Appendix Terminal Server A - 17 Remote Control Terminal Server allows an administrator to view or take control of a user’s session. This feature not only allows administrators to monitor user actions on a terminal server, but also acts like Remote Assistance, allowing a help desk employee to control a user’s ses­ sion and perform actions that the user is able to see as well. To establish remote control, both the user and the administrator must be connected to terminal server sessions. The administrator must open the Terminal Server Manager console from the Administrative tools group, right-click the user’s session, and choose Control. By default, the user will be notified that the administrator wishes to connect to the session, and can accept or deny the request. Important Remote Control is available only when using Terminal Server Manager within a terminal server session. You cannot establish remote control by opening Terminal Server Manager on your PC. Remote control settings include the ability to remotely view and remotely control a ses­ sion, as well as whether the user should be prompted to accept or deny the adminis­ trator’s access. These settings can be configured in the user account properties on the Remote Control tab, as shown in Figure A-13, and can be configured by the properties of the RDP-Tcp connection, which will override user account settings. Group Policy can also be used to specify remote control configuration. Figure A-13 The Remote Control tab of a user’s properties dialog box Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. A-18 Appendix Terminal Server In addition to enabling remote control settings, an administrator must have permis­ sions to establish remote control over the terminal server connection. Using the Per- missions tab of the RDP-Tcp Properties dialog box, you can assign the Full Control permission template or, by clicking Advanced, assign the Remote Control permission to a group, as shown in Figure A-14. Figure A-14 The Remote Control permission Review This appendix provides an overview of Terminal Server and the tools, technologies, and processes used to configure and, ultimately, troubleshoot the feature. The aim of this appendix, like the rest of this training kit, is to prepare you for the 70-290 certification exam. If you plan to deploy or support Terminal Server in your production network, be sure to refer to online help and the Microsoft Knowledge Base for additional detail. Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. Glossary Numbers 802.11 Refers to a family of Institute of Electrical and Electronics Engineers (IEEE) specifications for wireless networking. 802.11a An extension to 802.11 that applies to wireless local area networks (WLANs) and provides up to 54 Mbps in the 5 GHz band. 802.11b An extension to 802.11 that applies to wirelessLANs and provides 11 Mbps transmission (with a fallback to 5.5, 2, and 1 Mbps) in the 2.4 GHz band. 802.11b is a 1999 ratification to the original 802.11 standard, allowing wireless functionality comparable to Ethernet. Also called Wi-Fi. 802.11g An extension to 802.11 that applies to wireless LANs and provides 54 Mbps transmission in the 2.4 GHz band. 802.11g is backward compatible with 802.11b, allowing the two to work together. A access control entry (ACE) An entry in an access control list (ACL) that defines the level of access for a user or group. access control list (ACL) A set of data associated with a file, directory, or other resource that defines the permissions users or groups have for accessing it. In Active Directory, the ACL is a list of access control entries (ACEs) stored with the object it protects. In Microsoft Windows NT, an ACL is stored as a binary value called a security descriptor. access token or security access token A collection of security identifiers (SIDs) that represent a user and that user’s group memberships. The security subsystem compares SIDs in the token to SIDs in an access control list (ACL) to determine resource access. account lockout A security feature that disables a user account if failed logons exceed a specified number in a specified period of time. Locked accounts cannot log on and must be unlocked by an administrator. Active Directory Beginning in Microsoft Windows 2000 Server and continuing in Windows Server 2003, Active Directory replaces the Windows NT collection of directory functions with functionality that integrates with and relies upon stan­ dards including Domain Name System (DNS), Lightweight Directory Access Proto­ col (LDAP), and Kerberos security protocol. G-1 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. G-2 Glossary Active Directory–integrated zone A DNS (Domain Name System) zone stored in Active Directory so it has Active Directory security features and can be used for multimaster replication. Active Directory Service Interface (ADSI) A programming interface that provides access to Active Directory. ActiveX A loosely defined set of technologies that allows software components to interact with each other in a networked environment. ActiveX component Reusable software component that adheres to the ActiveX specification and can operate in an ActiveX–compliant environment. address A precise location where a piece of information is stored in memory or on disk. Also, the unique identifier for a node on a network. On the Internet, the code by which an individual user is identified. The format is username@hostname, where username is your user name, logon name, or account number, and host- name is the name of the computer or Internet provider you use. The host name might be a few