Windows 7 Resource Kit- P35

Chia sẻ: Thanh Cong | Ngày: | Loại File: PDF | Số trang:50

lượt xem

Windows 7 Resource Kit- P35

Mô tả tài liệu
  Download Vui lòng tải xuống để xem tài liệu đầy đủ

Tham khảo tài liệu 'windows 7 resource kit- p35', công nghệ thông tin, hệ điều hành phục vụ nhu cầu học tập, nghiên cứu và làm việc hiệu quả

Chủ đề:

Nội dung Text: Windows 7 Resource Kit- P35

  1. BranchCache A new feature of Windows 7 and cloud In peer-to-peer networks, a grouping of com- Windows Server 2008 R2 that improves the responsive- puters that uses addresses of a specific scope . A scope ness of intranet applications for remote offices while is an area of the network over which the address is simultaneously reducing WAN utilization . BranchCache unique . keeps a local copy of data that clients access from CNg services See Crypto Next Generation (CNG) remote Web and file servers . The cache can be placed services . on a hosted server located in the branch office, or it can reside on users’ individual computers . If another client Code Integrity A feature of Windows that detects requests the same file, the client downloads it across changes to system files and drivers . the LAN without having to retrieve it over the WAN . BranchCache ensures that only authorized clients can compatibility layer A feature of Protected mode in access requested data, and it is compatible with secure Windows Internet Explorer that redirects requests for data retrieval over SSL or IPsec . protected resources (such as the user’s Documents folder) to safe locations (such as the Temporary Internet buffer overflow An attack that submits larger or Files folder) . longer values than an application or API is designed to process . component store A portion of an operating system image that stores one or more operating system fea- build In the context of MDT 2010, the association of tures or language packs . source files from the distribution share with a configura- tion . See also Microsoft Deployment Toolkit 2010 (MDT configuration pass A phase of Windows installation 2010) . in which different parts of the operating system are installed and configured . You can specify unattended C installation settings to be applied in one or more con- figuration passes . catalog The system index together with the property cache . configuration set A file and folder structure containing files that control the preinstallation process and define catalog file A binary file that contains the state of all customizations for the Windows installation . settings and packages in a Windows image . Confirmation Identifier A digitally signed value central store In the context of Group Policy, a location returned by a Microsoft clearinghouse to activate a for storing administrative templates for use throughout system . an organization . Only Windows Vista and later versions support using a central store . core application An application that is common to most computers in your organization, such as a virus channel In Meeting Space, the basis for communi- scanner or a management agent . cation between participants in a meeting . There are three kinds of Meeting Space channels: metadata, file, Crypto Next generation (CNg) services An exten- and streaming . The term channel can also refer to an sible cryptographic configuration system that replaces application-specific event log . the CryptoAPI of Windows XP and earlier versions . Clear key A key stored unencrypted on the disk Cryptographic Service Provider (CSP) An infrastruc- volume . This key is used to freely access the VMK and, ture that developers can use to create applications that in turn, the FVEK if BitLocker protection is disabled but use cryptographic functions such as encryption, hashes, disk volume remains encrypted . and digital signatures . client-side cache (CSC) A Microsoft internal term CSC See client-side cache (CSC) . referring to Offline Files . CSP See Cryptographic Service Provider (CSP) . Glossary 1653 Please purchase PDF Split-Merge on to remove this watermark.
  2. D have an Internet connection, without requiring a VPN connection . DirectAccess also enhances the security data store In deployment, the location in which the and flexibility of the corporate network infrastructure, USMT stores a user state between the time it is read enabling IT professionals to remotely manage and from the original computer and the time it is deployed update corporate computers whenever they connect to to the target computer . the Internet—even when users are not logged in . defense-in-depth A proven technique of layered pro- directory junction A technique for redirecting tection that reduces the exposure of vulnerabilities . For requests for a specific folder to a different location . example, you might design a network with three layers Directory junctions are used to provide backward of packet filtering: a packet-filtering router, a hardware compatibility for folder locations used in earlier versions firewall, and software firewalls on each of the hosts of Windows . (such as Internet Connection Firewall) . If an attacker manages to bypass one or two of the layers of protec- discoverable A state in which a Bluetooth-enabled tion, the hosts are still protected . device sends out radio signals to advertise its location to other devices and computers . Deploying Phase In deployment, this is the phase in which computers are actually set up and configured . Dll See dynamic-link library (DLL) . Additionally, in this phase the deployment team verifies DNS Security Extensions (DNSSEC) An Internet that deployed computers are stable and usable . standard supported by Windows 7 and Windows Server Deployment Image Servicing and Management 2008 R2 that enables computers to authenticate DNS (DISM) A new command-line tool introduced in servers, which mitigates man-in-the-middle attacks . Windows 7 that can be used to service a Windows A man-in-the-middle attack redirects clients to a mali- image or to prepare a Windows PE image . It replaces cious server, which can allow an attacker to intercept Package Manager (Pkgmgr .exe), PEImg, and Intlcfg, passwords or confidential data . which were included in Windows Vista . The functional- DNSSEC See DNS Security Extensions (DNSSEC) . ity that was included in these tools is now consolidated in DISM, and new functionalities have been added to DWM See Desktop Windows Manager (DWM) . improve the experience for offline servicing . Dynamic Driver Provisioning A new feature of Desktop Windows Manager (DWM) A feature of Windows Deployment Services in Windows Server 2008 Windows that performs desktop composition to enable R2 that stores drivers in a central location, which saves visual effects such as glass window frames, three- IT professionals time by not requiring operating system dimensional window transition animations, Windows images to be updated when new drivers are required Flip and Windows Flip3D, and high-resolution support . (for example, when the IT department buys different hardware) . Drivers can be installed dynamically based destination computer The computer on which you on the Plug and Play IDs of a PC’s hardware or as install Windows during deployment . You can either run predetermined sets based on information contained in Windows Setup on the destination computer or copy a the BIOS . master installation onto the destination computer . dynamic-link library (Dll) A file containing execut- developing phase In deployment, the period during able code that programs can run . Multiple programs which the team builds and unit-tests the solution . can reference a single DLL, and a single program might DirectAccess A new feature of Windows 7 and use many different DLLs . Windows Server 2008 R2 that increases the productiv- ity of remote users by enabling them to seamlessly and securely access the corporate network any time they 1654 Glossary Please purchase PDF Split-Merge on to remove this watermark.
