Glossary of Key Terms
802.11 A set of protocol standards, defined by IEEE, for wireless digital communications. There have been several defined: 802.11a, 802.11b, 802.11g, 802.11n, and 802.11ac.
access control list (ACL) The list of permissions granted or denied that is attached to a file or folder.
account lockout policy A policy setting that locks a user out of a computer if he enters a password incorrectly a specified number of times. This setting is designed to thwart an intruder who uses a password-cracking utility in an attempt to compromise a user account.
Action Center A Windows 10 tool that provides a common location for all security-related configurations, as well as information on device-related problems.
Active Directory (AD) The Windows Server 2016 directory service that has been used since its inception in Windows 2000 and forms the basis for centralized network management on enterprise networks. Also known as Active Directory Domain Services (AD DS).
active partition A partition or volume on a hard disk that has been identified as the primary partition from which the operating system is booted.
Address Resolution Protocol (ARP) A TCP/IP protocol that is used to resolve the IP address of the destination computer to the physical or Media Access Control (MAC) address.
Admin Approval mode The default action mode of Windows 10, in which all user accounts—even administrative ones—run without administrative privileges until such privileges are required. When this happens, the user is presented with a UAC prompt.
administrative shares A series of shares that are automatically created when Windows 10 is first installed. These shares are useful for administrating remote computers on the network.
AES Advanced Encryption Standard is the strongest encryption available for standardized wireless connections. Developed by the National Institute of Standards and Technology (NIST), AES supports key sizes of 128, 192, or 256 bits.
alert A notification provided by the Data Collector Sets feature of Performance Monitor that informs you when the value of a counter has exceeded a preconfigured level.
Anycast IPv6 address A type of IPv6 address that is utilized only for a destination address assigned to a router.
Apple Push Notification services (APNs) An APN’s certificate issued by Apple is required for managing Apple devices.
application compatibility The process of ensuring that a program or application written for a previous Windows operating system will function properly within Windows 10.
Application Compatibility Manager A component of the ACT that enables you to collect and analyze compatibility data so that you can remedy any issues before you deploy a new operating system, such as Windows 10.
Application Compatibility Toolkit (ACT) A Microsoft resource that helps administrators search for and manage compatibility fixes for their applications with Windows 10, thereby helping organizations to produce a comprehensive software inventory.
application signing Windows looks for a digital signature for the publisher of applications before running the application. Signing the application with a private certificate key enables Windows to check the signature and validate it trusts the publisher. In RemoteApp, you sign applications’ user certificates on the RD Session Host, which publishes the applications.
apps A series of programs included by default with Windows 10 that enables you to access information rapidly from the Internet, or features on your computer such as pictures, music, calendar, maps, Internet Explorer, and so on. You can add additional apps at any time from the Windows Store.
App-V An application virtualization technology used to stream applications without installing them locally. The only local installation required is the App-V client, which enables virtual applications to run on Windows computers.
Assessment and Deployment Kit (ADK) The ADK has many tools used for customizing Windows images, test system performance of systems and components, and other tasks.
auditing A security process that tracks the usage of selected network resources, typically storing the results in a log file.
authenticated exceptions Windows firewall rules support authenticated exceptions to allow authenticated users or computers to use a network connection that is otherwise blocked.
authentication A security process that confirms the identity of a user, service, or device.
authorization The security process and settings that allow access to a specific resource to a specific account.
Automatic Private IP Addressing (APIPA) The dynamic IPv4 addressing system used when DHCP is unavailable.
Azure A collection of integrated cloud services offered by Microsoft that is used to build, deploy, and manage applications.
Azure RemoteApp Microsoft’s cloud-based support for hosting RemoteApp applications for use by users on Windows, iOS, and Android devices.
backup The creation of a copy of programs or data on the computer as a protection against some type of disaster.
Backup and Restore (Windows 7) applet An application from Windows 7 added to Windows 10 that provides a centralized location and wizards for performing various types of backup and restore procedures.
basic disk A disk partitioning scheme that uses partition tables supported by many other operating systems and contains primary partitions, extended partitions, and logical drives.
basic input/output system (BIOS) The firmware application encoded in a computer that initializes the computer before the operating system is loaded. The BIOS manages basic hardware configuration.
battery meter A small application that runs on mobile computers and displays the percentage of battery power remaining as well as the power plan currently in use.
Bcdboot A command-line tool that enables you to manage and create new BCD stores and BCD boot entries.
Bcdedit A command-line tool that enables you to manage boot configuration data (BCD) stores in Windows Vista/7/8/8.1/10/Server 2008/Server 2012/R2/2016.
biometrics Technologies that measure and analyze human body characteristics, such as DNA, fingerprints, eye retinas and irises, voice patterns, and facial patterns, typically for authentication purposes.
BitLocker A feature of Windows 10 Pro and Enterprise that enables you to encrypt the entire contents of your system or data partition. It is useful for protecting data stored on laptops, which are susceptible to theft.
