Appendix Terminal Server
A
-
17
Remote Control
Terminal Server allows an administrator to view or take control of a user’s session. This
feature not only allows administrators to monitor user actions on a terminal server, but
also acts like Remote Assistance, allowing a help desk employee to control a user’s ses­
sion and perform actions that the user is able to see as well.
To establish remote control, both the user and the administrator must be connected to
terminal server sessions. The administrator must open the Terminal Server Manager
console from the Administrative tools group, right-click the user’s session, and choose
Control. By default, the user will be notified that the administrator wishes to connect to
the session, and can accept or deny the request.
Important
Remote Control is available only when using Terminal Server Manager within a
terminal server session. You cannot establish remote control by opening Terminal Server
Manager on your PC.
Remote control settings include the ability to remotely view and remotely control a ses­
sion, as well as whether the user should be prompted to accept or deny the adminis­
trator’s access. These settings can be configured in the user account properties on the
Remote Control tab, as shown in Figure A-13, and can be configured by the properties
of the RDP-Tcp connection, which will override user account settings. Group Policy
can also be used to specify remote control configuration.
Figure A-13 The Remote Control tab of a user’s properties dialog box
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
A-18
Appendix Terminal Server
In addition to enabling remote control settings, an administrator must have permis­
sions to establish remote control over the terminal server connection. Using the Per-
missions tab of the RDP-Tcp Properties dialog box, you can assign the Full Control

called a security descriptor.
access token or security access token A collection of security identifiers (SIDs)
that represent a user and that user’s group memberships. The security subsystem
compares SIDs in the token to SIDs in an access control list (ACL) to determine
resource access.
account lockout A security feature that disables a user account if failed logons
exceed a specified number in a specified period of time. Locked accounts cannot
log on and must be unlocked by an administrator.
Active Directory Beginning in Microsoft Windows 2000 Server and continuing in
Windows Server 2003, Active Directory replaces the Windows NT collection of
directory functions with functionality that integrates with and relies upon stan­
dards including Domain Name System (DNS), Lightweight Directory Access Proto­
col (LDAP), and Kerberos security protocol.
G-1
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
G-2
Glossary
Active Directory–integrated zone A DNS (Domain Name System) zone stored in
Active Directory so it has Active Directory security features and can be used for
multimaster replication.
Active Directory Service Interface (ADSI) A programming interface that provides
access to Active Directory.
ActiveX A loosely defined set of technologies that allows software components to
interact with each other in a networked environment.
ActiveX component Reusable software component that adheres to the ActiveX
specification and can operate in an ActiveX–compliant environment.
address A precise location where a piece of information is stored in memory or on
disk. Also, the unique identifier for a node on a network. On the Internet, the code
by which an individual user is identified. The format is username@hostname,
where username is your user name, logon name, or account number, and host-

-
3
Asynchronous Transfer Mode (ATM) A network technology based on sending
data in cells or packets of a fixed size. It is asynchronous in that the transmission
of cells containing information from a particular user is not necessarily periodic.
attribute A characteristic. In Windows file management, it is information that shows
whether a file is read-only, hidden, compressed, encrypted, ready to be backed up
(archived), or should be indexed.
audit policy Defines the type of security events to be logged. It can be defined on a
server or an individual computer.
authentication Verification of the identity of a user or computer process. In Windows
Server 2003, Windows 2000, and Windows NT, authentication involves comparing
the user’s security identifier (SID) and password to a list of authorized users on a
domain controller.
authoritative restore Specifies a type of recovery of Active Directory. When an
authoritative restore is performed using the Backup Utility and Ntdsutil in the
Directory Services Restore Mode, the directory or the specific object(s) in the
directory that have been authoritatively restored are replicated to other domain
controllers in the forest. See also non-authoritative restore.
Automated System Recovery (ASR) A feature of Windows Server 2003 that allows
an administrator to return a failed server to operation efficiently. Using the ASR
Wizard of the Backup Utility, you create an ASR set which includes a floppy disk
with a catalog of system files, and a comprehensive backup. When a server fails,
boot with the Windows Server 2003 CD-ROM and press F2 when prompted to start
Automated System Recovery.
Automatic Updates A client-side component that can be used to keep a system up
to date with security rollups, patches, and drivers. Automatic Updates is also the
client component of a Software Update Services (SUS) infrastructure, which allows
an enterprise to provide centralized and managed updates.
B