words strung together with periods. Address Resolution Protocol (ARP) A Transmission Control Protocol/Internet Pro­ tocol (TCP/IP) and AppleTalk protocol that provides IP-address-to-MAC (media access control) address resolution for IP packets. Advanced Configuration Power Interface (ACPI) An industry specification, defin­ ing power management on a range of computer devices. ACPI compliance is nec­ essary for devices to take advantage of Plug and Play and power management capabilities. allocation unit The smallest unit of managed space on a hard disk or logical vol­ ume. Also called a cluster. anonymous FTP A way to use an FTP program to log on to another computer to copy files when you do not have an account on that computer. When you log on, enter anonymous as the user name and your e-mail address as the password. This gives you access to publicly available files. See also File Transfer Protocol (FTP). AppleTalk Local area network architecture built into Macintosh computers to con­ nect them with printers. A network with a Windows Server 2003 server and Mac­ intosh clients can function as an AppleTalk network with the use of AppleTalk network integration (formerly Services for Macintosh). Archive (A) attribute An attribute of each file that is used by backup utilities to determine whether or not to back up that file. The Archive attribute is set to TRUE whenever a file is created or modified. Differential and incremental backup jobs will back up files only if their archive attribute is TRUE. Associate To connect files having a particular extension to a specific program. When you double-click a file with the extension, the associated program is launched and the file you clicked is opened. In Windows, associated file extensions are usually called registered file types. Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. Glossary G - 3 Asynchronous Transfer Mode (ATM) A network technology based on sending data in cells or packets of a fixed size. It is asynchronous in that the transmission of cells containing information from a particular user is not necessarily periodic. attribute A characteristic. In Windows file management, it is information that shows whether a file is read-only, hidden, compressed, encrypted, ready to be backed up (archived), or should be indexed. audit policy Defines the type of security events to be logged. It can be defined on a server or an individual computer. authentication Verification of the identity of a user or computer process. In Windows Server 2003, Windows 2000, and Windows NT, authentication involves comparing the user’s security identifier (SID) and password to a list of authorized users on a domain controller. authoritative restore Specifies a type of recovery of Active Directory. When an authoritative restore is performed using the Backup Utility and Ntdsutil in the Directory Services Restore Mode, the directory or the specific object(s) in the directory that have been authoritatively restored are replicated to other domain controllers in the forest. See also non-authoritative restore. Automated System Recovery (ASR) A feature of Windows Server 2003 that allows an administrator to return a failed server to operation efficiently. Using the ASR Wizard of the Backup Utility, you create an ASR set which includes a floppy disk with a catalog of system files, and a comprehensive backup. When a server fails, boot with the Windows Server 2003 CD-ROM and press F2 when prompted to start Automated System Recovery. Automatic Updates A client-side component that can be used to keep a system up to date with security rollups, patches, and drivers. Automatic Updates is also the client component of a Software Update Services (SUS) infrastructure, which allows an enterprise to provide centralized and managed updates. B Background Intelligent Transfer Service (BITS) A service used to transfer files between a client and a Hypertext Transfer Protocol (HTTP) server. BITS intelli­ gently uses idle network bandwidth, and will decrease transfer requests when other network traffic increases. backup domain controller (BDC) In a Windows NT domain, a computer that stores a backup of the database that contains all the security and account informa­ tion from the primary domain controller (PDC). The database is regularly and automatically synchronized with the copy on the PDC. A BDC also authenticates logons and can be promoted to a PDC when necessary. In a Windows Server 2003 or Windows 2000 domain, BDCs are not required; all domain controllers are peers, and all can perform maintenance on the directory. Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. G-4 Glossary backup media pool A logical set of backup storage media used by Windows Server 2003 and Windows 2000 Server Backup. bandwidth On a network, the transmission capacity of a communications channel stated in megabits per second (Mbps). For example, Ethernet has a bandwidth of 10 Mbps. Fast Ethernet has a bandwidth of 100 Mbps. basic disk A physical disk that is configured with partitions. The disk’s structure is compatible with previous versions of Windows and with several non-Windows operating systems. Basic Input/Output System (BIOS) The program used by a personal computer’s microprocessor to start the system and manage data flow between the operating system and the computer’s devices, such as its hard disks, CD-ROM, video adapter, keyboard, and mouse. binding A software connection between a network card and a network transport protocol such as Transmission Control Protocol/Internet Protocol (TCP/IP). BOOTP Used on Transmission Control Protocol/Internet Protocol (TCP/IP) networks to enable a diskless workstation to learn its own IP address, the location of a BOOTP server on the network, and the location of a file to be loaded into memory to boot the machine. This allows a computer to boot without a hard disk or a floppy disk. Stands for “Boot Protocol.” bottleneck Refers to the point of resource insufficiency when demand for computer system resources and services becomes extreme enough to cause performance degradation. broadcasting To send a message to all computers on a network simultaneously. See also multicasting. Browser service The service that maintains a current list of computers and provides the list to applications when needed. When a user attempts to connect to a resource in the domain, the Browser service is contacted to provide a list of avail- able resources. The lists displayed in My Network Places and Active Directory Users and Computers (among others) are provided by the Browser service. Also called the Computer Browser service. C Caching A process used to enhance performance by retaining previously-accessed information in a location that provides faster response than the original location. Hard disk caching is used by the File and Print Sharing for Microsoft Networks ser­ vice, which stores recently accessed disk information in memory for faster retrieval. The Remote Desktop Connection client can cache previously viewed screen shots from the terminal server on its local hard disk to improve perfor­ mance of the Remote Desktop Protocol (RDP) connection. catalog An index of files in a backup set. Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. Glossary G - 5 certificate A credential used to prove the origin, authenticity, and purpose of a pub­ lic key to the entity that holds the corresponding private key. certificate authority (CA) The service that accepts and fulfills certificate requests and revocation requests and that can also manage the policy-directed registration process a user completes to get a certificate. certificate revocation list (CRL) A digitally signed list (published by a certificate authority) of certificates that are no longer valid. child domain A domain located directly beneath another domain name (which is known as a parent domain). For example, Engineering.scribes.com is a child domain of scribes.com, the parent domain. Also called a subdomain. child object An object inside another object. For example, a file is a child object inside a folder, which is the parent object. Client Access License (CAL) The legal right to connect to a service or application. CALs can be configured per server or per device/per user. cluster A set of computers joined together in such a way that they behave as a single system. Clustering is used for network load balancing as well as fault tolerance. In data storage, a cluster is the smallest amount of disk space that can be allocated for a file. Cluster service The collection of software on each node that manages all cluster- specific activity. codec Technology that compresses and decompresses data, particularly audio or video. Codecs can be implemented in software, hardware, or a combination of both. common name (CN) The primary name of an object in a Lightweight Directory Access Protocol (LDAP) directory such as Active Directory. The CN must be unique within the container or organizational unit (OU) in which the object exists. concurrent Simultaneous. console tree The default left pane in a Microsoft Management Console (MMC) that shows the items contained in a console. container An Active Directory object that has attributes and is part of the Active Directory namespace. Unlike other objects, it does not usually represent some- thing concrete. It is a package for a group of objects and other containers. D delegate Assign administrative rights over a portion of the namespace to another user or group. Device Driver A program that enables a specific device, such as a modem, network adapter, or printer, to communicate with the operating system. Although a device might be installed on your system, Windows cannot use the device until you have Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. G-6 Glossary installed and configured the appropriate driver. Device drivers load automatically (for all enabled devices) when a computer is started, and thereafter run transparently. Device Manager An administrative tool that you can use to administer the devices on your computer. Using Device Manager, you can view and change device prop­ erties, update device drivers, configure device settings, and uninstall devices. digital signature An attribute of a driver, application, or document that identifies the creator of the file. Microsoft’s digital signature is included in all Microsoft-supplied drivers, providing assurance as to the stability and compatibility of the drivers with Windows Server 2003 and Windows 2000 Server. directory service A means of storing directory data and making it available to net- work users and administrators. For example, Active Directory stores information about user accounts, such as names, passwords, phone numbers, and so on, and enables other authorized users on the same network to access this information. disk quota A limitation set by an administrator on the amount of disk space available to a user. distinguished name (DN) In the context of Active Directory, “distinguished” means the qualities that make the name distinct. The DN identifies the domain that holds the object, as well as the complete path through the container hierarchy used to reach the object. Distributed file system (Dfs) A file management