errors generated by these applications. Once logged, you can view the events using the Event Viewer utility.
Extended Industry Standard Architecture (EISA)   A computer bus design that incorporates 32-bit communications within a computer. It is an industry standard used by several computer manufacturers. 
extended partition   A partition that is created from unpartitioned free disk space and is linked to a primary partition in order to increase the available disk space.
Extensible Authentication Protocol (EAP)   General protocol for PPP authentication that supports multiple authentication mechanisms. Instead of selecting a single authentication method for a connection, EAP can negotiate an authentication method at connect time.
Extensible Authentication Protocol (EAP)   A protocol used to provide a range of security services for different manufacturer' s security devices, such as smart cards. EAP is used with other remote access protocols, such as for security through the Internet.
Extensible Authentication Protocol (EAP)   An authentication protocol employed by network clients that use special security devices such as smart cards, token cards, and others that use certificate authentication. 
Exterior Gateway Protocol (EGP)   Exterior routing protocol used to connect different autonomous systems. 
Fat allocation table (FAT) 32 support   Ability of an operating system to read, write, and otherwise fully support the new version of the file allocation table file system introduced in the Win9x product family.
fault tolerance   Techniques that employ hardware and software to provide assurance against equipment failures, computer service interruptions, and data loss.
Fibre Channel   A high-speed method for connecting computer peripherals, such as disk drives, to servers and other host computers through copper and fiber-optic cable. Current implementations of Fibre Channel in Windows 2000 servers provide data transfer rates of up to 1 Gbps.
File Allocation Table (FAT) file system   A file system based on the use of a File Allocation Table, a flat table that records the clusters used to store the data contained in each file stored on disk. FAT is used by several operating systems, including MS-DOS, Windows 95, Windows 98, and Windows 2000. Security and auditing are not supported on FAT partitions.
file lock   Flagging a file so that it cannot be updated by more then one user at a time, giving the first user to access it the ability to perform an update. 
File Replication Service log   An event log that contains information about file replication events such as changes to file replication, when the service has started, and completed replication tasks.
File Transfer Protocol (FTP)   Provides for file transfer between two TCP/IP hosts; uses TCP as its transport protocol.
File Transfer Protocol (FTP)   Available through the TCP/IP protocol, FTP enables files to be transferred across a network or the Internet between computers or servers.
filter   A capacity in network monitoring software that enables a network or server administrator to view only designated protocols, network events, network nodes, or other specialized views of the network.
filter action   Actions assigned to a connection whose properties match an associated list of filters. Typical actions are to accept and block connections or to negotiate security for the connection.
filter list   List of filters assigned to a rule. Connections whose properties match the list of filters have an associated filter action applied to them.
firmware   Software that is stored on a chip in a device, such as in a ROM, and that is used to control basic functions of the device such as communications with a disk drive.
forest   A grouping of trees that each have contiguous namespaces within their own domain structure, but that have disjointed namespaces between trees. The trees and their domains use the same schema and global catalog.
format   An operation that divides a disk into small sections called tracks and sectors for storage of files.
formatting   A process that prepares a hard disk partition for a specific file system.
forward lookup zone   A DNS zone or table that maps computers names to IP addresses.
forward lookup zones   DNS zone files that hold resource records that map host names to IP addresses. (They can also hold various other resource records.)
frame   A unit of data that is transmitted on a network that contains control and address information, but not routing information.
frame relay   A WAN communications technology that relies on packet switching and virtual connection techniques to transit at from 56 Kbps to 45 Mbps.
full backup   A backup of an entire system, including all system files, programs, and data files.
full duplex   The capacity to send and receive signals at the same time.
Fully Qualified Domain Name (FQDN)   Entire name of a host that includes the host name and the domain name; for example, host1.win2k.org signifies the computer host1 in the win2k.org DNS domain.
Gateway Service for NetWare (GSNW)   A service included with Windows NT and Windows 2000 Server that provides connectivity to NetWare resources for Windows NT and Windows 2000 servers and their clients with the Windows NT/2000 server acting as a gateway. 
global catalog   A grand repository for all objects and the most frequently used attributes for each object in all domains. Each tree has one global catalog.
global security group   A group that typically contains user accounts from its home domain 
globally unique identifier (GUID)   A unique number, up to 16 characters long, that is associated with an Active Directory object.
graphics device interface (GDI)   An interface on a Windows network print client that works with a local software application, such as Microsoft Word, and a local printer driver to format a file to be sent to a local printer or a network print server. 
group NetBIOS names   NetBIOS names used to register entire groups of computers; an example is domain controllers in a domain.
half duplex   The ability to send or receive signals, but not simultaneously.
handle   A resource, such as a file, used by a program and that has its own identification so the program is able to access it.
hard page fault   When a program does not have enough physical memory to execute a given function and must obtain information from disk.
Hardware Abstraction Layer (HAL)   A set of program routines that enable an operating system to control a hardware component, such as the processor, from within the operating system kernel.
hardware compatibility list (HCL)   A list of computer hardware tested by Microsoft and determined to be compatible with Windows 2000 Server.
hardware profile   A consistent setup of hardware components associated with one or more user accounts.
hibernate   A mode in which the computer components are shut down and information in memory is automatically saved to disk before the disk is powered off. The power supply and CPU remain active, monitoring to startup all components when you press a key or move the mouse.
Hierarchical Storage Management (HSM)   A storage management system that enables administrators to establish storage policies, archiving techniques, and disk capacity planning through automated procedures and the coordinated use of different media including tapes, CD-ROMs, hard drives, and zip drives.
hive   A set of related Registry keys and subkeys stored as a file.
h-node   NetBIOS node type that first attempts directed communication to a WINS server to resolve NetBIOS names to IP addresses; if directed communication fails, clients with this node type then try a broadcast to resolve NetBIOS names to IP addresses.
home folder or home directory    A server folder that is associated with a user’s account and that is a designated workspace for the user to store files.
hop   Each router that a packet of information must pass between its source and destination hosts. The number of hops is also referred to as metric count or metric cost.
host address (A) resource record   A record in a DNS forward lookup zone that consists of a computer name correlated to an IP version 4 address.
host files   Text files that contain host name to IP address mapping; used to perform host name to IP address resolution. Precursor to the DNS system.
host ID   Portion of an IP address that represents the bits used for host identification.
host names   Common names given to network devices to allow users to interact with a name instead of an IP address.
hostname   Command used after the command prompt to display the host name of the local machine.
Hypertext Markup Language (HTML)   A formatting process that is used to enable documents and graphics images to be read on the World Wide Web. HTML also provides for fast links to other documents, to graphics, and to Web sites. The World Wide Web is a series of file servers with software such as Microsoft’s Internet Information Server (IIS), that make HTML and other Web documents available for workstations to access.
Hypertext Transfer Protocol (HTTP)   A protocol in the TCP/IP suite that transports HTML documents over the Internet (and through intranets) for access by Web compliant browsers.
I/O address  The address in memory through which data is transferred between a computer component and the processor.
in-addr.arpa   Name given to the reverse lookup zone file.
incremental backup   A backup of new or changed files.
indirect routing   Occurs when a packet of information must pass over a router at some point between its source and destination.
Industry Standard Architecture (ISA)   An older expansion bus design dating back to the 1980s, supporting 8-bit and 16-bit cards and with a data transfer rate of 8 MB per second.
inherited permissions   Permissions of a parent object that also apply to child objects of the parent, such as to subfolders within a folder.
inherited rights   User rights that are assigned to a group and that automatically apply to all members of that group. 
instance   Used by the System Monitor, when there are two or more types of elements to monitor, such as two or more threads or disk drives. 
