1653
Glossary
cloud In peer-to-peer networks, a grouping of com-
puters that uses addresses of a specific scope. A scope
is an area of the network over which the address is
unique.
CNG services See Crypto Next Generation (CNG)
services.
Code Integrity A feature of Windows that detects
changes to system files and drivers.
compatibility layer A feature of Protected mode in
Windows Internet Explorer that redirects requests for
protected resources (such as the user’s Documents
folder) to safe locations (such as the Temporary Internet
Files folder).
component store A portion of an operating system
image that stores one or more operating system fea-
tures or language packs.
configuration pass A phase of Windows installation
in which different parts of the operating system are
installed and configured. You can specify unattended
installation settings to be applied in one or more con-
figuration passes.
configuration set A file and folder structure containing
files that control the preinstallation process and define
customizations for the Windows installation.
Confirmation Identifier A digitally signed value
returned by a Microsoft clearinghouse to activate a
system.
core application An application that is common to
most computers in your organization, such as a virus

C
catalog The system index together with the property
cache.
catalog file A binary file that contains the state of all
settings and packages in a Windows image.
central store In the context of Group Policy, a location
for storing administrative templates for use throughout
an organization. Only Windows Vista and later versions
support using a central store.
channel In Meeting Space, the basis for communi-
cation between participants in a meeting. There are
three kinds of Meeting Space channels: metadata, file,
and streaming. The term channel can also refer to an
application-specific event log.
Clear key A key stored unencrypted on the disk
volume. This key is used to freely access the VMK and,
in turn, the FVEK if BitLocker protection is disabled but
disk volume remains encrypted.
client-side cache (CSC) A Microsoft internal term
referring to Offline Files.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
1654
Glossary
D
data store In deployment, the location in which the
USMT stores a user state between the time it is read
from the original computer and the time it is deployed
to the target computer.
defense-in-depth A proven technique of layered pro-
tection that reduces the exposure of vulnerabilities. For

DirectAccess A new feature of Windows 7 and
Windows Server 2008 R2 that increases the productiv-
ity of remote users by enabling them to seamlessly and
securely access the corporate network any time they
have an Internet connection, without requiring a VPN
connection. DirectAccess also enhances the security
and flexibility of the corporate network infrastructure,
enabling IT professionals to remotely manage and
update corporate computers whenever they connect to
the Internet—even when users are not logged in.
directory junction A technique for redirecting
requests for a specific folder to a different location.
Directory junctions are used to provide backward
compatibility for folder locations used in earlier versions
of Windows.
discoverable A state in which a Bluetooth-enabled
device sends out radio signals to advertise its location
to other devices and computers.
DLL See dynamic-link library (DLL).
DNS Security Extensions (DNSSEC) An Internet
standard supported by Windows 7 and Windows Server
2008 R2 that enables computers to authenticate DNS
servers, which mitigates man-in-the-middle attacks.
A man-in-the-middle attack redirects clients to a mali-
cious server, which can allow an attacker to intercept
passwords or confidential data.
DNSSEC See DNS Security Extensions (DNSSEC).
DWM See Desktop Windows Manager (DWM).
Dynamic Driver Provisioning A new feature of
Windows Deployment Services in Windows Server 2008

organizational team that focuses on solving a particular
problem such as security. See also Microsoft Deployment
Toolkit 2010 (MDT 2010).
feature team guide In the context of MDT 2010, a
document that addresses the tasks required of a specific
feature team. See also Microsoft Deployment Toolkit
2010 (MDT 2010).
Federated Search A new feature of Windows 7 and
Windows Server 2008 R2, based on the OpenSearch
protocol, which enables users to search remote data
sources from within Windows Explorer. The goal of
Federated Search is not to replace server repositories,
like Microsoft Office SharePoint Server, but to enable
these repositories to expose their search capabilities
through Windows and thus get more value out of the
repositories for users.
file sharing The process of making files or folders
available to more than one user.
folder redirection A technique for configuring
computers to access user profile data from an alternate
location. Folder redirection is commonly used to store
user documents and data files on a shared folder.
forced guest See ForceGuest.
ForceGuest A common term for one of the network
access models used by Windows XP that requires all
network users to be treated as guests. Beginning with
Windows Vista, however, ForceGuest is no longer a
supported setting; turning this setting on is not
recommended.
Full Volume Encryption Key (FVEK) The algorithm-

Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
1656
Glossary
Hardware Abstraction Layer (HAL) A feature of
Windows that simplifies how the operating system
accesses hardware by providing a single interface that
behaves identically across different platforms.
helper See expert.
high-volume deployment A deployment project that
involves a large number of computers.
HomeGroup A new networking feature of Windows 7
that makes it easier to share files and printers on a
home network. You can share pictures, music, videos,
documents, and printers with other people in your
HomeGroup. Other people can't change the files that
you share unless you give them permission to do so.
hybrid image An imaging strategy that combines
thick and thin images. In a hybrid image, you config-
ure the disk image to install applications on first run,
giving the illusion of a thick image but installing the
applications from a network source. Hybrid images
have most of the advantages of thin images. However,
they aren’t as complex to develop and do not require
a software distribution infrastructure. They do require
longer installation times, however, which can raise initial
deployment costs.
I
ICMP See Internet Control Message Protocol (ICMP).
IFilter A feature of the Windows search engine that
is used to convert documents in different formats into

management features based on Active Directory
Domain Services that enables management of user and
computer data and settings, including security data.
IntelliMirror also provides a limited ability to deploy
software to workstations or servers running Microsoft
Windows 2000 and later versions.
Internet Control Message Protocol (ICMP) A Layer
3 protocol that IP applications use to test connectivity
and communicate routing changes. ICMP is most
commonly used by the Ping tool.
IPConfig A command-line tool that displays the cur-
rent network configuration.
J
Jump List A list of recent items, such as files, folders,
or Web sites, organized by the program that you use
to open them. In addition to being able to open recent
items using a Jump List, you can also pin favorites to a
Jump List so that you can quickly get to the items that
you use every day.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
1657
Glossary
K
Kernel mode A processing mode provided by
x86-based processors that provides processes with
unrestricted access to memory and other system
resources. Beginning with Windows Vista, only system
features and trusted drivers should run in Kernel mode.
Key Management Service (KMS) An infrastructure
that simplifies tracking product keys in enterprise

local sharing The process of making files and folders
available to other users on the same computer. Also
known as same computer sharing.
local user profile The default approach for storing
user profiles in Windows in which the user profile is
stored on the computer’s hard disk.
location-aware printing A new feature of Windows 7
and Windows Server 2008 R2 that makes the Default
Printer setting location aware. Mobile and laptop users
can set a different default printer for each network to
which they connect. They may have a default printer set
for home use and a different default printer set for the
office. Their computers can now automatically select
the correct default printer depending on where the
users are currently located.
LTI See Lite Touch Installation (LTI).
M
MAK See Multiple Activation Key (MAK).
malware A term that describes a broad range of mali-
cious software, including viruses, worms, Trojan horses,
spyware, and adware.
managed service account A new feature of Windows 7
and Windows Server 2008 R2 that allows administrators
to create a class of domain accounts that can be used to
manage and maintain services on local computers.
Mandatory Integrity Control (MIC) A model in which
lower-integrity processes cannot access higher-integrity
processes. The primary integrity levels are Low, Medium,
High, and System. Windows assigns to each process an
integrity level in its access token. Securable objects such