system in which files can be located on separate computers but are presented to users as a single directory tree. DNS name servers Servers that contain information about part of the Domain Name System (DNS) database. These servers make computer names available to queries for name resolution across the Internet. Also called domain name servers. domain A group of computers that share a security policy and a user account data- base. A Windows Server 2003 domain is not the same as an Internet domain. See also domain name. domain controller A server in a domain that accepts account logons and initiates their authentication. In an Active Directory domain, a domain controller controls access to network resources and participates in replication. domain functional level The level at which an Active Directory domain operates. As functional levels are raised, more features of Active Directory become avail- able. There are four levels: Windows 2000 mixed, Windows 2000 native, Windows Server 2003 interim, and Windows Server 2003. domain local group A local group used on ACLs only in its own domain. A domain local group can contain users and global groups from any domain in the forest, universal groups, and other domain local groups in its own domain. domain name In Active Directory, the name given to a collection of networked computers that share a common directory. On the Internet, the unique text name Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. Glossary G - 7 that identifies a specific host. A machine can have more than one domain name, but a given domain name points to only one machine. Domain names are resolved to IP addresses by DNS name servers. Domain Name System (DNS) A service on Transmission Control Protocol/Internet Protocol (TCP/IP) networks (including the Internet) that translates domain names into IP addresses. This allows users to employ friendly names like FinanceServer or Adatum.com when querying a remote system, instead of using an IP address such as 192.168.1.10. domain naming master The one domain controller assigned to handle the addition or removal of domains in a forest. See also Operations Master. DWORD A data type consisting of four bytes in hexadecimal. Dynamic Data Exchange (DDE) Communication between processes implemented in the Windows family of operating systems. When programs that support DDE are running at the same time, they can exchange data by means of conversations. Conversations are two-way connections between two applications that transmit data alternately. dynamic disk A disk that is configured using volumes. Its configuration is stored in the Logical Disk Manager (LDM) database, and is replicated to other dynamic disks attached to the same computer. Dynamic disks are compatible only with Windows Server 2003, Windows XP, and Windows 2000. Dynamic Host Configuration Protocol (DHCP) A Transmission Control Protocol/ Internet Protocol (TCP/IP) protocol used to automatically assign IP addresses and configure TCP/IP for network clients. dynamic-link library (DLL) A program module that contains executable code and data that can be used by various programs. A program uses the DLL only when the program is active, and the DLL is unloaded when the program closes. E effective permissions The permissions that result from the evaluation of group and user permissions allowed, denied, inherited, and explicitly defined on a resource. The effective permissions determine the actual access for a security principal. enterprise Term used to encompass a business’s entire operation, including all remote offices and branches. environment variable A string of environment information such as a drive, path, or filename associated with a symbolic name. The System option in Control Panel or the Set command from the command prompt can be used to define environment variables. Ethernet A local area network (LAN) protocol. Ethernet supports data transfer rates of 10 Mbps and uses a bus topology and thick or thin coaxial, fiberoptic, or Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. G-8 Glossary twisted-pair cabling. A newer version of Ethernet called Fast Ethernet supports data transfer rates of 100 Mbps, and an even newer version, Gigabit Ethernet, sup- ports data transfer rates of 1000 Mbps. extended partition A nonbootable portion of a hard disk that can be subdivided into logical drives. There can be only a single extended partition per hard disk. Extensible Authentication Protocol (EAP) An extension to the Point-to-Point Pro­ tocol (PPP) that allows the use of arbitrary authentication methods for validating a PPP Connection. Extensible Markup Language (XML) An abbreviated version of the Standard Gen­ eralized Markup Language (SGML), it allows the flexible development of user- defined document types and provides a non-proprietary, persistent, and verifiable file format for the storage and transmission of text and data both on and off the Web. external trust A one-way or two-way trust for providing access to a Windows NT 4 domain or a domain located in another forest that is not joined by a forest trust. F failover An operation that automatically switches to a standby database, server, or network if the primary system fails or is temporarily shut down for servicing. In server clusters, the process of taking resources off one node in a prescribed order and restoring them on another node. fault tolerance The ability of a system to ensure data integrity when an unexpected hardware or software failure occurs. Many fault-tolerant computer systems mirror all operations—that is, all operations are done on two or more duplicate