Nt1330 Unit 3 Access Control Essay
Key Terms 70-643
A
access control entry (ACE)/ An entry in an object’s access control list (ACL) that grants permissions to a user or group. Each ACE consists of a security principal (the name of the user, group or computer being granted the permissions) and the specific permissions assigned to that security principal. When you manage permissions in any of the Windows Server 2008 permission systems, you are creating and modifying the ACEs in an ACL. access control list (ACL) A collection of access control entries that defines the access that all users and groups have to an object.
Active Directory Microsoft’s directory Microsoft’s directory service that automates network management, such as user data, resources, and security.
Active Server …show more content…
Pages (ASP) A server-side script processing engine designed by Microsoft to provide dynamic Web content with better performance than the Common Gateway Interface (CGI) and simpler development than Internet Server Application Programming Interface (ISAPI). ASP files have an .asp extension and function like Server Side Includes, with scripting commands embedded in standard HTML code.
Anonymous Authentication An Internet Information Services, an authentication mechanism that enables any user to access a Web site that employs it, without supplying an account name or password. This authentication method is designed primarily for public Web sites on the Internet or any internal site available to all users. application Computer program designed to aid users in the performance of specific tasks. application pool In Internet Information Services, an operational division that consists of a request queue and one or more worker processes. application services Software components that provide components that provide communications services, operating environments, or programming interfaces for specific applications.
Arbitrated loop (FC-AL) A Fibre Channel topology that consists of up to 127 devices, connected in a loop, similar to that of a token ring network. The loop can be physical, with each device connected to a hub that implements the loop.
ASP.NET The successor to Active Server Pages (ASP), ASP.NET is based on server-side scripting and enables developers to create dynamic Web pages, Web applications, and XML (Extensible Markup Language) Web services using a wide variety of programming languages and development tools. ASP.NET files have the extension .aspx, and can contain HTML code, XML code, or scripting code for execution by the server.
ATA (Advanced Technology Attachment) A disk interface that causes parallel communications to connect multiple hard disk drives and other devices to a computer. authentication The process by which Windows Server 2008 verifies that the user matches the user account employed to gain access. authorization The process of determining whether an identified user or process is permitted access to a resource and the user’s appropriate level of access.
B
Basic Authentication The weakest of the challenge/response authentication methods supported by Internet Information Services. Clients transmit unencrypted credentials using Base64 encoding, so anyone capturing the network packets can read the user’s password. basic disk The default disk type in Windows Server 2008. A basic disk supports up to four partitions, typically three primary and one extended, with logical drives to organize data. binding In Internet Information Services, the mechanism by which the protocol listener associates each incoming request with one particular Web site hosted by the server. bitmap caching In Terminal Services, a Windows desktop performance feature that enables a client to store display information in a cache in local memory, so that the server does not have to repeatedly transmit the same data. block I/O access In storage area networking, a type of storage in which a computer accesses the stored data one block at a time. broadcast stream In Windows Media Services, a multimedia stream that typically consists of live content delivered according to prearranged schedule.
C
certification authority (CA) A software component or a commercial service that issues digital certificates. Windows Server 2008 includes a CA as part of the Active Directory Certificate Services role. client access license (CAL) A document that grants a single client access to a specific software program, such as a Terminal Services server. client machine ID (CMID) A unique identifier assigned to each computer that enables a client to store screen elements that remain unchanged from one refresh to the next in a cache on the computer.
Common Gateway Interface (CGI) A protocol that enables a Web server to run an application specified in a client request and pass the request to that application for processing. The Web server then receives the output from the application and packages it as a reply to the client in the form of a Web page. connection authorization policy (CAP) A Terminal Services Gateway component that specifies the Internet users allowed to use the TS Gateway server. copy-on-write data sharing A Windows Server 2008 Terminal Services memory management technique used by the operating system that, when a client attempts to write to a shared application file, creates a copy of that file, allocates it for the exclusive use of that client, and writes the changes to the copy.
Credential Security Service Provider (CredSSP) In Terminal Services, the protocol that Network Level Authentication (NLA) uses to confirm clients’ identities.
D differential backup A type of backup that saves only the data in the selected components that has changed since the last full backup.
Digest Authentication In Internet Authentication Services, an authentication protocol designed for use with intranet Web servers in an Active Directory environment. Unlike Windows Authentication, Digest Authentication works through firewalls and proxy servers because it transmits passwords over the network. However, the protocol protects the passwords using a strong MD5 encryption scheme. digital certification An electronic credential, issued by a certification authority (CA), which confirms the identity of the party to which it is issued.
Digital Rights Management (DRM) A collection of Windows technologies that enable administrators to protect specific types of information from unauthorized consumption and distribution by all users, including users with the appropriate credentials and permissions to access the information. direct-attached storage Hard disk drives and other storage media connected to a computer using one of the standard disk interfaces, as opposed to network-connected storage. directory services Software components that store, organize, and supply information about a network and its resources. disk duplexing A fault tolerance mechanism in which the computer stores duplicate data on two separate disks, each on a separate host adapter, so the data remains available if one disk fails. disk mirroring A fault tolerance mechanism in which the computer stores duplicate data on two separate disks so the data remains available if a disk fails.
DiskPart.exe A Windows Server 2008 command-line program that you can use to perform disk management tasks.
Distributed File System (DFS) A Windows Server 2008 File Services role service that includes two technologies DFS Namespace and DFS Replication. These technologies enable administrators to create virtual directories for shared network files and automatically copy files and folders between duplicate virtual directories.
DNS round robin A load-balancing technique in which you create an individual resource record for each terminal server in the server farm using the server’s IP address and the name of the farm (instead of the server name). When clients attempt to establish a Terminal Services connection to the farm, DNS distributes the incoming name resolution requests among the IP addresses. domain A set of network resources available for a group of users who can authenticate to the network to gain access to those resources. domain controller A Windows server with Active Directory service installed. Each workstation computer joins the domain and is represented by a computer object. Administrators create user objects that represent human users. A domain differs from a workgroup because users log on to the domain once, rather than to each individual computer. dynamic disk The alternative to the basic disk type in Windows Server 2008. Dynamic disks can have an unlimited number of volumes using various configurations. The process of converting a basic disk to a dynamic disk creates a single partition that occupies the entire disk. You can create an unlimited number of volumes out of the space in that partition.
E
Easy Print A Windows Server 2008 Terminal Services feature that eliminates the need for the printer driver on the terminal server. Instead, the terminal server has a generic Easy Print driver based on the XML Paper Specification (XPS) document format introduced in Windows Vista and Windows Server 2008. effective permissions A combination of allowed, denied, inherited, and explicitly assigned permissions that provides a composite view of a security principal’s functional access to a resource.