BitLocker To Go A component of BitLocker that enables you to encrypt the contents of a USB flash drive or portable hard drive.
broadband In the context of Windows connections, broadband is any metered, wireless connection used for Internet access.
cache A space on the computer’s hard disk that is set aside for holding offline copies of shared files and folders from a computer on the network.
certificate A method of granting access to a user based on unique identification. Certificates represent a distinctive way to establish a user’s identity and credentials.
Certificate Authority (CA) A trusted service that authenticates users and devices and signs certificates for identification and encryption purposes.
Challenge Handshake Authentication Protocol (CHAP) An authentication protocol that uses a hashed version of a user’s password so that the user’s credentials are not sent over the wire in clear text.
checkpoint A point-in-time state of a virtual machine, including hard disk, memory, and hardware configuration information.
classless interdomain routing (CIDR) A flexible method of stating IP addresses and masks without needing to classify the addresses. An example of the CIDR format is 192.168.1.0/24.
Client Hyper-V The Microsoft virtualization technology included in Windows 10 Pro, Enterprise, and Education editions.
cloud Cloud refers to applications, storage, shared resources, and other services available over the Internet. Services that are always available whenever a device is connected to the Internet from anywhere are typically referred to as being “in the cloud.”
cloud collection In Azure RemoteApp, a set of applications that run exclusively on the cloud. They have access only to other cloud-based Azure resources.
Credential Guard A system that uses virtualization technology to help prevent unauthorized access to the local Windows cache of user and system credentials and password hashes.
credentials The discrete attributes that make up the total of items required to authenticate a user, service, or device. Credentials are typically made up of an account name and password, but can include many other attributes.
DaaS See Desktop as a Service.
Desktop as a Service (DaaS) A cloud-based desktop virtualization service that provides full desktop experiences to remote users.
data collector sets A component of the Performance Monitor that records computer performance information into log files. This feature was known as Performance Logs and Alerts in Windows 2000/XP/Server 2003.
Data Execution Prevention (DEP) A security feature used to prevent buffer overflow exploits by marking memory with nonexecutable or data-only regions and preventing any code execution from those regions.
data recovery agent A specially configured user account that has the capability to decrypt drives and partitions that have been encrypted using BitLocker.
decryption Unscrambling the data in an encrypted file through use of an algorithm so that the file can be read.
deep link The process of adding a store app to the Microsoft Intune portal for deployment to managed devices.
default gateway The term applied to the router that leads to other networks.
default program The application that is associated with a file of given extension, so that Windows uses this program to open the file whenever you double-click any file with this extension.
Deployment Image Servicing and Management (DISM) A command-line tool used for servicing Windows images.
device driver The specialized software component of an operating system that interfaces with a given hardware component.
device enrollment The process of connecting a computer or device to Microsoft Intune and allowing the Intune management software to control policies, behavior, and other aspects of the device.
Device Guard A new Microsoft technology that gives organizations the capability to lock down devices with advanced malware protection against new and unknown attacks.
Device Health Attestation (DHA) Used to assess device health for Windows PCs and devices, ensuring that security policies are enforced and the device has not been compromised before it is allowed access to organizational resources.
Device Manager A tool from which you can manage all the hardware devices on your computer. It enables you to view and change device properties, update or roll back drivers, configure settings, and remove devices.
Device Stage A Windows 10 application that acts as a home page for your hardware devices, listing all devices and enabling you to perform management tasks.
DFS folder Any shared folder that is contained within a DFS namespace.
DFS Namespace A DFS technology that enables you to create logical groupings of shared folders on different servers that facilitate the access to data by users on the network. Such groupings are presented to users as a virtual folder tree or namespace.
DFS Replication A DFS technology that provides an efficient multimaster replication component that synchronizes data between servers with limited bandwidth network links. The contents of folders are synchronized between servers so that users receive the same version of files regardless of which folder target their computer connects to.
differencing VHD Also known as a child VHD, a VHD that contains only the differences between it and its parent VHD.
DirectAccess A new feature in Windows Server that enables seamless connectivity to an organization network through the Internet without requiring a VPN.
Disk Management snap-in A Microsoft Management Console snap-in that enables you to perform all management activities related to disks, partitions, and volumes.
disk quotas A system of space limits for users on a volume formatted with NTFS. This is set up to ensure that all users have available space on which to store their files, preventing any one user from using all the available space.
DiskPart A Windows command-line tool that enables you to perform all management activities related to disks, partitions, and volumes. You can use this tool to script actions related to disk management.
Distributed File System (DFS) A Windows Server 2012 R2 server role that enables administrators to group a large number of shared folders from different servers together in a single tree that enables users to rapidly locate the share they need without searching numerous servers.
domain A logical grouping of Windows computers, users, and groups that share a common directory database. Domains act as a security boundary and are defined by an administrator.
domain controller (DC) A server that is capable of performing authentication. In Windows Server 2016, a domain controller holds a copy of the Active Directory database.