  3. E Forceguest A common term for one of the network access models used by Windows XP that requires all envisioning phase The phase in a MDT 2010 deploy- network users to be treated as guests . Beginning with ment in which management creates teams, performs Windows Vista, however, ForceGuest is no longer a an assessment of existing systems and applications, supported setting; turning this setting on is not defines business goals, creates a vision statement, recommended . defines scope, creates user profiles, develops a solution concept, creates risk-assessment documents, writes a Full Volume Encryption Key (FVEK) The algorithm- project structure, and approves milestones . See also specific key used to encrypt (and optionally, diffuse) Microsoft Deployment Toolkit 2010 (MDT 2010) . data on disk sectors . Currently, this key can vary from 128 bits through 512 bits . The default encryption algo- escalated Remote Assistance (RA) See solicited rithm used on disk volumes is AES 128 bit with Diffuser . Remote Assistance (RA) . FVEK See Full Volume Encryption Key (FVEK) . expert In a Remote Assistance scenario, the user who provides help . Also known as a helper. g F gadget A mini-application that can do almost any- thing, including show news updates, display a picture feature team In the context of MDT 2010, a cross- slideshow, or show weather reports . organizational team that focuses on solving a particular problem such as security . See also Microsoft Deployment gPT See GUID Partition Table (GPT) . Toolkit 2010 (MDT 2010) . group Policy preferences Lets you manage drive feature team guide In the context of MDT 2010, a mappings, registry settings, local users and groups, document that addresses the tasks required of a specific services, files, and folders without the need to learn a feature team . See also Microsoft Deployment Toolkit scripting language . You can use preference items to 2010 (MDT 2010) . reduce scripting and the number of custom system images needed, standardize management, and help Federated Search A new feature of Windows 7 and secure your networks . By using preference item-level Windows Server 2008 R2, based on the OpenSearch targeting, you can streamline desktop management by protocol, which enables users to search remote data reducing the number of GPOs needed . sources from within Windows Explorer . The goal of Federated Search is not to replace server repositories, gUID Partition Table (gPT) A new disk-partitioning like Microsoft Office SharePoint Server, but to enable technology that offers several advantages over MBR, these repositories to expose their search capabilities including support for larger partitions and up to 128 through Windows and thus get more value out of the partitions on a single disk . repositories for users . file sharing The process of making files or folders H available to more than one user . HAl See Hardware Abstraction Layer (HAL) . folder redirection A technique for configuring Hard-link Migration A new feature of the USMT for computers to access user profile data from an alternate Windows 7 that enables customers to install Windows location . Folder redirection is commonly used to store Vista or Windows 7 on an existing computer while user documents and data files on a shared folder . retaining data locally on that computer during operat- ing system installation . forced guest See ForceGuest . Glossary 1655 Please purchase PDF Split-Merge on to remove this watermark.
  4. Hardware Abstraction layer (HAl) A feature of in profile sharing Sharing a file or folder from within Windows that simplifies how the operating system your user profile . Also known as in place sharing. accesses hardware by providing a single interface that InPrivate Browsing Prevents Windows Internet behaves identically across different platforms . Explorer from storing data about your browsing session . helper See expert . InPrivate Filtering Helps prevent Web site content pro- high-volume deployment A deployment project that viders from collecting information about sites you visit . involves a large number of computers . Installation Identifier (IID) A code generated by Homegroup A new networking feature of Windows 7 combining a system’s hardware ID (created by scanning that makes it easier to share files and printers on a the system hardware) and the product ID (derived from home network . You can share pictures, music, videos, the Windows installation) . This code is transmitted to documents, and printers with other people in your a Microsoft activation clearinghouse during system HomeGroup . Other people can't change the files that activation . you share unless you give them permission to do so . installation image An operating system image that hybrid image An imaging strategy that combines can be installed on a computer . Unlike boot images, thick and thin images . In a hybrid image, you config- installation images cannot be booted directly from the ure the disk image to install applications on first run, image and must be deployed to a computer before giving the illusion of a thick image but installing the running . applications from a network source . Hybrid images IntelliMirror A set of change and configuration have most of the advantages of thin images . However, management features based on Active Directory they aren’t as complex to develop and do not require Domain Services that enables management of user and a software distribution infrastructure . They do require computer data and settings, including security data . longer installation times, however, which can raise initial IntelliMirror also provides a limited ability to deploy deployment costs . software to workstations or servers running Microsoft Windows 2000 and later versions . I ICMP See Internet Control Message Protocol (ICMP) . Internet Control Message Protocol (ICMP) A Layer 3 protocol that IP applications use to test connectivity IFilter A feature of the Windows search engine that and communicate routing changes . ICMP is most is used to convert documents in different formats into commonly used by the Ping tool . plain text so they can be indexed . IFilters are also responsible for extracting a number of format- IPConfig A command-line tool that displays the cur- dependent properties such as Subject, Author, and rent network configuration . Locale . Microsoft provides IFilters for many common document formats by default, while third-party vendors J such as Adobe provide their own IFilters for indexing Jump list A list of recent items, such as files, folders, other forms of content . or Web sites, organized by the program that you use to open them . In addition to being able to open recent IID See Installation Identifier (IID) . items using a Jump List, you can also pin favorites to a image-based setup A setup process based on Jump List so that you can quickly get to the items that applying a disk image of an operating system to the you use every day . computer . in place sharing See in profile sharing . 1656 Glossary Please purchase PDF Split-Merge on to remove this watermark.
  5. K local user profile The default approach for storing user profiles in Windows in which the user profile is Kernel mode A processing mode provided by stored on the computer’s hard disk . x86-based processors that provides processes with unrestricted access to memory and other system location-aware printing A new feature of Windows 7 resources . Beginning with Windows Vista, only system and Windows Server 2008 R2 that makes the Default features and trusted drivers should run in Kernel mode . Printer setting location aware . Mobile and laptop users can set a different default printer for each network to Key Management Service (KMS) An infrastructure which they connect . They may have a default printer set that simplifies tracking product keys in enterprise for home use and a different default printer set for the environments . office . Their computers can now automatically select KMS See Key Management Service (KMS) . the correct default printer depending on where the users are currently located . known folders Windows user profile folders that can be redirected with Folder Redirection . lTI See Lite Touch Installation (LTI) . l M legacy mode A Windows Deployment Services mode MAK See Multiple Activation Key (MAK) . that uses OSChooser and Riprep (sector-based) images . malware A term that describes a broad range of mali- This mode is compatible with RIS . Moving from RIS-only cious software, including viruses, worms, Trojan horses, functionality to legacy mode happens when you install spyware, and adware . the Windows Deployment Services update on a server that is running RIS . managed service account A new feature of Windows 7 and Windows Server 2008 R2 that allows administrators library A virtual container for users’ content . A library to create a class of domain accounts that can be used to can contain files and folders stored on the local manage and maintain services on local computers . computer or in a remote storage location . In Windows Explorer, users interact with libraries in a way similar Mandatory Integrity Control (MIC) A model in which to the way they would interact with other folders . lower-integrity processes cannot access higher-integrity Libraries are built upon the known folders (such as My processes . The primary integrity levels are Low, Medium, Documents, My Pictures, and My Music) that users are High, and System . Windows assigns to each process an familiar with, and these known folders are automatically integrity level in its access token . Securable objects such included in the default libraries and set as the default as files and registry keys have a new mandatory ACE in save location . the system ACL . lite Touch Installation (lTI) A deployment option in mandatory label An ACE used by MIC . MDT 2010 that deploys client computers with little hu- mandatory user profile A user profile that cannot be man interaction . An alternative deployment option, ZTI, modified by the user . Mandatory user profiles are useful deploys client computers with no human interaction, for ensuring consistent desktop environments . but that requires more preparation and engineering time beforehand . Therefore, LTI is more appropriate for Master Boot Record (MBR) The most common disk environments that deploy fewer computers . See also partition system, MBR is supported by every version of Microsoft Deployment Toolkit 2010 (MDT 2010), Zero Windows . Gradually, MBRs are being replaced by GPTs . Touch Installation (ZTI) . See also GUID Partition Table (GPT) . local sharing The process of making files and folders master computer A fully assembled computer con- available to other users on the same computer . Also taining a master installation of Windows . known as same computer sharing. Glossary 1657 Please purchase PDF Split-Merge on to remove this watermark.
