Glossary


access control: The mechanism for validating the right to use a resource or service, such as a connection, logon, or file access, that is stored on or connected to a server. A user name and password combination is the most common means of access control.

access control entry (ACE): An entry in an access control list (ACL). Each access control entry defines the protection or auditing to be applied to a file or other object for a specific user or group.

access control list (ACL): The part of a security descriptor that restricts and audits access to an object. The owner of an object has discretionary access control of the object and can change the object's ACL to allow or disallow other users access to the object. Access control lists are ordered lists of access control entries (ACEs).

access permissions: See permissions.

access right: A permission that controls the way in which an object may be manipulated by a user or by members of a group. Different object types support different access rights; these are stored in an object's access control list (ACL).

access token (or security token): An object that uniquely identifies a user who has logged on. An access token is attached to all of the user's processes. The token contains the user's security ID (SID), the SIDs of any groups to which the user belongs, the user's privileges, and information describing the ownership and access control list (ACL) to be applied to any objects that the user's processes create. See also access control list, security ID, and user privilege.

account: See user account.

account policy: Defines the way passwords are implemented by all user accounts.

ACE: See access control entry.

ACL: See access control list.

ADMIN$: An administrative resource that enables remote administration of servers. A server's ADMIN$ resource is automatically shared and the share cannot be deleted. See also C$ and IPC$.

ADMINISTER commands: Commands used to manage an Advanced Server locally or remotely. The ADMINISTER commands are the Advanced Server command line interface and they conform to standard OpenVMS DCL command syntax.

administrative alert: A message from the Advanced Server concerning server and resource use, or problems relating to security and access, user sessions, directory replication, and printing. See also Alerter service.

administrative resource: A resource used when network users and administrators perform certain tasks on the server, including viewing the resources the server is sharing, administering the server remotely, and running shared applications. Administrative resources include ADMIN$ and IPC$.

administrator: The individual responsible for managing the network. Typically, this person configures the network, maintains the network's shared resources and security, assigns passwords and privileges, and helps users.

Advanced Server: A network operating system compatible with Microsoft Windows NT technology that provides domain, file, and print services.

alert: A message that the server sends under certain conditions. See also administrative alert and error alert.

alert level: A value that users can specify so that the software notifies them when licenses are getting used up. For more information, see the Advanced Server for OpenVMS Guide to Managing Advanced Server Licenses.

Alerter service: A server component that notifies selected users and computers of administrative alerts that occur on a computer. It is used by the Server service and other services. See also administrative alert.

alias: A name through which a user or computer can receive messages. Each client's computer name is added automatically to its list of aliases.

application programming interface (API): A set of routines that an application program uses to request and carry out lower-level services performed by the operating system.

archive bit: An attribute of any file: a bit that backup programs use to mark files after backing them up with either the normal or incremental backup types.

audit policy: The policy that defines the types of events that are logged.

audit trail: The event and error messages that are saved in the event log file, as defined by the audit policy.

auditing: The process by which Advanced Server records an entry in the event log file whenever a user accesses a resource in a certain way or logs on to the network.

authentication: Validation of a user's logon information.

backup domain controller (BDC): In a domain, a server that keeps and uses a copy of the user accounts database to validate logon requests and that can take over the function of the primary domain controller if the primary domain controller fails. Contrast with primary domain controller.

batch command file: A file that contains one or more commands to be processed sequentially. When a user types the file name at the command prompt, the commands contained in the file are executed.

boot (or bootstrap): To run or initiate a program that loads the operating system into memory and starts or restarts the computer.

broadcast message: A message sent to client workstations on the network. Users cannot respond to this type of message.

browse: To look through lists of servers and workstations in a domain.

built-in groups: The default groups provided with the Advanced Server. These groups cannot be deleted. See also group.

C$: The administrative resource that represents a server's disk drive. The Advanced Server points C$ to PWRK$LMROOT:[LANMAN].

cache memory: High-speed memory that contains copies of data recently used by the processor. Cache memory avoids frequent disk input/output, thus providing faster operation.

check box: In a dialog box, an indicator that a user can select or clear to turn one or more options on or off. Used, for example, in the Configuration Manager to select transports. Contrast with radio button.

client: A personal computer or workstation, connected to the network, that can access resources on a server. Contrast with server.