Domain Name System (DNS) A hierarchical naming system that is contained in a distributed database. DNS provides name resolution for IP addresses and DNS names.
driver package The complete set of files that make up all the components needed for working with a hardware device or peripheral.
driver signing The digital signature that Microsoft adds to a third-party device driver to validate its usage.
duplex A term referring to the simultaneity of communications. Simultaneous two-way communication is full duplex, whereas two-way communications that can occur in only one direction at a time are half-duplex.
dynamic disk A disk partitioning scheme supported by Windows XP/Vista/7/8/8.1 as well as Windows Server 2008 R2/2012 R2 that contains dynamic volumes.
Dynamic Host Configuration Protocol (DHCP) The protocol in the TCP/IP protocol stack that negotiates the lease of an IP address from a DHCP server.
dynamic VHD A VHD that gradually increases in size toward a configured maximum as data is added to it.
Easy Connect A feature of Remote Assistance that uses the Peer Network Routing Protocol enabling Remote Assistance connections. It allows the requesting user to use a password that she provides to the technician for connecting to her computer.
Encrypting File System (EFS) An advanced attribute setting of Windows 2000/XP/Vista/7/8/8.1/10 and Windows Server 2003/2008 R2/2012/R2/2016 for files and folders on an NTFS-formatted volume that provides certificate-based public key security for those files and folders. EFS encrypts and decrypts files in a manner that is transparent to users.
encryption Scrambling and rearranging data in a file through use of an algorithm so the file can be read only by individuals or organizations possessing the proper access key.
event log subscription An Event Viewer feature that enables you to collect event logs from a number of computers in a single, convenient location that helps you keep track of events that occur on these computers.
Event Viewer An administrative tool that enables an administrator to view and/or archive event logs, such as the operating system, application, setup, and security logs. In Windows 10, this tool also enables you to configure event log subscriptions that collect events from several monitored computers together.
extended partition One of the primary partitions that can be divided into multiple logical drives.
Extensible Authentication Protocol with Tunneled Transport Layer Security (EAP-TTLS) A new protocol for Windows Server 2012 R2 and Windows 8.1, and continued in Windows 10 and Windows Server 2016, that uses secure TLS connections to encrypt the authentication traffic during the VPN connection handshake.
fast startup A setting in Windows 10 that helps make a computer startup faster after shutdown.
feature updates Updates that contain significant feature additions and changes, as well as security and quality revisions. Previously referred to as upgrades. An example is the upgrade of Windows 10 from version 1511 to version 1607.
Fibre Channel A special, high-speed network connectivity standard and protocol using optical fiber cables.
File Explorer The basic window that displays contents of a drive or folder, previously called Windows Explorer.
File History A feature in Windows 10 that preserves versions of user files in libraries, contacts, and favorites on a separate drive, typically every 10 minutes.
firewall profile A means of grouping firewall rules so that they apply to the affected computers dependent on where the computer is connected.
firewall rule A set of conditions used by Windows Firewall to determine whether a particular type of communication is permitted. You can configure inbound rules, outbound rules, and connection security rules from the Windows Firewall with Advanced Security snap-in.
FireWire Also known as IEEE 1394. FireWire is a fast external bus technology that allows for up to 800 Mbps data transfer rates and can connect up to 63 devices. FireWire devices, although conforming to standards that Windows uses, usually require software from the manufacturer to utilize the specialized capabilities of the hardware.
fixed VHD A VHD that maintains the same size regardless of how much data is contained in it.
folder redirection The practice of moving library folders to a different location, which is often a shared folder on a server. Used to facilitate management of storage space on the network and to ensure proper backup of vital data.
forest A grouping of Active Directory trees that have a trust relationship between them. Forests can consist of a noncontiguous namespace, and unlike domains and trees, do not have to be given a specific name.
global unicast IPv6 address An IPv6 address that uses a global routing prefix of 45 bits to identify a specific organization’s network, a 16-bit subnet ID, and a 64-bit interface ID. These addresses are globally routable on the Internet and are equivalent to public IPv4 addresses.
Group Policy The Windows Server 2016 feature that allows for policy creation, which affects domain users and computers. Policies can be anything from desktop settings to application assignments to security settings and more.
Group Policy Management Console (GPMC) An administrative tool used to manage Group Policies. It can be used to create and modify GPOs, check GPO settings, and link GPOs with specific policy settings to an OU or OUs in the Active Directory.
Group Policy Object (GPO) A collection of policies that apply to a specific target, such as the domain itself (Default Domain Policy) or an organizational unit (OU). GPOs are modified through the Group Policy Management Editor to define policy settings.
hibernation A condition in which your computer saves everything to the hard disk and then powers down. When you restart your computer from hibernation, all open documents and programs are restored to the desktop.
hidden shares A shared folder that does not broadcast its presence and is not browsable in the Network folder. A hidden share is indicated by a dollar sign ($) at the end of the folder name.
host A computing device that has been assigned an IP address.
hybrid Refers to using both SCCM and Microsoft Intune in concert for mobile device and computer management. Also hybrid MDM.
hybrid collection In Azure RemoteApp, a set of applications accessible through the cloud that can also access on-premises resources.
hypervisor An additional layer of software below the operating system for running virtual computers.
indexing A process in Windows 10 that facilitates the task of users searching data contained in files on the computer so that users can rapidly locate information.
input/output (I/O) port address A set of wires used to transmit data between a device and the system. As with IRQs, each component has a unique I/O port assigned. There are 65,535 I/O ports in a computer, and they are referenced by a hexadecimal address in the range of 0000h to FFFFh.