  6. master image A collection of files and folders (some- mixed mode A Windows Deployment Services mode times compressed into one file) captured from a master that supports both OSChooser and Windows PE for installation . This image contains the base operating boot environments and Riprep and ImageX imaging . system as well as additional configurations and files . Moving from legacy mode to mixed mode happens when you configure Windows Deployment Services and master index A single index formed by combining add .wim image files to it . shadow indexes by using a process called the master merge . See also master merge . Multicast Multiple Stream Transfer A new feature of Windows Deployment Services in Windows Server master installation A Windows installation on a 2008 R2 that enables you to more efficiently deploy master computer to be captured as a master image . You images to multiple computers across a network . Instead create the master installation by using automation to of requiring separate direct connections between ensure a consistent and repeatable configuration each deployment servers and each client, it enables deploy- time . See also master computer, master image . ment servers to send image data to multiple clients master merge The process of combining index frag- simultaneously . Windows 7 includes an improvement ments (shadow indexes) into a single content index that allows servers to group clients with similar network called the master index . See also master index . bandwidth and stream at different rates to each group so that total throughput is not limited by the slowest MBR See Master Boot Record (MBR) . client . MBSA See Microsoft Baseline Security Analyzer Multiple Activation Key (MAK) A limited-use product (MBSA) . key that can be used to activate Windows on multiple computers . MBSAClI See Microsoft Baseline Security Analyzer Command Line Interface (MBSACLI) . N MIC See Mandatory Integrity Control (MIC) . name resolution The process of converting a host Microsoft Baseline Security Analyzer (MBSA) A free name to an IP address . tool available for download from Microsoft .com that NAP See Network Access Protection (NAP) . administrators can use to scan computers for security vulnerabilities and missing security updates . native mode A Windows Deployment Services mode that supports only the Windows PE boot environment Microsoft Baseline Security Analyzer Command and ImageX image files . The final move to native mode line Interface (MBSAClI) A command-line interface occurs after you have converted all legacy images to for MBSA, which administrators can use to scan com- the .wim image file format and disabled the OSChooser puters for security vulnerabilities and missing security functionality . updates from scripts . See also Microsoft Baseline Security Analyzer (MBSA) . Nbtstat A command-line tool used to display NetBIOS networking information including cached NetBIOS Microsoft Deployment Toolkit 2010 (MDT 2010) An computer names . SA that enables rapid deployment of Windows 7, Windows Server 2008 R2, Windows Vista SP1, Windows Net A command-line tool used to perform a variety Server 2008, Windows XP SP3, and Windows 2003 SP2 . of networking tasks including starting and stopping MDT 2010 provides unified tools, scripts, and docu- services, sharing resources, and connecting to shared mentation for desktop and server deployment using an resources . integrated deployment console called the Deployment Netstat A command-line tool used to display network- Workbench . ing statistics . 1658 Glossary Please purchase PDF Split-Merge on to remove this watermark.
  7. Network Access Protection (NAP) A feature sup- it while disconnected from the network . Windows ported by Windows Vista and later versions that uses includes technology for synchronizing Offline Files that network authentication to validate the identity and have been modified and resolving synchronization integrity of client computers before they are allowed to conflicts . connect to the network . OgA See Office Genuine Advantage (OGA) . Network Monitor A graphical tool that administrators online In the context of preparing an image for can use to capture and analyze network communica- deployment, when the operating system is started and tions . changes or updates are made while Windows is running . Network Sharing The process of making a folder Original Equipment Manufacturer (OEM) An available across the network . organization that designs and manufactures computer New Computer scenario In MDT 2010, a deployment hardware . scenario that deploys the operating system and applications to a computer that has not been previously P configured and therefore contains no user data . See P2P See peer-to-peer (P2P) . also Microsoft Deployment Toolkit 2010 (MDT 2010) . package A group of files that Microsoft provides to nondestructive imaging A deployment technique modify Windows features . Package types include service supported by ImageX and Windows Setup in which an packs, security updates, language packs, and hotfixes . operating system image is deployed without destroying the existing data . panning hand A specialized cursor that enables drag- ging a page . novice In a Remote Assistance (RA) scenario, the user seeking assistance . Patchguard Microsoft’s kernel patch protection tech- nology for 64-bit versions of Windows that is designed Nslookup A command-line tool used to test DNS to prevent unauthorized and unsupported access to the name resolution . kernel . It prohibits all software from performing unsup- ported patches . O PathPing A command-line tool used to test connec- OEM See Original Equipment Manufacturer (OEM) . tivity to an endpoint . PathPing collects connectivity offered Remote Assistance (RA) See unsolicited statistics for every gateway between the client and the Remote Assistance (RA) . tested endpoint and displays latency and availability statistics for every node . Office genuine Advantage (OgA) An initiative that tracks the product keys from licensed versions of PCR See platform configuration register (PCR) . Microsoft Office programs to ensure that they are not Peer Name Resolution Protocol (PNRP) A mecha- reused on other computers . Users who validate their nism for distributed, serverless name resolution of peers copies of Microsoft Office products gain access to in a P2P network . See also peer-to-peer (P2P) . add-ins and updates to those products . peer-to-peer (P2P) A method for communicating offline In the context of preparing an image for directly between client computers without involving a deployment, when the operating system is not started separate server . In Windows Vista and later versions, and changes or updates are made directly to the image . P2P refers to a set of networking and collaboration Offline Files A feature of Windows that locally stores a technologies that are used by Windows Meeting Space copy of a file located on a shared folder . Windows can and other applications . then access the local copy of the file if the user needs Glossary 1659 Please purchase PDF Split-Merge on to remove this watermark.
  8. pen flick A Tablet PC pen technique that enables hash of all values that are loaded to it . To learn when users to call menu commands by moving the pen using these registers are reset, refer to the TCG specification various gestures . document . See also Trusted Platform Module (TPM) . People Near Me A subnet-level system that enables PNRP See Peer Name Resolution Protocol (PNRP) . users who are signed on to this service to automatically Point-to-Point Tunneling Protocol (PPTP) A net- publish their availability onto the local subnet and working technology that supports multiprotocol VPNs . discover other users using the Web Services Dynamic This enables remote users to securely access corporate Discovery (WS-Discovery) protocol . Once users are or other networks across the Internet, to dial into an ISP, published using People Near Me, they can be invited to or to connect directly to the Internet . PPTP tunnels, or start activities such as Windows Meeting Space . encapsulates, IP or IPX banter traffic inside IP packets . personal identification number (PIN) This is an This means that users can remotely run applications administrator-specified secret value that must be that depend on particular network protocols . PPTP is entered each time the computer starts (or resumes described in RFC 2637 . from hibernation) . The PIN can have 4 to 20 digits and PortQry A command-line tool that tests connectivity internally is stored as a 256-bit hash of the entered to a network service by attempting to establish a TCP Unicode characters . This value is never displayed to the connection to an endpoint . user in any form or for any reason . The PIN is used to provide another factor of protection in conjunction with PPTP See Point-to-Point Tunneling Protocol (PPTP) . TPM authentication . See also Trusted Platform Module (TPM) . Pre-Boot Execution Environment (PXE) A DHCP- based remote boot technology used to boot or install phishing A form of Internet fraud that aims to steal an operating system on a client computer from a valuable information such as credit cards, Social Secu- remote server . A Windows Deployment Services server rity numbers, user IDs, and passwords . A fake Web site is an example of a PXE server . is created that is similar to that of a legitimate organiza- tion, typically a financial institution such as a bank or in- Print Management An MMC snap-in that administra- surance company . An e-mail is sent requesting that the tors can use to manage printers, print servers, and print recipient access the fake Web site and enter personal jobs across an enterprise . details including security access codes . The page looks printer driver isolation A new feature of Windows 7 genuine because it is easy to fake a valid Web site . and Windows Server 2008 R2 that lets you configure Any HTML page on the Web can be modified to suit a printer driver features to run in an isolated process phishing scheme . separate from the print spooler process . By isolating the PIN See personal identification number (PIN) . printer driver, you can prevent a faulty printer driver from stopping all print operations on a print server, Ping A command-line tool used to test connectivity to which results in a significant increase in server reliability . an endpoint . Printer Migrator A tool for backing up printer con- Planning Phase A phase in a MDT 2010 deployment figurations on print servers so that the configuration in which the deployment team lays the groundwork for can be moved between print servers or consolidated the deployment . See also Microsoft Deployment Toolkit from multiple servers onto a single server . A command- 2010 (MDT 2010) . line version (Printbrm .exe) is also available . platform configuration register (PCR) A register of a product key A code used to validate installation media TPM . This register is sufficiently large to contain a hash such as CDs during installation . Product keys, also (currently only SHA-1) . A register can normally only be known as CD keys, do not prove licensing for a product, extended, which means that its content is a running but they do discourage casual copying of software . All 1660 Glossary Please purchase PDF Split-Merge on to remove this watermark.