Enhanced Metafile (EMF) A standardized, highly portable print job format that is the default format used by the Windows 2000, Windows XP, and Windows Server 2003 print subsystems.
Execution mode One of two operational modes in Terminal Services; used when running applications.
external drive array Hard disk drives and other storage media connected to a computer using a network medium, such as Ethernet or FibreChannel.
F
failover cluster A collection of redundant servers configured to perform the same tasks, so that if one server fails another server can take its place almost immediately.
FastCGI An extension to the Common Gateway Interface (CGI) that enables a Web server to maintain a pool of processes that new clients can reuse.
Fast Streaming A collection of techniques that enables Windows Media Player to begin displaying streamed multimedia content more quickly. feature An individual Windows Server 2008 component designed to perform a specific administrative function.
Fibre Channel A high-speed serial networking technology that was originally designed for use with supercomputers, but is now associated primarily with storage area networking.
Fibre Channel Protocol (FCP) The protocol that Fibre Channel storage area networks use to transmit SCSI traffic between devices. file system An operating system component that provides a means for storing and organizing files so that users can easily locate
them.
File Transfer Protocol (FTP) An application layer protocol that enables a client to connect to a remote server, perform rudimentary file management tasks, and copy files in either direction between the two computers. file-based I/O In storage area networking, a type of storage in which a computer accesses the stored data one file at a time. firewall / A software routine that acts as a virtual barrier between a computer and the attached network. A firewall is essentially a filter that enables certain types of incoming and outgoing traffic to pass through the barrier, while blocking other types. folder redirection A Windows service that enables workstations to store user profile data on a shared network drive instead of a local drive. font smoothing In Terminal Services, a Windows desktop performance feature that enables the client to display screen fonts without jagged lines. Also called anti-aliasing.
FTP over Secure Sockets Layer (SSL) A method by which computers use the SSL protocol to encrypt FTP communications. full mesh topology In the Distributed File System, a replication scheme in which every member in a group replicates with every other member.
G
globally unique identifier (GUID) partition table (GPT) You can use GPT as a boot disk if the computer’s architecture provides support for an Extensible Firmware Interface (EFI)-based boot partition. Otherwise, you can use it as a non-bootable disk for data storage only. When used as a boot disk, it differs from the master boot record because platform operation critical data is located in partitions rather than unpartitioned or hidden sectors.
H
host header In Internet Information Services, a Web site property that specifies the name of the Web server to which clients send requests. IIS uses this Host field to associate incoming requests with one of the Web sites hosted by the server. See also virtual hosting. hub/spoke topology In the distributed File System, a replication scheme in which replication traffic is limited to specific pairs of members. hybrid virtualization A type of virtualization in which a host OS shares access to the computer’s processor with the virtual machine manager, with each taking the clock cycles it needs and passing control of the processor back to the other.
Hypertext Markup Language (HTML) A simple tagged coding language that provides a client Web browser with instructions on how to display the text in the file and embed the accompanying media files into the display.
Hypertext Transfer Protocol (HTTP) The standard application layer protocol for Web communications.
Hyper-V A Windows Server 2008 role that implements hypervisor virtualization on the computer. hypervisor / In virtualization, an abstraction layer that interacts directly with the computer’s physical hardware.
I
infrastructure services Software components that provide support functions for network clients.
Install mode One of two operational modes in Terminal Services; used when installing applications.
Internet Server Application Programming Interface (ISAPI) An application processing alternative to the Common Gateway Interface (CGI), which enables a Web server to execute applications without spawning a separate processor each incoming request. ISAPI applications take the form of dynamic link libraries (DLLS) instead of executables (EXEs), which load with the IIS server engine using the same address space.
Internet Storage Name Service (iSNS) In storage area networking, a software component that registers the presence of iSNS initiators and targets on a SAN and responds to queries from iSNS clients.
IP (Internet Protocol) address A unique 32-bit numeric address used as an identifier for a device, such as a computer, on a TCP/IP network.
ISAPI extension A fully realized, in-process application that can generate dynamic HTML pages using information from a database or a form supplied by the client.
ISAPI filter A routine that operates between the HTTP server and the HTTP listener, providing additional functionality, such as application-based authentication, encryption, and data compression services. iSCSI initiator In storage area networking, a hardware or software device running on a computer that accesses the storage devices on the SAN. iSCSI target In storage area networking, a component integrated into a drive array or computer that receives SCSI commands from the initiator and passes them to a storage device.
J
JBOD (Just a Bunch of Disks) A colloquial term for a drive array that is not configured to use RAID or any other type of special fault tolerance mechanism.
K
Kerberos A ticket-based authentication protocol used by Windows computers that are members of an Active Directory domain. Unlike NTLM, which involves only the IIS7 server and the client, Kerberos authentication involves an Active Directory domain controller as well.
Key Management Service (KMS) An activation service that runs on the local network, enabling clients to activate without communicating with Microsoft.
KMS activation threshold The number of activation requests that a Key Management Service host must receive within the last 30 days to activate KMS clients.
L
Licensing server discovery mode A Terminal Services configuration setting that specifies how the terminal server will locate a TS Licensing server. logical unit number (LUN) An identifier assigned to a specific component within a SCSI device, such as individual disk drive in an array, which enables the SCSI host adapter to send commands to that component.
M
MAK Independent Activation Clients contact Microsoft hosts directly, using an Internet connection or a telephone, to activate a product. It is similar to the standard retail product key activation, except that a single key activates multiple computers.
MAK Proxy Activation Multiple clients send activation requests to a proxy, the Volume Activation Management Tool (VAMT). master boot record (MBR) The default partition style used since Windows was released. Supports up to four primary partitions or three primary partitions and one extended partition, with unlimited logical drives on the extended partition.
Mstsc.exe A Windows program that provides command-line access to the Remote Desktop Connection client. multicast In Windows Media Services, a type of transmission in which a single stream is delivered to multiple clients at the same time. multimaster replication A technique in which duplicate copies of a file are updated on a regular basis, no matter which copy changes. For example, if a file is duplicated on four different servers, a user can access any of the four copies and modify the file as needed. The replication engine uses the changes made to the modified copy to update the other three copies. Compare to single master replication.
Multiple Activation Key (MAK) A product key that enables a specified number of computers to activate using Microsoft’s hosted activation services.
N
namespace In the Distributed File System, a virtual directory tree that contains references to shared folders located on network file servers. This directory tree does not exist as a true copy of the folders on different servers. Instead, it is a collection of references to the original folders, which users can browse like an actual server share. network attached storage (NAS) A dedicated file server device, containing disk drives, which connects to a network and provides clients with direct, file-based access storage to resources. Unlike a storage area network, NAS devices include a rudimentary operating system and a file system implementation.