Integrated Device Electronics (IDE)  An inexpensive hard disk interface that is used on Intel-based computers from the 80286 to Pentium computers. 
Integrated Services Digital Network (ISDN)   A telecommunications standard for delivering data services over digital telephone lines with a current practical limit of 1.536 Mbps and a theoretical limit of 622 Mbps.
intelligent input/output (I2O)   A computer communications architecture that removes some of the I/O processing activities from the main processor to I2O processors on peripherals designed for I2O architectures, such as hard disks. I2O devices use one general device driver for all I2O-compliant devices.
Internet   A global network of diverse Web and information servers offering voice, video, and text data to millions of users.
Internet Assigned Numbers Authority (IANA)   Group responsible for controlling allocation of IP addresses to the Internet community.
Internet Authentication Service (IAS)   Used to establish and maintain security for RAS, Internet, and VPN dial-in access and can be employed with RADIUS. IAS can use certificates to authenticate client access. 
Internet Connection Sharing (ICS)   Simplified version of the NAT protocol that is easy to configure and manage and is available in Windows 98, Windows Millennium Edition, Windows 2000 Server, and Windows 2000 Professional. ICS is not as configurable as NAT.
Internet Control Message Protocol (ICMP)   Handles the communication of errors and status messages within the TCP/IP protocol stack.
Internet Control Message Protocol (ICMP)   A TCP/IP-based protocol that is used for network error reporting, particularly through routing devices.
Internet Group Management Protocol (IGMP)   TCP/IP protocol used to establish and maintain multicasting groups.
Internet Group Management Protocol (IGMP)   Standard protocol for IP multicasting over the Internet. It is used to establish host memberships in particular multicast groups.
Internet Group Management Protocol (IGMP)   Part of the TCP/IP protocol suite, the protocol that is used in multicasting and which contains addresses of clients. It is used by the server to tell a router which clients belong to the multicast group.
Internet Information Services (IIS)   A Microsoft Windows 2000 Server component that provides Internet Web, FTP, mail, newsgroup, and other services, and that is particularly offered to set up a Web server.
Internet Packet Exchange (IPX)    A protocol developed by Novell for use with its NetWare server operating system (see Sequence Packet Exchange).
Internet Printing Protocol (IPP)   A protocol that is encapsulated in HTTP and that is used to print files over the Internet.
Internet Protocol (IP)   Connectionless, best-effort delivery protocol in the TCP/IP protocol stack that handles routing of data and logical addressing with IP addresses.
Internet Protocol (IP)   Protocol in the TCP/IP protocol suite responsible for routing data over a network.
Internet Protocol version 6 (IPv6)   Advanced version of the Internet Protocol that uses 128-bit addresses in hexadecimal format.
Internet Server Application Programming Interface (ISAPI)   A group of dynamic link library (DLL) files that consist of applications and filters to enable user customized programs to interface with IIS and to trigger particular programs, such as a specialized security check or a database lookup.
Internet Service Providers (ISPs)   Companies that provide access to the Internet backbone.
Internetwork Packet eXchange (IPX)   Connectionless, layer three protocol that provides routing function for the IPX/SPX protocol stack.
Internetwork Packet eXchange/Sequenced Packet eXchange   (IPX/SPX) Routable protocol stack designed by Novell to provide networking services for the Netware network operating system.
interrupt request (IRQ) line   A hardware line that a computer component, such as a disk drive or serial port, uses to communicate to the processor that it is ready to send or receive information. Intel-based computers have 16 IRQ lines, with 15 of those available for computer components to use.
intranet   A private network within an organization. It uses the same Web-based software as the Internet but is highly restricted from public access. Intranets are currently used to enable managers to run high-level reports, to enable staff members to update human resources information, and to provide access to other forms of private data.
inverse query   DNS query attempting to resolve a host name from a known IP address.
IP (Internet Protocol)   Network layer protocol of the TCP/IP protocol suite that is responsible for routing packets between hosts.
IP address   32-bit logical addresses that must be assigned to every host on a TCP/IP network.
IP Security (IPSec)   Set of protocols that supports the secure exchange of data at the IP layer. In RRAS, IPSec is used in conjunction with L2TP in the formation of Virtual Private Networks.
IP Security (IPSec)   Extension to the Internet Protocol (IP) used to secure data being sent between two computers on a network.
IP security (IPSec)   A set of IP-based secure communications and encryption standards created through the Internet Engineering Task Force (IETF).
IP Security (IPSec) protocol   Set of security protocols used to provide data integrity, end-to-end confidentiality, and secure network authentication.
ipconfig   Command-line tool used to verify IP settings; can also be used to renew or release dynamically assigned IP addresses and DNS information.
IPSec client   Computer that initiates the IPSec connection.
IPSec driver   IPSec component that actually encrypts and decrypts data using keys prepared by the ISAKMP/Oakley Service, and sends the data between computers.
IPSec policies   Sets of rules assigned to clients that define how those clients use IPSec.
IPSec policy agent service   IPSec component responsible for retrieving the computer’s assigned IPSec policy from the Active Directory.
IPSec server   Computer that responds to an IPSec connection.
IPX (Internetwork Packet eXchange)   Networking protocol developed by Novell for use primarily with their NetWare operating systems. Since NetWare is such a popular network operating system, most other operating systems, such as Microsoft Windows, provide an IPX-compatible networking protocol. In Windows 2000, this IPX-compatible protocol is named NWLink.
ISAKMP/Oakley Service   IPSec component that creates the security association between communicating computers and is also responsible for generating the keys used to encrypt and decrypt the data sent over the IPSec connection.
iterative query   DNS query to which the server responds with the best answer it can provide or by forwarding the request to another name server and then returning an answer.
Kerberos   A security system developed by the Massachusetts Institute of Technology to enable two parties on an open network to communicate without interception by an intruder, creating a unique encryption key per each communication session.
Kerberos transitive trust relationship    A set of two-way trusts between two or more domains in which Kerberos security is used. 
Kerberos V5   Default authentication system used by Windows 2000. It is an open standard widely-supported by other operating systems, as well.
Kerberos version 5   Shared secret key encryption mechanism used to provide security for authentication sessions in a Windows 2000 network.
kernel   An essential set of programs and computer code that allows a computer operating system to control processor, disk, memory, and other functions central to the basic operation of a computer.
kernel mode   Protected environment in which the Windows 2000 operating system kernel runs, consisting of a protected memory area and privileges to directly execute system services, access the CPU, run I/O operations, and conduct other basic operating system functions.
key   A category of information contained in the Windows 2000 Registry, such as hardware or software.
Last Known Good Configuration   The Windows 2000 configuration that is stored in the Registry and that is the configuration in effect prior to making a system, driver, or configuration change since the last time the computer was booted. 
Layer Two Tunneling Protocol (L2TP)   A protocol that transports PPP over a VPN, intranet, or Internet. L2TP works similarly to PPTP, but unlike PPTP, L2TP uses an additional network communications standard, called Layer Two Forwarding, that enables forwarding on the basis of MAC addressing.
Layer-Two Tunneling Protocol (L2TP)   Extension of the PPP remote access protocol; one type of tunneling protocol used to form Virtual Private Networks. 
leaking memory   Failing to return memory for general use after a process is finished using a specific memory block. 
library   Removable storage media and the drive (or drives) used by the media. 
license monitoring   A process used on network servers to be certain the number of software licenses in use does not exceed the number for which the network is authorized.
line device   A DCE such as a modem or ISDN adapter that connects to a telecommunications line. 