MBR See Master Boot Record (MBR).
MBSA See Microsoft Baseline Security Analyzer
(MBSA).
MBSACLI See Microsoft Baseline Security Analyzer
Command Line Interface (MBSACLI).
MIC See Mandatory Integrity Control (MIC).
Microsoft Baseline Security Analyzer (MBSA) A free
tool available for download from Microsoft.com that
administrators can use to scan computers for security
vulnerabilities and missing security updates.
Microsoft Baseline Security Analyzer Command
Line Interface (MBSACLI) A command-line interface
for MBSA, which administrators can use to scan com-
puters for security vulnerabilities and missing security
updates from scripts. See also Microsoft Baseline
Security Analyzer (MBSA).
Microsoft Deployment Toolkit 2010 (MDT 2010) An
SA that enables rapid deployment of Windows 7,
Windows Server 2008 R2, Windows Vista SP1, Windows
Server 2008, Windows XP SP3, and Windows 2003 SP2.
MDT 2010 provides unified tools, scripts, and docu-
mentation for desktop and server deployment using an
integrated deployment console called the Deployment
Workbench.
mixed mode A Windows Deployment Services mode
that supports both OSChooser and Windows PE for
boot environments and Riprep and ImageX imaging.
Moving from legacy mode to mixed mode happens
when you configure Windows Deployment Services and
add .wim image files to it.

services, sharing resources, and connecting to shared
resources.
Netstat A command-line tool used to display network-
ing statistics.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
1659
Glossary
Network Access Protection (NAP) A feature sup-
ported by Windows Vista and later versions that uses
network authentication to validate the identity and
integrity of client computers before they are allowed to
connect to the network.
Network Monitor A graphical tool that administrators
can use to capture and analyze network communica-
tions.
Network Sharing The process of making a folder
available across the network.
New Computer scenario In MDT 2010, a deployment
scenario that deploys the operating system and
applications to a computer that has not been previously
configured and therefore contains no user data. See
also Microsoft Deployment Toolkit 2010 (MDT 2010).
nondestructive imaging A deployment technique
supported by ImageX and Windows Setup in which an
operating system image is deployed without destroying
the existing data.
novice In a Remote Assistance (RA) scenario, the user
seeking assistance.
Nslookup A command-line tool used to test DNS
name resolution.

modify Windows features. Package types include service
packs, security updates, language packs, and hotfixes.
panning hand A specialized cursor that enables drag-
ging a page.
PatchGuard Microsoft’s kernel patch protection tech-
nology for 64-bit versions of Windows that is designed
to prevent unauthorized and unsupported access to the
kernel. It prohibits all software from performing unsup-
ported patches.
PathPing A command-line tool used to test connec-
tivity to an endpoint. PathPing collects connectivity
statistics for every gateway between the client and the
tested endpoint and displays latency and availability
statistics for every node.
PCR See platform configuration register (PCR).
Peer Name Resolution Protocol (PNRP) A mecha-
nism for distributed, serverless name resolution of peers
in a P2P network. See also peer-to-peer (P2P).
peer-to-peer (P2P) A method for communicating
directly between client computers without involving a
separate server. In Windows Vista and later versions,
P2P refers to a set of networking and collaboration
technologies that are used by Windows Meeting Space
and other applications.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
1660
Glossary
pen flick A Tablet PC pen technique that enables
users to call menu commands by moving the pen using
various gestures.

an endpoint.
Planning Phase A phase in a MDT 2010 deployment
in which the deployment team lays the groundwork for
the deployment. See also Microsoft Deployment Toolkit
2010 (MDT 2010).
platform configuration register (PCR) A register of a
TPM. This register is sufficiently large to contain a hash
(currently only SHA-1). A register can normally only be
extended, which means that its content is a running
hash of all values that are loaded to it. To learn when
these registers are reset, refer to the TCG specification
document. See also Trusted Platform Module (TPM).
PNRP See Peer Name Resolution Protocol (PNRP).
Point-to-Point Tunneling Protocol (PPTP) A net-
working technology that supports multiprotocol VPNs.
This enables remote users to securely access corporate
or other networks across the Internet, to dial into an ISP,
or to connect directly to the Internet. PPTP tunnels, or
encapsulates, IP or IPX banter traffic inside IP packets.
This means that users can remotely run applications
that depend on particular network protocols. PPTP is
described in RFC 2637.
PortQry A command-line tool that tests connectivity
to a network service by attempting to establish a TCP
connection to an endpoint.
PPTP See Point-to-Point Tunneling Protocol (PPTP).
Pre-Boot Execution Environment (PXE) A DHCP-
based remote boot technology used to boot or install
an operating system on a client computer from a
remote server. A Windows Deployment Services server