Client License Requester: A client-based PATHWORKS utility that is responsible for requesting client-based licenses for clients so that they can access resources on the server.

Client License Transponder: A client-based PATHWORKS utility that responds to license authentication requests.

client-based license: A license that is assigned on a per-workstation basis and allows a client to access multiple file servers. Contrast with server-based license.

computer name: A unique name that identifies a server, personal computer, or workstation to the network.

configuration: The set of hardware, hardware options, software, and software options on a computer or network.

Configuration Manager: An Advanced Server tool for modifying server configuration parameters.

connection: The software link between a workstation and a shared resource on a server. A connection is made by assigning a local device name on the workstation to a shared resource on a server, or by accessing the resource through a network path name with a command or from an application. Contrast with session.

country code: A code in a user account that specifies the language in which the server sends messages to the user.

DECnet-Plus: The Compaq family of peer-to-peer, Ethernet-based network products.

default: The value assigned by a program if a value is not supplied by the user.

default permissions: The permissions assigned to a share if no permissions are specified.

destination directory: The directory to which one or more files are to be moved or copied. Contrast with source directory.

device driver: A program that enables a specific device, such as a printer, to communicate with the operating system.

device name: The name by which a computer identifies a printer, disk, or other device.

dialog box: A window displayed in response to user action that allows users to enter information and presents choices for further action.

directory: Part of a structure for organizing files on a disk. A directory can contain files and other directories (called subdirectories). See also directory tree.

directory access permissions: The type of access that a group or user is granted to a particular directory, such as read-only. See also share permissions and special access permissions.

directory replication: The copying of a master set of directories from a server (called an export server) to specified servers or workstations (called import computers) in the same or other domains.

Directory Replicator service: Replicates directories, and the files in those directories, between computers.

directory tree: A conceptual representation of a disk's directory structure. The directories on the disk are organized in a hierarchy. The top-level directory is the root directory. See also path.

disabled user account: A user account that does not permit logons. The account can be restored to enabled status at any time. See also user account.

disk resource: A disk device that can be shared.

distributed computing: An application design and implementation strategy that divides the user interface, processing, and database storage components of an application into units that can execute on multiple networked computer systems.

DNS: Domain Name System. Provides name resolution based on static configuration files, supplying computer names in place of IP addresses to locate resources.

domain: A collection of computers that share a common security database and policy. Each domain has a unique name. A network can have many domains. See also workgroup and logon security.

domain synchronization: The replication of the domain database from the primary domain controller to one or more servers of the domain. Domain synchronization is usually performed automatically by the system, but can also be invoked manually by an administrator.

downlevel: A term that refers to earlier network operating systems, such as LAN Manager, that can interoperate with the Advanced Server.

driver: See device driver.

dynamic data exchange (DDE): A form of interprocess communications (IPC) in which two or more programs that support dynamic data exchange can exchange information and commands.

edit box: In a dialog box, a field for entering information. Used, for example, in the Upgrade utility to enter the domain name.

encapsulated PostScript (EPS): A file format optimized for moving PostScript files between applications.

equivalence-name: The node name portion of a file server name.

error alert: A message from the Advanced Server about local area network or system errors. Error alerts are stored in the error log.

Ethernet address: An alphanumeric string, six bytes in length, that identifies a node on the Ethernet. The string is six pairs of hexadecimal digits, separated by hyphens (for example, AA-00-04-00-91-27).

event: Any significant occurrence in the system or in an application that requires users, operators, or administrators to be notified, or an entry to be added to a log.

EventLog service: The Advanced Server service that records events in the system, security, and application event log files.

export path: In directory replication, a path from which subdirectories, and the files in those subdirectories, are automatically copied from an export server. See also directory replication.

export server: In directory replication, a server from which a master set of directories is copied to specified servers or workstations (called import computers) in the same or other domains. See also directory replication.

Extended File Specifications: On OpenVMS Alpha systems, provides deep directories and extended file names support. Deep directories support allows network clients to use hierarchical storage of directories and files on the OpenVMS disk similar to the client-based disk. Extended file names support uses the Online Disk Structure (ODS-5), extending OpenVMS file name restrictions to support longer file names and adding ISO Latin-1 characters to the supported character set. See also ODS-5.

