Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
279 Cards in this Set
- Front
- Back
|
6to4
|
A tunneling protocol that enables two nodes running both IPv4 and
IPv6 across an IPv4 routing infrastructure to use a special address obtained by combining the prefix 2002::/16 with the 32-bit public IPv4 address to form a 48-bit prefix of the form 2002:wwxx:yyzz::/48 in the case of a public IPv4 address w.x.y.z. These nodes use this address type when communicating with each other. |
|
|
802.1X authentication
|
A series of standards that determine the acceptance of
connection requests to IEEE 802.11 wireless or IEEE 802.3 wired networks. |
|
|
access control list (ACL)
|
A list of users and groups that can access an object,
such as a file, folder, or printer, and the type of access granted. |
|
|
access-based enumeration
|
A technology that enables administrators to hide
folders that users do not have permission to access so that individual users can see only those items that they are entitled to access. |
|
|
Active Directory-integrated zone
|
A DNS zone that is hosted on a domain controller
and stored in one or more AD DS application directory partitions. |
|
|
active file screen
|
A component of file screening that limits the file types that
users can save, and generates notifications when users attempt to save inappropriate files. |
|
|
Address Resolution Protocol (ARP)
|
A TCP/IP protocol that is used to resolve
the IP address of the destination computer to the physical or MAC address. Also, the command-line utility that displays the MAC address of a computer. |
|
|
administrative shares
|
A set of shared volumes or folders that are automatically
created in Windows Server 2008 and are suffixed with a dollar sign ($). These shares do not show up when a user browses the computer resources using the Computer or Network folders in Windows Explorer. |
|
|
alert
|
A notification provided by the Data Collector Sets feature of Performance
Monitor that informs you when the value of a counter has exceeded a preconfigured level. |
|
|
Alias (CNAME) record
|
A DNS resource record that defines additional (canonical)
names that point to the same host. This is useful for servers such as web and FTP servers that may need to function under additional names. |
|
|
Anycast IPv6 address
|
A type of IPv6 address that is only utilized for a destination
address assigned to a router. |
|
|
application directory partition
|
A partitioned section of Active Directory that is
replicated only to specified domain controllers. Application directory partitions are used by applications to store their application-specific data. |
|
|
authentication
|
A process whereby an individual or computer on a network proves
he is who he says he is. The authentication process validates the source and identity of information and includes such tasks as confirming the identity of a user, computer, or digital signature. |
|
|
authentication header (AH)
|
An IPSec protocol component that provides for authentication,
integrity, and anti-replay of each packet. This is done without encrypting the data; the data remains readable but is protected from modification. |
|
|
Automatic Private IP Addressing (APIPA)
|
The dynamic IPv4 addressing system
used when DHCP is unavailable. It uses the IP address range of 169.254.y.z. |
|
|
backup catalog file
|
A file that includes information such as the volumes that were
backed up and where the backups are located, and is used to locate specific files and folders during a restore operation. |
|
|
bare metal backup
|
A backup that includes all critical volumes so that the recovered
server is bootable. Optionally, this backup can include all the data volumes to restore these volumes when restoring to a new hard disk. |
|
|
bare metal recovery
|
A server recovery using a backup that contains critical volumes
and optionally data volumes that enable you to rebuild your server using new hardware. |
|
|
BitLocker Drive Encryption
|
A new feature of Windows Server 2008 that enables
you to encrypt the entire contents of your system partition. It is useful for protecting computers from attackers who have physical access to a computer. |
|
|
Bootstrap Protocol (BOOTP)
|
A UDP network protocol used by a network client to
obtain its IP address automatically. This is usually done during the bootstrap process when a computer is starting up. |
|
|
BranchCache
|
A new feature of Windows Server 2008 R2 and Windows 7 that enables
users at branch offices to cache shared files and folders from a remote server to a local computer for faster access. |
|
|
broadcast
|
A routing technology that transmits data to all possible destinations on
the local subnet. This permits the sender to send the data only once and all receivers can copy it. |
|
|
caching-only server
|
A DNS server that does not contain any zone information,
used to build the cache file as names are resolved. |
|
|
certificate
|
A digital file that contains information verifying the identity of a user or
computer. |
|
|
Challenge Handshake Authentication Protocol (CHAP)
|
An authentication protocol
that uses a hashed version of a user’s password so that the user’s credentials are not sent over the wire in clear text. |
|
|
classless inter-domain routing (CIDR)
|
A flexible method of stating IP addresses
and masks without needing to classify the addresses. An example of the CIDR format is 192.168.1.0/24. |
|
|
client reservation
|
A DHCP mechanism that ensures that a client always gets the
same reserved IP address. |
|
|
client-side targeting
|
A means of creating computer groups for WSUS that uses
Group Policy to add computers to specified computer groups. New computers are automatically added to the appropriate group when they first contact the WSUS server. |
|
|
collector computer
|
A computer that has been configured using the event log subscription
feature to receive event logs from one or more source computers. Use of a collector computer enables you to keep track of event logs from many computers. |
|
|
computer groups
|
Groups that you can configure on a WSUS server that enable
specific updates to be directed to different computers on the network. This concept is useful for deploying updates to small test groups before deployment to the network as a whole. |
|
|
conditional forwarding
|
The relaying of a DNS request for zone information for
specific domains from one server to another one, when the first server is unable to process the request. |
|
|
Connection Manager Administration Kit (CMAK)
|
A versatile client dialer and connection
software that can be used to create an executable program, which can then be installed on client computers to provide a preconfigured network connection for dial-up or VPN access to the network. |
|
|
connection request policy
|
A set of conditions and settings that enable you to designate
which RADIUS servers are entitled to perform the authentication and authorization of connection requests that the NPS server receives from RADIUS clients. |
|
|
connection security rule
|
A type of firewall rule that requires two computers to
authenticate with each other to establish a connection and secure their communications. Windows Firewall uses IPSec to enforce these rules and secure the communication channel. |
|
|
critical volumes
|
The volumes that are required for recovering your server, including
the system and boot volumes. On a domain controller, they include the SYSVOL volume, as well as the volumes that host the Ntds.dit database file and the AD DS log files. |
|
|
custom view
|
A filter in Event Viewer that has been named and saved for use with
the event log on another computer. |
|
|
data collector set
|
A component of Performance Monitor that records computer
performance information into log files. This feature was known as Performance Logs and Alerts in Windows 2000/XP/Server 2003. |
|
|
decryption
|
Unscrambling the data in an encrypted file through use of an algorithm
so that the file can be read. |
|
|
default gateway
|
The term applied to the router that leads to other networks.