Network File System (NFS) An open standard, application layer, file sharing protocol, commonly used by Linux operating systems. Windows Server 2008 includes an NFS server implementation, in the form of the Services for Network File System role service, part of the File Services role.
Network Level Authentication A Terminal Services feature that confirms the user’s identity with the Credential Security Service Provider (CredSSP) protocol before the client and server establish the Terminal Services connection. network load balancing (NLB) A clustering technology in which a collection of identical servers run simultaneously, sharing incoming traffic equally among them.
NTFS permissions Controls access to the files and folders stored on disk volumes formatted with the NTFS file system. To access a file on the local system or over a network, a user must have the appropriate NTFS permissions.
NTLMv2 A challenge/response authentication protocol used by Windows computers that are not members of an Active Directory domain.
O
Offline Files A Windows feature that enables client computers to maintain copies of server files on their local drives. If the computer’s connection to the network is served or interrupted, the client can continue to work with the local copies until network service is restored, at which time the client synchronizes its data with the data on the server. on-demand stream In Windows Media Services, a multimedia stream of prerecorded content delivered at the user’s request.
P
partition style The method that Windows operating systems use to organize partitions on a disk. Two hard disk partition styles can be used in Windows Server 2008: master boot record (MBR) and GUID partition table (GPT). preboot execution environment (PXE) A network adapter feature that enables a computer to connect to a server on the network and download the boot files it needs to run, rather than booting from a local drive. print device The hardware that produces hard copy documents on paper or other print media. Windows Vista supports local print devices, which are directly attached to the computer’s parallel, serial, Universal Serial Bus (USB), or IEEE 1394 (Fire Wire) ports; and network interface print devices, which are connected to the network directly or through another computer. print server A computer or stand-alone device that receives print jobs from clients and sends them to print devices that are attached locally or connected to the network. printer The software interface through which a computer communicates with a print device. Windows Vista supports numerous interfaces, including parallel (LPT), serial (COM), USB, IEEE 1394 (Fire Wire), Infrared Data Access (IrDA), and Bluetooth ports; and network printing services such as LPT, Internet Printing Protocol (IPP), and standard TCP/IP ports. printer control language (PCL) A language understood by the printer. Each printer is associated with a printer driver that converts the commands generated by an application into the printer’s PCL. printer driver A device driver that converts the print jobs generated by applications into an appropriate string of commands for a specific print device. Printer drivers are designed for specific print devices and provide applications that access all of the print device’s features. printer pool A single print server connected to multiple print devices. The print server can distribute large numbers of incoming jobs among several identical print devices to provide timely service. Alternatively, you can connect print devices that support different forms and paper sizes to a single print server, which distributes jobs with different requirements to the appropriate print devices. private key In public key infrastructure (PKI), the secret key in a pair of keys, which is known only to the message or file recipient and used to decrypt the item. When a message is encrypted using the private key, only the public key can decrypt it. The ability to decrypt the message using the public key proves that the message originated from the holder of the private key. protocol listener In Internet Information Services, the component that awaits incoming requests from clients and forwards them to the appropriate server applications. protocol rollover In Windows Media Services, the technique by which clients and servers negotiate the most efficient streaming protocol they have in common. A client establishing a connection to a Windows Media Services server sends information about the protocols it can use and the server selects the best protocol it is capable of using. If, for any reason, the client cannot use the selected protocol, the server reverts to the next best protocol in its list. public key infrastructure (PKI) A security relationship in which participants are issued two keys: public and private. The participant keeps the private key secret, while the public key is freely available in the digital certificate. Data encrypted with the private key can only be decrypted using the public key and data encrypted with the public key can only be decrypted using the private key. publishing points In Windows Media Services, the components on a server through which clients access specific content streams.
R
Real Time Streaming Protocol (RTSP) A control protocol, used by default in Windows Media Services running on Windows Server 2008, which carries commands between a client and server using the connection-oriented TCP protocol and port number 554. For the actual data streaming, Windows Media Services uses the Real time Protocol (RTP).
Redundant Array of Independent Disks (RAID) A series of data storage technologies that use multiple disks to provide computers with increased storage, I/O performance, and/or fault tolerance.
Remote Desktop Connection A program running on a desktop computer that establishes a connection to a terminal server using Remote Desktop Protocol (RDP) and displays a session window containing a desktop or application.
Remote Differential Compression (RDC) In the Distributed File System, a protocol that conserves network bandwidth by detecting changes in files and transmitting only the modified data to the destination. This conserves bandwidth and greatly reduces the time needed for the replication process.
RemoteApp A terminal Services feature that enables clients to run terminal server applications within individual, resizable windows. replication group In the Distributed File System, a collection of servers, known as members, each of which contains a target for a particular DFS folder. resource authorization policy (RAP) A Terminal Services Gateway component that specifies the terminal servers users are permitted to access on the private network. role A collection of Windows Server 2008 modules and tools designed to perform specific tasks for network clients.
S
security identifier (SID) A unique value assigned to every Active Directory object when it is created. security principal The user, group, or computer to which an administrator assigns permissions.
Serial ATA (SATA) A newer version of the ATA disk interface that uses serial instead of parallel communications, improves transmission speeds, and provides the ability to queue commands at the drive. server farm A collection of identical servers used to balance a large incoming traffic load.
ServerManagerCmd.exe A Windows Server 2008 command-line tool used to install roles and features.
Server Message Blocks (SMB) The default application layer, file sharing protocol used by the Windows operating system.
Server Side Includes (SSI) A relatively old Web server technology that enables HTML pages to contain directives that the server parses and executes. session In Terminal Services, a collection of client processes that form an individual user environment running on the server.
Session ID In Terminal Services, a unique identifier that a terminal server assigns to each client session to keep the processes for individual clients separate.
Shadow Copies A Windows Server 2008 feature that maintains a library containing multiple versions of selected files. Users can select a version of a file to restore as needed.
Simple Mail Transfer Protocol (SMTP) The standard Transmission Control Protocol/Internet Protocol (TCP/IP) email protocol for the Internet. Email clients send outgoing messages to an SMTP server specified in their configuration settings and the SMTP server forwards the messages to other mail servers on the way to their destinations. simple volume Consists of space from a single disk. After you create a simple volume, you can extend it to multiple disks to create a spanned or striped volume if it is not a system volume or boot volume. single master replication A technique in which duplicate copies of a file are duplicated on a regular basis from one master copy. For example, if a file is duplicated on four different servers, users can modify one copy and the replication engine propagates the changes to the other three copies. Compare with multimaster replication.