Link control protocol (LCP)   LCP extensions include a number of enhancements to the LCP protocol used to establish a PPP link and control its settings. One of the primary enhancements included is the ability for the client and server to agree dynamically on protocols used on the connection.
LMHOSTS   Text file mapping NetBIOS names to IP addresses; precursor to WINS service.
load balancing   On a single server, distributing resources across multiple server disk drives and paths for better server response; and on multiple network servers, distributing resources across two or more servers for better server and network performance.
local area network (LAN)   Network confined within a small area such as a single building or a small campus.
local area network (LAN)   A series of interconnected computers, printers, and other computer equipment that share hardware and software resources. The service area is usually limited to a given floor, office area, or building.
local printing   Printing on the same computer to which print devices are attached.
local security group   A group of user accounts that is used to manage resources on a standalone Windows 2000 server that is not part of a domain.
local user profile   A desktop setup that is associated with one or more accounts to determine what startup programs are used, additional desktop icons, and other customizations. A user profile is local to the computer in which it is stored.
local-only mode   A process of capturing and viewing the contents of only the frames and packets sent to and transmitted from a specific networked computer’s or device’s NIC. 
logon script   A file that contains a series of commands to run each time a user logs onto his or her account, such as a command to map a home drive.
MAC address   Physical address of a network interface. The Address Resolution Protocol is responsible for translating between MAC and IP addresses.
management information base (MIB)  A database of network performance information that is stored on a network agent that gathers information for a network management station and that stores parameters that can be configured remotely.
mandatory user profile   A user profile set up by the server administrator that is loaded from the server to the client each time the user logs on and changes that the user makes to the profile are not saved. 
mapped folder or drive   A disk volume or folder that is shared on the network by a file server or workstation. It gives designated network workstations access to the files and data in its shared volume or folder. The workstation, via software, determines a drive letter for the shared volume, which is the workstation’s map to the data.
master boot record (MBR)   Data created in the first sector of a disk containing startup information and information about disk partitions.
master browser   On a Microsoft network, the computer designated to keep the main list of logged on computers.
master folder   The main folder that provides master files and folders for a Dfs root or link when replication is enabled.
Media Access Control (MAC) address   Physical address burned into the EPROM on a network interface card.
Media Access Control (MAC) address   Physical address burned in the EPROM on a network card when it is manufactured.
media access control (MAC) sublayer   A network communications function that examines physical address information in frames and controls the way devices share communications on a network
media pool   A set of removable media in which the media are used for the same purpose and that are managed in the same way, such as backup tapes for a Windows 2000 server.
member scopes   Scopes joined together in superscopes.
member server   A server that is a member of an existing Windows 2000 domain, but that does not function as a domain controller.
metropolitan area network (MAN)   A network that links multiple LANs within a large city or metropolitan region.
MicroChannel Architecture (MCA)   A bus architecture that is used in older IBM Intel-based computers. It provides 32-bit communications within the computer.
Microsoft Certificate Server (MCS)   Windows 2000 component that acts as an authority for issuing and managing certificates.
Microsoft CHAP (MS-CHAP)   Modified version of CHAP that allows the use of Windows 2000 authentication information. There are two versions of MS-CHAP. Version 2 is the most secure, and all Microsoft operating systems support it. Other operating systems sometimes support version 1.
Microsoft Management Console (MMC)   Extensible framework within which Windows 2000 management snap-ins such as the DHCP snap-in reside.
Microsoft Point-to-Point Encryption (MPPE)   A starting to ending point encryption technique that uses special encryption keys varying in length from 40 to 128 bits.
mirrored volume   Two dynamic disks that are set up for RAID level 1 so that data on one disk is stored on a redundant disk.
mixed mode   Mode that Windows 2000 domain controllers use when the network consists of Windows 2000 servers and Windows NT servers (or machines not Active Directory-aware). All Windows 2000 servers run in mixed mode by default. You must manually change them to native mode.
mixed mode   When the Active Directory has both Windows NT 4.0 domain controllers (PDC and BDCs) and Windows 2000 Server domain controllers (DCs).
m-node   NetBIOS node type that first attempts broadcasts to resolve NetBIOS names to IP addresses; if broadcasts fail, the client then tries directed communication with the WINS server.
modem   A modulator/demodulator that converts a transmitted digital signal to an analog signal for a telephone line. It also converts a received analog signal to a digital signal for use by a computer.
mounted drive   A physical disk, CD-ROM, or Zip drive that appears as a folder and that is accessed through a path like any other folder.
multicast   A transmission method in which a server divides recipients of an application, such as a multimedia application, into groups. Each data stream is a one-time transmission that goes to one group of multiple addresses, instead of sending a separate transmission to each address for each data stream. The result is less network traffic. 
multicast routing   Targeted form of broadcasting that sends messages to a select group of users instead of all users on a subnet.
multicast scopes   Ranges of multicast addresses configured to be dynamically assigned to host via DHCP.
multicasting   Broadcasting packets to only certain hosts on a TCP/IP network.
multihomed   Describes a computer with an interface on more than one network.
multi-homed   Any computer configured either with multiple NICS or multiple IP addresses.
Multilink or Multilink PPP   A capability of RAS to aggregate multiple data streams into one logical network connection for the purpose of using more than one modem, ISDN channel, or other communication line in a single logical connection.
Multilink Protocol (MP)   Used to combine multiple physical links into a single logical link. For example, you could use MP to combine two 56-KB modem links into a 128-KB link.
multimaster replication   In Windows 2000 Server, there can be multiple servers, called DCs that store the Active Directory and replicate it to one another. Because each DC acts as a master, replication does not stop when one is down and updates to the Active Directory continue, such as creating a new account. 
multitasking   The capability of a computer to run two or more programs at the same time. 
multithreading   Running several program processes or parts (threads) at the same time.
name query response   Response sent from a WINS server to the WINS client, either informing the client of the NetBIOS name to IP address resolution or of failure to achieve a resolution.
name registration company   Company with the authority to register DNS domains within the DNS namespace.
name resolution   A process used to translate a computer’s domain name into the object that it represents, such as to a dotted decimal address associated with a computer, and vice versa. 
named pipes   A communication link between two processes, which may be local to the server or remote, such as between the server and a workstation.
namespace   A logical area on a network that contains directory services, named objects, and that has the ability to perform name resolution. 
NAT editor   Installable component that modifies packets so NAT can translate them. Windows 2000 includes built-in NAT editors for protocols, including FTP, ICMP, PPTP, and NetBT.
NAT interface   Virtual interface in the RRAS snap-in that represents an actual private or public network interface on the NAT server.
native mode   Mode used by Windows 2000 domain controllers when the entire network consists of only Windows 2000 servers and Active Directory-aware clients.
native mode   An Active Directory context in which there are only Windows 2000 Server domain controllers (DCs).
nbtstat   Command-line tool that displays NetBIOS over TCP/IP information.
Net Shell (netsh)   Command-line tool used to configure and monitor Windows 2000 networking components, including RRAS.
NetBEUI   Enhanced version of the NetBIOS networking protocol primarily used on older versions of Microsoft and IBM operating systems.
NetBIOS   Session-level API developed to provide high-level applications with easy access to lower-level networking protocols.
NetBIOS Enhanced User Interface (NetBEUI)   Small, fast, efficient, nonroutable protocol stack used in small networks only.