|
|
|
demand-dial interface
|
A logical interface representing a point-to-point connection,
either a physical connection, such as two routers connected with an analog phone line, or a logical connection, such as two routers using a virtual private network (VPN) connection. |
|
|
devolution
|
A type of host name search in which an unsuccessful query is retried
with a DNS suffix based on systematic reduction of the primary suffix; for example, if the query for server1.accounting.certguide.com is unsuccessful, when devolution is enabled a search for server1.certguide.com will be performed next, and then a search for server1.com will be performed last. |
|
|
DFS folder
|
Any shared folder that is contained within a DFS namespace.
|
|
|
DFS folder target
|
The UNC path of a shared folder that is contained within a
DFS namespace and replicated using DFS Replication. |
|
|
DFS Namespace
|
A DFS technology that enables you to create logical groupings
of shared folders on different servers that facilitate the access to data by users on the network. Such groupings are presented to users as a virtual folder tree or namespace. |
|
|
DFS Replication
|
A DFS technology that provides an efficient multimaster replication
component that synchronizes data between servers with limited bandwidth network links. The contents of folders are synchronized between servers so that users receive the same version of files regardless of which folder target their computer connects to. |
|
|
DHCP options
|
Options that a DHCP server configures, such as the addresses of
the DNS and WINS servers. |
|
|
DHCP relay agent
|
A server that is configured to relay DHCP broadcast messages
from one subnet to another. In Windows Server 2008, the DHCP relay agent service is a component of RRAS. |
|
|
DHCP scope
|
A range of IP addresses on a DHCP server that are available for the
server to lease to client computers. A scope generally defines a single physical subnet on a network. |
|
|
dial-up networking
|
The technology that enables a remote access client to create a
nonpermanent, dial-up connection to a physical port on a remote access server by using the service of a telecommunications provider, such as an analog phone line or ISDN. |
|
|
DirectAccess
|
A new feature of Windows Server 2008 R2 and Windows 7 that enables
users to directly connect to corporate networks from any Internet connection using a seamless, bidirectional, secured tunnel without the need for a virtual private network (VPN) connection. |
|
|
disk quota
|
A mechanism that enables you to track and control disk usage on a peruser,
per-drive letter (partition or volume) basis. You can also set quotas on shared folders on a per-folder basis when configuring quotas from FSRM. |
|
|
Distributed File System (DFS)
|
A Windows Server 2008 R2 server role that enables
administrators to group a large number of shared folders from different servers together in a single tree that enables users to rapidly locate the share they need without searching numerous servers. |
|
|
DNS Manager
|
The Microsoft Management Console (MMC) snap-in from which
you can manage most of the activities associated with operating a DNS server. |
|
|
DNS Notify
|
A process in which the master DNS server for a zone notifies secondary
servers of changes, so that the secondary servers can check to determine whether they need to initiate a zone transfer. |
|
|
dnscmd
|
A command-line tool that can perform most of the DNS server administrative
tasks in Windows Server 2008. |
|
|
DNSSEC (Domain Name System Security Extensions)
|
A suite of DNS extensions
that adds security to the DNS protocol by providing origin authority, data integrity, and authenticated denial of existence. It enables DNS servers to use digital signatures to validate responses from other servers and resolvers. |
|
|
DnsUpdateProxy group
|
A special group that includes all DNS servers authorized
to securely update any client’s A and PTR records whenever it updates the client’s TCP/IP configuration. |
|
|
domain isolation policy
|
A Group Policy setting that enables you to use IPSec
authentication to require each computer that is an AD DS domain member to positively identify the other computer to which it connects. |
|
|
Domain Name System (DNS)
|
A hierarchical name-resolution system that resolves
host names into IP addresses, and vice versa. DNS also makes it possible for the distributed Active Directory database to function by allowing clients to query the locations of services in the forest and domain. |
|
|
downstream server
|
A WSUS server that synchronizes updates from another (upstream)
server that is used when you are implementing a hierarchy of WSUS servers. |
|
|
dynamic DNS (DDNS)
|
An extension of DNS that allows all computers running
Windows 2000 and later to automatically register their A records with DNS at the time they obtain an IP address from a DHCP server. |
|
|
Dynamic Host Configuration Protocol (DHCP)
|
A service that allows an administrator
to specify a range of valid IP addresses to be used on a network, as well as exclusion IP addresses that should not be assigned (for example, if they were already statically assigned elsewhere). These addresses are automatically given out to computers configured to use DHCP as they boot up on the network, thus saving the administrator from having to configure static IP addresses on each individual network device. |
|
|
dynamic IP address
|
An IP address that is provided to a computer by a Dynamic
Host Configuration Protocol (DHCP) server when it needs to be connected to the network. |
|
|
dynamic route
|
A route that is dynamically calculated and created on a RRAS
server acting as a router. |
|
|
Encapsulating Security Payload (ESP)
|
An IPSec protocol component that provides
everything that AH does, along with providing for the confidentiality of the packet during transit. This authentication process ensures that the packet originated from the apparent sender and ensures that it wasn’t viewed or modified during transit. |
|
|
Encrypting File System (EFS)
|
An advanced attribute setting of Windows Server
2003/2008/R2 and Windows 2000/XP/Vista/7 for files and folders on an NTFSformatted volume that provides certificate-based public key security for those files and folders. EFS encrypts and decrypts files in a manner that is transparent to users. |
|
|
encryption
|
Scrambling and rearranging data in a file through use of an algorithm
so the file cannot be read. |
|
|
event log subscription
|
An Event Viewer feature that enables you to collect event
logs from a number of computers in a single, convenient location that helps you keep track of events that occur on these computers. |
|
|
Event Viewer
|
An administrative tool that enables an administrator to view and/or
archive event logs such as the operating system, application, setup, and security logs. In Windows Server 2008, this tool also enables you to configure event log subscriptions that collect events from several monitored computers together. |
|
|
exclusion
|
A range of IP addresses within a scope that is configured to not be
leased by DHCP to clients. Typically, these are IP addresses of computers such as servers that are configured with static or reserved IP addresses. |