Small Computer System Interface (SCSI) A storage interface that enables computers to transfer data to multiple storage devices connected to a bus. spanned volume A method for combining the space from multiple (2 to 32) dynamic disks into a single large volume. If a single physical disk in the spanned volume fails, all the data in the volume is lost. special permissions An element providing a security principal with a specific degree of access to a resource. spooler A service running on a print server that temporarily stores print jobs until the print device can process them. standard permissions A common combination of special permissions used to provide a security principal with a level of access to a resource. stateless Descriptive term for a server that does not maintain information about the client connections or the files opened by individual clients. NFS servers are stateless. storage area network (SAN) A dedicated, high-speed network that connects block-based storage devices to servers. Unlike NAS devices, SANs do not provide a file system implementation. SANs require a server to provide clients with access to the storage resources. striped volume A method for combining the space from multiple (2 to 32) dynamic disks into a single large volume. If a single physical disk in the striped volume fails, all the data in the volume is lost. A striped volume differs from a spanned volume in that the system writes data one stripe at a time to each successive disk in the volume. subnet mask In TCP/IP networking, a 32-bit value that specifies which bits of an IP address form the network identifier and which bits form the host identifier.
Switched fabric (FC-SW) A Fibre Channel topology that consists of up to 16,777,216 (224 ) devices, each of which is connected to a Fibre Channel switch.
T
target In the Distributed File System, a physical folder on a shard server drive that is represented by a virtual directory in a DFS namespace.
Terminal Services client access license (TS CAL) A document that grants a single client access to a specific software program, in this case, a Terminal Services server.
Terminal Services Gateway A Terminal Services role service that enables Internet users to access terminal servers on private networks, despite the presence of intervening firewalls and network access translation (NAT) servers.
Terminal Services licensing mode / A Terminal Services configuration parameter that specifies whether the terminal server should issue Per Device or Per User licenses to clients.
Terminal Services (TS) Web Access A Terminal Services role service that enables users to launch an application by double-clicking an icon on a Web page. thin client A software program or hardware device that connects to a terminal server and access applications running on the server. thin client computing A variation on the mainframe computing paradigm, in which clients function only as terminals and servers do all of the application computing.
TS Licensing server A Terminal Services role service that enables users to launch an application by double-clicking an icon on a Web page. thin client A software program or hardware device that connects to a terminal server and accesses applications running on the server. thin client computing A variation on the mainframe paradigm, in which clients function only as terminals and servers do all of the application computing. TS Licensing server A Terminal Services software component that issues client access license to Terminal Services clients on a network. tunneling A networking technique in which one protocol is encapsulated within another protocol. In virtual private networking (VPN), an entire client/server session is tunneled within another protocol. Because the internal, or payload, protocol is carried by another protocol, it is protected from most standard forms of attack. U unicast In Windows Media Services, a type of transmission in which each client establishes its own connection to the Windows Media Services server and has its own data stream. Universal Discovery, Discription, and Integration (UDDI) An XML-based directory service that enables businesses to publish listings about their activities and the services they offer. V VDS hardware provider In storage area networking, a software component that enables you to use Storage Manager for SANs snap-in to manage LUNs on an external storage device. virtual directory In Internet Information Services, an alias that points to a folder in another physical location. This shortcut enables you to publish content found on different devices or different computers without copying or moving it. virtual hosting In Internet Information Services, a binding method in which each Web site hosted by a server is assigned a unique name, called a host header value, which differentiates it from the server’s other sites. This binding method enables the Web server to host multiple Web sites using a single IP address and port number without requiring any special information from clients. virtual instance A guest OS installed on a virtual machine in a Windows Server 2008 computer using Hyper-V. virtual machine (VM) In virtualization, on of multiple separate operating environments on a single computer, in which you can install a separate copy of an operating system. virtual private networking (VPN) A technique for connecting to a network at a remote location using the Internet as a network medium. virtual server A complete installation of an operating system that runs in a software environment emulating a physical computer. virtualization The process of deploying and maintaining multiple instances of an operating system on a single computer. Volume Activation (VA) 2.0 Microsoft’s program for automating and managing the activation of products obtained using volume licenses. Volume Activation Management Tool (VAMT) A Microsoft program that collects activation requests from clients on the network. It uses a single connection to the Microsoft hosts to activate all of the clients at the same time, and then distributes the resulting activation codes to the clients using the Windows Management Instrumentation (WMI) interface. W Web garden A Web site with an application pool that uses more than one worker process. Windows Authentication The most secure of the challenge/response authentication methods supported by Internet Information Services 7. Supports two authentication protocols: NTLMv2 and Kerberos. Windows CE A real-time, modular operating system designed for devices with minimal amounts of memory. Windows CE is not based on the NT kernel, but it does provide users with a familiar Windows graphical user interface (GUI), and has been adapted to a variety of devices, including handhelds, smart phones, and game consoles. Windows Deployment Services (WDS) A role included with Windows Server 2008, which enables you to perform unattended installations of Windows Server 2008 and other operating systems on remote computers, using network-based boot and installation media. Windows Media Encoder A Windows application that converts captured digital content into the Windows Media format and sends it to a Windows Media format and sends it to a Windows media Services server for real time distribution. Windows Media Player A client application supplied with the Windows operating system that enables the computer to request, receive, and display multimedia streams. Windows Media Services A Windows Server 2008 role that can stream audio and video content to network clients in real time. A player on the client computer establishes a direct connection with the server and plays the audio or video content as it arrives. Windows PE (Preinstallation Environment) 2.1 A subset of Windows Server 2008 that provides basic access to computer’s network and disk drives, making it possible to perform an in-place or a network installation. This eliminates DOS from the installation process by supplying its own preinstallation environment. Windows Process Activation Service (WAS) Windows Server 2008 feature that manages the Internet Information Services 7 request pipeline, the server’s application pools, and the worker processes running them. Windows Share Point Services 3.0 A Microsoft service that enables users to employ browser-based workspaces to share information in a variety of ways, such as storing documents, creating calendar appointments and task lists, and contributing to newsgroup-style discussions. Windows XPe A full-featured operating system based on the standard of Windows XP kernel. Windows XPe terminals include more local computing capabilities than terminals using Windows CE or a proprietary OS, including support for local browsers and Java applications, as well as embedded Win32 applications. Windows XPe also supports the full range of Windows drivers and peripherals. The result is a powerful and efficient workstation that can continue to function when disconnected from the network. witness disk In failover clustering, a shared storage medium that holds the cluster configuration database. worker process In Internet information Services, a host for user-developed application code, which is responsible for processing requests from the protocol listeners and returning the results to the client. worker process isolation mode In Internet Information Services, an arrangement in which each application pool occupies its own protected address space. As a result, a crashed application cannot affect any process running outside of that pool. X XML Paper Specification (XPS) A new, platform-independent document format included with Windows Server 2008 and Windows Vista, in which print job files use a single XPS format for their entire journey to the print device, rather than being converted first to EMS and then to PCL.