See also client-side cache (CSC).
proximity A measurement of the network latency
between two computers. For Windows Media Sharing
to work, the network latency between two computers
must be 7 milliseconds or less.
Punycode The self-proclaimed “bootstring encoding”
of Unicode strings into the limited character set sup-
ported by DNS, as defined in RFC 3492. The encoding
is used as part of IDNA, which is a system enabling the
use of internationalized domain names in all languages
that are supported by Unicode where the burden of
translation lies entirely with the user application (such
as a Web browser).
PXE See Pre-Boot Execution Environment (PXE).
R
RAC See Reliability Analysis Component (RAC).
Reliability Analysis Component (RAC) A Windows
feature that gathers and processes reliability data.
Replace Computer scenario In MDT 2010, a deploy-
ment scenario that involves giving a new computer
to an existing user. In this scenario, the user receives
a new computer, and the user’s data is migrated to
the replacement computer to minimize impact on the
user. See also Microsoft Deployment Toolkit 2010 (MDT
2010).
requested execution level manifest An application
marking that indicates the privileges required by the
application. Windows uses the requested execution
level manifest, among other factors, to determine
whether to provide a UAC prompt to the user to elevate

single instance storage A technique for storing multi-
ple Windows images efficiently and in a single location.
The deployment engineer configuring a computer has
the option to select one of the images for deployment
from the client computer.
Sleep A new power state that combines the quick
resume time of Standby with the data-protection
benefits of Hibernate.
slipstreaming The process of integrating a service
pack into operating system setup files so that new
computers immediately have the service pack installed.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
1662
Glossary
SMB See Server Message Block (SMB).
SME See subject matter expert (SME).
SMS See Systems Management Server (SMS).
sniffer A tool such as Network Monitor that collects
network communications. Sniffers are also known as
protocol analyzers.
Software Asset Management (SAM) An initiative
promoted by Microsoft as a way to maintain accurate
inventories of installed and licensed software. This
practice helps organizations maintain legally licensed
versions of all the software they need.
solicited Remote Assistance (RA) A Remote Assis-
tance request initiated by the novice (the user seeking
help). Also known as escalated Remote Assistance (RA).
SPA See Server Performance Advisor (SPA).
SSDP See Simple Service Discovery Protocol (SSDP).

subject matter expert (SME) A person who is skilled
in a particular topic. During deployment, you should
use SMEs to help in the planning, development, and
stabilizing processes. SMEs are users who are most fa-
miliar with the applications and data to migrate (though
despite their name, they are not necessarily experts),
and they’re usually stakeholders in seeing that the pro-
cess is properly performed.
subscription Provides the ability to collect copies of
events from multiple remote computers and store them
locally.
supplemental application An application installed
on a select few computers in your environment, such
as specialized applications used by individual groups.
Supplemental applications are in contrast to core ap-
plications, which are installed on most computers.
Sync Center A tool that provides a user interface for
managing content synchronization activities including
redirected folders and other folders marked for offline
use.
System Starter GPO A read-only GPO that provides a
baseline of settings for a specific scenario. Like Starter
GPOs, System Starter GPOs derive from a GPO, let you
store a collection of Administrative template policy set-
tings in a single object, and can be imported. See also
Starter GPO.
Systems Management Server (SMS) A Microsoft
computer management infrastructure used to improve
administrative efficiency and help distribute and
manage software.