Integration Services A set of applications and software running on a virtual guest that enables the hypervisor to control certain features and performance of the guest operating system.
Internet Connection Sharing (ICS) The simplified system of routing Internet traffic through a Windows 10 computer so that other computers on the network that are not connected to the Internet can access the Internet.
Internet Control Message Protocol (ICMP) A TCP/IP protocol that enables hosts on a TCP/IP network to share status and error information. The ping command uses ICMP to check connectivity to remote computers.
Internet Key Exchange version 2 (IKEv2) A tunneling protocol that uses IPsec Tunnel Mode over UDP port 500. This combination of protocols also supports strong authentication and encryption methods.
Internet Protocol Security (IPsec) An encryption and authentication protocol that is used to secure data transmitted across a network.
Interrupt Request (IRQ) A set of wires running between the CPU and devices in the computer; they enable devices to “interrupt” the CPU so that they can transmit data.
IP address A logical address used to identify both a host and a network segment. Each network adapter on an IP network requires a unique IP address.
IP version 4 (IPv4) The version of the Internet Protocol that has been in use for many years and provides a 32-bit address space formatted as four octets separated by periods.
IP version 6 (IPv6) A newer version of the Internet Protocol that provides a 128-bit address space formatted as eight 16-bit blocks, each of which is portrayed as a 4-digit hexadecimal number and is separated from other blocks by colons.
Ipconfig The command-line utility that provides detailed information about the IP configuration of a Windows computer’s network adapters.
ISO A file format representing an optical disk image such as a DVD or CD.
jumbo frames The term given to packaging TCP/IP packet data, wrapped by routing headers with a larger amount of data. Typical frames contain 1500 bytes of payload data, whereas jumbo frames can carry up to 9000 bytes of data.
Key Management Service (KMS) A Windows service used for volume activation. Clients on the network can activate themselves using the KMS over the local network without connecting a directory to Microsoft’s servers.
Layer 2 Tunneling Protocol (L2TP) A protocol used to create VPN tunnels across a public network. This protocol is used in conjunction with IPsec for security purposes.
library A set of virtual folders that are shared by default with other users of the computer. It is used to group documents of similar type in an easily accessible place.
Line of Business (LOB) LOB apps are developed in-house for use only within the organization and are not distributed publically or made available on the Windows Store.
link-local IPv6 address A type of IPv6 address used for communication between neighboring nodes on the same link. Equivalent to IPv4 addresses configured using APIPA.
Link-Local Multicast Name Resolution (LLMNR) The capability of computers running IPv6 on the local subnet to resolve each other’s names without the need for a DNS server. It is enabled by default in Windows 10 IPv6.
Local Security Policy The security-based Group Policy settings that apply to a local computer and its local users.
local user profile The collection of Registry settings and files associated with a user’s desktop interface that is created the first time a user logs on to a computer. This profile is stored on the local hard disk.
logical drive A segment of the extended partition that can be assigned a separate drive letter.
mandatory profile A user profile that is renamed to NTUser.man. This profile is read-only, so that any changes made to the user are never saved when the user logs off. Useful for setting company-specific desktop settings that users are not permitted to modify.
metered connection Any network connection using a service that is charged based on the amount of data transferred. Many wireless broadband services, smartphone data plans, and satellite communication services use metered connections. See also broadband.
Microsoft account A cloud service account, previously called a Windows Live account, used to access Windows devices and integrate with cloud services and synchronize multiple devices.
Microsoft BitLocker Administration and Monitoring (MBAM) A set of server services that enable administrators in an enterprise to manage, monitor, and report on the status of BitLocker encryption on client computers and workstations.
Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAPv2) A Microsoft version of CHAP that uses the same type of challenge/response mechanism as CHAP but uses a nonreversible encrypted password. This is done by using MD4 algorithms to encrypt the challenge and the user’s password.
Microsoft Edge A new, updated Internet browser in Windows 10, which provides enhancements to active Internet browsing, such as Web Note, Reading view, Cortana, and enhanced security measures.
Microsoft Intune Microsoft’s cloud portal for managing devices. Intune can be used to manage Windows mobile devices, Android devices, iOS devices, Windows PCs and computers, and UNIX/Linux servers.
Microsoft Management Console (MMC) A collection of management tools known as snap-ins that are organized under a single management tool. The tool is used for both local and remote administration.
mirroring A method of duplicating data between two separate hard disks so that the failure of one disk will not cause the operating system to fail.
Mobile Device Management (MDM) Using a system to communicate with and manage mobile devices, such as phones and tablets.