  9. Windows product keys use five groups of five charac- shared folder on the network . Roaming user profiles ters, with the format XXXXX-XXXXX-XXXXX-XXXXX- provide simplified backup and enable users to use the XXXXX. same profile on different computers . protocol handler A feature of the Windows search engine that is used to communicate with and enumer- S ate the contents of stores such as the file system, MAPI SAM See Software Asset Management (SAM) . e-mail database, and the CSC or offline files database . same computer sharing See local sharing . See also client-side cache (CSC) . screen scraping A technique for automating applica- proximity A measurement of the network latency tions by simulating keystrokes as if a human were sitting between two computers . For Windows Media Sharing at the keyboard . Screen scraping is the least reliable to work, the network latency between two computers automation technique and should be used only when must be 7 milliseconds or less . no other automation option is available . Punycode The self-proclaimed “bootstring encoding” Server Message Block (SMB) A network protocol of Unicode strings into the limited character set sup- used for file and printer sharing . ported by DNS, as defined in RFC 3492 . The encoding is used as part of IDNA, which is a system enabling the Server Performance Advisor (SPA) A report that use of internationalized domain names in all languages provides a summary of logged performance data . that are supported by Unicode where the burden of shadow index A temporary index created during the translation lies entirely with the user application (such indexing process . The shadow indexes created during as a Web browser) . indexing are later combined into a single index called PXE See Pre-Boot Execution Environment (PXE) . the master index. sharing The process of making files, folders, printers, R or other resources available to other users . RAC See Reliability Analysis Component (RAC) . shatter attack An attack in which a process attempts Reliability Analysis Component (RAC) A Windows to use Windows messages to elevate privileges by feature that gathers and processes reliability data . injecting code into another process . Replace Computer scenario In MDT 2010, a deploy- Simple Service Discovery Protocol (SSDP) This ment scenario that involves giving a new computer protocol forms the basis of the discovery protocol used to an existing user . In this scenario, the user receives by UPnP and PNRP . a new computer, and the user’s data is migrated to the replacement computer to minimize impact on the single instance storage A technique for storing multi- user . See also Microsoft Deployment Toolkit 2010 (MDT ple Windows images efficiently and in a single location . 2010) . The deployment engineer configuring a computer has the option to select one of the images for deployment requested execution level manifest An application from the client computer . marking that indicates the privileges required by the application . Windows uses the requested execution Sleep A new power state that combines the quick level manifest, among other factors, to determine resume time of Standby with the data-protection whether to provide a UAC prompt to the user to elevate benefits of Hibernate . privileges when the application is run . slipstreaming The process of integrating a service Roaming User Profile An alternative approach for pack into operating system setup files so that new storing user profiles that involves storing them on a computers immediately have the service pack installed . Glossary 1661 Please purchase PDF Split-Merge on to remove this watermark.
  10. SMB See Server Message Block (SMB) . startup key A key stored on a USB flash drive that must be inserted every time the computer starts . The SME See subject matter expert (SME) . startup key is used to provide another factor of protec- SMS See Systems Management Server (SMS) . tion in conjunction with TPM authentication . See also Trusted Platform Module (TPM) . sniffer A tool such as Network Monitor that collects network communications . Sniffers are also known as Stop error An error that Windows raises when a Kernel protocol analyzers . mode process has been compromised or has experi- enced an unhandled exception . Software Asset Management (SAM) An initiative promoted by Microsoft as a way to maintain accurate subject matter expert (SME) A person who is skilled inventories of installed and licensed software . This in a particular topic . During deployment, you should practice helps organizations maintain legally licensed use SMEs to help in the planning, development, and versions of all the software they need . stabilizing processes . SMEs are users who are most fa- miliar with the applications and data to migrate (though solicited Remote Assistance (RA) A Remote Assis- despite their name, they are not necessarily experts), tance request initiated by the novice (the user seeking and they’re usually stakeholders in seeing that the pro- help) . Also known as escalated Remote Assistance (RA) . cess is properly performed . SPA See Server Performance Advisor (SPA) . subscription Provides the ability to collect copies of events from multiple remote computers and store them SSDP See Simple Service Discovery Protocol (SSDP) . locally . stabilizing phase In deployment, the phase that supplemental application An application installed addresses the testing of a solution that is feature on a select few computers in your environment, such complete . This phase typically occurs when pilots are as specialized applications used by individual groups . conducted, with an emphasis on real-world testing Supplemental applications are in contrast to core ap- and with the goal of identifying, prioritizing, and fixing plications, which are installed on most computers . bugs . Sync Center A tool that provides a user interface for stack A list of memory locations that identify the managing content synchronization activities including calling methods of return locations . Windows uses the stack to remember the location to return to when a redirected folders and other folders marked for offline use . called method has finished running . System Starter gPO A read-only GPO that provides a start address A URL that points to the starting loca- baseline of settings for a specific scenario . Like Starter tion for indexed content . When indexing is performed, GPOs, System Starter GPOs derive from a GPO, let you each configured starting address is enumerated by a store a collection of Administrative template policy set- protocol handler to find the content to be indexed . tings in a single object, and can be imported . See also Starter gPO Collections of preconfigured administra- Starter GPO . tive templates in Windows 7 that IT professionals can Systems Management Server (SMS) A Microsoft use as standard baseline configurations to create a computer management infrastructure used to improve live GPO . They encapsulate Microsoft best practices, administrative efficiency and help distribute and containing recommended policy settings and values for manage software . key enterprise scenarios . IT professionals also can create and share their own Starter GPOs based on internal or industry regulatory requirements . T task sequence A series of actions to run on a destina- tion computer to install Windows and applications and 1662 Glossary Please purchase PDF Split-Merge on to remove this watermark.