computers using a text-based interface similar to a
command prompt.
Test TCP A network troubleshooting tool for testing
TCP connectivity between two computers.
thick image An operating system installation image
that contains core, and possibly supplemental, applica-
tions. Thick images simplify deployment by installation
applications alongside the operating system. However,
because they are more specialized, you typically require
more thick images than thin images.
thin image An operating system installation image
that contains few if any core applications. Thin images
have the advantage of being applicable to a larger
number of computers in your organization than a thick
image, which is more specialized.
TPM See Trusted Platform Module (TPM).
Trusted Platform Module (TPM) The Trusted
Platform Module is a hardware device defined by the
Trusted Computing Group (TCG). A TPM provides
a hardware-based root of trust and can be used to
provide a variety of cryptographic services. Version 1.2
TPMs with TCG-compliant BIOS upgrades allow
BitLocker to provide drive encryption as well as
integrity checking of early boot features, which helps
prevent tampering and provides a transparent startup
experience.
U
UIPI See User Interface Privilege Isolation (UIPI).
Unattend.xml The generic name for the Windows
answer file. Unattend.xml replaces all the answer files in

User Interface Privilege Isolation (UIPI) A feature
of Windows that blocks lower-integrity processes from
accessing higher-integrity processes. This helps protect
against shatter attacks. See also shatter attack.
User mode A processing mode provided by x86-based
processors that provides only limited access to memory
and other system resources. Processes that run in User
mode can access memory allocated to the process, but
must be elevated to Kernel mode by calling system APIs
before the process can access protected resources.
user profile The set of user documents and settings
that make up a user’s desktop environment.
user profile namespace The hierarchy of folders
within a user’s profile folder.
user state The data files and settings associated with a
user profile.
user state migration The process of transferring user
files and settings from one computer to another or
from an older version of Windows to a newer version of
Windows installed on the same computer.
V
VHD Boot The Windows 7 bootloader can be con-
figured to start Windows from a VHD file exactly as
though the VHD file were a standard partition. Simply
copy the VHD file to the local computer and then use
BCDEdit.exe to add an entry to the boot menu for the
VHD file. Windows 7 can also mount VHD files in the
Disk Management console as if they were native
partitions.
View Available Networks A new feature of wireless

later versions. WSD enables users to have a Plug and
Play experience similar to that of USB devices, except
over the network instead of for locally connected
devices.
WER See Windows Error Reporting (WER).
WGA See Windows Genuine Advantage (WGA).
.wim A file name extension that identifies Windows
image files created by ImageX.
Windows AIK See Windows Automated Installation Kit
(Windows AIK).
Windows Anytime Upgrade (WAU) An upgrade
service primarily intended for home users that allows
upgrades from one edition of Windows to a more
advanced edition.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
1665
Glossary
Windows Automated Installation Kit (Windows
AIK) A collection of tools and documentation that you
can use to automate the deployment of the Windows
operating system. Windows AIK is one of several
resources that you can use to deploy Windows; for
example, tools and software such as MDT 2010 and
Microsoft System Center Configuration Manager use
features of Windows AIK to create system images and
automate operating system installations.
Windows Color System (WCS) A feature that works
with the Windows print subsystem to provide a richer
color printing experience that supports wide-gamut
printers (inkjet printers that use more than four ink

Windows installation on a disk volume.
Windows PowerShell Integrated Scripting Environ-
ment (ISE) A GUI for Windows PowerShell that lets
you run commands and write, edit, run, test, and debug
scripts in the same window. It offers up to eight inde-
pendent execution environments and includes a built-in
debugger, multiline editing, selective execution, syntax
colors, line and column numbers, and context-sensitive
Help.
Windows PowerShell Modules Windows PowerShell
modules let you organize your Windows PowerShell
scripts and functions into independent, self-contained
units. You can package your cmdlets, providers, scripts,
functions, and other files into modules that you can
distribute to other users. Modules are easier for users to
install and use than Windows PowerShell snap-ins.
Windows PowerShell Remoting A feature introduced
in Windows PowerShell 2.0 that lets you run Windows
PowerShell commands for automated or interactive
remote management.
Windows Product Activation (WPA) A way to ensure
that customers are using genuine Windows operating
systems purchased from Microsoft resellers. This tool,
which began with Windows XP, defeated casual copying
of Windows XP by ensuring that other systems had not
recently been activated with the same product key.
Windows Server Update Services (WSUS) A free
server tool available for download from Microsoft.com
that administrators can use to manage which updates
are distributed to computers running Windows on their