|
|
Extensible Authentication Protocol (EAP)
|
A general authentication protocol developed
for PPP. EAP can be used with IEEE 802, and is capable of heading other authentication protocols, so it improves interoperability between RAS systems, RADIUS servers, and RAS clients. |
|
|
Extensible Authentication Protocol-Transport Layer Security (EAP-TLS)
|
A strong
authentication method that combines EAP with Transport Layer Security, which is a protocol designed to allow users or applications to communicate over the Internet privately. It is intended to secure and authenticate communications through data encryption. |
|
|
failover cluster
|
A group of servers that is configured as a cluster for purposes of
redundancy and fault tolerance. You can configure such a cluster as a single member of a DFS replication group. |
|
|
file classification
|
A component of FSRM that provides information on the types of
files stored on your file server, thereby providing insight into the data patterns present in your organization. |
|
|
file screening
|
A component of FSRM that limits the file types that users can save,
and generates notifications when users attempt to save inappropriate files. |
|
|
File Server Resource Manager (FSRM)
|
A role service component of the File Server
role that enables you to perform management tasks on file serves such as setting quotas, specifying file screening, classifying files, creating various file-management reports, and creating scheduled file-management tasks. |
|
|
filter action
|
A configured set of actions within a firewall rule that determines
whether the firewall will permit or block traffic attempting to cross it. You can also choose an option to negotiate security based on several IPSec criteria, including whether or not encryption is used. |
|
|
filtering
|
The act of setting criteria for displaying events in an event log. You can
filter the event log so that events of importance are easier to find amidst the large number of routine informational events that tend to be recorded in some logs, such as the System log. |
|
|
firewall
|
A system designed to prevent unauthorized access to or from a private
network. This can be either a dedicated hardware device or a software program installed on a server or client computer. |
|
|
firewall profile
|
A means of grouping firewall rules so that they apply to the affected
computers dependent on where the computer is connected. |
|
|
firewall rule
|
A set of conditions used by Windows Firewall to determine whether
a particular type of communication is permitted. You can configure inbound rules, outbound rules, and connection security rules from the Windows Firewall with Advanced Security snap-in or from Group Policy. |
|
|
forward lookup query
|
A DNS name-resolution process by which a host name is
resolved to an IP address. |
|
|
forwarding
|
The relaying of a DNS request from one server to another one when
the first server is unable to process the request. |
|
|
full zone transfer (AXFR)
|
A zone transfer in which the master server transmits the
entire zone database to that zone’s secondary servers. |
|
|
fully qualified domain name (FQDN)
|
A DNS domain name that unambiguously describes
the location of the host within a domain tree. An example of an FQDN is the computer www.certguide.com. |
|
|
global unicast IPv6 address
|
An IPv6 address that uses a global routing prefix of 45
bits to identify a specific organization’s network, a 16-bit subnet ID, and a 64-bit interface ID. These addresses are globally routable on the Internet and are equivalent to public IPv4 addresses. |
|
|
GlobalNames zone
|
A special type of Active Directory-integrated zone that enables
you to resolve static, global records with single-label names without the need for a Windows Internet Name Service (WINS) server. |
|
|
health policies
|
Policy conditions that are used by NAP in validating the health status
of client computers attempting to connect to or communicate on the network. |
|
|
Health Registration Authority (HRA)
|
A Windows Server 2008 computer running
Internet Information Services (IIS) that is used in IPSec NAP enforcement. The HRA validates client health and obtains health certificates from a certification authority (CA) on behalf of compliant NAP client computers. |
|
|
hidden shares
|
A shared folder that does not broadcast its presence and is not
browsable in the Network folder. A hidden share is indicated by a dollar sign ($) at the end of the folder name. |
|
|
hop
|
The trip taken by a data packet from one router to the next router as it passes
across an internetwork. |
|
|
host
|
Any computing device that has been assigned an IP address.
|
|
|
host name
|
In DNS, the first or most specific name assigned to an individual computer.
|
|
|
Host (A or AAAA) record
|
A DNS resource record that defines the host name to
IPv4 (A) or IPv6 (AAAA) mapping for a computer on the network. Used to define the IP address corresponding to a given host. |
|
|
HOSTS file
|
A text file that maps host names to IP addresses. In modern Windows
computers, this file is stored in the %systemroot%\system32\drivers\etc folder. |
|
|
IEEE 802.3
|
A series of standards governing Ethernet-based wired networks using
the Carrier Sense Multiple Access with Collision Detection (CSMA/CD) Access Method and Physical Layer Specifications. |
|
|
IEEE 802.11
|
A series of standards governing wireless networks and their transmission
parameters. |
|
|
IGMP proxy
|
A router that connects a single-router intranet to a multicast-capable
intranet or the Internet. |
|
|
incremental zone transfer (IXFR)
|
A zone transfer in which the master server transmits
only the modified portion of each zone file to that zone’s secondary servers. |
|
|
instance
|
One of a group of performance objects that represents multiple occurrences
of the same object, such as processors in a multiple processor computer or hard disks in a computer with more than one hard disk. |
|
|
Internet Control Message Protocol (ICMP)
|
A TCP/IP protocol that enables hosts
on a TCP/IP network to share status and error information. The ping and tracert commands use ICMP to check connectivity to remote computers. |
|
|
Internet Group Management Protocol (IGMP)
|
A TCP/IP protocol that is used at
the host level to report host group memberships to local multicast routers. |
|
|
Internet Key Exchange version 2 (IKEv2)
|
A tunneling protocol that uses IPSec
Tunnel Mode over UDP port 500. This combination of protocols also supports strong authentication and encryption methods. |
|
|
Internet layer
|
The third layer of the TCP/IP layer stack, it is primarily concerned
with the routing and delivery of packets. |
|
|
Internet Protocol (IP)
|
A TCP/IP protocol that handles, addresses, and routes packets
between hosts on a network. It performs this service for all other protocols in the TCP/IP protocol suite. |
|
|
Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)
|
A tunneling technology
that enables unicast IPv6 connectivity between IPv6/IPv4 hosts over an IPv4 intranet. You do not need to perform any manual configuration actions on an ISATAP host. |
|
|
IP address
|
A logical address that is used to identify both a host and a network segment.