Msconfig The command that opens the System Configuration Utility, which you can use to perform actions such as modifying the startup scheme, the default operating system that boots on a dual-boot computer, services that are enabled, and startup programs that run automatically. You can also launch several computer management tools from this utility.
.msi file The installation file for an application that uses Windows Installer.
msinfo32 The command that opens the System Information program.
.msp file The installation file for a patch or hotfix used to update an application that uses Windows Installer.
.mst file A transform file that performs a scripting-like function for a Windows Installer package.
multicast IPv6 address An IPv6 address that enables the delivery of packets to each of multiple interfaces.
Network Address Translation (NAT) A specification in TCP/IP that maps the range of private IP addresses (192.168.0.1–192.168.0.254) to the public IP address of an Internet-facing network adapter.
Network and Sharing Center A feature of Windows 10 that provides a centralized location from which you can manage all networking tasks, such as connecting to networks and the Internet and sharing files and folders with users at other computers.
Network Discovery A feature of Windows networking used to allow computers to advertise themselves and locate and connect to other computers and network resources.
NIC Network Interface Card, or the hardware device used to connect the computer system to a media access layer of a network. Although termed a “card,” many NICs are now integrated components of computers and other devices.
NTFS permissions The security feature available in NTFS that allows you to grant or deny local access rights.
nonuniform memory architecture (NUMA) A memory allocation technology that groups memory locations and processors into nodes to avoid performance issues caused by multiple processors attempting to access the same memory location, or accessing memory in a location slower to access for the processor that requests it.
Office 365 Microsoft’s cloud-based offering for delivering office software and other services to Windows clients.
offline files A feature built in to all modern Windows versions that enables you to cache locally stored copies of shared files and folders so that you can work with them while offline and resynchronize your changes when you go back online.
offline licensing Licensing model for store apps that allows you to deploy the apps locally to your systems without accessing the online Windows Store.
OneDrive A cloud-based, always-available storage and file sharing solution for Windows users.
Online Certificate Status Protocol (OCSP) A network standard for verifying the status of certificates, retrieving revocation lists, and obtaining the certificate trust change of an X.509 certificate.
online licensing The traditional licensing model that requires users to authenticate to the online Windows Store or Windows Store for Business to obtain a license and the app.
organizational unit (OU) An Active Directory container object that allows an administrator to logically group users, groups, computers, and other OUs into administrative units.
paging file Virtual memory stored on disk that enables Windows 10 to run more applications at one time than would be allowed by the computer’s physical memory (RAM).
partition A configured section of a basic disk that is capable of being formatted with a file system and identified with a drive letter.
Password Authentication Protocol (PAP) The oldest remote access authentication protocol, which sends the user’s credentials over the wire in clear text and can easily be sniffed off of the wire by an attacker.
password policy A series of Group Policy settings that determine password security requirements, such as length, complexity, and age.
performance counter A statistical measurement associated with a performance object such as % disk time, queue length, and so on.
Performance Monitor A Microsoft Management Console (MMC) application that contains several tools for monitoring your computer’s performance.
performance object Hardware or software components that the Performance Monitor can use for tracking performance data.
Personal Identification Number (PIN) Refers to any of a series of digital confirmation numbers required for use of a device or to supplement authentication of a device user.
Personal Identity Verification (PIV) A standard developed and published by the National Institute of Standards and Technology to specify the security and encryption attributes of smart cards and their functions.
PKCS #12 A file format for storing many cryptography objects in a file, typically a private key and public key. To export a certificate from a Microsoft CA that includes a private key, the PKCS #12 format is used.
Plug and Play (PnP) A standard developed by Microsoft and Intel that allows for automatic hardware installation detection and configuration in most Windows operating systems.
Point-to-Point Protocol (PPP) A dial-up protocol that supports TCP/IP and other protocols with advanced compression and encryption functions.
Point-to-Point Tunneling Protocol (PPTP) A protocol that is used to create VPN tunnels across a public network and includes encryption and authentication.
power plans A series of preconfigured power management options that control actions such as shutting off the monitor or hard disks or placing the computer in Sleep mode or hibernation.
PowerShell Remoting PowerShell Remoting is the framework within PowerShell and enabled by WinRM that allows administrators to run cmdlets and commands on remote computers.
primary partition A segment of the hard disk. A maximum of four primary partitions may exist on a single basic disk.
Print Management A Microsoft Management Console (MMC) application that you can use to manage local and remote printers, print servers, jobs, queues, and drivers.
private store The section of the Windows Store for Business that is private to each organization and includes only the apps that the organization has made available to its users.
Protected Extensible Authentication Protocol-Transport Layer Security (PEAP-TLS) A remote access authentication and security protocol that provides an encrypted authentication channel, dynamic keying material from TLS, fast reconnect using cached session keys, and server authentication that protects against the setup of unauthorized access points.
provisioned apps LOB apps that have been added to a Windows image and available to all users of the device.
public folder sharing A simple Windows 10 folder sharing model that allows others on the network to access files in your Public folders of each Windows library (Documents, Pictures, Videos, and Music).
public key infrastructure (PKI) A term for the various services and security devices used to implement encryption and identity certificates in an enterprise. The basis for PKI in a Windows Active Directory domain is the Active Directory Certificate Services and related server roles.