  11. then configure the destination computer . In MDT 2010, Trusted Platform Module (TPM) The Trusted the task sequence is part of a build, and the feature Platform Module is a hardware device defined by the responsible for executing the task sequence is the Task Trusted Computing Group (TCG) . A TPM provides Sequencer . See also Microsoft Deployment Toolkit 2010 a hardware-based root of trust and can be used to (MDT 2010) . provide a variety of cryptographic services . Version 1 .2 TPMs with TCG-compliant BIOS upgrades allow Task Sequencer The MDT 2010 feature that runs the BitLocker to provide drive encryption as well as task sequence when installing a build . See also integrity checking of early boot features, which helps Microsoft Deployment Toolkit 2010 (MDT 2010) . prevent tampering and provides a transparent startup TCP receive window size The number of bytes that a experience . TCP/IP host can transmit without receiving a response from the remote computer . The TCP receive window U size can have a significant impact on performance . If the UIPI See User Interface Privilege Isolation (UIPI) . size is too large and the network is unreliable, a great deal of data might need to be retransmitted if data is Unattend.xml The generic name for the Windows lost . If the size is too small, utilization is unnecessarily answer file . Unattend .xml replaces all the answer files in low while the sending computer waits for confirmations earlier versions of Windows, including Unattend .txt and from the receiving computer . Winbom .ini . technician computer The computer on which you unhandled exception An error that is not processed install MDT 2010 or Windows SIM . This computer is by an application . When a User mode process has an typically in a lab environment, separated from the pro- unhandled exception, the process is closed and Windows duction network . In MDT 2010, this computer is usually can present the user with an opportunity to send an called the build server. See also Microsoft Deployment error notification to Microsoft . When a Kernel mode Toolkit 2010 (MDT 2010) . process has an unhandled exception, a Stop error occurs . Telnet A protocol and tool for remotely managing unsolicited Remote Assistance (RA) A Remote Assis- computers using a text-based interface similar to a tance request initiated by the expert (the user offering command prompt . help) . Also known as offered Remote Assistance (RA). Test TCP A network troubleshooting tool for testing Upgrade Computer scenario In MDT 2010, a deploy- TCP connectivity between two computers . ment scenario that deploys a new version of Windows to an existing computer that has an earlier version of thick image An operating system installation image Windows installed . The Upgrade Computer scenario that contains core, and possibly supplemental, applica- preserves user data . See also Microsoft Deployment tions . Thick images simplify deployment by installation Toolkit 2010 (MDT 2010) . applications alongside the operating system . However, because they are more specialized, you typically require URl-based Quality of Service A new feature of more thick images than thin images . Windows 7 and Windows Server 2008 R2 that enables IT administrators to use Group Policy settings to priori- thin image An operating system installation image tize Web traffic based on a URL . With URL-based QoS, that contains few if any core applications . Thin images IT administrators can ensure critical Web traffic receives have the advantage of being applicable to a larger appropriate prioritization, improving performance on number of computers in your organization than a thick busy networks . image, which is more specialized . User Broker A feature of Protected mode in Windows TPM See Trusted Platform Module (TPM) . Internet Explorer that provides a set of functions that lets the user save files to areas outside low-integrity areas . Glossary 1663 Please purchase PDF Split-Merge on to remove this watermark.
  12. User Interface Privilege Isolation (UIPI) A feature VPN Reconnect A new feature of Windows 7 that of Windows that blocks lower-integrity processes from provides seamless and consistent VPN connectivity accessing higher-integrity processes . This helps protect by automatically re-establishing a VPN connection if against shatter attacks . See also shatter attack . users temporarily lose their Internet connection . For example, if a user connected over mobile broadband User mode A processing mode provided by x86-based passes through an area without reception, Windows 7 processors that provides only limited access to memory automatically reconnects any active VPN connections and other system resources . Processes that run in User once Internet connectivity is reestablished . mode can access memory allocated to the process, but must be elevated to Kernel mode by calling system APIs before the process can access protected resources . W Wake on Wireless lAN (WoWlAN) A new feature of user profile The set of user documents and settings Windows 7 that can reduce electricity consumption by that make up a user’s desktop environment . enabling users and IT professionals to wake computers connected to wireless networks from Sleep mode user profile namespace The hierarchy of folders remotely . Because users can wake computers to access within a user’s profile folder . them across the network, IT professionals can configure user state The data files and settings associated with a them to enter the low-power Sleep mode when not in user profile . use . user state migration The process of transferring user WAU See Windows Anytime Upgrade (WAU) . files and settings from one computer to another or WCS See Windows Color System (WCS) . from an older version of Windows to a newer version of Windows installed on the same computer . Web Services for Devices (WSD) A new type of network connectivity supported by Windows Vista and V later versions . WSD enables users to have a Plug and VHD Boot The Windows 7 bootloader can be con- Play experience similar to that of USB devices, except figured to start Windows from a VHD file exactly as over the network instead of for locally connected though the VHD file were a standard partition . Simply devices . copy the VHD file to the local computer and then use WER See Windows Error Reporting (WER) . BCDEdit .exe to add an entry to the boot menu for the VHD file . Windows 7 can also mount VHD files in the WgA See Windows Genuine Advantage (WGA) . Disk Management console as if they were native .wim A file name extension that identifies Windows partitions . image files created by ImageX . View Available Networks A new feature of wireless Windows AIK See Windows Automated Installation Kit networking in Windows 7 that lets users display avail- (Windows AIK) . able wireless networks and quickly choose one to connect to . Windows Anytime Upgrade (WAU) An upgrade service primarily intended for home users that allows VMK See Volume Master Key (VMK) . upgrades from one edition of Windows to a more Volume license A license purchased from Microsoft advanced edition . or another software vendor to use multiple copies of an operating system or program . Volume Master Key (VMK) The key used to encrypt the FVEK . 1664 Glossary Please purchase PDF Split-Merge on to remove this watermark.
  13. Windows Automated Installation Kit (Windows Windows Imaging A single compressed file containing AIK) A collection of tools and documentation that you a collection of files and folders that duplicates a can use to automate the deployment of the Windows Windows installation on a disk volume . operating system . Windows AIK is one of several Windows PowerShell Integrated Scripting Environ- resources that you can use to deploy Windows; for ment (ISE) A GUI for Windows PowerShell that lets example, tools and software such as MDT 2010 and you run commands and write, edit, run, test, and debug Microsoft System Center Configuration Manager use scripts in the same window . It offers up to eight inde- features of Windows AIK to create system images and pendent execution environments and includes a built-in automate operating system installations . debugger, multiline editing, selective execution, syntax Windows Color System (WCS) A feature that works colors, line and column numbers, and context-sensitive with the Windows print subsystem to provide a richer Help . color printing experience that supports wide-gamut Windows PowerShell Modules Windows PowerShell printers (inkjet printers that use more than four ink modules let you organize your Windows PowerShell colors) for lifelike printing of color photos and graphic- scripts and functions into independent, self-contained rich documents . units . You can package your cmdlets, providers, scripts, Windows Defender A feature of Windows that functions, and other files into modules that you can provides protection from spyware and other potentially distribute to other users . Modules are easier for users to unwanted software . install and use than Windows PowerShell snap-ins . Windows Easy Transfer The feature in Windows 7 Windows PowerShell Remoting A feature introduced and Windows Vista that replaces the Windows XP Files in Windows PowerShell 2 .0 that lets you run Windows And Settings Transfer Wizard . This tool leads the user PowerShell commands for automated or interactive through a series of pages to determine how much data remote management . to migrate and which migration method (disc or remov- Windows Product Activation (WPA) A way to ensure able media, direct cable connection, or network) to use . that customers are using genuine Windows operating Windows Error Reporting (WER) The client fea- systems purchased from Microsoft resellers . This tool, ture for the overall Watson Feedback Platform (WFP), which began with Windows XP, defeated casual copying which allows Microsoft to collect reports about failure of Windows XP by ensuring that other systems had not events that occur on a user’s system, analyze the data recently been activated with the same product key . contained in those reports, and respond to the user in a Windows Server Update Services (WSUS) A free meaningful and actionable manner . WER is the technol- server tool available for download from Microsoft .com ogy that reports user-mode hangs, user-mode faults, that administrators can use to manage which updates and kernel-mode faults to the servers at Microsoft or to are distributed to computers running Windows on their an internal error-reporting server . internal network . Windows genuine Advantage (WgA) A Microsoft Windows System Assessment Tool (WinSAT) A initiative to ensure that users of copied Windows command-line tool included with Windows for assess- operating systems become aware of their counterfeit ing the features, capabilities, and attributes of computer versions . By recording the product key and a signature hardware . from the computer’s BIOS, Microsoft can effectively determine when retail versions of Windows have been Windows Troubleshooting Packs Collections of copied and when volume-activated versions of Windows PowerShell scripts that attempt to diagnose Windows have been excessively distributed . a problem and, if possible, solve the problem with the user’s approval . Windows 7 includes 20 built-in Trouble- shooting Packs that address more than 100 root causes Glossary 1665 Please purchase PDF Split-Merge on to remove this watermark.