Each network adapter on an IP network requires a unique IP address. |
|
|
IP Security (IPSec)
|
A suite of protocols that provide a mechanism for data integrity,
authentication, and privacy for the Internet Protocol. IPSec can provide either message authentication and/or encryption. |
|
|
IP version 4 (IPv4)
|
The version of the Internet Protocol that has been in use for
many years and provides a 32-bit address space formatted as four octets separated by periods. |
|
|
IP version 6 (IPv6)
|
A newer version of the Internet Protocol that provides a 128-
bit address space formatted as eight 16-bit blocks, each of which is portrayed as a 4-digit hexadecimal number and is separated from other blocks by colons. |
|
|
Ipconfig
|
The command-line utility that provides detailed information about the
IP configuration of a Windows computer’s network adapters. |
|
|
IPv4-compatible address
|
An IPv6 address represented in the form
0:0:0:0:0:0:w.x.y.z, where w.x.y.z is the IPv4 address in dotted decimal. This allows communication between IPv4 and IPv6 networks. |
|
|
IPv4-mapped address
|
An IPv4-only node is represented as ::ffff:.w.x.y.z to an IPv6
node. Used only for internal representation. |
|
|
iterative query
|
A DNS query that gives the best answer it currently has back as a
response. The best answer is the address being sought or an address of a server that would have a better idea of its address. |
|
|
Layer 2 Tunneling Protocol (L2TP)
|
A protocol that is used to create VPN tunnels
across a public network. This protocol is used in conjunction with IPSec for security purposes. |
|
|
lease
|
A predefined interval of time for which an IP address obtained from a
DHCP server is valid. The lease must be renewed before this time interval expires for the client to continue using it. |
|
|
link local IPv6 address
|
A type of IPv6 address used for communication between
neighboring nodes on the same link. Equivalent to IPv4 addresses configured using APIPA. |
|
|
Link Local Multicast Name Resolution (LLMNR)
|
A mechanism that enables IPv6
hosts on a small network to resolve each other’s names without the need for a DNS server. |
|
|
LMHOSTS file
|
A local text file that maps NetBIOS names to IP addresses. In
modern Windows computers, this file is stored in the %systemroot%\system32\ drivers\etc folder. |
|
|
local printer
|
A printer that is connected directly to a computer.
|
|
|
location-aware printing
|
A printer setting that enables a user with a portable computer
to print to a printer physically located close to her computer; for example, to the home printer when at the home location or to the office printer when in the office. |
|
|
logical unit number (LUN)
|
A disk, a portion of a disk, an entire disk array, or a section
of a disk array in the subsystem included within a SAN. You can manage and work with a LUN in much the same way as you would for a disk volume stored locally on your server. |
|
|
Managed Address Configuration (M) flag
|
A parameter that determines when DHCPv6
is used to obtain IPv6 stateful addresses. When set to 0, DHCPv6 is not used and stateless addresses are obtained. When set to 1, DHCPv6 is used to assign stateful addresses to IPv6 clients. |
|
|
Management Information Base (MIB)
|
A database used by SNMP that holds the
information that a management system can request and the information returned by agents. Included within the MIB is a set of objects that represent various types of information about a network device, such as the number of active sessions or the operating system version. |
|
|
metric
|
A standard of measurement, such as a hop count, used by routing algorithms
to determine the optimal path to a destination. |
|
|
Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAPv2)
|
A Microsoft version of CHAP that uses the same type of challenge/response mechanism
as CHAP but uses a nonreversible encrypted password. This is done by using MD5 algorithms to encrypt the challenge and the user’s password. |
|
|
Microsoft updates
|
Updates that are available from Microsoft to make systems
more reliable or to fix a problem or bug. |
|
|
multicast
|
This technology allows the sender to send a single transmission to the
multicast address, and the routers take care of making copies and sending them to all receivers that have registered their interest in data from that sender. |
|
|
Multicast Address Dynamic Client Allocation Protocol (MADCAP)
|
This technology
that multicast address assignment in a DHCP environment. When registered clients are dynamically assigned an IP address through MADCAP, they can participate efficiently in the data stream process, such as for real-time video or audio network transmissions. |
|
|
multicast IPv6 address
|
An IPv6 address that enables the delivery of packets to
each of multiple interfaces. |
|
|
Name Resolution Policy Table (NRPT)
|
A Group Policy setting that includes rules
for names and namespaces that require special handling in DirectAccess for specific portions of the DNS namespace; for example, intranet versus Internet web servers. |
|
|
Name Server (NS) record
|
A DNS resource record that defines the DNS servers
that are authoritative in the domain. This includes both the primary DNS servers and any secondary DNS servers. |
|
|
NetBIOS (Network Basic Input/Output System)
|
An application-programming interface
(API) that operates at the session layer of the OSI model and enables user applications to submit network I/O and control directives to underlying network protocol software. |
|
|
netmask ordering
|
A mechanism used by DNS servers for prioritizing local subnets
so that when a client queries for a host name mapped to multiple IP addresses, the DNS server preferentially returns an IP address located on the same subnet as the requesting client. |
|
|
netsh
|
A command-line tool that enables you to configure TCP/IP networking
and addressing options. netsh also enables you to configure and display the status of various networking server roles and components. |
|
|
Network Access Protection (NAP)
|
A Windows Server 2008 role service that is designed