Push-Button Reset A feature in Windows 10 used to refresh the operating system, back to the factory image. Push-Button reset can optionally preserve user data, or it can be used to completely wipe any user files and settings from the device.
quality updates Traditional operating system updates, generally released on Patch Tuesday (the second Tuesday of each month), although they can be released at any time. They contain items such as security, driver, and critical updates.
RAID-5 A combination of disk striping with parity data interleaved across three or more disks. RAID-5 provides improved disk performance and is fault tolerant.
RD Connection Broker A component used for RemoteApp that handles connections from remote clients and directs them to the applications or desktops available.
RD Gateway An RDS component used for forwarding Internet-based clients to internal or private desktop services or RemoteApp applications.
RD Session Host Used for creating Remote Desktop sessions and hosting and streaming published applications to clients.
RD Web Access An RDS component that allows clients to connect to the desktop or RemoteApp services using a standard web browser.
recovery agent A user account that has been granted the authority to decrypt encrypted files.
Reliability Monitor A monitoring tool that provides a trend analysis of your computer’s system stability with time. It shows how events such as hardware or application failures, software installations or removals, and so on affect your computer’s stability.
RemoteApp client Used by Windows computers to access Azure RemoteApp services and applications.
Remote Assistance A service available in Windows 10 that enables a user to share control of her computer with an administrator or other user to resolve a computer problem.
Remote Desktop A service available in Windows 10 Pro or Enterprise that allows a single remote control session of a computer running Windows XP, Vista, 7, 8.1, or Windows 10. Remote Desktop uses the Remote Desktop Protocol (RDP), which is the same protocol used in Terminal Services.
Remote Desktop Gateway (RD Gateway) A Windows Server feature that replaces the Terminal Services feature included with older versions of Windows Server. RD Gateway enables you to connect to remote servers on the corporate network from any computer that is connected to the Internet.
Remote Desktop Services (RDS) A collection of software and services in Windows Server and Microsoft Azure that support virtual desktops and RemoteApp streaming, and associated services.
remote wipe The process of deleting all private and personal information on a device connected to the Internet or other network, without any physical or direct access to the device. Remote wipe is enabled at the server managing the device, and the next time the device attempts to connect to a network service it receives a signal and initiates the wipe and reset process.
Resource Monitor A monitoring tool that provides a summary of CPU, disk, network, and memory performance statistics, including mini-graphs of recent performance of these four components as well as tabulated data pertaining to each.
roaming profile A user profile that is stored on a shared folder on a server so that a user receives the Registry settings and files for his desktop interface regardless of the computer on which he logs on.
Safe Mode A method of starting Windows 10 with only the basic drivers enabled, so that you can troubleshoot problems that prevent Windows from starting normally.
Second Level Address Translation (SLAT) A processor feature, also known as Rapid Virtualization Indexing (RVI), improves processor performance by managing memory with additional indexes or lookup tables.
Secure Boot Secure Boot is a technology in Windows 10 that protects the pre-OS environment of a computer to ensure that all drivers and system loaders are authenticated and secure.
Secure Socket Tunneling Protocol (SSTP) A tunneling protocol that uses Secure Hypertext Transfer Protocol (HTTPS) over TCP port 443 to transmit traffic across firewalls and proxy servers that might block PPTP and L2TP traffic.
service pack A collection of updates and fixes to a software package, usually available via download from the Internet. Service packs are available for download from Microsoft and when using the Microsoft automated update service.
Service Set Identifier (SSID) A network name that identifies a wireless access point.
settings location template A template used by UE-V to determine where the settings for a specific application are located so that they can be saved to a central store.
Setup.exe The application that installs Windows 10 on a new computer or updates an older Windows computer to Windows 10. Also frequently used as a routine for installing applications.
shadow copies Backup copies of files and folders automatically created by Windows as you work on them, enabling File History to back them up to another location, even while you are working on them.
shared folder permissions The security feature available when sharing files and folders across a network that allows you to grant or deny access rights to network users.
shared folders Folders that are made available for access by users who are working at another computer on the network.
shim A compatibility fix that is used to enable an application originally written for an older Windows version to function properly when running in Windows 10.
sideloading The process of installing a UWP or other app to a device without installing it through an online vendor’s store.
Sigverif.exe A utility that checks your computer for unsigned device drivers.
single pane of glass Refers to the concept of using a single UI or user interface with multiple back-end services. The complexity of all the connections and interactions is hidden from the user, simplifying administrative tasks.
site A physical component of Active Directory that includes computers and other resources at a single geographical location and connected with fast LAN links. Sites are created for the purpose of balancing logon authentication with replication.
site-local IPv6 address An IPv6 address that is private to the network on which it is located. This type of address cannot be accessed from locations external to its network, such as the Internet.
sleep mode A condition in which the computer consumes low power but is available for use. Sleep mode saves configuration information to memory and powers down the monitor, disks, and several other hardware components.