A
access control entry (ACE)/ An entry in an object’s access control list (ACL) that grants permissions to a user or group. Each ACE consists of a security principal (the name of the user, group or computer being granted the permissions) and the specific permissions assigned to that security principal. When you manage permissions in any of the Windows Server 2008 permission systems, you are creating and modifying the ACEs in an ACL. access control list (ACL) A collection of access control entries that defines the access that all users and groups have to an object.
Active Directory Microsoft’s directory Microsoft’s directory service that automates network management, such as user data, resources, and security.
Active Server …show more content…
Pages (ASP) A server-side script processing engine designed by Microsoft to provide dynamic Web content with better performance than the Common Gateway Interface (CGI) and simpler development than Internet Server Application Programming Interface (ISAPI). ASP files have an .asp extension and function like Server Side Includes, with scripting commands embedded in standard HTML code.
Anonymous Authentication An Internet Information Services, an authentication mechanism that enables any user to access a Web site that employs it, without supplying an account name or password. This authentication method is designed primarily for public Web sites on the Internet or any internal site available to all users. application Computer program designed to aid users in the performance of specific tasks. application pool In Internet Information Services, an operational division that consists of a request queue and one or more worker processes. application services Software components that provide components that provide communications services, operating environments, or programming interfaces for specific applications.
Arbitrated loop (FC-AL) A Fibre Channel topology that consists of up to 127 devices, connected in a loop, similar to that of a token ring network. The loop can be physical, with each device connected to a hub that implements the loop.
ASP.NET The successor to Active Server Pages (ASP), ASP.NET is based on server-side scripting and enables developers to create dynamic Web pages, Web applications, and XML (Extensible Markup Language) Web services using a wide variety of programming languages and development tools. ASP.NET files have the extension .aspx, and can contain HTML code, XML code, or scripting code for execution by the server.
ATA (Advanced Technology Attachment) A disk interface that causes parallel communications to connect multiple hard disk drives and other devices to a computer. authentication The process by which Windows Server 2008 verifies that the user matches the user account employed to gain access. authorization The process of determining whether an identified user or process is permitted access to a resource and the user’s appropriate level of access.
B
Basic Authentication The weakest of the challenge/response authentication methods supported by Internet Information Services. Clients transmit unencrypted credentials using Base64 encoding, so anyone capturing the network packets can read the user’s password. basic disk The default disk type in Windows Server 2008. A basic disk supports up to four partitions, typically three primary and one extended, with logical drives to organize data. binding In Internet Information Services, the mechanism by which the protocol listener associates each incoming request with one particular Web site hosted by the server. bitmap caching In Terminal Services, a Windows desktop performance feature that enables a client to store display information in a cache in local memory, so that the server does not have to repeatedly transmit the same data. block I/O access In storage area networking, a type of storage in which a computer accesses the stored data one block at a time. broadcast stream In Windows Media Services, a multimedia stream that typically consists of live content delivered according to prearranged schedule.
C
certification authority (CA) A software component or a commercial service that issues digital certificates. Windows Server 2008 includes a CA as part of the Active Directory Certificate Services role. client access license (CAL) A document that grants a single client access to a specific software program, such as a Terminal Services server. client machine ID (CMID) A unique identifier assigned to each computer that enables a client to store screen elements that remain unchanged from one refresh to the next in a cache on the computer.
Common Gateway Interface (CGI) A protocol that enables a Web server to run an application specified in a client request and pass the request to that application for processing. The Web server then receives the output from the application and packages it as a reply to the client in the form of a Web page. connection authorization policy (CAP) A Terminal Services Gateway component that specifies the Internet users allowed to use the TS Gateway server. copy-on-write data sharing A Windows Server 2008 Terminal Services memory management technique used by the operating system that, when a client attempts to write to a shared application file, creates a copy of that file, allocates it for the exclusive use of that client, and writes the changes to the copy.
Credential Security Service Provider (CredSSP) In Terminal Services, the protocol that Network Level Authentication (NLA) uses to confirm clients’ identities.
D differential backup A type of backup that saves only the data in the selected components that has changed since the last full backup.
Digest Authentication In Internet Authentication Services, an authentication protocol designed for use with intranet Web servers in an Active Directory environment. Unlike Windows Authentication, Digest Authentication works through firewalls and proxy servers because it transmits passwords over the network. However, the protocol protects the passwords using a strong MD5 encryption scheme. digital certification An electronic credential, issued by a certification authority (CA), which confirms the identity of the party to which it is issued.
Digital Rights Management (DRM) A collection of Windows technologies that enable administrators to protect specific types of information from unauthorized consumption and distribution by all users, including users with the appropriate credentials and permissions to access the information. direct-attached storage Hard disk drives and other storage media connected to a computer using one of the standard disk interfaces, as opposed to network-connected storage. directory services Software components that store, organize, and supply information about a network and its resources. disk duplexing A fault tolerance mechanism in which the computer stores duplicate data on two separate disks, each on a separate host adapter, so the data remains available if one disk fails. disk mirroring A fault tolerance mechanism in which the computer stores duplicate data on two separate disks so the data remains available if a disk fails.
DiskPart.exe A Windows Server 2008 command-line program that you can use to perform disk management tasks.
Distributed File System (DFS) A Windows Server 2008 File Services role service that includes two technologies DFS Namespace and DFS Replication. These technologies enable administrators to create virtual directories for shared network files and automatically copy files and folders between duplicate virtual directories.
DNS round robin A load-balancing technique in which you create an individual resource record for each terminal server in the server farm using the server’s IP address and the name of the farm (instead of the server name). When clients attempt to establish a Terminal Services connection to the farm, DNS distributes the incoming name resolution requests among the IP addresses. domain A set of network resources available for a group of users who can authenticate to the network to gain access to those resources. domain controller A Windows server with Active Directory service installed. Each workstation computer joins the domain and is represented by a computer object. Administrators create user objects that represent human users. A domain differs from a workgroup because users log on to the domain once, rather than to each individual computer. dynamic disk The alternative to the basic disk type in Windows Server 2008. Dynamic disks can have an unlimited number of volumes using various configurations. The process of converting a basic disk to a dynamic disk creates a single partition that occupies the entire disk. You can create an unlimited number of volumes out of the space in that partition.
E
Easy Print A Windows Server 2008 Terminal Services feature that eliminates the need for the printer driver on the terminal server. Instead, the terminal server has a generic Easy Print driver based on the XML Paper Specification (XPS) document format introduced in Windows Vista and Windows Server 2008. effective permissions A combination of allowed, denied, inherited, and explicitly assigned permissions that provides a composite view of a security principal’s functional access to a resource.