  14. of problems . Troubleshooting Packs can also perform ongoing maintenance of a specific feature . Windows Virtual PC A new optional feature that you can use to evaluate and migrate to Windows 7 while maintaining compatibility with applications that run on older versions of Windows . This feature is available as a downloadable update package for Windows 7 . WinSAT See Windows System Assessment Tool (WinSAT) . WPA See Windows Product Activation (WPA) . WSD See Web Services for Devices (WSD) . WSUS See Windows Server Update Services (WSUS) . X XMl Paper Specification (XPS) A set of conventions for using XML to describe the content and appearance of paginated documents . XPS See XML Paper Specification (XPS) . z zero Touch Installation (zTI) A MDT 2010 deploy- ment option that fully automates the deployment of client computers . During a ZTI installation, the Windows operating system and all applications are automatically deployed the first time a computer is connected to the network and turned on . See also Microsoft Deployment Toolkit 2010 (MDT 2010) . zTI See Zero Touch Installation (ZTI) . 1666 Glossary Please purchase PDF Split-Merge on to remove this watermark.
  15. Index Symbols and functionality, 128, 143–145, 902 hardware requirements, 154 AD DS (Active Directory Domain Services) Numbers installing, 155 802 .1x authentication, 1201–1202 migrating user state data, 233 configuring UAC, 1135 $modulePath variable, 471–472 planning considerations, 148–153, connection considerations, 6to4 technology, 1406 250 1223–1224 preparation process, 153–154 DirectAccess support, 1303 software requirements, 153 Group Policy support, 61, 152, 481 A support topologies, 146 GUID support, 324 A records, 1385 synchronizing data, 167 implementing Folder Redirection, AAAA records, 1385–1387 ACT Community, 162, 164 562–563 absolute symbolic links, 666–668 ACT database, 145–146, 153, 167 key management and, 64 accelerators, 892–893 ACT Log Processing Service, KMS support, 341 access control entry (ACE), 898 145–146, 154–155 logon considerations, 60 access control list (ACL), 324, 1236 ACT Log Processing share, 145–146, preparing for BitLocker, 658 access tokens, 70, 1126 152, 154 pre-staging client computers, 325 ACE (access control entry), 898 Action Center publishing printers, 783–784 ACL (access control list), 324, 1236 configuring WER, 1029–1033 roaming user profiles, 533 ACM (Application Compatibility functionality, 12 Windows Deployment Services Manager) notification area changes, 6 support, 297, 304 configuring, 155–156 Reliability Monitor support, 1477 Windows Firewall support, 50 defined, 143, 145 Remote Desktop support, 388 Adaptive Display Brightness, 17 Quick Reports area, 158 Windows Defender support, 39 Add Features Wizard, 858 testing and mitigation issues, Windows Memory Diagnostics, Add Printer Wizard, 792–793, 169–178 1496 801–802 ACPI (Advanced Configuration and actions Add-BitsFile cmdlet, 1093 Power Interface), 681, 732 bulk print, 790–791 Add-on Manager, 906 ACT (Application Compatibility defining, 996–997 address autoconfiguration, Toolkit) functionality, 985 1383–1385 analyzing compatibility data, activation count cache, 339–340 Address Resolution Protocol (ARP), 158–167 activation threshold, 339 1196, 1381–1382 application manifests, 1131 Active Directory And Computers Address Space Layout Randomization collecting compatibility data, MMC snap-in, 297, 325 (ASLR), 59 157–158 Active Directory Domain Services . ADM (Administrative Template) files Compatibility Administrator, 153, See AD DS (Active Directory Domain comparison to ADMX files, 494, 169, 173–177 Services) 518–520 compatibility evaluators, 147–148 ActiveX controls, 1125 filtering policy settings, 486 configuring, 155–156 ActiveX Data Objects, 276 functionality, 482 1667 Please purchase PDF Split-Merge on to remove this watermark.
  16. admin Broker process setting enhancements, 487 AGPM (Advanced Group Policy filtering data, 166–167 Admin Broker process, 901 Management), 392, 521 identifying missing applications, administrative privileges AIS (Asset Inventory Service), 392 168 security considerations, 71 alerts, Action Center support, 12 Internet Explorer considerations, UAC considerations, 1121–1122, All Users profile, 538 901–902 1129–1131, 1133 allow list, 910 managing issues, 164–166 Administrative Template (ADM) files . Alt + Tab combination, 7 migration considerations, 132–133 See ADM (Administrative Template) AMD-V feature, 144 mitigation issues, 169–178 files answer files primary testing tools, 141–145 administrative tools, 128, 140 automating Windows PE, 289 prioritizing compatibility data, administrators deployment process overview, 106 161–162 configuring administrator approval, functionality, 87, 91–92 Program Compatibility Assistant, 325–326 platform interconnection, 90 142 setting secure desktop, 73 Windows SIM support, 87, 91–92 Program Compatibility software update considerations, Anti-Phishing Working Group, 909 troubleshooter, 142 1106 antivirus software, 205, 1107, 1632 rationalizing application inventory, trustworthy, 65 anycast addresses, 1374 168–169 UAC considerations, 1126–1128 API (application programming reasons for failure, 140–141 Administrators group, 1121 interface) selecting specific versions, AdminStudio tool, 263 biometric support, 79 168–169 ADML (Architecture Description EAPHost support, 1208–1209 setting deployment status, Markup Language), 484 improved peer networking, 163–164 ADMX Migrator, 518–520 1206–1207 testing, 127–128, 169–178 ADMX template files Layered Service Provider support, troubleshooting, 24 adding to central store, 497, 1209 UAC considerations, 1133–1134 503–504 NAP support, 57, 1160 user profile namespace issues, considerations when working with, Network Awareness, 1205–1206 540–545 497–498 NLA support, 1240 Windows XP Mode, 144 domain storage, 496 notification-based indexing, 846 Application Compatibility Manager . functionality, 484, 494 Pacer .sys driver support, 1176 See ACM (Application Compatibility local storage, 496 SUA support, 172 Manager) migrating ADM templates, Windows Deployment Services Application Compatibility Toolkit . 518–520 support, 297 See ACT (Application Compatibility registry considerations, 495 Windows PE support, 95, 276 Toolkit) types supported, 495 WSD support, 1209 Application Compatibility Toolkit Advanced Configuration and Power APIPA (Automatic Private IP Data Collector, 143 Interface (ACPI), 681, 732 Addressing), 1217, 1375, 1383 Application Data folder, 535 Advanced Group Policy Management AppHelp messages, 174, 176–177 application deployment (AGPM), 392, 521 application compatibility . See also adding to deployment shares, Advanced Query Syntax (AQS), 822 ACT (Application Compatibility 189–194, 265–267 AEM (Agentless Exception Toolkit) adding to task sequence, 190, 205 Monitoring), 1019 Application Virtualization, 145 App-V support, 391 Aero interface, 7, 15 assessing, 162–163 automating installation, 252, Aero Peek feature, 6 checking, 1632 257–261 Aero Shake feature, 7 creating and assigning categories, choosing deployment strategy, Aero Snap feature, 7 159–161 253–256 AES algorithm, 642, 1312, 1315 defined, 140 choosing sample data, 236 Agentless Exception Monitoring deployment considerations, injecting disk images, 264–269 (AEM), 1019 149–152 installing applications, 268–269 1668 Please purchase PDF Split-Merge on to remove this watermark.