Smart Paging A technique used in Hyper-V that minimizes the risk of running out of memory during virtual machine startup operations by swapping some of the requests for physical memory out to a special file on the disk drive.
SmartScreen A feature in Windows 10 and Internet Explorer that works in conjunction with dynamically updated online databases to track malicious software and phishing sites to warn users of potential malware and identity theft sites.
Software as a Service (SaaS) A cloud service that allows users to use software over the Internet without installing it locally. Office 365 is an example of SaaS.
Software License Manager (SLMGR) A script named slmgr.vbs that can be used to query activation states and manage activation using the command line.
special access permissions A granular set of NTFS security permissions that enable a single type of access only. Regular NTFS permissions are a combination of special access permissions.
startup repair A utility that provides a diagnostics-based, step-by-step troubleshooter that enables end users and tech support personnel to rapidly diagnose and repair problems that are preventing a computer from starting normally.
storage pool A set of physical disk drives grouped together and used as the storage capacity for virtual storage spaces.
storage space A virtual disk volume, optionally with resiliency, created from a pool of physical disks and used as a single disk drive.
striping A method of segmenting data and interleaving it across multiple disks, which has the effect of improving disk performance, but is not fault tolerant.
subnet mask A set of numbers, 32-bits in length, that begins with 1s and ends with 0s in binary notation. The number of 1s represents the number of bits that are considered the subnet address. The bits that are 0s are the host address. Using a subnet mask, you can create more subnets with a smaller number of computers per subnet. All computers on a given subnet must have the same subnet mask. Using dotted decimal notation, a subnet mask is written as 255.255.0.0 (which is the default mask for a Class B address).
Sync Center A program on mobile computers that synchronizes data with other network devices, including servers, desktop computers, and other portable computers.
synchronization conflicts Occur when two users have modified a file that is available offline and Windows detects that conflicting modifications have occurred. Windows 10’s Sync Center enables you to save either or both of these versions.
synchronizing files The act of copying files from a shared folder on the network to an offline files cache on a computer or copying the same files back to the shared folder after a user has modified them.
system access control list (SACL) A list of actions that trigger audit events.
System Center Configuration Manager (SCCM) A system management product developed by Microsoft for managing large groups of computers.
System Configuration Utility A tool that enables you to perform actions such as modifying the startup scheme, the default operating system that boots on a dual-boot computer, services that are enabled, and startup programs that run automati-cally. You can also launch several computer management tools from this utility. Started with the Msconfig.exe command.
System Protection A troubleshooting tool that provides several options for retaining copies of system files and settings so that you can configure how System Restore works to restore your computer to an earlier point in time.
System Restore A troubleshooting tool that enables you to restore your computer to an earlier time at which it was operating properly.
Task Manager A Windows 10 administrative utility that provides data about currently running processes, including their CPU and memory usage, and enables you to modify their priority or to shut down misbehaving applications. You can also manage services, including starting, stopping, enabling, and disabling them, obtain information on network utilization, and display users with sessions running on the computer.
Task Scheduler Tool used to schedule and automate tasks to perform a specific function at a specific time.
Teredo A tunneling communication protocol that enables IPv6 connectivity between IPv6/IPv4 nodes across Network Address Translation (NAT) interfaces, thereby improving connectivity for newer IPv6-enabled applications on IPv4 networks.
Temporal Key Integrity Protocol (TKIP) An encryption standard used for wireless networking. It was the first successor to the weaker WEP encryption standard and incorporates several features to ensure unique encryption keys for every data packet, making it a much more challenging encryption methodology compared to WEP.
tree A collection of Active Directory domains that form a contiguous namespace. A tree is contained within a forest, and multiple trees can exist within a forest.
UEFI The Unified Extensible Firmware Interface is a specification designed as a replacement for the older BIOS firmware on PCs. It defines the services and interface points between the computer firmware and the operating system.
USB recovery drive A USB thumb drive or portable hard drive on which copies of files required to start your computer are used if a problem has prevented your computer from starting properly.
User Account Control (UAC) A feature in Windows 8.1 that enables you to work with a nonadministrative user account. UAC displays a prompt that requests approval when you want to perform an administrative task. Should malicious software attempt to install itself or perform undesirable actions, you receive a prompt that you can use to prevent such actions from occurring. First introduced in Windows Vista, UAC has been updated in Windows 8.1 to provide new configuration options and reduce the number of prompts.
User Experience Virtualization (UE-V) A technology that can be used in an organization to save users’ Windows and application settings to a central location and synchronize the settings across devices and sessions.
user profile A series of user-specific settings that are composed of desktop settings, files, application data, and the specific environment established by the user.
Universal Windows Platform (UWP) A new style of app created by Microsoft. These apps are hosted by the Microsoft Store, or developers can create LOB apps and sideload them to devices. UWP apps work on any type of Windows 10 device, as well as Xbox, and Microsoft Hololens.