NetBIOS Extended User Interface (NetBEUI)   A communication protocol native to Microsoft network communications. It is an enhancement of NetBIOS, which was developed for network peer-to-peer communications among workstations with Microsoft operating systems installed on a local area network.
NetBIOS name query   Used by WINS clients to query WINS servers for information about a particular NetBIOS name; in short, used to find NetBIOS name to IP address mappings.
NetBIOS name registration   Sent by WINS clients to WINS servers to ask for registration of a particular NetBIOS name with an IP address.
NetBIOS name release   Sent by WINS clients to direct the WINS server to terminate the dynamic mapping of a NetBIOS name to an IP address.
NetBIOS name renewal   Sent by WINS clients to request that the WINs server extend NetBIOS name to IP address mapping; normally occurs halfway through the TTL.
NetBIOS Name Server (NBNS)   Server configured with the WINS server service.
NetBIOS over TCP/IP   NetBIOS using TCP/IP as its lower-level networking protocol stack.
NetBIOS scope   Optional parameter used to break NetBIOS domains into smaller sections; similar to subnets in TCP/IP.
NetBT   Common abbreviation for NetBIOS over TCP/IP.
netdiag   New command-line tool in Windows 2000 that tests a large portion of the networking components on a machine. Provides much of the same information as other command-line tools such as netstat, nbtstat, and ipconfig.
netstat   Command-line tool that provides information about current TCP/IP connections.
Netware Core Protocol (NCP)   Primary upper-layer protocol in IPX/SPX that facilitates client/server interaction.
NetWare Link (NWLink)   A network protocol that simulates the IPX/SPX protocol for Microsoft Windows 95, Windows 98, Windows NT, and Windows 2000 communications with Novell NetWare file servers and compatible devices.
Netware Link State Protocol (NLSP)   More advanced link state routing protocol in the IPX/SPX protocol stack Designed to replace the RIP protocol.
network   A communications system that enables computer users to share computer equipment, software, and data, voice, and video transmissions.
Network Address Translation (NAT)   Network service used to “translate” between public TCP/IP addresses and private internal addresses specified in Request for Comments 1918.
Network Address Translation (NAT)   Router standard that translates IP addresses on a private network into valid Internet IP addresses. NAT makes it possible for a single computer with Internet connectivity to share its Internet connection with other computers on the network through a single IP address.
Network Address Translation (NAT)   Protocol that provides a way for multiple computers on a network to share a single connection to the Internet via an Internet Service Provider. NAT also refers to the full implementation of the protocol within the Routing and Remote Access Service in Windows 2000 Server.
Network Basic Input/Output System (NetBIOS)   A combination software interface and a network naming convention. It is available in Microsoft operation systems through the file, NetBIOS.dll.
network binding   A process that links a computer’s network interface card or a dial-up connection with one or more network protocols to achieve optimum communications with network services. For Microsoft operating systems, you should always bind a protocol to each NIC that is installed.
Network Device Interface Specification (NDIS)   A set of standards developed by Microsoft for network drivers that enables communication between a NIC and a protocol; and that enables the use of multiple protocols on the same network.
network driver interface specification (NDIS)   Boundary layer in the Windows 2000 networking architecture that serves as an intermediary between the networking protocols and the Data Link layer drivers and network interface cards.
network ID   Portion of an IP address that represents the bits reserved for the network number.
network interface card (NIC)   An adapter board designed to connect a workstation, server, or other network equipment to a network medium.
Network Monitor   Tool that comes with Windows 2000 and allows you to capture and view data packets passing over the network. 
Network Monitor   A Windows NT and Windows 2000 network monitoring tool that can capture and display network performance data.
Network Monitor Driver   Enables a Microsoft-based server or workstation NIC to gather network performance data for assessment by the Microsoft Network Monitor.
Network News Transfer Protocol (NNTP)   A TCP/IP-based protocol used by NNTP servers to transfer news and informational messages to client subscribers who compose “newsgroups.”
network operating system (NOS)   Computer software designed to provide network services to clients.
network operating system (NOS)   Software that enables computers on a network to communicate and to share resources and files.
network-compatible program   Software that can operate in a multiuser environment using network or e-mail communication APIs.
networking protocols   Standard language used by two computers to communicate over a network. Networking protocols define how information is fragmented and shaped for passage over the network.
non-broadcast multiple access (NBMA) router   Router that can communicate with other routers without broadcasting.
NT File System (NTFS)   The native Windows 2000 file system, which has a more detailed directory structure and supports security measures not found in FAT. It also supports large disks, long filenames, and file compression.
object   A network resource, such as a server or a user account, that has distinct attributes or properties, that is usually defined to a domain, and that exists in the Windows 2000 Active Directory.
objects   Components found within the Active Directory structure; an object represents each network resource in the Active Directory structure
Open Database Connectivity (ODBC)   A set of rules developed by Microsoft for accessing databases and providing a standard doorway to database data.
Open Datalink Interface (ODI)    A driver that is used by Novell NetWare networks to transport multiple protocols on the same network. 
Open Shortest Path First (OSFP) protocol   A TCP/IP-based routing protocol that can evaluate network paths and match a type of transmission, such as data or video, to the appropriate network path.
Open Shortest Path First (OSPF)   Link-state routing protocol that enables routers to exchange routing information. Called a link-state protocol because it actually creates a map (a routing table) of the network that calculates the best possible path to each network segment by maintaining information on the state of links (whether they are up or down).
Open System Interconnection model (OSI model)   Seven-layer conceptual model designed to help standardize and simplify learning, implementing, and creating network communication between two network hosts.
OpenGL   A standard for multidimensional graphics used in Microsoft’s 3-D screen savers.
options   Extra IP configuration parameters that can be given to DHCP clients when they lease an IP address.
organizational unit (OU)   A grouping of objects, usually within a domain, as a means to establish specific policies for governing those objects and to enable object management to be delegated.
OSI model   Open Systems Interconnection model, a theoretical model for the process two machines go through when communicating with one another over a network.
ownership   Having the privilege to change permissions and to fully manipulate an object. The account that creates an object, such as a folder or printer initially has ownership.
packet   A unit of data that is transmitted on a network that contains control and address information as well routing information.
Packet Internet Groper (ping)   Command-line tool used to test connectivity between two IP hosts.
page description language (PDL)   Printing instructions involving a programming code that produces extremely high-quality printing with extensive font options.
page file   Disk space reserved for use when memory requirements exceed the available RAM.
paging   Moving blocks of information from RAM to virtual memory on disk.
partition   A process in which a hard disk section or a complete hard disk is set up for use by an operating system. A disk can be formatted after it is partitioned. 
partition table   Table containing information about each partition on a disk, such as the type of partition, size, and location. Also, the partition table provides information to the computer about how to access the disk.
partitioning   Blocking a group of tracks and sectors to be used by a particular file system, such as FAT or NTFS.
Password Authentication Protocol (PAP)   Authentication method that transmits a user’s name and password over a network and compares them to a table of name-password pairs. 
Password Authentication Protocol (PAP)   A non-encrypted plain-text password authentication protocol. This represents the lowest level of security for exchanging passwords via PPP or TCP/IP. Silva’s PAP (SPAP) is a version that is used for authenticating remote access devices and network equipment manufactured by Silva (now Intel Network Systems, Inc.).
pathping   Command-line tool that combines ping and tracert functions with new statistics reporting functions.
peer-to-peer network   A network where any computer can communicate with other networked computers on an equal or peer-like basis without going through an intermediary, such as a server or host.
per seat licensing   A server software license that requires that there be enough licenses for all network client workstations.
per server licensing   A server software license based on the maximum number of clients that log onto the server at one time.
performance log   Tracks system and network performance information in a log that can be viewed later or imported into a spreadsheet, such as Microsoft Excel.
