Term
|
Definition
| where user profiles are stored by default in Windows Server 2008 |
|
|
Term
|
Definition
| Hidden shares created by Windows that are available only to members of the Administrators group; they include the root of each volume, the %systemroot% folder, and IPC$. Hidden shares’ names end with a dollar sign |
|
|
Term
| Administrative template files |
|
Definition
| XML format text files that define policies in the Administrative Templates folder in a GPO. You can create custom ADMX files to create your own policies. |
|
|
Term
|
Definition
| can extract files and directories for which the user would normally not have access. Membership in this group permits users to open any file for backup purposes, however, once the file has been opened for read access it can be redirected by the Backup Operator to any location |
|
|
Term
|
Definition
| An Active Directory object that usually represents a person for informational purposes only, much like an address book entry |
|
|
Term
|
Definition
| a command-line tool that is built into Windows Server 2008 in the %windir%/system32 folder. It is available if you have the AD DS or Active Directory Lightweight Directory Services (AD LDS) server role installed |
|
|
Term
| DFS(distributed file system) |
|
Definition
| A feature that makes shared files more accessible by grouping shared folders from multiple servers into a single folder hierarchy. |
|
|
Term
|
Definition
| An option on NTFS volumes that enables administrators to limit how much disk space a user can occupy with his or her files. |
|
|
Term
|
Definition
| A group type used when you want to group users together, mainly for sending e-mails to several people at once with an Active Directory–integrated e-mail application, such as Microsoft Exchange. |
|
|
Term
|
Definition
| An Active Directory object consisting of a list of users in a distribution group, used for sending an e-mail to multiple people simultaneously. |
|
|
Term
|
Definition
| The owner of an administrative domain |
|
|
Term
|
Definition
| Group Policy Objects stored in Active Directory on domain controllers. They can be linked to a site, a domain, or an OU and affect users and computers whose accounts are stored in these containers. |
|
|
Term
|
Definition
| A user account created in Active Directory that provides a single logon for users to access all resources in the domain for which they have been authorized |
|
|
Term
|
Definition
| Command line tool the adds specific types of objects to the directory |
|
|
Term
|
Definition
| This tool's commands display the selected properties of a specific object in the directory |
|
|
Term
|
Definition
| command modifies existing objects in the directory |
|
|
Term
|
Definition
| This command moves or renames an object within the directory |
|
|
Term
|
Definition
| This tool's commands suite allow you to query the directory according to specified criteria |
|
|
Term
|
Definition
| This command deletes objects from the directory |
|
|
Term
|
Definition
| feature introduced in version 3.0 of NTFS that provides filesystem-level encryption. The technology enables files to be transparently encrypted to protect confidential data from attackers with physical access to the computer. |
|
|
Term
|
Definition
| Defines the method and format an OS uses to store, locate, and retrieve files from electronic storage media |
|
|
Term
| fine-grained password policies |
|
Definition
| A new feature in Server 2008, used to set different password and account lockout policies for targeted users and groups. These policies are created by defining a Password Settings Object (PSO) in the Password Settings Container (PSC). |
|
|
Term
|
Definition
| A method to alter the normal scope of a GPO and exclude certain objects from being affected by its settings. Methods include security filtering, which uses GPO permissions, and WMI filtering, which uses Windows Management Instrumentation queries to select objects. |
|
|
Term
|
Definition
| prevents Group Policy objects (GPOs) that are linked to higher sites, domains, or organizational units from being automatically inherited by the child-level. |
|
|
Term
| GPO Loopback policy processing |
|
Definition
| feature to apply Group Policy Objects (GPOs) that depend only on which computer the user logs on to. |
|
|
Term
|
Definition
| Displays the Resultant Set of Policy (RSoP) information for a remote user and computer |
|
|
Term
|
Definition
| Refreshes local and Active Directory-based Group Policy settings, including security settings |
|
|
Term
|
Definition
| A GPO component that’s an Active Directory object stored in the System\Policies folder. The GPC stores GPO properties and status information but no actual policy settings. |
|
|
Term
|
Definition
| A GPO component that’s stored as a set of files in the Sysvol share. It contains all the policy settings that make up a GPO as well as related files, such as scripts. |
|
|
Term
|
Definition
A property of a group that determines the reach of