Verify.exe A utility used for low-level debugging of device driver issues.
VFD Virtual floppy disk, a representation of a floppy disk images store on a disk file.
VHDX A new format for virtual hard disks optimized for use by Hyper-V virtual machines.
Virtual Desktop Infrastructure (VDI) A Microsoft technology used to virtualize desktops in a centralized delivery solution. VDI makes use of virtualization technology to store and run desktop workloads in a server-based VM.
virtual hard disk (VHD) A representation of a hard drive of specific geometry stored in a disk file.
virtual machine A computer running inside another operating system or hypervisor, sharing the hardware resources of the host and behaving as it would running on a physical computer.
virtual private network (VPN) A remote access connection technology that uses a protocol such as Point-to-Point Tunneling Protocol or L2TP with IPsec to tunnel through a public network to connect to a private network and maintain a secure connection.
virtual switch A software representation of a network switch, configured in software and used to connect virtual machines in a Hyper-V environment.
virtualization The process of creating software representations of physical computer components that behave like their physical counterparts.
VLAN Virtual LANs are created by use of special routing or virtual switches that tag network packets with VLAN ID numbers, which are then used to divide a network space into individual and separate LAN segments.
volume A logical drive that has been formatted for use by a file system. Although often considered synonymous with “partition,” a volume is most specifically a portion of a dynamic disk, or multiple sections of dynamic disks, that is capable of being formatted with a file system and being identified with a drive letter.
wbadmin A command-line utility that provides a comprehensive system backup function in a scriptable form.
Wi-Fi Direct A new industry standard connectivity technology in Windows 8.1 that enables data and content sharing between devices and PCs on a peer-to-peer network that does not require separate Wi-Fi access points.
Wi-Fi Protected Access (WPA and WPA2) A security protocol developed by the Wi-Fi Alliance to secure wireless networks. WPA2 incorporates stronger AES-based encryption and devices are subject to security certification by the Wi-Fi Alliance. WPA is no longer supported in Windows 10.
Wi-Fi triangulation A technique that sweeps the current area for Wi-Fi access points and cross-references the information, including the strength of each signal, with a database of locations to determine the location of a computer in range of those access points.
Windows Firewall The personal firewall software incorporated in Windows 10 that filters incoming TCP/IP traffic. Windows Firewall was first introduced in Windows XP SP2.
Windows Firewall with Advanced Security A Microsoft Management Console (MMC) snap-in that enables you to configure comprehensive firewall rules specifying conditions for external connection to your computer. Default inbound, outbound, and connection security rules are provided; you can modify these rules or create new rules as required.
Windows Hardware Certification Program A Microsoft program that identifies all hardware certified to run properly on Windows 10 computers. It replaces the Windows Logo program previously used.
Windows PowerShell An enhanced task-based command-line scripting interface that enables you to perform a large number of remote management tasks.
Windows Recovery Environment (Windows RE) A parallel, minimum Windows installation that enables you to boot your computer when your Windows 10 installation will not start by any of the other advanced startup modes. You can perform advanced recovery operations when you have booted into Windows RE.
Windows Server Update Services (WSUS) A service that can be configured to run on a server, supplying updates, hotfixes, and other patches automatically to computers on a network. WSUS enables you to deploy and manage updates that are downloaded from the Microsoft Windows Update website to WSUS servers running on your own network. Client computers connect to the local WSUS server to download and install updates.
Windows Store for Business A subscription service for organizations, which they can use to manage and deploy LOB or volume-purchased apps for their employees.
Windows To Go A bootable version of Windows 10 contained on a USB drive. It includes all operating system files, applications, and Windows settings and can be used to boot a computer with the appropriate hardware into Windows 10, independently of the operating system installed on this computer.
Windows Update A Windows Settings utility that enables you to maintain your computer in an up-to-date condition by automatically downloading and installing critical updates as Microsoft publishes them.
Windows XP Mode The basic virtualization technology introduced in Windows Vista for running an instance of Windows XP within a Vista or Windows 7 operating system. Replaced by Client Hyper-V in Windows 10.
Wired Equivalent Privacy (WEP) A protocol that is used on 802.11-based wireless networks to encrypt data sent between computers on a wireless network or between a computer and its access point. WEP is better security than an open network but is considered less secure than WPA.
wireless access point (WAP) A router or other device that broadcasts wireless signals to computers on a wireless local area network (WLAN). Also known as an access point or AP. Computers connecting through a WAP are members of an infrastructure (as opposed to ad hoc) wireless network.
wireless local area network (WLAN) Is synonymous with a local area network (LAN) using wireless equipment and signaling.
wireless network profile A series of configuration settings that determine the extent of access to external computers according to your computer’s location. Windows enables you to create profiles for Home, Work, and Public locations.
Work Folders A technology introduced for Windows Server 2012 R2 that allows users to sync files on their local device with a secure location on a Windows Server.