Peripheral Computer Interface (PCI)   A computer bus design that supports 32-bit and 64-bit bus communications for high-speed operations.
permission   In Windows 2000, privilege to access an object, such as to view the object or to change it.
permissions  In Windows 2000, privileges to access and manipulate resource objects, such as folders and printers; for example, privilege to read a file, or to create a new file.
physical address   Also called a device address, a unique hexadecimal number associated with a device’s network interface card.
Plug and Play (PnP)   Ability of added computer hardware, such as an adapter or modem, to identify itself to the computer operating system for installation. 
plug and play support   Ability of an operating system to automatically detect and install drivers for devices that conform to plug and play standards; simplifies hardware device management and installation.
p-node   NetBIOS node type that uses directed communication to a WINS server to resolve NetBIOS names to IP addresses.
pointer (PTR) resource record   A record in a DNS reverse lookup zone that consists of an IP (version 4 or 6) address correlated to a computer name.
pointer (PTR) resource records   Map an IP address to a fully qualified domain name (FQDN). See also reverse lookup records.
Point-to-Point Protocol (PPP)   Remote-access protocol used to establish a connection between two remote computers. RRAS supports PPP for dialing both in and out.
Point-to-Point Protocol (PPP)   A widely used remote communication protocol that supports IPX/SPX, NetBEUI, and TCP/IP for point-to-point communication (such as between a remote PC and a Windows 2000 server on a network).
Point-to-Point Tunneling Protocol (PPTP)   A remote communication protocol that enables connectivity to a network through the Internet and connectivity through intranets and VPNs.
Portable Operating System Interface (POSIX)   Standards set by the Institute of Electrical and Electronics Engineers (IEEE) for portability of applications.
PostScript printer   A printer that has special firmware or cartridges to print using a page description language (PDL).
Pre-Boot eXecution Environment (PXE)   Services on a Windows 2000 remote boot-enabled ROM or a remote boot disk that enable a prospective client to obtain an IP address and to connect to a RIS server in order to install Windows 2000 Professional.
pre-shared key   Single key used both to encrypt and decrypt data. This key is often a simple password shared beforehand by both the encrypting and decrypting parties.
pre-shared keys   Passwords entered into each computer communicating with IPSec. As long as both computers are configured with the same pre-shared key, they trust one another.
primary group   A group designation when setting up a Windows 2000 Server account for workstations running Macintosh or POSIX. Windows 2000 Server requires that these systems be members of a global security group.
primary name servers   DNS servers that hold a read/write copy of the zone file for a particular DNS zone; control replication with secondary name servers.
primary partition   Partition or portion of a hard disk that is bootable. 
print client   Client computer that generates a print job.
print device   A device, such as a printer or fax, that uses the Spooler services in Windows 2000 Server.
print queue   A stack or line-up of print jobs, with the first job submitted at the top of the stack and the last job submitted at the bottom and all of the jobs waiting to be sent from the spooler to the printer.
print server   Network computer or server device that connects printers to the network for sharing and that receives and processes print requests from print clients.
Printer Control Language (PCL)   A printer language used by non-PostScript Hewlett-Packard and compatible laser printers. 
printer driver   A file containing information needed to control a specific printer, implementing customized printer control codes, font, and style information.
printer pooling   Linking two or more identical printers with one printer setup or printer share.
private address   Any address belonging to one of the three ranges of IP addresses designated as private by Internet authorities. A host with a private address may only communicate with hosts on the Internet through a service such as NAT.
private key   Part of a public/private key pair kept secret; the private key is only available to the person who holds the key.
privileged mode   A protected memory space allocated for the Windows 2000 kernel that cannot be directly accessed by software applications.
process   An executable program that is currently running, such as Microsoft Word. A process may launch additional processes that are linked to it, such as a help process to view documentation or a search process to find a file.
process tree   All of the process that run directly or indirectly in association with an original process. 
processor cache   A special data storage area used only by the system processor and located on either the processor chip or a chip separate from the processor. 
promiscuous mode   The process of capturing and viewing the contents of all frames and packets sent across a NIC or network device, regardless of the destination of those frames and packets.
protocol   A strictly defined set of rules for communication across a network that specifies how networked data is formatted for transmission, how it is transmitted, and how it is interpreted at the receiving end.
protocol stack   Group of protocols working together to complete the network communication process.
public address   Any address not belonging to one of the three ranges of IP addresses designated as private by Internet authorities.
public key   Part of a public/private key pair made publicly available.
public key certificates   Provided by a certificate authority. Each end of the IPSec connection uses the other end’s public certificate for authentication.
public key encryption   Encryption method in which a recipient’s public key encrypts data and then that same recipient’s key decrypts the data.
public key infrastructure (PKI)   System of components working together to verify the identity of users who transfer data on a system and to encrypt that data if needed.
pull replication   Replication of the WINS database that occurs at a preset time interval; used with slow WAN links.
push replication   Replication of the WINS database that occurs after a predetermined number of changes to the database occur; used with fast connections between replication partners.
Quality of Service (QoS)   Mechanisms used to measure and allocate network resources on the basis of transmission speed, quality, throughput, and reliability.
RAID-5 volume   Three or more dynamic disks that use RAID level 5 fault tolerance through disk striping and creating parity blocks for data recovery.
Recovery Agent   User designated as able to access the EFS Recovery Keys on a computer. By default, this is the administrator.
recovery console   A recovery tool that enables you to access the Windows 2000 Server command line to perform recovery and troubleshooting operations. The recovery console can be added as a boot option, started from the Windows 2000 Server CD-ROM, or started from the Windows 2000 Server floppy installation disks.
recursive query   DNS query which asks the server to respond either with the DNS information or an error message stating that it does not have the information; used between clients and DNS servers.
redundant array of inexpensive disks (RAID)   A set of standards to extended the life of hard disk drives and to prevent data loss from a hard disk failure.
Registry   A database used to store information about the configuration, program setup, devices, drivers, and other data important to the setup of a computer running Windows 2000, Windows NT, Windows 98, or Windows 95.
relative distinguished name (RDN)   An object name in the Active Directory that has two or more related components, such as the RDN of a user account name that consists of User and the first and last name of the actual user. 
remote access   Broadly defines the ability of one computer to connect to another computer over a dial-up or other WAN connection and to access resources remotely.
remote access policy   Used to configure conditions under which users may connect using a specific remote access connection. You can include restrictions based on criteria such as time of day, type of connection, authentication, and even length of connection.
remote access profile   Associated with policies and containing settings that determine what happens during call set up and completion.
remote access protocols   Define the way in which one computer connects to another computer over a WAN link. PPP and SLIP are the two main remote access protocols in use today, though the newer and stronger PPP is much more common.
Remote Access Services (RAS)   Microsoft software services that enable off-site workstations to access a Windows 2000 server through telecommunications lines, the Internet, or intranets.
Remote Authentication Dial-In User Service (RADIUS)   A protocol and service set up on one RAS or VPN server, such as in a domain when there are multiple RAS or VPN servers to coordinate authentication and to keep track of remote dial-in statistics for all RAS and VPN servers.