Enhanced Metafile (EMF) A standardized, highly portable print job format that is the default format used by the Windows 2000, Windows XP, and Windows Server 2003 print subsystems.
Execution mode One of two operational modes in Terminal Services; used when running applications.
external drive array Hard disk drives and other storage media connected to a computer using a network medium, such as Ethernet or FibreChannel.
F
failover cluster A collection of redundant servers configured to perform the same tasks, so that if one server fails another server can take its place almost immediately.
FastCGI An extension to the Common Gateway Interface (CGI) that enables a Web server to maintain a pool of processes that new clients can reuse.
Fast Streaming A collection of techniques that enables Windows Media Player to begin displaying streamed multimedia content more quickly. feature An individual Windows Server 2008 component designed to perform a specific administrative function.
Fibre Channel A high-speed serial networking technology that was originally designed for use with supercomputers, but is now associated primarily with storage area networking.
Fibre Channel Protocol (FCP) The protocol that Fibre Channel storage area networks use to transmit SCSI traffic between devices. file system An operating system component that provides a means for storing and organizing files so that users can easily locate
them.
File Transfer Protocol (FTP) An application layer protocol that enables a client to connect to a remote server, perform rudimentary file management tasks, and copy files in either direction between the two computers. file-based I/O In storage area networking, a type of storage in which a computer accesses the stored data one file at a time. firewall / A software routine that acts as a virtual barrier between a computer and the attached network. A firewall is essentially a filter that enables certain types of incoming and outgoing traffic to pass through the barrier, while blocking other types. folder redirection A Windows service that enables workstations to store user profile data on a shared network drive instead of a local drive. font smoothing In Terminal Services, a Windows desktop performance feature that enables the client to display screen fonts without jagged lines. Also called anti-aliasing.
FTP over Secure Sockets Layer (SSL) A method by which computers use the SSL protocol to encrypt FTP communications. full mesh topology In the Distributed File System, a replication scheme in which every member in a group replicates with every other member.
G
globally unique identifier (GUID) partition table (GPT) You can use GPT as a boot disk if the computer’s architecture provides support for an Extensible Firmware Interface (EFI)-based boot partition. Otherwise, you can use it as a non-bootable disk for data storage only. When used as a boot disk, it differs from the master boot record because platform operation critical data is located in partitions rather than unpartitioned or hidden sectors.
H
host header In Internet Information Services, a Web site property that specifies the name of the Web server to which clients send requests. IIS uses this Host field to associate incoming requests with one of the Web sites hosted by the server. See also virtual hosting. hub/spoke topology In the distributed File System, a replication scheme in which replication traffic is limited to specific pairs of members. hybrid virtualization A type of virtualization in which a host OS shares access to the computer’s processor with the virtual machine manager, with each taking the clock cycles it needs and passing control of the processor back to the other.
Hypertext Markup Language (HTML) A simple tagged coding language that provides a client Web browser with instructions on how to display the text in the file and embed the accompanying media files into the display.
Hypertext Transfer Protocol (HTTP) The standard application layer protocol for Web communications.
Hyper-V A Windows Server 2008 role that implements hypervisor virtualization on the computer. hypervisor / In virtualization, an abstraction layer that interacts directly with the computer’s physical hardware.
I
infrastructure services Software components that provide support functions for network clients.
Install mode One of two operational modes in Terminal Services; used when installing applications.
Internet Server Application Programming Interface (ISAPI) An application processing alternative to the Common Gateway Interface (CGI), which enables a Web server to execute applications without spawning a separate processor each incoming request. ISAPI applications take the form of dynamic link libraries (DLLS) instead of executables (EXEs), which load with the IIS server engine using the same address space.
Internet Storage Name Service (iSNS) In storage area networking, a software component that registers the presence of iSNS initiators and targets on a SAN and responds to queries from iSNS clients.
IP (Internet Protocol) address A unique 32-bit numeric address used as an identifier for a device, such as a computer, on a TCP/IP network.
ISAPI extension A fully realized, in-process application that can generate dynamic HTML pages using information from a database or a form supplied by the client.
ISAPI filter A routine that operates between the HTTP server and the HTTP listener, providing additional functionality, such as application-based authentication, encryption, and data compression services. iSCSI initiator In storage area networking, a hardware or software device running on a computer that accesses the storage devices on the SAN. iSCSI target In storage area networking, a component integrated into a drive array or computer that receives SCSI commands from the initiator and passes them to a storage device.
J
JBOD (Just a Bunch of Disks) A colloquial term for a drive array that is not configured to use RAID or any other type of special fault tolerance mechanism.
K
Kerberos A ticket-based authentication protocol used by Windows computers that are members of an Active Directory domain. Unlike NTLM, which involves only the IIS7 server and the client, Kerberos authentication involves an Active Directory domain controller as well.
Key Management Service (KMS) An activation service that runs on the local network, enabling clients to activate without communicating with Microsoft.
KMS activation threshold The number of activation requests that a Key Management Service host must receive within the last 30 days to activate KMS clients.
L
Licensing server discovery mode A Terminal Services configuration setting that specifies how the terminal server will locate a TS Licensing server. logical unit number (LUN) An identifier assigned to a specific component within a SCSI device, such as individual disk drive in an array, which enables the SCSI host adapter to send commands to that component.
M
MAK Independent Activation Clients contact Microsoft hosts directly, using an Internet connection or a telephone, to activate a product. It is similar to the standard retail product key activation, except that a single key activates multiple computers.
MAK Proxy Activation Multiple clients send activation requests to a proxy, the Volume Activation Management Tool (VAMT). master boot record (MBR) The default partition style used since Windows was released. Supports up to four primary partitions or three primary partitions and one extended partition, with unlimited logical drives on the extended partition.
Mstsc.exe A Windows program that provides command-line access to the Remote Desktop Connection client. multicast In Windows Media Services, a type of transmission in which a single stream is delivered to multiple clients at the same time. multimaster replication A technique in which duplicate copies of a file are updated on a regular basis, no matter which copy changes. For example, if a file is duplicated on four different servers, a user can access any of the four copies and modify the file as needed. The replication engine uses the changes made to the modified copy to update the other three copies. Compare to single master replication.
Multiple Activation Key (MAK) A product key that enables a specified number of computers to activate using Microsoft’s hosted activation services.
N
namespace In the Distributed File System, a virtual directory tree that contains references to shared folders located on network file servers. This directory tree does not exist as a true copy of the folders on different servers. Instead, it is a collection of references to the original folders, which users can browse like an actual server share. network attached storage (NAS) A dedicated file server device, containing disk drives, which connects to a network and provides clients with direct, file-based access storage to resources. Unlike a storage area network, NAS devices include a rudimentary operating system and a file system implementation.