  17. Best Effort (BE) manipulating dependencies, auditing manipulating previous versions, 193–194, 267–268 AppLocker rules, 1146–1148 634–639 migrating user state data, 232 configuring UAC, 1140 reinstalling Windows, 1456–1457 planning deployment, 127–128, deployment process overview, 107 software updates, 1108 249–253 enhancements, 62, 76–78 System Image backups, 628–632 preparing lab environment, 248 Global Object Access Auditing, 78 Windows NT Backup-Restore repackaging legacy applications, Group Policy support, 487 utility, 389 252, 262–264 software updates, 1097–1102, BAD_POOL_CALLER (Stop message), Windows PE support, 284 1111 1621–1623 application fixes, 173–176 Sysprep tool support, 94 bandwidth considerations, 1089, application mitigation packages, 174, Windows Firewall support, 1093, 1106, 1176 177–178 1288–1290 Base Filter Engine (BFE), 1232–1233 application packaging software . See Auditpol /get command, 76 batteries, 16–17 packages Auditpol /set command, 78 BBE (Better than Best Effort), 1177 application programming interface . authentication BCD registry file See API (application programming 802 .1x support, 1199–1202 additional information, 1423 interface) BitLocker support, 648 backing up/restoring settings, Application Virtualization . See App-V IKEv2 support, 1298–1301, 1333 1441–1442 (Application Virtualization) IP address, 50 enhancements, 1420 applications . See software logon considerations, 60 manually updating, 1454 Applications .xml file, 187 PIN, 645 modifying, 1421 AppLocker smart cards and, 79 ntldr entry, 1423, 1443 auditing rules, 1146–1148 VPN Reconnect support, 1297 overview, 1420–1421 custom error messages, 1149 VPN support, 1315–1316, removing boot entries, 1444 DLL rules, 1148 1332–1333 viewing settings, 1441 functionality, 61, 66–67, 390 Auto-Cast transmissions, 330 BCD stores, 1422–1423 Group Policy support, 487 Automatic Private IP Addressing BCD WMI provider, 1421 rule types supported, 1143–1146 (APIPA), 1217, 1375, 1383 BCDboot tool, 96, 277 software restriction policy Automatic Updates, 41, 43 BCDEdit .exe utility comparison, 1142–1143 automatic variables, 406, 413, 426 backing up/restoring settings, Windows PowerShell support, 1149 Autoruns tool, 389 1441–1442 AppStations, 151 Autounattend .xml file, 87 changing boot menu time-outs, App-V (Application Virtualization), availability (CIA triad), 64 1442–1443 145, 391–392 changing defaults, 1442 AQS (Advanced Query Syntax), 822 changing menu item order, 1443 Architecture Description Markup B creating entries for other OSs, Language (ADML), 484 1443–1444 arithmetic operators, 446–447 Background Intelligent Transfer functionality, 1440–1441 ARP (Address Resolution Protocol), Service . See BITS (Background global debugger settings, 1445 1196, 1381–1382 Intelligent Transfer Service) interpreting output, 1441 Arp tool, 1522, 1524–1525 backtick character, 426 modifying BCD registry file, 1421, arrays, evaluating, 451 backup/restore considerations 1424 ASLR (Address Space Layout Action Center support, 12 removing boot entries, 1444 Randomization), 59 backup process overview, 625–626 BDD_Welcome_ENU .xml file, 220 Asset Inventory Service (AIS), 392 best practices, 632 BDT (Bitmap Differential Transfer), asset management, 392 BitLocker support, 64 587 ATA storage devices, 1634 file and folder backup structure, BE (Best Effort), 1177 ATTEMPTED_WRITE_TO_READONLY_ 626–628 Behavior .xml file, 708 MEMORY (Stop message), 1621 functionality, 624–625 Best Effort (BE), 1177 Group Policy settings, 632–634 1669 Please purchase PDF Split-Merge on to remove this watermark.
  18. beta testing beta testing, 1114 Boolean logic, 209 protecting against malware, Better than Best Effort (BBE), 1177 boot code, 1428 41–42, 1157 BFE (Base Filter Engine), 1232–1233 boot images buffer overflow attacks, 58, 903–904 BgInfo tool, 389 adding driver packages, 323 BUGCODE_USB_DRIVER (Stop BitLocker Drive Encryption capturing custom, 327–329 message), 1627 clear key, 646, 657 importing, 315–316 Build SMF, 120–121 configuring data recovery agent, MDT support, 331 built-in diagnostics, 1491–1499 658–659 staging, 285 bundling malware, 39–40 cost considerations, 662 boot logs, 1461–1462, 1465–1466 BYE message, 1171 data theft and, 44 Boot Manager . See Windows Boot decommissioning permanently, Manager 657–658 Boot .ini file, 1420 C disabling, 656–657 Boot .wim file, 91 enabling on data volumes, 652–653 bootable media, creating, 285–288 CA (certification authority), 1223, enabling on system volumes, bootable partitions, 1428 1230, 1304 650–652 BootPRO tool, 1421 caching external key support, 646 Bootrec .exe tool, 1424, 1451–1452 client-side, 587, 599, 607–608 functionality, 61–66, 390, 641–643 Bootsect tool, 97, 277, 1424, 1454 disabling nonvolatile, 1506 indexing considerations, 856 BootStrap .ini file, 372 transparent, 589–590 managing from command line, BranchCache calcs command, 281 653–655 architectures supported, 1185 Capture utility, 297 managing on local computer, 653 benefits, 1305–1306 Case Else statement (VBScript), 449 managing with Group Policy, configuring, 1187–1188 catalogs 659–661 Distributed Cache mode, 15, automating Windows PE, 289 MDT solution framework, 116 1186–1187, 1306 default indexing scopes, 838 phases, 648–649 functionality, 390, 1185, 1294, default system exclusion rules, preparing AD DS, 658 1306 835–836 protecting data, 643–646, 650 Hosted Cache mode, 15, defined, 88, 827 recovering protected data, 1185–1186, 1306 FANCI bit, 836–837 655–656 implementing, 1307 files/subfolders structure, 833–835 recovery password, 646 performance improvement, 15 functionality, 832–833 removing, 656–657 protocols supported, 1188–1189, initial configuration, 838 TPM support, 643–646 1307 cd command, 404 Windows Setup support, 94 SMB support, 1189 central store, 484, 497, 502–504 BitLocker Drive Preparation Tool, 650 web browsing considerations, CER (Corporate Error Reporting), 1019 BitLocker Repair Tool, 656 1189–1190 certificates . See personal certificates BitLocker To Go, 45, 61, 66, 390, break statement (Windows certification authority (CA), 1223, 646–648 PowerShell), 443 1230, 1304 Bitmap Differential Transfer (BDT), BrmDrivers .xml file, 790 Challenge Handshake Authentication 587 BrmForms .xml file, 790 Protocol (CHAP), 1315–1316 BITS (Background Intelligent Transfer BrmLMons .xml file, 790 channels, 965–966 Service) BrmPorts .xml file, 790 CHAP (Challenge Handshake Bitsadmin tool support, 386 BrmPrinters .xml file, 790 Authentication Protocol), 1315–1316 BranchCache considerations, 1188 BrmSpooolerAttrib .xml file, 790 ChkDsk tool managing, 1090–1094 broker process, 900 BitLocker support, 651 thin image strategy, 255 browsers examples, 1501 Bitsadmin .exe tool, 386, 1093 BranchCache considerations, functionality, 1500–1501 blackhole routers, 1548 1189–1190 graphical interface support, 1503 Bluetooth protocol, 1516 Network Explorer support, 1168 NTFS support, 1503–1505 scheduling considerations, 1503 1670 Please purchase PDF Split-Merge on to remove this watermark.