FAT: File allocation table. File system structure used by the MS-DOS operating system.

file extension: Any characters that follow a period at the end of a file name. A file extension usually identifies the file's type.

File Index Table (FIT): A file name lookup table (with the .FIT extension) that consists of file translation pairs. FIT files map path names entered on a client workstation to the actual files on the server.

file name: The unique name that identifies a file. See also file extension.

file server: A system that enables a server to allow access to its local resources.

frame: A packet of information transmitted as a single unit. Every frame has the same basic organization and contains control information, such as synchronizing characters, station address, and an error-checking value, as well as a variable amount of data.

full name: A user's complete name, usually consisting of the last name, first name, and middle initial. Under the Advanced Server, the full name can be maintained as part of the information that identifies and defines a user account. See also user account.

global account: A normal user account in a user's home domain. Most user accounts are global accounts. See also local account and user account.

global group: A user group that can be employed to define permissions and rights for accessing resources in its own domain and in trusting domains. A global group can contain user accounts only from its own domain. Global groups can become members of local groups. Global groups are a mechanism for creating sets of users that are available for use both in the domain where they are created and in other domains. See also group and local group.

group: A collection of user accounts that are called members. The permissions and rights granted to a group are also granted to its members, making groups a convenient way to grant common capabilities to collections of user accounts. See also global group and local group.

group memberships: The groups to which a user account belongs. Permissions and rights granted to a group are also granted to its members. In most cases, the actions a user can perform are determined by the group memberships of the user account through which the user logs on.

group name: A unique name identifying a local or global group to the Advanced Server. A group's name cannot be identical to any other group name or user name of its own domain or workstation. See also group.

guest account: An account on a server that a user without an individual user account can use to access the server's resources.

hidden server: A server that is part of a domain, but that does not appear in the list of servers.

home directory: A directory that is accessible to a user and that contains files and programs for the user. A home directory can be assigned to an individual user or can be shared by many users.

host system: A computer, such as an OpenVMS system, that runs the server services.

import computers: In directory replication, the servers or workstations that receive copies of the master set of directories from an export server. See also directory replication.

import path: In directory replication, the path to which imported subdirectories, and the files in those subdirectories, are stored on an import computer. See also directory replication.

inherited permissions: Implicit permissions based on permissions assigned to a parent directory. See also permissions.

Internet address: A 32-bit number identifying a host connection on the Internet. An Internet address consists of a network number and host number.

interprocess communications (IPC): Communication among the component processes of a program, between different computers running parts of a single program, or between two programs working together.

IPC$: An administrative resource that controls how interprocess communications operate on servers. A server's IPC$ is automatically shared and cannot be deleted. See also ADMIN$ and C$.

keyword: On PATHWORKS V6 for OpenVMS (Advanced Server) only, a parameter name in the LANMAN.INI file that, with an associated value, establishes some aspect of server configuration.

LAN: Local area network. A self-contained network that offers a high-speed, reliable communications channel. LANs span a limited distance, such as a building or cluster of buildings, but can be connected to WANs with bridge devices. Contrast with WAN.

LAN Manager: A Network Operating System (NOS) from Microsoft that manages network tasks and coordinates communications between clients and servers.

LANMAN.INI file: On PATHWORKS V6 for OpenVMS (Advanced Server) only, an initialization file on each server and client. The values of the keywords in this file determine the option settings for computers on the network.

License Manager: The interface used to manage the Advanced Server license server. The License Manager provides the ability to manage license groups, set alert levels, set logging levels for licensing events, enable or disable the license server, and revoke assigned licenses.

License Manager Facility (LMF): The OpenVMS facility that manages the product license database through a callable interface.