Z
Zero Touch Installation (ZTI) A MDT 2010 deploy-
ment option that fully automates the deployment of
client computers. During a ZTI installation, the Windows
operating system and all applications are automatically
deployed the first time a computer is connected to the
network and turned on. See also Microsoft Deployment
Toolkit 2010 (MDT 2010).
ZTI See Zero Touch Installation (ZTI).
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
1667
Index
Symbols and
Numbers
$modulePath variable, 471–472
6to4 technology, 1406
A
A records, 1385
AAAA records, 1385–1387
absolute symbolic links, 666–668
accelerators, 892–893
access control entry (ACE), 898
access control list (ACL), 324, 1236
access tokens, 70, 1126
ACE (access control entry), 898
ACL (access control list), 324, 1236
ACM (Application Compatibility
Manager)
configuring, 155–156
defined, 143, 145

ACT Log Processing share, 145–146,
152, 154
Action Center
configuring WER, 1029–1033
functionality, 12
notification area changes, 6
Reliability Monitor support, 1477
Remote Desktop support, 388
Windows Defender support, 39
Windows Memory Diagnostics,
1496
actions
bulk print, 790–791
defining, 996–997
functionality, 985
activation count cache, 339–340
activation threshold, 339
Active Directory And Computers
MMC snap-in, 297, 325
Active Directory Domain Services.
See AD DS (Active Directory Domain
Services)
ActiveX controls, 1125
ActiveX Data Objects, 276
AD DS (Active Directory Domain
Services)
802.1x authentication, 1201–1202
configuring UAC, 1135
connection considerations,
1223–1224

filtering policy settings, 486
functionality, 482
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
1668
Admin Broker process
setting enhancements, 487
Admin Broker process, 901
administrative privileges
security considerations, 71
UAC considerations, 1121–1122,
1129–1131, 1133
Administrative Template (ADM) files.
See ADM (Administrative Template)
files
administrative tools, 128, 140
administrators
configuring administrator approval,
325–326
setting secure desktop, 73
software update considerations,
1106
trustworthy, 65
UAC considerations, 1126–1128
Administrators group, 1121
AdminStudio tool, 263
ADML (Architecture Description
Markup Language), 484
ADMX Migrator, 518–520
ADMX template files
adding to central store, 497,

Alt + Tab combination, 7
AMD-V feature, 144
answer files
automating Windows PE, 289
deployment process overview, 106
functionality, 87, 91–92
platform interconnection, 90
Windows SIM support, 87, 91–92
Anti-Phishing Working Group, 909
antivirus software, 205, 1107, 1632
anycast addresses, 1374
API (application programming
interface)
biometric support, 79
EAPHost support, 1208–1209
improved peer networking,
1206–1207
Layered Service Provider support,
1209
NAP support, 57, 1160
Network Awareness, 1205–1206
NLA support, 1240
notification-based indexing, 846
Pacer.sys driver support, 1176
SUA support, 172
Windows Deployment Services
support, 297
Windows PE support, 95, 276
WSD support, 1209
APIPA (Automatic Private IP

reasons for failure, 140–141
selecting specific versions,
168–169
setting deployment status,
163–164
testing, 127–128, 169–178
troubleshooting, 24
UAC considerations, 1133–1134
user profile namespace issues,
540–545
Windows XP Mode, 144
Application Compatibility Manager.
See ACM (Application Compatibility
Manager)
Application Compatibility Toolkit.
See ACT (Application Compatibility
Toolkit)
Application Compatibility Toolkit
Data Collector, 143
Application Data folder, 535
application deployment
adding to deployment shares,
189–194, 265–267
adding to task sequence, 190, 205
App-V support, 391
automating installation, 252,
257–261
choosing deployment strategy,
253–256
choosing sample data, 236

