Term
| Access Control List (ACL) |
|
Definition
| List of all security descriptors that have been set up for a particular object, such as a shared folder. |
|
|
Term
|
Definition
| Encrypted set of information associated with a workstation that is equivalent to a unique digital fingerprint and that is used to authenticate logon to a server such as a web server. |
|
|
Term
|
Definition
| Most basic name of an object in the active directory such as the name of a printer. |
|
|
Term
|
Definition
| Namespace in which every child object contains the name of its parent object. |
|
|
Term
|
Definition
| Namespace in which the child object name does not resemble the name of its parent object. |
|
|
Term
|
Definition
| Name in the active directory that contains all the hierarchical components of an object, such as that objects organizational unit and domain, in addition to the object common name. The distinguished name is used by an active directory client to access a particular object such as a printer. |
|
|
Term
|
Definition
| List of Windows 2000 server users that enable one email message to be sent to all users on the list. A distribution group is not used for security and thus cannot appear in an ACL. |
|
|
Term
|
Definition
| Grouping of resource objects, for example, servers and user accounts, that is one element of the active directory in windows 2000 server. A domain usually is a higher level representation of how a business, government, or school is organized, for example reflecting a geographical site or major division of that organization. |
|
|
Term
|
Definition
| Windows 2000 server that contains full copy of the active directory information, that is used to add a new object to the active directory, and that replicates all changes made to it so those changes are updated on every DC in the same domain. |
|
|
Term
| Extensible Authentication Protocol (EAP) |
|
Definition
| Protocol used to provide a range of security services for different manufacturers security devices, such as smart cards. EAP is used with other remote access protocols, for example for security through the Internet. |
|
|
Term
|
Definition
| Grouping of trees that each have contiguous namespaces within their own domain structure, by that have disjointed namespaces between trees. The trees and their domains use the same schema and global catalog. |
|
|
Term
|
Definition
| A grand repository for all objects and the most frequently used attributes for each object in all domains. Each tree has one global catalog. |
|
|
Term
| Globally Unique Identifier (GUID) |
|
Definition
| Unique number, up to 16 characters long, that is associated with an active directory object. |
|
|
Term
|
Definition
| Set of IP based secure communications and encryption standards created through the Internet Engineering Task Force (IETF). |
|
|
Term
| Kerberos Transitive Trust Relationship |
|
Definition
| Set of two way trusts between two or more domains in which Kerberos security is used. |
|
|
Term
|
Definition
| In Windows 2000 server, there can be multiple servers, Called DC’s that store the active directory and replicate it to each other. Because each DC acts as a master, replication does not stop when one is down, and updates to the active directory continue, for example creating a new account. |
|
|
Term
|
Definition
| Process used to translate a computers domain name into the object that it represents, such as to a dotted decimal address associated with a computer, and vice versa. |
|
|
Term
|
Definition
| A logical area on a network that contains directory services and named objects and that has the ability to perform name resolution. |
|
|
Term
|
Definition
| Network resource, such as a server or a user account, which ahs distinct attributes or properties, which is usually defined to a domain, and which exists in the Windows 2000 active directory. |
|
|
Term
|
Definition
| A grouping of objects usually within a domain that provides a means to establish specific policies for governing those objects and that enables object management to be delegated. |
|
|
Term
|
Definition
| In windows 2000, privilege to access an object such as to view the object or to change it. |
|
|
Term
| Relative Distinguished Name (RDN) |
|
Definition
| An object name in the active directory has two or more related components such as the RDN of a user account name that consists of user and the first and last name of the actual user. |
|
|
Term
|
Definition
| In windows 2000, access privileges for high level activities such as logging on to a server from the network, shutting down a server and logging on locally. |
|
|
Term
|
Definition
| Elements used in the definition of each object contained in the active directory including the object class and its attributes. |
|
|
Term
| Secure Sockets Layer/Transport Layer Security (SSL/TLS) |
|
Definition
| An authentication method that uses certificates to verify user right to access a remote server such as a web server. |
|
|
Term
|
Definition
| An individual security property associated with a windows 2000 server object…for example to enable the account McGardner (the security descriptor) to access the folder, databases. |
|
|
Term
|
Definition
| Group of windows 2000 server users that assign access privileges to objects and services. Security groups appear in ACL’s. |
|
|
Term
|
Definition
| Active directory model that links two or more forests in a partner ship; however the forests cannot have Kerberos transitive trust or use the same schema. |
|
|
Term
|
Definition
| An active directory model in which there is only one forest, with interconnected trees and domains that use the same schema and global catalog. |
|
|
Term
|
Definition
| An option in the active directory to interconnect IP subnets so that the server can determine the fastest route to connect clients for authentication and to connect DC’s for replication of the Active directory. Site information also enables the active directory to create redundant routs for DC replication. |
|
|
Term
|
Definition
| And active directory object that combines individual site link objects to create faster routes, when there are three or more site links. |
|
|
Term
|
Definition
| A security device that contains information such as access keys passwords and personal identifications #’s (PIN). The smart card is about the size of a credit card and can be plugged into a computer. |
|
|
Term
|
Definition
| A trust relationship between two or more domains in a tree in which each domain has access to objects in the others. |
|
|
Term
|
Definition
| Related domains that use a contiguous namespace share the same schema and have two way transitive trust relationships. |
|
|
Term
|
Definition
| A domain that has been granted security access to resources in another domain. |
|
|
Term
|
Definition
| A domain that allows another domain security access to its resources and objects such as servers. |
|
|
Term
|
Definition
| A domain relationship in which both domains are trusted and trusting enabling one to have access to objects in the other. |
|
|
Term
| User Principle Name (UPN) |
|
Definition
| A name that combines an account name with the domain name, such as RobBrown@tracksport.org, for easy identification, such as in email. |
|
|