License Registrar: A component of the Advanced Server licensing subsystem that runs on the same node as the file server and validates whether a client is licensed to connect to the file server.

license server: A Advanced Server software program that performs license-related services, such as assigning and verifying licenses.

license server state file: The database on the system running the license server. Includes client names, information about the types and quantities of licenses available, and license group information.

list box: In a dialog box, a box that lists available choices such as all the files in a directory. If the available choices do not fit in the viewable portion of the list box, a scroll bar allows users to move up and down the list.

local account: A user account provided in a domain for a user whose global account is in a non-trusted domain. Not required where trust relationships exist between domains. See also global account and user account.

local area network: See LAN.

local boot: A process in which a client operating system is loaded and started locally from disk. Contrast with remote boot.

local computer: The workstation or server at which the user or administrator is currently working. Contrast with remote computer.

local group: A user group that can be used to grant permissions and rights only for the servers of its own domain. A local group can contain user account names and global group names both from its own domain and from trusted domains. Local groups are a device for creating sets of users from both inside and outside the domain, to be used at servers of the domain. See also global group and group.

local printer: A printer that is directly connected to one of the ports on a computer.

local user: The user or administrator working at the local computer.

lockout: A security feature that disables a user account if failed logon attempts exceed a specified limit.

log file: A history file. Advanced Server maintains a system log and optionally enabled security and application logs.

log on: To provide a user name and password to gain access to the network.

logical drive: On a PC, anything given a drive designation (for example, D:) that is not physically located on the system.

logon domain: The domain specified when a user logs on to the local area network.

logon hours: The days and times during which a user can access a server's resources.

logon restrictions: The logon hours during which a user can access a server's resources, and the workstations from which the user can access those resources.

logon script: A batch program containing Advanced Server and operating system commands used to configure workstations. Logon scripts can be written for one or more users. When the user logs on, the logon script is run.

logon script path: The path or location where the logon script is stored, if a logon script is assigned to the user's account.

logon security: A means of verifying the identity of users when they log on to the local area network or wide area network. See also NetLogon service.

logon server: For a domain, the primary domain controller and backup domain controllers. For a user, the server that processes the user's logon request --- typically the server with the lightest load. See also NetLogon service.

logon validation: A process of verifying the identities of users when they log on to the network.

logon workstations: The workstations from which a user is allowed to log on.

maximum password age: The period of time a password can be used before the system requires the user to change it. Set in the account policy.

member server: A server in a domain that keeps and uses a copy of the domain's user accounts database but does not validate logon requests. See also backup domain controller and primary domain controller.

message forwarding: The method used to reroute messages from one client or server to another.

minimum password age: The period of time a password must be used before the user can change it. Set in the account policy.

mount: To make a disk available as a shared disk to users on a network.

named pipe: An interprocess communication mechanism that allows one process to communicate with another local or remote process.

NetLogon service: Performs authentication of domain logons, and keeps the domain's database synchronized between the domain controller and the other Advanced Servers of the domain.

NetBEUI: A network transport on the Advanced Server. The term NetBEUI is derived from NETBIOS Extended User Interface.

NETBIOS: Network Basic I/O System interface device driver and transport interface developed by Microsoft and IBM.

network: A group of servers, clients, and devices connected to each other by communications lines in order to share information and resources.

network adapter (or network controller or network interface card): A combination of hardware, firmware, and software that controls the transmission and reception of data between a workstation or server and the network.

network controller: See network adapter.

network directory: See shared directory.

network path: The computer name of a server followed by the share name of a shared resource and, optionally, a relative path. See also Universal Naming Convention.

node: An individual computer, such as a server or client, that can communicate with other computers in a network.

NOS: Network Operating System. See Advanced Server.

NT File System (NTFS): Windows NT file system. A file system designed for use specifically within the Windows NT operating system.

object type: An entity shared by the server, such as a file, directory, or printer.

ODS-2: The traditional OpenVMS file system (Online Disk Structure), which is based on the Files-11 disk structure.

ODS-5: The optional extended file system supported on OpenVMS V7.2 systems and higher, which provides Extended File Specifications and deep directories.

on-disk structure (ODS): The structure of applications and files maintained by the Advanced Server.

OpenvMS Registry: A systemwide hierarchical database of configuration information about hardware and software (both the operating system and applications). The Advanced Server for OpenVMS software relies on the OpenVMS Registry to store and reference server configuration parameters. In previous versions of the server software --- for example, PATHWORKS for OpenVMS servers --- the LANMAN.INI file is used to store server parameters. The OpenVMS Registry is similar to the Windows NT Registry. See also server configuration parameters.

operator privilege: The privilege granted to a user that allows the user to perform certain administrative tasks.

partition: A virtual division of a physical disk that functions as though it were a physically separate unit.


Next