to determine and enforce the health status of client computers accessing the network either locally or by remote access. NAP can prevent computers that fail to meet health requirements from accessing resources on the network; it can also direct these computers to a remediation network where they can install updates to render them properly compliant. |
|
|
Network Address Translation (NAT)
|
A specification in TCP/IP that maps the
range of private IPv4 addresses (192.168.0.1-192.168-0-254) to the public IP address of an Internet-facing network adapter. |
|
|
Network File System (NFS)
|
Technology that enables UNIX to share files and applications
across the network. |
|
|
network interface layer
|
The bottom layer of the TCP/IP protocol stack, it provides
an interface for the Internet layer to the network media. This layer controls the way frames are ultimately built and sent out on to the network media or received from the network media and sent to the upper layers. |
|
|
network location server
|
An intranet web server used by a DirectAccess client to
determine whether it is located on the corporate intranet or the Internet. |
|
|
Network Monitor
|
A utility that enables you to capture, view, and analyze frames
transmitted across the network to network adapter cards on your computer. It is useful for detecting incursions by unauthorized users and tracing their activity on the network. |
|
|
Network Policy Server (NPS)
|
Microsoft’s implementation of RADIUS that is used
in both the original and R2 versions of Windows Server 2008. It replaces the Internet Authentication Service (IAS) server used with Windows Server 2003. |
|
|
network printer
|
A printer that is equipped with its own network adapter card and
connected to the network. |
|
|
New Technology File System (NTFS)
|
The file system originally provided with
Windows NT that supports volume mounting, compression, encryption, and security. |
|
|
nmcap.exe
|
The command-line version of Network Monitor. nmcap.exe enables
you to script execution of Network Monitor or run Network Monitor on a machine running the Server Core version of Windows Server 2008. |
|
|
non-dynamic DNS
|
A type of DNS that does not update automatically; an administrator
must enter updated zone data manually. This type of DNS was used by Windows NT DNS servers. |
|
|
NPS template
|
A template that helps you to create configuration components such
as client lists, shared secrets, connection conditions, and so on, which you can use on a series of NPS servers. NPS makes six default templates available. |
|
|
nslookup
|
A TCP/IP utility used in troubleshooting DNS name-resolution
problems. |
|
|
NTFS permissions
|
The security feature available in NTFS that allows you to grant
or deny local access rights. |
|
|
offline files
|
A feature built into Windows Server 2008/Windows 7 that enables you
to cache locally stored copies of shared files and folders, so that you can work with them while offline and re-synchronize your changes when you go back online. |
|
|
Open Systems Interconnection (OSI) reference model
|
A seven-layer reference
model that serves to describe the work of protocols in a standardized fashion. |
|
|
Other Stateful Configuration (O) flag
|
A parameter that determines how additional
IPv6 configuration parameters are obtained. This includes such settings as the IPv6 addresses of DNS servers. |
|
|
packet filter
|
A technology that enables you to specify destinations, ports, and protocols
of network packets that are either allowed to or forbidden from being transmitted to or from your router. |
|
|
paging file
|
Virtual memory stored on disk that enables Windows Server 2008 to
run more applications at one time than would be allowed by the computer’s physical memory (RAM). |
|
|
passive file screening
|
A component of file screening that sends configured notifications
to users who save specific file types but does not prevent users from saving these files. |
|
|
performance counter
|
A statistical measurement associated with a performance object,
such as %disk time, queue length, and so on. |
|
|
performance logs
|
Collections of computer performance-monitoring data collected
by running Data Collector Sets. You can archive performance logs and view them in Performance Monitor so that you can obtain a time-trend of a server’s performance. |
|
|
Performance Monitor
|
A Microsoft Management Console (MMC) application that
contains several tools for monitoring your computer’s performance. |
|
|
performance object
|
Hardware or software components that the Performance
Monitor can use for tracking performance data. |
|
|
persistent route
|
A static route that has been defined so that it will remain on the
router even if the interface is deleted or the server is rebooted. |
|
|
Pointer (PTR) record
|
A DNS resource record that defines the IP address to host
name mappings. Used to answer reverse lookup queries, where the user is requesting the host name corresponding to a given IP address. |
|
|
Point-to-Point Protocol (PPP)
|
A dial-up protocol that supports TCP/IP and IPX/
SPX and others with advanced compression and encryption functions. |
|
|
Point-to-Point Tunneling Protocol (PPTP)
|
A protocol used to create VPN tunnels
across a public network and includes encryption and authentication. |
|
|
Preboot Execution Environment (PXE)
|
A bootable ROM chip contained on compatible
NICs that enables client computers without an operating system to boot and connect to the network for locating a Windows Deployment Services (WDS) server. |
|
|
primary DNS suffix
|
The domain or zone name stored in DNS that is appended to
any unqualified host name in order to perform a search. By default, this is the AD DS domain name for a domain member computer; on a standalone computer, you can specify a primary DNS suffix from the DNS Suffix and NetBIOS Name dialog box. |
|
|
primary zone
|
A master copy of DNS zone data hosted on a server that is the primary
source of information for records found in this zone. |
|
|
print device
|
The hardware device that produces the printed output.