Remote Authentication Dial-In User Support (RADIUS)   Authentication and accounting system used by many ISPs to verify user credentials and log user activity while the user is connected to a remote system.
remote control   Process in which a client computer connects to a remote server and actually takes control over that server in a separate window on the client computer. Activities within this window seem to occur as if the user is actually sitting at the server computer. All applications run on the server. RRAS does not support remote control, only remote access. 
Remote Installation Services (RIS)   Services installed on a Windows 2000 Server that enable you to remotely install Windows 2000 Professional on one or more client computers.
replica set   A grouping of shared folders in a Dfs root that are replicated or copied to all servers that participate in Dfs replication. When changes are made to Dfs shared folders, all of the participating servers are automatically or manually synchronized so that they have the same copy. 
Request for Comments (RFC)   Proposals presented to the Internet community describing everything from possible TCP/IP standards to simple informative tracts.
reservations   Using the MAC address of the client to ensure that a particular IP address is always leased to that client.
Reserved client options   Scope options created for a single client that has been given a DHCP reservation.
resource  On a workstation or server, an IRQ, I/O address, or memory that is allocated to a computer component, such as a disk drive or communications port. On a Windows 2000 Server network, a resource is a file server, shared printer, or shared directory that can be accessed by users.
resource   On an Windows 2000 Server network, a file server, shared printer, or shared directory that can be accessed by users. On a workstation a resource is an IRQ, I/O address, or memory that is allocated to a computer component, such as a disk drive or communications port. 
Resource Reservation Protocol (RSVP)   Enables an application to reserve the network resources it needs, such as network paths with higher speeds.
reverse lookup records   Another name for PTR records. These records resolve a host name from a known IP address.
reverse lookup zone   Special DNS zone that holds PTR records, IP address to host name mapping.
reverse lookup zone   A DNS server zone or table that maps IP addresses to computer names.
right   In Windows 2000, access privileges for high-level activities such as logging on to a server from the network, shutting down a server, and the ability to log on locally.
RIPv1   Simple-to-use and well-supported interior routing protocol. RIP is a distance vector routing program, meaning that it not only supplies information about the networks a router can reach, but supplies information about the distances to those networks as well.
RIPv2   Protocol developed to address several shortcomings in RIPv1, for example, by providing a multicast option in addition to broadcasts for routing announcements and by including the subnet mask in announcements.
Rivest-Shamir-Adleman (RSA) algorithm   Most common public key encryption algorithm in use today, and the MCS default.
roaming profile   Desktop settings that are associated with an account so that the same settings are employed no matter what computer is used to access the account (the profile is downloaded to the client).
robotic library   A library of removable media and drives in which multiple media, such as tapes, can be mounted and dismounted automatically
root CA   CA at the top of a CA hierarchy and trusted unconditionally by a client.
root key   Also called a subtree, the highest category of data contained in the Registry. There are five root keys.
root name servers   Servers that hold information about the overall Internet domain name servers.
ROUTE command   Command-line utility used to manipulate static entries in a routing table.
router   Device used to connect different IP subnets and to route data between them.
router   A device that connects networks, that can read IP addresses, and that can route packets to designated networks because it reads routing information in packets (Layer 3) and keeps tables of information about the fastest route from one network to another.
Routing and Remote Access Server (RRAS)   Windows 2000 networking service responsible for dial-up connectivity and some portions of TCP/IP routing.
Routing and Remote Access Service (RRAS)   Windows 2000 service that provides remote access and routing functionality to remote clients. 
Routing Information Protocol (RIP)   Routing protocol provided with the IPX/SPX protocol stack.
Routing Information Protocol (RIP)   A TCP/IP-based protocol that enables routing devices to share information about a network.
routing table   List of networks that the system knows about and the IP addresses of routers that packets must pass through to get to those networks.
Run as / runas   A shortcut menu and command line option that enables you to run a Windows 2000 program or utility from one account, such as Administrator, while logged on as another account.
safe mode   A boot mode that enables Windows 2000 Server to be booted using the most generic default settings, such as for the display, disk drives, and pointing device 
scalable   A computer operating system that can be used on small to large computers, such as those with a single Intel-based processor and larger computers, such as those with multiple Intel or RISC processors.
schema   Elements used in the definition of each object contained in the Active Directory, including the object class and its attributes. 
scope   A range of IP addresses that a DHCP server can assign to clients. 
scope of influence   The reach of a type of group, such as access to resources in a single domain or access to all resources in all domains in a forest (see domain local, global, and universal groups). 
scope options   Options that apply to all clients in one scope only.
scopes   Ranges of IP addresses configured for lease to clients via DHCP.
secondary name servers   DNS servers that hold read-only copies of a zone file for a particular DNS zone; accept updates to the DNS zone file only from configured primary name servers.
sector   A portion of a disk track. Disk tracks are divided into equal segments or sectors.
Secure Sockets Layer (SSL)   A dual-key encryption standard for communication between an Internet server and a client.
Secure Sockets Layer/Transport Layer Security (SSL/TLS)   An authentication method that uses certificates to verify users to access a remote server, such as a Web server. 
security association   Defines the common security mechanisms, such as keys, that two computers use to create the IPSec connection.
security descriptor   An individual security property associated with a Windows 2000 Server object, such as enabling the account MGardner (the security descriptor) to access the folder, Databases.
security group   A group of Windows 2000 Server users that is used to assign access privileges to objects and services. Security groups appear in ACLs.
security log   An event log that records access and security information about logon accesses, file, folder, and system policy changes. 
separate forest   An Active Directory model that links two or more forests in a partnership, but the forests cannot have Kerberos transitive trusts or use the same schema. 
Sequence Packet Exchange (SPX)   A Novell connection-oriented protocol used for network transport when there is a particular need for data reliability (see Internet Packet Exchange).
Sequenced Packet eXchange (SPX)   Layer four protocol that provides guaranteed delivery; similar in function to TCP.
Serial Line Interface Protocol (SLIP)   Older protocol developed in UNIX and still in wide use today. Windows 2000 RRAS supports SLIP in dial-out configurations, but you cannot use a SLIP client to dial in to an RRAS server.
Serial Line Internet Protocol (SLIP)   An older remote communications protocol that is used by UNIX computers. The modern compressed SLIP (CSLIP) version uses header compression to reduce communications overhead. 
serial links   Generally slow-speed connections used for wide area network connectivity.
server options   Options that apply to all clients in all scopes configured on a DHCP server.
server-based network   A model in which access to the network, to resources, and the management of resources is accomplished through one or more servers.
Service Advertisement Protocol (SAP)   Protocol used on IPX/SPX networks by clients to find network services and by servers to advertise network services.
Service Advertising Protocol (SAP)   An IPX/SPX compatible protocol that is used by NetWare clients to identify servers and the network services provided by each server.
service ticket   A Kerberos security key that gives a client access to specific services on a server or in a domain for a designated period of time.
share permissions   Special permissions that apply to a particular shared object, such as a shared folder or printer.
shared disk model   Linking two or more servers to operate as one and to equally share resources that include disk, CD-ROM, and tape storage.
shared nothing model   Linking two or more servers to operate as one, but each owns particular disk, CD-ROM, and tape resources. 
Shiva Password Authentication Protocol (SPAP)   Included mainly for compatibility with remote access hardware devices manufactured by Shiva, a private company now owned by Intel. SPAP isn’t really used much on most networks.
Shiva’s Password Authentication Protocol (SPAP)   See Password Authentication Protocol.
Simple Mail Transfer Protocol (SMTP)   Application layer TCP/IP protocol that provides mail delivery services.