a group’s application in a domain or a forest—which security principals in a forest can be group members and to which forest resources a group can be assigned rights or permissions. |
|
|
Term
|
Definition
| "$" appended to the end of the share name |
|
|
Term
|
Definition
| A protocol that runs over TCP/IP and is designed to facilitate access to directory services and directory objects. Is based on a suite of protocols called X.500, developed by the International Telecommunications Union. |
|
|
Term
|
Definition
| draft Internet standard for a file format that may be used for performing batch operations against directories that conform to the LDAP standards. can be used to export and import data, allowing batch operations such as add, create, and modify to be performed against the Active Directory |
|
|
Term
|
Definition
| administrators group receive policy settings assigned here |
|
|
Term
|
Definition
| A Group Policy Object that’s stored on local computers and can be edited by the Group Policy Object Editor snap-in. |
|
|
Term
| Local Non-Administrators GPO |
|
Definition
| All users, besides Admin, receive policy settings assigned |
|
|
Term
|
Definition
| the hours a user is allowed to be on the domain |
|
|
Term
|
Definition
| A user profile that can be changed during a user’s logon session, but the next time the user logs on, the changes aren’t saved, and the profile reverts to its original state. |
|
|
Term
|
Definition
| a container for a set of identifiers, and allows the disambiguation of homonym identifiers residing in different |
|
|
Term
|
Definition
| Permissions set on folders or files on an NTFS-formatted volume. NTFS permissions protect both network and interactive file access. |
|
|
Term
|
Definition
| stores the user profile. contains the registry settings for the user. |
|
|
Term
|
Definition
| turns user profile into a mandatory profile |
|
|
Term
| Resultant Set of Policy (RSoP) |
|
Definition
| A report showing which policy settings apply to a user, computer, or both and where these policy settings originated. RSoP reports can be created using the RSoP snap-in, the Group Policy Results Wizard in GPMC, and the Gpresult.exe command-line program. |
|
|
Term
|
Definition
| A user profile that follows the user no matter which computer he or she logs on to. It’s stored on a network share so that when a user logs on to any computer in the network, the profile is copied from the network share to the profile folder on the local computer. |
|
|
Term
|
Definition
| stores users' passwords in a hashed format (in LM hash and NTLM hash). Since a hash function is one-way, this provides some measure of security for the storage of the passwords. |
|
|
Term
|
Definition
| A group type that’s the main Active Directory object administrators use to manage network resource access and grant rights to users. |
|
|
Term
|
Definition
| Text files with an .inf extension that contain information to define policy settings in the Computer Configuration\Policies\Windows Settings\Security Settings node of a local or domain GPO. |
|
|
Term
|
Definition
| On domain controllers, members of this group can log on interactively, create and delete shared resources, start and stop some services, back up and restore files, format the hard disk, and shut down the computer. This group has no default members. Because this group has significant power on domain controllers, add users with caution. |
|
|
Term
|
Definition
| A feature on the Windows file system that allows users to access previous versions of files in shared folders and restore files that have been deleted or corrupted |
|
|
Term
|
Definition
| Permissions applied to shared folders that protect files accessed across the network. Share permissions are the only method for protecting files on FAT volumes |
|
|
Term
|
Definition
| A user profile type that prevents a user from logging on to the domain when the mandatory profile is unavailable. |
|
|
Term
|
Definition
| option used when an account is locked due to something |
|
|
Term
|
Definition
| A collection of a user’s personal files and settings that define his or her working environment. |
|
|
Term
|
Definition
| A user account that’s copied to create users with common attributes. |
|
|
Term
|
Definition
| Administrators of stand-alone computers can create new local user accounts. When created, Windows stores these new accounts with the list of built-in groups and users on the local computer. Local administrators can use the last layer of the Local Group Policy object, Per-User Local Group Policy objects, to apply specific policy settings to a specific local user. |
|
|
Term
|
Definition
| A feature that enables users to access a volume as a folder in another volume instead of by using a drive letter |
|
|
Term
| Extensible Markup Language (XML) |
|
Definition
| created to structure, store, and transport data by defining a set of rules for encoding documents in a format that is both human-readable and machine-readable. |
|
|