|
|
|
print driver
|
The program that converts graphics commands into instructions a
given type of print device can understand. |
|
|
print driver isolation
|
In Windows 7 and Windows Server 2008 R2, this improves
the reliability of the print service by enabling print drivers to run in separate processes from the print spooler process. |
|
|
print pooling
|
The act of setting up two or more physical printers (print devices),
each associated with a single printer. |
|
|
print queue
|
The series of documents that have been scheduled to print to a specific
printer. |
|
|
print server
|
Any computer on which printers have been configured. This can include
a client computer such as Windows 7, as well as a Windows Server 2008 R2 or older server computer. |
|
|
print spooler
|
An area on a computer’s hard drive where documents to be printed
are stored while awaiting printing. The spooler software formats the documents so that the associated printer can print them properly. |
|
|
printer
|
The software interface between the operating system and the print device
that determines various aspects of the printing process. |
|
|
printer pool
|
A set of two or more identical print devices associated with a single
printer. |
|
|
printer priority
|
A number from 1 to 99 that determines which document is printed
first. Printers with a higher priority print their documents first. |
|
|
private IPv4 network
|
An IPv4 network that can be accessed only within a corporation
and cannot be accessed from the public Internet. Private IPv4 networks can be configured with one of the following network addresses: 10.0.0.0/8, 172.16.0.0/16, or 192.168.0.0/24. |
|
|
private key
|
A digital code that is kept confidential and is used along with the public
key to secure data. |
|
|
Protected Extensible Authentication Protocol (PEAP)-Transport Layer Security
(PEAP-TLS) |
A remote access authentication and security protocol that provides
an encrypted authentication channel, dynamic keying material from TLS, fast reconnect using cached session keys, and server authentication that protects against the setup of unauthorized access points. |
|
|
protocol analyzer
|
A hardware device or software program that enables you to
capture, store, and analyze each packet that crosses your network. Also known as a network analyzer or packet analyzer. Network Monitor is Microsoft’s version of a software-based protocol analyzer. |
|
|
public key
|
A digital code available to everyone that is used along with a private key
to secure data. |
|
|
quota template
|
A template that you can create using FSRM that simplifies quota
management by enabling you to apply similar quotas to many different shared folders and volumes on different servers in your organization. |
|
|
RADIUS client
|
A server or network access device that uses the RADIUS protocol
to communicate with RADIUS serves such as NPS servers. Remember that dial-up, VPN, or other client-based computers, are not considered to be RADIUS clients. |
|
|
RADIUS proxy
|
An NPS server that forwards RADIUS messages between RADIUS
clients and servers that perform user authentication, authorization, and accounting. |
|
|
recovery agent
|
A user who has been assigned permission to access and decrypt
files, folders, and volumes that have been encrypted using either EFS or BitLocker. |
|
|
recursion
|
The name-resolution technique wherein a DNS server queries other
DNS servers on behalf of the requesting client to obtain the required FQDN, which it returns to the client. |
|
|
referral
|
An ordered list of targets that a user receives when she accesses a
namespace root or folder from a namespace server or domain controller. |
|
|
Reliability Monitor
|
A Windows Server 2008 tool that provides a trend analysis of
your computer’s system stability with time. It shows how events such as hardware or application failures, software installations or removals, and so on affect your computer’s stability. |
|
|
remediation server
|
A server that computers deemed to be noncompliant with
NAP policies can access in order to obtain security updates, antivirus or antispyware signature files, or other updates required to achieve compliant status and receive unrestricted network access. |
|
|
remote access policy
|
The part of Routing and Remote Access Service that determines
the conditions, profile, and permissions under which users can dial in to remotely access their networks for services. |
|
|
Remote Access Service (RAS)
|
An integrated service that provides remote networking
access for telecommuters, mobile workers, system administrators, and so on, and provides remote access to the network for services, such as file and printer sharing, electronic mail, and database access. |
|
|
Remote Authentication Dial-In User Service (RADIUS)
|
The industry standard client/
server protocol that enables remote access servers to communicate with a central server and database to authenticate dial-in and VPN users and authorize their access to the requested system or service. |
|
|
replication group
|
In DFS Replication, a group of servers that are configured
to replicate folders among each other. The group can be configured with a huband- spoke topology, in which members of the group replicate only with a central server, or a full mesh topology, in which all members replicate with all other members. |
|
|
replication member
|
One server in a replication group that is configured to replicate
folders with other members of the group. |
|
|
replication scope
|
The subset of DNS servers or domain controllers that actively
participate in replication of the specific zone. |
|
|
reporting mode
|
A NAP mode setting that evaluates client computers for health
status but does not enforce restricted network access for noncompliant computers. Useful for setting up and testing the operation of a NAP implementation. |
|
|
reservation
|
An IP address that is configured so that DHCP always assigns it to a
specific DHCP client. |
|
|
Resource Monitor
|
A monitoring tool that provides a summary of CPU, disk,
network, and memory performance statistics including mini graphs of recent performance of these four components, as well as tabulated data pertaining to each of these components. |
|
|
Resource record
|
A standard database record type used in DNS zone database
files. Common types of resource records include Start of Authority (SOA), Address (A or AAAA), Mail Exchanger (MX), and Name Server (NS), among others. |
|
|
reverse lookup query
|
A DNS name-resolution process by which an IP address is
resolved to a host name. |
|
|
root hints
|
A list of the names and IP addresses of DNS servers that are authoritative
for the Internet root domains. Used by a DNS server to forward queries for Internet domains that it is unable to resolve from its own database. |
|
|
round robin
|
A load-balancing mechanism used by DNS servers to distribute name
resolution activity among all available DNS servers. |
|
|
router
|
A device that operates at Layer 3 of the OSI protocol stack and manages
the flow of data between network segments or subnets. RRAS in Windows Server 2008 is capable of acting as a completely functional router on small to medium-sized networks. |
|
|
routing algorithm
|
A mathematical algorithm that calculates optimal routes for
packets traversing an internetwork. Such algorithms take many factors into consideration, including the speed, bandwidth, availability, and cost of each link. |
|
|
Routing and Remote Access service (RRAS)
|
A Windows Server 2008 role service
that is part of the Network Policy and Access Services server role and enables the server to function as a network router and remote access server. |
|
|
Routing Information Protocol (RIP)
|
A distance-vector routing protocol that enables
the exchange of routing information within a small to medium sized network. |
|
|
routing table
|
A table present on every Windows computer, server or client, that
provides a complete description of all routes available from or to the computer on which it is displayed. |
|
|
secondary zone
|
An additional copy of DNS zone data hosted on a DNS server
that is a secondary source for this zone information. |
|
|
secure dynamic DNS (SDDNS)
|
An enhancement to DNS that enables you to permit
dynamic updates only from authorized client computers in an Active Directory– integrated zone. |
|
|