Simple Mail Transfer Protocol (SMTP)   An e-mail protocol used by systems having TCP/IP network communications.
Simple Network Management Protocol (SNMP)   A TCP/IP-based protocol that enables servers, workstations, and network devices to gather standardized data about network performance and identify problems.
simple volume   A portion of a disk or an entire disk that is set up as a dynamic disk. 
single forest   An Active Directory model in which there is only one forest with interconnected trees and domains that use the same schema and global catalog.
site   An option in the Active Directory to interconnect IP subnets so that it can determine the fastest route to connect clients for authentication and to connect DCs for replication of the Active Directory. Site information also enables the Active Directory to create redundant routes for DC replication. 
site link bridge   An Active Directory object that combines individual site link objects to create faster routes when there are three or more site links.
site link object   An object created in the Active Directory to indicate one or more physical links between two different sites.
slip streaming   Installing only a specific portion of a service pack instead of the entire update. 
Small Computer System Interface (SCSI)   A 32- or 64-bit computer adapter that transports data between one or more attached devices, such as hard disks, and the computer. There are several types of SCSI adapters, including SCSI, SCSI-2, SCSI-3, SCSI wide, SCSI narrow, wide Ultra SCSI, and Ultra2 SCSI. All are used to provide high-speed data transfer to reduce bottlenecks within the computer.
smart card   A security device that contains information such as access keys, passwords, and a personal identification number (PIN). The smart card is about the size of a credit card and can be plugged into a computer.
SOHO   Acronym that stands for Small Office/Home Office. SOHO networks are considered the main beneficiaries of ICS and NAT. Though they vary a great deal in configuration, a SOHO network, as defined by Microsoft, has one network segment, uses peer-to-peer networking, and supports TCP/IP.
spanned volume   Two or more Windows 2000 dynamic disks that are combined to appear as one disk.
spool file   A print file written to disk until it can be transmitted to a printer.
spooler   In the Windows 95, 98, NT, and 2000 environment, a group of DLLs, information files, and programs that process print jobs for printing.
spooling   A process working in the background to enable several print files to go to a single printer. Each file is placed in temporary storage until its turn comes to be printed.
Stand-alone CA   Used to issue certificates to users outside the enterprise and does not require access to the Active Directory.
stand-alone drive library   A library consisting of media and a drive in which the media are mounted manually one at a time. 
standalone server   A server that is not a member of a domain, but that is a member of an existing workgroup or that establishes its own workgroup, such as in peer-to-peer networking.
standby   A mode in which the computer components are shut down and information in memory is cleared without automatically saving it to disk. The power supply and CPU remain active, monitoring to start up all components when you press a key or move the mouse.
static addressing   An IP (Internet Protocol) addressing method that requires the network administrator to manually assign and set up a unique network address on each workstation connected to a network.
static assignment   Manually assigning an IP address to a host.
static mappings   Define in advance how to map certain addresses and ports instead of letting mapping happen automatically. Although you can create static mappings for outbound traffic, the most common reason to use a static mapping is to host some form of Internet service (that is, Web server, FTP server, and so forth.) on a private computer.
static router   Router to which routes must be added manually using either the ROUTE command or the RRAS snap-in.
streaming   Playing a multimedia audio, video, or combined file received over a network before the entire file is received at the client.
stripe set   Two or more basic disks set up so that files are spread in blocks across the disks.
striped volume   Two or more dynamic disks that using striping so that files are spread in blocks across the disks.
striping   A data storage method that breaks up data files across all volumes of a disk set to minimize wear on a single volume.
subkey   A key within a Registry key, similar to a subfolder under a folder.
subnet mask   32-bit number used to determine the portion of an IP address that represents the network ID and the host ID.
subnet mask   A designated portion of an IP address that is used to indicate the class of addressing on a network and to divide a network into subnetworks as a way to control traffic and enforce security.
subnetting   The process of borrowing host bits to increase the number of network bits. 
subordinate CA   CA beneath the root CA in the CA hierarchy and perhaps even under other subordinate CAs. Subordinate CAs typically issue certificates to users and computers in the organization.
subtree   Same as root key.
superscopes   Multiple scopes grouped together to allow centralized management; also allow for more than one range of IP addresses on a single physical subnet.
symmetric multiprocessor (SMP)   A type of computer with two or more CPUs that share the processing load.
symmetric multiprocessor (SMP)   A type of computer with two or more CPUs that share the processing load.
system log   An event log that records information about system-related events such as hardware errors, driver problems, and hard drive errors. 
System Monitor   The Windows 2000 utility used to track system or application objects. For each object type there are one or more counters that can be logged for later analysis, or tracked in real time for immediate system monitoring.
system partition   Partition that contains boot files, such as Boot.ini and Ntldr in Windows 2000 Server.
SYSVOL   A shared folder, which is set up when the Active Directory is installed and that contains publicly available files that users and DCs need for domain access. SYSVOL folders are replicated among DCs.
T-carrier   A dedicated leased telephone line that can be used for data communications over multiple channels for speeds of up to 44.736 Mbps.
Telephone Application Programming Interface (TAPI)   An interface for communication line devices (such as modems) that provides line device functions, such as call holding, call receiving, call hang-up, and call forwarding.
telnet   Application layer protocol in TCP/IP that allows a user to log on to a remote host and execute programs remotely.
Telnet   A TCP/IP application protocol that provides terminal emulation services.
terminal   A device that consists of a monitor and keyboard to communicate with host computers that run the programs. The terminal does not have a processor to use for running programs locally.
terminal adapter (TA)   Popularly called a digital modem, links a computer or a fax to an ISDN line.
terminal server   A server configured to offer terminal services so that clients can run applications on the server, similar to having clients respond as terminals.
terminal services   Services that allow a server to host applications for clients; with terminal services, clients no longer used to run applications can act as dumb terminals for applications on a terminal server.
thin client   A specialized personal computer or terminal device that has a minimal Windows-based operating system. A thin client is designed to connect to a host computer that does most or all of the processing. The thin client is mainly responsible for providing a graphical user interface and network connectivity. 
thread   A block of program code executing within a running process. One process may launch one or more threads.
token ring   Using a ring topology, a network transport method that passes a token from node to node. The token is used to coordinate transmission of data, because only the node possessing the token can send data.
Tombstoned   State of a WINS entry once it is marked for deletion.
topology   The physical layout of the cable and the logical path followed by network packets and frames sent on the cable.
total cost of ownership (TCO)   The cost of installing and maintaining computers and equipment on a network, which includes hardware, software, maintenance, and support costs.
tracert   Trace route command-line tool that allows testing of the entire path between two hosts.
track   Concentric rings that cover an entire disk like grooves on a phonograph record. Each ring is divided into sectors in which to store data. 
transit internetwork   Basic IP infrastructure over which a Virtual Private Network is created. Typically, the transit internetwork is the Internet itself, though other IP networks may be the transit internetwork.
transitive trust   A trust relationship between two or more domains in a tree in which each domain has access to objects in the others. 
Transmission Control Protocol (TCP)   Transport layer protocol in the TCP/IP protocol stack that is connection-oriented and reliable; provides guaranteed delivery.
Transmission Control Protocol/Internet Protocol (TCP/IP)   Enterprise-ready protocol stack designed to work in heterogeneous networks, that is, networks with many different types of network operating systems.
Transmission Control Protocol/Internet Protocol (TCP/IP)   Suite of networking protocols designed to transfer data between computers on the Internet. TCP/IP is becoming the most popular networking protocol used on private networks, as well.