functionality, 61, 66–67, 390
Group Policy support, 487
rule types supported, 1143–1146
software restriction policy
comparison, 1142–1143
Windows PowerShell support, 1149
AppStations, 151
App-V (Application Virtualization),
145, 391–392
AQS (Advanced Query Syntax), 822
Architecture Description Markup
Language (ADML), 484
arithmetic operators, 446–447
ARP (Address Resolution Protocol),
1196, 1381–1382
Arp tool, 1522, 1524–1525
arrays, evaluating, 451
ASLR (Address Space Layout
Randomization), 59
Asset Inventory Service (AIS), 392
asset management, 392
ATA storage devices, 1634
ATTEMPTED_WRITE_TO_READONLY_
MEMORY (Stop message), 1621
auditing
AppLocker rules, 1146–1148
configuring UAC, 1140
deployment process overview, 107
enhancements, 62, 76–78
Global Object Access Auditing, 78

Intelligent Transfer Service)
backtick character, 426
backup/restore considerations
Action Center support, 12
backup process overview, 625–626
best practices, 632
BitLocker support, 64
file and folder backup structure,
626–628
functionality, 624–625
Group Policy settings, 632–634
manipulating previous versions,
634–639
reinstalling Windows, 1456–1457
software updates, 1108
System Image backups, 628–632
Windows NT Backup-Restore
utility, 389
BAD_POOL_CALLER (Stop message),
1621–1623
bandwidth considerations, 1089,
1093, 1106, 1176
Base Filter Engine (BFE), 1232–1233
batteries, 16–17
BBE (Better than Best Effort), 1177
BCD registry file
additional information, 1423
backing up/restoring settings,
1441–1442
enhancements, 1420

Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
1670
beta testing
beta testing, 1114
Better than Best Effort (BBE), 1177
BFE (Base Filter Engine), 1232–1233
BgInfo tool, 389
BitLocker Drive Encryption
clear key, 646, 657
configuring data recovery agent,
658–659
cost considerations, 662
data theft and, 44
decommissioning permanently,
657–658
disabling, 656–657
enabling on data volumes, 652–653
enabling on system volumes,
650–652
external key support, 646
functionality, 61–66, 390, 641–643
indexing considerations, 856
managing from command line,
653–655
managing on local computer, 653
managing with Group Policy,
659–661
MDT solution framework, 116
phases, 648–649
preparing AD DS, 658

boot logs, 1461–1462, 1465–1466
Boot Manager. See Windows Boot
Manager
Boot.ini file, 1420
Boot.wim file, 91
bootable media, creating, 285–288
bootable partitions, 1428
BootPRO tool, 1421
Bootrec.exe tool, 1424, 1451–1452
Bootsect tool, 97, 277, 1424, 1454
BootStrap.ini file, 372
BranchCache
architectures supported, 1185
benefits, 1305–1306
configuring, 1187–1188
Distributed Cache mode, 15,
1186–1187, 1306
functionality, 390, 1185, 1294,
1306
Hosted Cache mode, 15,
1185–1186, 1306
implementing, 1307
performance improvement, 15
protocols supported, 1188–1189,
1307
SMB support, 1189
web browsing considerations,
1189–1190
break statement (Windows
PowerShell), 443

catalogs
automating Windows PE, 289
default indexing scopes, 838
default system exclusion rules,
835–836
defined, 88, 827
FANCI bit, 836–837
files/subfolders structure, 833–835
functionality, 832–833
initial configuration, 838
cd command, 404
central store, 484, 497, 502–504
CER (Corporate Error Reporting), 1019
certificates. See personal certificates
certification authority (CA), 1223,
1230, 1304
Challenge Handshake Authentication
Protocol (CHAP), 1315–1316
channels, 965–966
CHAP (Challenge Handshake
Authentication Protocol), 1315–1316
ChkDsk tool
BitLocker support, 651
examples, 1501
functionality, 1500–1501
graphical interface support, 1503
NTFS support, 1503–1505
scheduling considerations, 1503
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
1671