Secure Socket Tunneling Protocol (SSTP)
|
A tunneling protocol that uses Secure
Hypertext Transfer Protocol (HTTPS) over TCP port 443 to transmit traffic across firewalls and proxy servers that might block PPTP and L2TP traffic. |
|
|
secure zone transfer
|
A method of digitally signing zone transfers that enables secondary
DNS servers to verify that zone transfers are being received from a trusted source. |
|
|
server isolation policy
|
A Group Policy setting that enables you to use IPSec authentication
to isolate specific domain member servers to accept only authenticated and secured communication from other computers within the domain. |
|
|
server-side targeting
|
A means of creating computer groups for WSUS in which
you manually add computers to computer groups using the Update Services snap-in. |
|
|
service location (SRV) record
|
A DNS resource record that provides information
about where computers that provide a specific service are located on the network. |
|
|
service set identifier (SSID)
|
A unique configurable identification that allows clients
to communicate to the appropriate access point on an 802.11 network. |
|
|
shadow copies
|
Also known as volume shadow copies, backup copies of files and
folders automatically created by Windows as you work on them, enabling you to restore them should they become improperly modified, corrupted, or deleted. |
|
|
Share and Storage Management Console
|
A new MMC snap-in that facilitates the
configuration and administration of shared folders and volumes in Windows Server 2008 R2. |
|
|
shared folder permissions
|
The security feature available when sharing files and
folders across a network that allows you to grant or deny access rights to network users. |
|
|
shared folders
|
Folders that are made available for access by users who are working
at another computer on the network. |
|
|
Simple Network Management Protocol (SNMP)
|
A network management protocol
that enables you to configure remote devices, monitor network performance, detect network faults, detect inappropriate access, and audit network usage on devices such as hubs, bridges, routers, and servers. |
|
|
SNMP agent
|
A device such as a computer or network component on which SNMP
software has been installed. The SNMP agent gathers information in response to requests from an SNMP management system. |
|
|
SNMP community
|
A logical group of hosts that belong together and all run the
SNMP service. Every community includes at least one management system and multiple agents. |
|
|
SNMP management system
|
A computer on which you have installed SNMP management
software that sends information and update requests to devices configured as SNMP agents. |
|
|
SNMP trap
|
An unsolicited message sent by an SNMP agent to an SNMP management
system when the agent detects that a certain type of event has occurred locally on the managed host. |
|
|
source computer
|
Also called forwarding computer, a computer that has been configured
using an event log subscription to send its event logs to another computer. |
|
|
Start of Authority (SOA) record
|
A DNS resource record that identifies the primary
name server within the domain. It also includes other properties such as an administrator e-mail address and caching properties for the zone. This record is always the first resource record in every zone file. |
|
|
Startup Repair
|
A utility that provides options for repairing problems that are preventing
a computer from starting normally. |
|
|
stateful address configuration
|
A type of IPv6 address autoconfiguration that uses a
stateful address configuration protocol such as DHCPv6 to obtain non-link-local addresses and other IPv6 configuration parameters. |
|
|
stateful firewall
|
A firewall that monitors the state of active connections and uses
the information gained to determine which network packets are allowed through the firewall. Packets sent by an outside computer attempting to communicate with a computer protected by a stateful firewall are dropped unless the packet or protocol was granted access by an access control list (ACL). |
|
|
stateless address configuration
|
A type of IPv6 address autoconfiguration that
uses Router Advertisement messages to configure link-local addresses and additional addresses by exchanging Router Solicitation and Router Advertisement messages with neighboring routers. |
|
|
statement of health (SoH)
|
A declaration from a system health agent (SHA) on a
client computer that asserts the client’s health status to NAP. The SHA creates the SoH and sends it to the corresponding system health validators (SHVs) on a NAP health policy server. |
|
|
static IP address
|
An IP address that is permanently assigned to a computer on the
network. |
|
|
static route
|
An administrator-defined route that does not change and defines the
pathway from one network to another network. |
|
|
Storage Manager for SANs
|
A server feature that enables you to create and manage
LUNs on storage area networks, thereby assisting you in managing your network. |
|
|
storage reports
|
Reports generated by FSRM that provide information on the data
stored on your file server, assisting you in understanding file usage on your server. |
|
|
storage-area network (SAN)
|
A discrete network that is dedicated to file storage
using devices, such as disk arrays or tape libraries, that provides dedicated storage to servers in such a fashion that these devices appear to be locally attached to the servers that reference them. |
|
|
stub zone
|
A DNS zone that contains source information about authoritative name
servers for its zone only. |
|
|
subnet mask
|
A set of numbers, 32-bits in length, that begins with 1s and ends
with 0s in binary notation. The number of 1s represents the number of bits that are considered the subnet address. The bits that are 0s are the host address. Using a subnet mask, you can create more subnets with a smaller number of computers per subnet. All computers on a given subnet must have the same subnet mask. Using dotted-decimal notation, a subnet mask is written as 255.255.0.0 (which is the default mask for a Class B address). |
|
|
subnetting
|
A process that enables you to reconfigure which portion of the subnet
mask constitutes the network portion and which portion constitutes the computer portion. |
|
|
superscope
|
A group of multiple scopes (child scopes) as a single administrative
entity used on DHCP servers. |
|
|
synchronizing files
|
The act of copying files from a shared folder on the network
to an offline file cache on a computer, or copying the same files back to the shared folder after a user has modified them. |
|
|
system health agent (SHA)
|
A NAP-capable client software component that declares
a client computer’s health status to NAP in a statement of health (SoH). |
|
|
system health validator (SHV)
|
A NAP health policy software that validates a client
computer’s health status by verifying the client’s SoH made by its corresponding SHA. |
|
|
System Stability Index
|
A numerical value that provides an indication of your computer’s
reliability over time, as measured by Reliability Monitor. |
|
|
System State data
|
Operating system-specific data that is backed up by the Windows
Server Backup program as a unit. It contains the Registry, COM+ class registration database, and system and boot files; on domain controllers, it also includes the AD DS database and the SYSVOL folder. |
|
|
Teredo
|
A tunneling communication protocol that enables IPv6 connectivity between
IPv6/IPv4 nodes across Network Address Translation (NAT) interfaces, thereby improving connectivity for newer IPv6-enabled applications on IPv4 networks. |
|
|
Time to Live (TTL)
|
A configurable retention time interval that specifies the length
of time that the server will retain cached information for a zone. The maximum default TTL is one hour. |
|
|
Transmission Control Protocol (TCP)
|
A TCP/IP protocol that provides connection-
oriented, reliable communication between two hosts, typically involving large amounts of data. |
|
|
transport mode
|
An IPSec mode that is used for end-to-end security between a
client and a server within a local area network. In transport mode, the entire packet is not encrypted or signed; rather, only the data in the IP payload is encrypted and signed. |
|
|
trust anchor
|
A preconfigured public key associated with a specific zone in DNS.