Transmission Control Protocol/Internet Protocol (TCP/IP)   A protocol that is particularly well suited for medium and large networks. The TCP portion was originally developed to ensure reliable connections on government, military, and educational networks. It performs extensive error checking to ensure data is delivered successfully. The IP portion consists of rules for packaging data and ensuring it reaches the correct destination address.
transport device interface (TDI)   Boundary layer in the Windows 2000 networking architecture between networking protocols and the upper-layer services.
transport mode   Mode in which the two endpoints of IPSec communication are two computers that have IPSec configured. For this mode to work, both computers must use the TCP/IP protocol.
trap   A specific situation or event detected by SNMP that a network administrator may want to be warned about or to track via a network management station, such as when a network device is unexpectedly down or offline.
tree   Related domains that use a contiguous namespace, share the same schema, and have two-way, transitive trust relationships.
trigger   Used as a way to have Network Monitor perform a specific function when a predefined situation occurs, such as stopping a capture of network data when the capture buffer is 50% full.
Trivial File Transfer Protocol (TFTP)   Like FTP, provides file transfer between two TCP/IP hosts; TFTP uses UDP as its transport protocol and is faster, but more unreliable than FTP.
trusted domain   A domain that has been granted security access to resources in another domain.
trusting domain   A domain that allows another domain security access to its resources and objects, such as servers.
tunnel mode   Mode in which two communicating computers do not use IPSec themselves. Instead, the gateways connecting each client’s LAN to the transit network create a virtual tunnel that uses the IPSec protocol to secure all communication that passes through it.
two-way trust   A domain relationship in which both domains are trusted and trusting, enabling one to have access to objects in the other.
unicast   A transmission method in which one copy of each packet is sent to each targeted destination, a transmission method that can generate considerable network traffic when compared to multicasting, when the transmission is a multimedia application. 
Uniform Resource Locator (URL)   An addressing format used to find an Internet Web site or page. 
uninterruptible power supply (UPS)   A device built into electrical equipment or a separate device that provides immediate battery power to equipment during a power failure or brownout.
unique NetBIOS names   NetBIOS names assigned to a single computer and its associated services.
uniqueness database file (UDF)   A text file that contains an answer set of unique instructions for installing Windows 2000 in the unattended mode and that is used with an answer file.
Universal Disk Format (UDF)   A removable disk formatting standard used for large capacity CD-ROMs and DVD-ROMs.
Universal Modem Driver   A modem driver standard used on recently developed modems.
Universal Naming Convention (UNC)   A naming convention that designates network servers, computers, and shared resources. The format for a UNC name is \\servername(or computername)\sharename\folder\file.
universal security group   A group that is used to provide access to resources in any domain within a forest. A common implementation is to make global groups that contain accounts members of a universal group that has access to resources.
Universal Serial Bus (USB)   Hardware specification that allows for hot insertion and removal of hardware devices.
Universal Serial Bus (USB)   A bus standard that enables you to attach all types of devices 
User Datagram Protocol (UDP)   Connectionless, best-effort delivery transport layer protocol in the TCP/IP stack.
User Datagram Protocol (UDP)   A protocol used with IP as an alternative to TCP and that offers low-overhead connectionless communications.
user mode   A special operating mode in Windows 2000 used for running programs in a memory area kept separate from that used by the kernel and in which the program cannot directly access the kernel or operating system services except through an API.
user principle name (UPN)   A name that combines an account name with the domain name, such as RBrown@tracksports.org, for easy identification such as in e-mail.
user profile   Information associated with a user account. Profiles of users who are members of a Windows 2000 domain are stored in the Active Directory, and profiles of users who are not members of a domain are stored on the local computer.
user-defined option classes   Allow expansion of DHCP options to include parameters determined by the network administrator for a particular client.
value   A data parameter in the Registry stored as a value in decimal, binary, or text format. 
vendor-defined option classes   Expanded DHCP options created for one particular vendor’s computers or network hardware.
virtual directory   A URL formatted address that provides an Internet location (virtual location) for an actual physical folder on a Web server that is used to publish Web documents.
virtual DOS machine   In Windows 2000, a process that emulates an MS-DOS window in which to run MS-DOS or 16-bit Windows programs in a designated area of memory. 
virtual memory   Disk space allocated to link with memory to temporarily hold data when there is not enough free RAM. 
virtual private network (VPN)   A private network that is like a tunnel through a larger network 
Virtual Private Networking (VPN)   Secure, logical network constructed directly between a VPN client and a VPN server on top of a physical transit internetwork such as the Internet.
volume   A basic disk partition that has been formatted for a particular file system, a primary partition, a volume set, an extended volume, a stripe set, a stripe set with parity, or a mirror set. Or a dynamic disk that is set up as a simple volume, spanned volume, RAID-5 volume, or mirrored volume. 
volume set   Two or more formatted basic disk partitions (volumes) that are combined to look like one volume with a single drive letter.
Web browser   Software that uses the HTTP to locate and communicate with Web sites and that interprets HTML documents, video, and sound to give the user a sound and video GUI presentation of the HTML document contents.
wide area network (WAN)   Network or collection of networks spread across a large geographical area. 
wide area network (WAN)   A far reaching system of networks that can extend across state lines and across continents.
Windows 2000 Advanced Server   Enterprise or large department version of Windows 2000; supports clustering and eight-way multiprocessor systems with up to 8 GB of RAM.
Windows 2000 DataCenter Server   Data warehouse or extremely large-scale version of Windows 2000; designed for processor intensive simulations or massive processing tasks; supports up to 32 processors with 64 GB of RAM in special original equipment manufacturer versions.
Windows 2000 Professional   Client version of the Windows 2000 product family; designed to provide a stable, reliable, and fast platform for end users to run their applications.
Windows 2000 Server   Small department or workgroup version of Windows 2000; supports four-way multiprocessor systems with up to 4 GB of RAM.
Windows Internet Name Service (WINS)   Windows 2000 service that provides a dynamic database of NetBIOS name to IP address mapping.
Windows Internet Naming Service (WINS)   Network service that provides NetBIOS name to TCP/IP address resolution.
Windows Internet Naming Service (WINS)   A Windows 2000 Server service that enables the server to convert NetBIOS workstation names to IP addresses for Internet communications.
Windows NT LAN Manager (NTLM)   An authentication protocol used in Windows NT Server 3.5, or 3.51, and 4.0 that is retained in Windows 2000 Server for backward compatibility with clients that cannot support Kerberos, such as MS-DOS and windows 3.1x.
WINS replication   Process of replicating the WINS databases between two WINS servers.
workgroup   As used in Microsoft networks, a number of users who share drive and printer resources in an independent peer-to-peer relationship.
working set   Amount of RAM allocated to a running process.
workstation   A computer that has its own CPU and may be used as a standalone computer for word processing, spreadsheet creation, or other software applications. It also may be used to access another computer such as a mainframe computer or file server, as long as the necessary network hardware and software are installed.
World Wide Web (Web)   A vast network of servers throughout the world that provide access to voice, text, video, and data files.
X.25   An older packet-switching protocol for connecting remote networks at speeds up to 2.048 Mbps.
X.509 certificate   Most widely used format for certificates, as defined by the International Telecommunications Union (ITU) in Recommendation X.509.
Zero Administration for Windows (ZAW)   A combination of management options and tools that enable an organization to reduce the total cost of ownership (TCO).
zone of authority   Portion of the DNS namespace that an organization controls.
zones transfers   Copying zone file information from primary name servers to secondary name servers.