systems, so if one fails the other can take over. File Replication Service (FRS) The service responsible for ensuring consistency of the SYSVOL folder on domain controllers. FRS will replicate, or copy, any changes made to a domain controller’s SYSVOL to all other domain controllers. FRS can also be used to replicate folders in a Distributed File System (Dfs). File Transfer Protocol (FTP) A method of transferring one or more files from one computer to another over a network or telephone line. Because FTP has been implemented on a variety of systems, it’s a simple way to transfer information between usually incongruent systems such as a PC and a minicomputer. firewall A protective filter for messages and logons. An organization connected directly to the Internet uses a firewall to prevent unauthorized access to its net- work. See also proxy server. folder redirection An option in Group Policy to place users’ special folders, such as My Documents, on a network server. forest A group of one or more Active Directory trees that trust each other through two-way transitive trusts. All trees in a forest share a common schema, configuration, Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. [...]... domains, such as com, edu, and gov native mode In Windows 2000 domains, the condition of a domain when all domain controllers have been upgraded to Windows 2000 and the administrator has enabled native mode operation In Windows Server 2003 domains, where there are no Windows 2000 or Windows NT 4 domain controllers, native mode is simply called Windows Server 2003 mode or functional level See also domain... group, and user account on a Windows Server 2003, Windows 2000, or Windows NT network Internal processes in the operating system refer to an account’s SID, rather than a name A deleted SID is never reused security principal An identity that can be given permission to a resource A security principal is an object that includes a security identifier (SID) attribute Windows Server 2003 supports four security... Protocol (PPTP) SLIP is part of Windows remote access for compatibility with other remote access software server A computer that provides a service to other computers on a network A file server, for example, provides files to client machines Server Message Block (SMB) An application-layer protocol that allows a client to access files and printers on remote servers Clients and servers that are configured... verified by a RADIUS server, which then authorizes access to the ISP system Remote Desktop for Administration A technology based on Terminal Services that allows up to two remote connections to a server for remote administration purposes In Windows 2000, this was known as Terminal Server in Remote Admin­ istration mode Remote Installation Services (RIS) Allows clients to boot from a network server and use... the GUID will remain the same GUID partition table (GPT) The storage location for disk configuration information for disks used in 64-bit versions of Windows Group Policy Setting of rules for computers and users in Windows Server 2003 and Windows 2000 Server Group Policy is able to store policies for file deployment, application deployment, logon/logoff scripts, startup/shutdown scripts, domain security,... system R realm trust Used to connect between a non -Windows Kerberos realm and a Windows Server 2003 domain Realm trusts can be transitive or non-transitive, one-way, or two-way Recovery Console A command-line interface that provides limited access to the sys­ tem for troubleshooting purposes The Recovery Console can be launched by booting with the Windows Server 2003 CD-ROM and, when prompted, pressing... that authenticates domain logons and maintains the security policy and master database for a domain In a Windows 2000 or Windows Server 2003 domain, running in mixed mode, one of the domain controllers in each domain is identified as the PDC emulator master for compatibility with down-level clients and servers primary partition A portion of the hard disk that’s been marked as a potentially bootable logical... including network settings, printer connections, desktop settings, and program items proxy server A server that receives Web requests from clients, retrieves Web pages, and forwards them back to clients Proxy servers can dramatically improve perfor­ mance for groups of users by caching retrieved pages Proxy servers also provide security by shielding the IP addresses of internal clients from the Internet... network communication media pool A logical collection of removable media sharing the same management policies member server A server that is part of a domain but is not a domain controller Member servers can be dedicated to managing files or printer services or other functions A member server does not verify logons or maintain a security database mirror 1 Two partitions on two hard disks (also called... will contain identical data to the other If one disk fails, the other contains the data and processing can continue 2 A File Transfer Protocol (FTP) server that provides copies of the same files as another server Some FTP servers are so pop­ ular that other servers have been set up to mirror them and spread the FTP load to more than one site MMC (Microsoft Management Console) A framework for hosting administrative . avail- able. There are four levels: Windows 2000 mixed, Windows 2000 native, Windows Server 2003 interim, and Windows Server 2003. domain local group A local. operation. In Windows Server 2003 domains, where there are no Windows 2000 or Windows NT 4 domain controllers, native mode is simply called Windows Server 2003