Such a trust anchor is used to support the DNSKEY resource record on a Windows Server 2008 R2 DNS server. |
|
|
Trusted Platform Module (TPM)
|
A microchip that is built into a computer. It is
used to store cryptographic information, such as encryption keys. |
|
|
tunnel mode
|
An IPSec mode that encrypts the IP header and the payload during
transit. In this way, tunnel mode provides protection for the entire packet. |
|
|
universal naming convention (UNC)
|
A network naming scheme that uses NetBIOS
names for accessing shared resources on remote computers using the format \\servername\sharename. |
|
|
update classifications
|
Diverse types of updates available from Microsoft, such as
critical updates, definition updates, and security updates, which can be deployed to client computers from a WSUS server. |
|
|
update synchronization
|
The act of downloading updates from the Microsoft Update
website to a WSUS server for testing, approval, and distribution to client computers. |
|
|
upstream server
|
A WSUS server that provides update files to downstream servers
when you are implementing a WSUS server hierarchy. |
|
|
user class
|
An options class that is used to differentiate DHCP clients according to
their type, such as desktop, laptop, or server computer. |
|
|
User Datagram Protocol (UDP)
|
A TCP/IP protocol that provides fast, non-connection-
oriented communications with no guarantee of delivery and no error checking. |
|
|
vendor class
|
An options class that’s used to identify a client’s vendor type and
configuration when obtaining a DHCP lease. You can use the vendor class ID option (code 60) to specify vendor classes. |
|
|
virtual private network (VPN)
|
Using a protocol such as Point-to-Point Tunneling
Protocol or L2TP with IPSec to tunnel through a public network to connect to a private network and maintain a secure connection. |
|
|
volume shadow copy service (VSS)
|
Also known as volume snapshot copy, a Windows
service that automatically backs up copies of files and folders as you work on them, enabling you to revert to an earlier version should you improperly modify or delete them. |
|
|
VPN Reconnect
|
A new feature of Windows Server 2008 R2 and Windows 7 that
utilizes IKEv2 technology to automatically reestablish a VPN connection when a user has temporarily lost her Internet connection. |
|
|
vssadmin.exe
|
A utility that enables you to manage volume shadow copies from
the command line. |
|
|
wbadmin.exe
|
A command-line tool that enables you to perform backups and restores.
In Windows Server 2008, this is the only tool that you can use to perform system state backups and restores. |
|
|
Weighting records
|
The act of specifying a value used by the clients to determine
which server to contact, in cases where multiple records with the same priority exist. You can enter a weight value each time you create a new SRV resource record. |
|
|
Wi-Fi Protected Access (WPA and WPA2)
|
A wireless authentication protocol that
uses preshared network key encryption to ensure that only authorized users receive access to the network. |
|
|
Windows Firewall
|
The personal firewall software incorporated in Windows
Vista/7/Server 2008/R2 that filters incoming TCP/IP traffic. Windows Firewall was first introduced in Windows XP SP2. |
|
|
Windows Firewall with Advanced Security
|
A Microsoft Management Console
(MMC) snap-in that provides enhanced firewall management capabilities, including the ability to create firewall rules that are specifically configured to protect a specific type or source/destination path of network traffic. |
|
|
Windows Security Health Validator (WSHV)
|
A system health validator included
with Windows Server 2008 that provides default NAP health validation settings for firewall, antivirus, spyware, automatic updates, and security updates. |
|
|
Windows Server Backup
|
A Windows Server 2008 server feature that provides a
centralized location and wizards for performing various types of backup and restore procedures. |
|
|
Windows Server Update Services
|
A Windows Server 2008 R2 server role that
supplies updates, hotfixes, and other patches automatically to computers on a network. You can deploy and manage updated downloaded from the Microsoft Windows Update website to WSUS servers running on your network. Client computers simply connect to the local WSUS server to download and install updates. |
|
|
Windows Update
|
An application that enables you to maintain your computer in an
up-to-date condition by automatically downloading and installing critical updates as Microsoft publishes them. Also enables access to the WSUS server or Microsoft website on which these updates are published. |
|
|
WINS (Windows Internet Name System)
|
A Windows Server 2008 feature that
enables the dynamic resolution of NetBIOS names to the corresponding IP addresses. |
|
|
wired equivalent privacy (WEP)
|
A protocol that is used on 802.11-based wireless
networks to encrypt data sent between computers on a wireless network or between a computer and its access point. |
|
|
wireless access policy
|
A component of Group Policy that defines conditions that
wireless clients attempting to access a network through a RADIUS server must meet in order to gain access. |
|
|
zone
|
A discrete portion of the local or Internet-based DNS namespace, for which
a single DNS server is authoritative. |
|
|
zone delegation
|
The act of creating a new subdomain that exists in its own DNS
zone and has one or more DNS servers specifically delegated to it as containing the authoritative zone files. Resource records are created in other zones that point to the authoritative DNS servers for the zone being delegated. |
|
|
zone file
|
A file that includes all resource records needed to completely define a
zone and is kept on the DNS name server. |
|
|
zone transfers
|
A mechanism that replicates and synchronizes all copies of the zone
files between DNS name servers. |