Network File System (NFS) An open standard, application layer, file sharing protocol, commonly used by Linux operating systems. Windows Server 2008 includes an NFS server implementation, in the form of the Services for Network File System role service, part of the File Services role.
Network Level Authentication A Terminal Services feature that confirms the user’s identity with the Credential Security Service Provider (CredSSP) protocol before the client and server establish the Terminal Services connection. network load balancing (NLB) A clustering technology in which a collection of identical servers run simultaneously, sharing incoming traffic equally among them.
NTFS permissions Controls access to the files and folders stored on disk volumes formatted with the NTFS file system. To access a file on the local system or over a network, a user must have the appropriate NTFS permissions.
NTLMv2 A challenge/response authentication protocol used by Windows computers that are not members of an Active Directory domain.
O
Offline Files A Windows feature that enables client computers to maintain copies of server files on their local drives. If the computer’s connection to the network is served or interrupted, the client can continue to work with the local copies until network service is restored, at which time the client synchronizes its data with the data on the server. on-demand stream In Windows Media Services, a multimedia stream of prerecorded content delivered at the user’s request.
P
partition style The method that Windows operating systems use to organize partitions on a disk. Two hard disk partition styles can be used in Windows Server 2008: master boot record (MBR) and GUID partition table (GPT). preboot execution environment (PXE) A network adapter feature that enables a computer to connect to a server on the network and download the boot files it needs to run, rather than booting from a local drive. print device The hardware that produces hard copy documents on paper or other print media. Windows Vista supports local print devices, which are directly attached to the computer’s parallel, serial, Universal Serial Bus (USB), or IEEE 1394 (Fire Wire) ports; and network interface print devices, which are connected to the network directly or through another computer. print server A computer or stand-alone device that receives print jobs from clients and sends them to print devices that are attached locally or connected to the network. printer The software interface through which a computer communicates with a print device. Windows Vista supports numerous interfaces, including parallel (LPT), serial (COM), USB, IEEE 1394 (Fire Wire), Infrared Data Access (IrDA), and Bluetooth ports; and network printing services such as LPT, Internet Printing Protocol (IPP), and standard TCP/IP ports. printer control language (PCL) A language understood by the printer. Each printer is associated with a printer driver that converts the commands generated by an application into the printer’s PCL. printer driver A device driver that converts the print jobs generated by applications into an appropriate string of commands for a specific print device. Printer drivers are designed for specific print devices and provide applications that access all of the print device’s features. printer pool A single print server connected to multiple print devices. The print server can distribute large numbers of incoming jobs among several identical print devices to provide timely service. Alternatively, you can connect print devices that support different forms and paper sizes to a single print server, which distributes jobs with different requirements to the appropriate print devices. private key In public key infrastructure (PKI), the secret key in a pair of keys, which is known only to the message or file recipient and used to decrypt the item. When a message is encrypted using the private key, only the public key can decrypt it. The ability to decrypt the message using the public key proves that the message originated from the holder of the private key. protocol listener In Internet Information Services, the component that awaits incoming requests from clients and forwards them to the appropriate server applications. protocol rollover In Windows Media Services, the technique by which clients and servers negotiate the most efficient streaming protocol they have in common. A client establishing a connection to a Windows Media Services server sends information about the protocols it can use and the server selects the best protocol it is capable of using. If, for any reason, the client cannot use the selected protocol, the server reverts to the next best protocol in its list. public key infrastructure (PKI) A security relationship in which participants are issued two keys: public and private. The participant keeps the private key secret, while the public key is freely available in the digital certificate. Data encrypted with the private key can only be decrypted using the public key and data encrypted with the public key can only be decrypted using the private key. publishing points In Windows Media Services, the components on a server through which clients access specific content streams.
R
Real Time Streaming Protocol (RTSP) A control protocol, used by default in Windows Media Services running on Windows Server 2008, which carries commands between a client and server using the connection-oriented TCP protocol and port number 554. For the actual data streaming, Windows Media Services uses the Real time Protocol (RTP).
Redundant Array of Independent Disks (RAID) A series of data storage technologies that use multiple disks to provide computers with increased storage, I/O performance, and/or fault tolerance.
Remote Desktop Connection A program running on a desktop computer that establishes a connection to a terminal server using Remote Desktop Protocol (RDP) and displays a session window containing a desktop or application.
Remote Differential Compression (RDC) In the Distributed File System, a protocol that conserves network bandwidth by detecting changes in files and transmitting only the modified data to the destination. This conserves bandwidth and greatly reduces the time needed for the replication process.
RemoteApp A terminal Services feature that enables clients to run terminal server applications within individual, resizable windows. replication group In the Distributed File System, a collection of servers, known as members, each of which contains a target for a particular DFS folder. resource authorization policy (RAP) A Terminal Services Gateway component that specifies the terminal servers users are permitted to access on the private network. role A collection of Windows Server 2008 modules and tools designed to perform specific tasks for network clients.
S
security identifier (SID) A unique value assigned to every Active Directory object when it is created. security principal The user, group, or computer to which an administrator assigns permissions.
Serial ATA (SATA) A newer version of the ATA disk interface that uses serial instead of parallel communications, improves transmission speeds, and provides the ability to queue commands at the drive. server farm A collection of identical servers used to balance a large incoming traffic load.
ServerManagerCmd.exe A Windows Server 2008 command-line tool used to install roles and features.
Server Message Blocks (SMB) The default application layer, file sharing protocol used by the Windows operating system.
Server Side Includes (SSI) A relatively old Web server technology that enables HTML pages to contain directives that the server parses and executes. session In Terminal Services, a collection of client processes that form an individual user environment running on the server.
Session ID In Terminal Services, a unique identifier that a terminal server assigns to each client session to keep the processes for individual clients separate.
Shadow Copies A Windows Server 2008 feature that maintains a library containing multiple versions of selected files. Users can select a version of a file to restore as needed.
Simple Mail Transfer Protocol (SMTP) The standard Transmission Control Protocol/Internet Protocol (TCP/IP) email protocol for the Internet. Email clients send outgoing messages to an SMTP server specified in their configuration settings and the SMTP server forwards the messages to other mail servers on the way to their destinations. simple volume Consists of space from a single disk. After you create a simple volume, you can extend it to multiple disks to create a spanned or striped volume if it is not a system volume or boot volume. single master replication A technique in which duplicate copies of a file are duplicated on a regular basis from one master copy. For example, if a file is duplicated on four different servers, users can modify one copy and the replication engine propagates the changes to the other three copies. Compare with multimaster replication.