BOOTP server on the network, and the location of a file to be loaded into memory
to boot the machine. This allows a computer to boot without a hard disk or a
floppy disk. Stands for “Boot Protocol.”
bottleneck Refers to the point of resource insufficiency when demand for computer
system resources and services becomes extreme enough to cause performance
degradation.
broadcasting To send a message to all computers on a network simultaneously. See
also multicasting.
Browser service The service that maintains a current list of computers and provides
the list to applications when needed. When a user attempts to connect to a
resource in the domain, the Browser service is contacted to provide a list of avail-
able resources. The lists displayed in My Network Places and Active Directory
Users and Computers (among others) are provided by the Browser service. Also
called the Computer Browser service.
C
Caching A process used to enhance performance by retaining previously-accessed
information in a location that provides faster response than the original location.
Hard disk caching is used by the File and Print Sharing for Microsoft Networks ser­
vice, which stores recently accessed disk information in memory for faster
retrieval. The Remote Desktop Connection client can cache previously viewed
screen shots from the terminal server on its local hard disk to improve perfor­
mance of the Remote Desktop Protocol (RDP) connection.
catalog An index of files in a backup set.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Glossary
G
-
5
certificate A credential used to prove the origin, authenticity, and purpose of a pub­
lic key to the entity that holds the corresponding private key.

delegate Assign administrative rights over a portion of the namespace to another
user or group.
Device Driver A program that enables a specific device, such as a modem, network
adapter, or printer, to communicate with the operating system. Although a device
might be installed on your system, Windows cannot use the device until you have
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
G-6
Glossary
installed and configured the appropriate driver. Device drivers load automatically (for
all enabled devices) when a computer is started, and thereafter run transparently.
Device Manager An administrative tool that you can use to administer the devices
on your computer. Using Device Manager, you can view and change device prop­
erties, update device drivers, configure device settings, and uninstall devices.
digital signature An attribute of a driver, application, or document that identifies the
creator of the file. Microsoft’s digital signature is included in all Microsoft-supplied
drivers, providing assurance as to the stability and compatibility of the drivers with
Windows Server 2003 and Windows 2000 Server.
directory service A means of storing directory data and making it available to net-
work users and administrators. For example, Active Directory stores information
about user accounts, such as names, passwords, phone numbers, and so on, and
enables other authorized users on the same network to access this information.
disk quota A limitation set by an administrator on the amount of disk space available
to a user.
distinguished name (DN) In the context of Active Directory, “distinguished” means
the qualities that make the name distinct. The DN identifies the domain that holds
the object, as well as the complete path through the container hierarchy used to
reach the object.
Distributed file system (Dfs) A file management system in which files can be
located on separate computers but are presented to users as a single directory tree.
DNS name servers Servers that contain information about part of the Domain Name

domain naming master The one domain controller assigned to handle the addition
or removal of domains in a forest. See also Operations Master.
DWORD A data type consisting of four bytes in hexadecimal.
Dynamic Data Exchange (DDE) Communication between processes implemented
in the Windows family of operating systems. When programs that support DDE
are running at the same time, they can exchange data by means of conversations.
Conversations are two-way connections between two applications that transmit
data alternately.
dynamic disk A disk that is configured using volumes. Its configuration is stored in
the Logical Disk Manager (LDM) database, and is replicated to other dynamic
disks attached to the same computer. Dynamic disks are compatible only with
Windows Server 2003, Windows XP, and Windows 2000.
Dynamic Host Configuration Protocol (DHCP) A Transmission Control Protocol/
Internet Protocol (TCP/IP) protocol used to automatically assign IP addresses and
configure TCP/IP for network clients.
dynamic-link library (DLL) A program module that contains executable code and
data that can be used by various programs. A program uses the DLL only when the
program is active, and the DLL is unloaded when the program closes.
E
effective permissions The permissions that result from the evaluation of group and
user permissions allowed, denied, inherited, and explicitly defined on a resource.
The effective permissions determine the actual access for a security principal.
enterprise Term used to encompass a business’s entire operation, including all
remote offices and branches.
environment variable A string of environment information such as a drive, path, or
filename associated with a symbolic name. The System option in Control Panel or
the Set command from the command prompt can be used to define environment
variables.
Ethernet A local area network (LAN) protocol. Ethernet supports data transfer rates
of 10 Mbps and uses a bus topology and thick or thin coaxial, fiberoptic, or

File Transfer Protocol (FTP) A method of transferring one or more files from one
computer to another over a network or telephone line. Because FTP has been
implemented on a variety of systems, it’s a simple way to transfer information
between usually incongruent systems such as a PC and a minicomputer.
firewall A protective filter for messages and logons. An organization connected
directly to the Internet uses a firewall to prevent unauthorized access to its net-
work. See also proxy server.
folder redirection An option in Group Policy to place users’ special folders, such as
My Documents, on a network server.
forest A group of one or more Active Directory trees that trust each other through
two-way transitive trusts. All trees in a forest share a common schema, configuration,
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.