317–321
grouping, 367–368
pre-staging, 325
print management, 792–804
VAMT support, 344
Client-Side Rendering (CSR), 762
clock speeds, 1634
clouds, 1040, 1206
CLR (Common Language Runtime),
278
CMAK tools, 1321, 1338
Cmd.exe (command prompt), 388
cmdlets. See also specific cmdlets
alias support, 410, 413
AppLocker support, 1149
BITS support, 1093–1094
filtering output, 416–418
functionality, 385, 397
gathering event information,
978–982
gathering performance data,
954–955
Group Policy support, 486,
509–511
naming convention, 397, 399
output objects, 419–421
parameter considerations, 411–412
property considerations, 414
verbs supported, 399–402
wildcard characters, 412, 414

comparison operators, 446–447
Compatibility Administrator tool
ACT support, 169
creating AppHelp messages,
176–177
creating compatibility fixes,
174–176
creating compatibility mode, 176
creating custom databases, 174
process flow, 173
starting, 174
system requirements, 153
terminology supported, 173–174
compatibility evaluators, 147–148,
157
compatibility mode, 173, 176
Complete-BitsTransfer cmdlet, 1093
Component Object Model (COM),
508
components, 88, 91–92
Computer Browser service, 1170
Conditions list
filtering groups, 206
If statements, 208
operating system versions, 209
task sequence variables, 207–208
WMI queries, 209–210
confidentiality (CIA triad), 64
Config.xml file, 241
Configuration Manager. See SCCM

Cookies folder
Indexing Options, 838, 847, 857
managing Offline Files, 595–596
managing Windows Firewall, 1262
Power Options utility, 733–734
WBF support, 79
Cookies folder, 535
Copy-Item cmdlet, 472
Copy-Module function, 470, 472
Copype.cmd script, 280
core networking
802.1x network authentication,
1199–1202
BranchCache support, 1185–1190
DNSSec support, 488, 1190
efficiency considerations,
1191–1195
GreenIT, 1190–1191
improved reliability, 1197
IPv6 support, 1198–1199
scalability considerations,
1196–1197
Server Message Block, 1202–1203
strong host model, 1203
Volume Activation scenario, 345,
347
wireless networking, 1203–1205
Corporate Error Reporting (CER),
1019
corporate roaming. See Folder

adding custom migration files, 245
configuring, 361–362
customizing, 371–372
depicted, 243
properties supported, 362–363
providing credentials, 360
Refresh Computer scenario, 364
D
DaRT (Diagnostics and Recovery
Toolset), 392
Data Collection Package. See DCP
(Data Collection Package)
data collector sets
as diagnostic tools, 1492–1493
configuring, 946–947
creating, 943–945
starting/stopping logging, 949
troubleshooting support,
1545–1546
types supported, 942
viewing performance data,
947–951
viewing properties, 947
data collectors, 942
Data Encryption Standard (DES),
1312–1315
Data Execution Prevention (DEP), 55,
58, 75
Data Manager, 947–949
data recovery agent, configuring,

DCS. See data collector sets
DDI (Device-Driver Interface), 682
DDNS (Dynamic DNS), 340, 342
dead gateway detection, 1197
debugging
kernel debugger, 1602, 1633
logging support, 524
memory dump files and,
1598–1600
Default profile, 538
default statement (Windows
PowerShell), 449
Default User profile, 538
defense-in-depth technique, 41, 899,
1142
definition files, 220
definition updates, 1155
defragmentation, disk, 622, 1124
del command, 404
delete volume command, 619
deleting
browser history, 913–914
files, 674
folders, 404
tasks, 1004
text files, 404
volumes, 619
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.