Small Computer System Interface (SCSI) A storage interface that enables computers to transfer data to multiple storage devices connected to a bus. spanned volume A method for combining the space from multiple (2 to 32) dynamic disks into a single large volume. If a single physical disk in the spanned volume fails, all the data in the volume is lost. special permissions An element providing a security principal with a specific degree of access to a resource. spooler A service running on a print server that temporarily stores print jobs until the print device can process them. standard permissions A common combination of special permissions used to provide a security principal with a level of access to a resource. stateless Descriptive term for a server that does not maintain information about the client connections or the files opened by individual clients. NFS servers are stateless. storage area network (SAN) A dedicated, high-speed network that connects block-based storage devices to servers. Unlike NAS devices, SANs do not provide a file system implementation. SANs require a server to provide clients with access to the storage resources. striped volume A method for combining the space from multiple (2 to 32) dynamic disks into a single large volume. If a single physical disk in the striped volume fails, all the data in the volume is lost. A striped volume differs from a spanned volume in that the system writes data one stripe at a time to each successive disk in the volume. subnet mask In TCP/IP networking, a 32-bit value that specifies which bits of an IP address form the network identifier and which bits form the host identifier.
Switched fabric (FC-SW) A Fibre Channel topology that consists of up to 16,777,216 (224 ) devices, each of which is connected to a Fibre Channel switch.
T
target In the Distributed File System, a physical folder on a shard server drive that is represented by a virtual directory in a DFS namespace.
Terminal Services client access license (TS CAL) A document that grants a single client access to a specific software program, in this case, a Terminal Services server.
Terminal Services Gateway A Terminal Services role service that enables Internet users to access terminal servers on private networks, despite the presence of intervening firewalls and network access translation (NAT) servers.
Terminal Services licensing mode / A Terminal Services configuration parameter that specifies whether the terminal server should issue Per Device or Per User licenses to clients.
Terminal Services (TS) Web Access A Terminal Services role service that enables users to launch an application by double-clicking an icon on a Web page. thin client A software program or hardware device that connects to a terminal server and access applications running on the server. thin client computing A variation on the mainframe computing paradigm, in which clients function only as terminals and servers do all of the application computing.
TS Licensing server A Terminal Services role service that enables users to launch an application by double-clicking an icon on a Web page. thin client A software program or hardware device that connects to a terminal server and accesses applications running on the server. thin client computing A variation on the mainframe paradigm, in which clients function only as terminals and servers do all of the application computing. TS Licensing server A Terminal Services software component that issues client access license to Terminal Services clients on a network. tunneling A networking technique in which one protocol is encapsulated within another protocol. In virtual private networking (VPN), an entire client/server session is tunneled within another protocol. Because the internal, or payload, protocol is carried by another protocol, it is protected from most standard forms of attack. U unicast In Windows Media Services, a type of transmission in which each client establishes its own connection to the Windows Media Services server and has its own data stream. Universal Discovery, Discription, and Integration (UDDI) An XML-based directory service that enables businesses to publish listings about their activities and the services they offer. V VDS hardware provider In storage area networking, a software component that enables you to use Storage Manager for SANs snap-in to manage LUNs on an external storage device. virtual directory In Internet Information Services, an alias that points to a folder in another physical location. This shortcut enables you to publish content found on different devices or different computers without copying or moving it. virtual hosting In Internet Information Services, a binding method in which each Web site hosted by a server is assigned a unique name, called a host header value, which differentiates it from the server’s other sites. This binding method enables the Web server to host multiple Web sites using a single IP address and port number without requiring any special information from clients. virtual instance A guest OS installed on a virtual machine in a Windows Server 2008 computer using Hyper-V. virtual machine (VM) In virtualization, on of multiple separate operating environments on a single computer, in which you can install a separate copy of an operating system. virtual private networking (VPN) A technique for connecting to a network at a remote location using the Internet as a network medium. virtual server A complete installation of an operating system that runs in a software environment emulating a physical computer. virtualization The process of deploying and maintaining multiple instances of an operating system on a single computer. Volume Activation (VA) 2.0 Microsoft’s program for automating and managing the activation of products obtained using volume licenses. Volume Activation Management Tool (VAMT) A Microsoft program that collects activation requests from clients on the network. It uses a single connection to the Microsoft hosts to activate all of the clients at the same time, and then distributes the resulting activation codes to the clients using the Windows Management Instrumentation (WMI) interface. W Web garden A Web site with an application pool that uses more than one worker process. Windows Authentication The most secure of the challenge/response authentication methods supported by Internet Information Services 7. Supports two authentication protocols: NTLMv2 and Kerberos. Windows CE A real-time, modular operating system designed for devices with minimal amounts of memory. Windows CE is not based on the NT kernel, but it does provide users with a familiar Windows graphical user interface (GUI), and has been adapted to a variety of devices, including handhelds, smart phones, and game consoles. Windows Deployment Services (WDS) A role included with Windows Server 2008, which enables you to perform unattended installations of Windows Server 2008 and other operating systems on remote computers, using network-based boot and installation media. Windows Media Encoder A Windows application that converts captured digital content into the Windows Media format and sends it to a Windows Media format and sends it to a Windows media Services server for real time distribution. Windows Media Player A client application supplied with the Windows operating system that enables the computer to request, receive, and display multimedia streams. Windows Media Services A Windows Server 2008 role that can stream audio and video content to network clients in real time. A player on the client computer establishes a direct connection with the server and plays the audio or video content as it arrives. Windows PE (Preinstallation Environment) 2.1 A subset of Windows Server 2008 that provides basic access to computer’s network and disk drives, making it possible to perform an in-place or a network installation. This eliminates DOS from the installation process by supplying its own preinstallation environment. Windows Process Activation Service (WAS) Windows Server 2008 feature that manages the Internet Information Services 7 request pipeline, the server’s application pools, and the worker processes running them. Windows Share Point Services 3.0 A Microsoft service that enables users to employ browser-based workspaces to share information in a variety of ways, such as storing documents, creating calendar appointments and task lists, and contributing to newsgroup-style discussions. Windows XPe A full-featured operating system based on the standard of Windows XP kernel. Windows XPe terminals include more local computing capabilities than terminals using Windows CE or a proprietary OS, including support for local browsers and Java applications, as well as embedded Win32 applications. Windows XPe also supports the full range of Windows drivers and peripherals. The result is a powerful and efficient workstation that can continue to function when disconnected from the network. witness disk In failover clustering, a shared storage medium that holds the cluster configuration database. worker process In Internet information Services, a host for user-developed application code, which is responsible for processing requests from the protocol listeners and returning the results to the client. worker process isolation mode In Internet Information Services, an arrangement in which each application pool occupies its own protected address space. As a result, a crashed application cannot affect any process running outside of that pool. X XML Paper Specification (XPS) A new, platform-independent document format included with Windows Server 2008 and Windows Vista, in which print job files use a single XPS format for their entire journey to the print device, rather than being converted first to EMS and then to PCL.