  19. Control panel self-healing NTFS comparison, gathering performance data, process flow, 173 1481 954–955 starting, 174 syntax, 1501–1502 Group Policy support, 486, system requirements, 153 System Recovery limitations, 1424 509–511 terminology supported, 173–174 time considerations, 612 naming convention, 397, 399 compatibility evaluators, 147–148, CI (Code Integrity), 53 output objects, 419–421 157 CIA triad, 64 parameter considerations, 411–412 compatibility mode, 173, 176 CID (confirmation ID), 344 property considerations, 414 Complete-BitsTransfer cmdlet, 1093 CIDR (Classless Inter-Domain Routing) verbs supported, 399–402 Component Object Model (COM), notation, 1373 wildcard characters, 412, 414 508 CIFS (Common Internet File System) . CMID (client machine identification), components, 88, 91–92 See SMB (Server Message Block) 339–340 Computer Browser service, 1170 CIM (Common Information Model), CNG (Crypto Next Generation) Conditions list 384 services, 58 filtering groups, 206 Classless Inter-Domain Routing Code Integrity (CI), 53 If statements, 208 (CIDR) notation, 1373 CodeRed worm, 58 operating system versions, 209 clear key, 646, 657 Color Management CPL,, 800 task sequence variables, 207–208 Clear-EventLog cmdlet, 979 COM (Component Object Model), WMI queries, 209–210 client machine identification (CMID), 508 confidentiality (CIA triad), 64 339–340 command line Config .xml file, 241 client-side caching configuring disk quotas, 671–672 Configuration Manager . See SCCM BDT support, 587 configuring network settings, (System Center Configuration Folder Redirection technology, 599 1220–1221 Manager) roaming user profiles, 599 configuring RDC, 1357 configuration passes, 88, 90–91, 107 search considerations, 823 configuring wireless settings, configuration sets, 88 troubleshooting, 607–608 1211, 1213–1215 confirmation ID (CID), 344 client-side computers managing BitLocker, 653–655 constant special item ID list (CSIDL), CMID support, 339–340 Remote Assistance support, 535–537 deploying driver packages to, 1055–1058 Contacts subfolder, 537 317–321 System Image backups, 628–629 Control Panel grouping, 367–368 transitioning Windows PowerShell Add Hardware utility, 696 pre-staging, 325 scripts, 425–427 configuring index location, 851 print management, 792–804 WinSAT tool support, 1011 configuring indexing encrypted VAMT support, 344 Command Prompt tool, 1424 files, 856 Client-Side Rendering (CSR), 762 Common Information Model (CIM), configuring indexing scopes, clock speeds, 1634 384 852–853 clouds, 1040, 1206 Common Internet File System (CIFS) . configuring indexing similar CLR (Common Language Runtime), See SMB (Server Message Block) words, 857 278 Common Language Runtime (CLR), configuring indexing text in TIFF CMAK tools, 1321, 1338 278 documents, 858 Cmd .exe (command prompt), 388 comparison operators, 446–447 configuring Offline Files indexing, cmdlets . See also specific cmdlets Compatibility Administrator tool 855 alias support, 410, 413 ACT support, 169 configuring power management, AppLocker support, 1149 creating AppHelp messages, 733–734 BITS support, 1093–1094 176–177 configuring UAC, 1139 filtering output, 416–418 creating compatibility fixes, Devices And Printers, 764 functionality, 385, 397 174–176 Display utility, 683–684 gathering event information, creating compatibility mode, 176 enabling BitLocker, 63 978–982 creating custom databases, 174 Folder Options, 863–865 1671 Please purchase PDF Split-Merge on to remove this watermark.
  20. Cookies folder Indexing Options, 838, 847, 857 Credentials Manager, 984, 987 data theft managing Offline Files, 595–596 Cross-Site Scripting (XSS), 74 blocking IDN spoofing, 914–916 managing Windows Firewall, 1262 Crypto Next Generation (CNG) copying confidential files, 45–46 Power Options utility, 733–734 services, 58 deleting browser history, 913–914 WBF support, 79 CSC . See client-side caching phishing, 909–913 Cookies folder, 535 CSIDL (constant special item ID list), physical theft of device, 44 Copy-Item cmdlet, 472 535–537 protecting against, 907–916 Copy-Module function, 470, 472 CSR (Client-Side Rendering), 762 security considerations, 44–46 Copype .cmd script, 280 Ctrl + Alt + Delete combination, 1046 Security Status bar, 907–908 core networking CustomSettings .ini file sharing confidential documents, 802 .1x network authentication, adding custom migration files, 245 46 1199–1202 configuring, 361–362 data volumes, 652–653 BranchCache support, 1185–1190 customizing, 371–372 DATA_BUS_ERROR (Stop message), DNSSec support, 488, 1190 depicted, 243 1609–1610 efficiency considerations, properties supported, 362–363 DCOM (Distributed Component 1191–1195 providing credentials, 360 Object Model), 1039, 1066–1067 GreenIT, 1190–1191 Refresh Computer scenario, 364 DCP (Data Collection Package) improved reliability, 1197 collecting compatibility data, 157 IPv6 support, 1198–1199 creating, 157–158 scalability considerations, D defined, 145 1196–1197 deployment considerations, Server Message Block, 1202–1203 DaRT (Diagnostics and Recovery 149–152 strong host model, 1203 Toolset), 392 log file locations, 152–153 Volume Activation scenario, 345, Data Collection Package . See DCP DCS . See data collector sets 347 (Data Collection Package) DDI (Device-Driver Interface), 682 wireless networking, 1203–1205 data collector sets DDNS (Dynamic DNS), 340, 342 Corporate Error Reporting (CER), as diagnostic tools, 1492–1493 dead gateway detection, 1197 1019 configuring, 946–947 debugging corporate roaming . See Folder creating, 943–945 kernel debugger, 1602, 1633 Redirection technology; roaming starting/stopping logging, 949 logging support, 524 user profiles troubleshooting support, memory dump files and, crawl scopes, 827, 838 1545–1546 1598–1600 Create Task dialog box types supported, 942 Default profile, 538 Actions tab, 996–997 viewing performance data, default statement (Windows Conditions tab, 997–999 947–951 PowerShell), 449 depicted, 991 viewing properties, 947 Default User profile, 538 General tab, 991 data collectors, 942 defense-in-depth technique, 41, 899, Settings tab, 999–1001 Data Encryption Standard (DES), 1142 Triggers tab, 992–996 1312–1315 definition files, 220 create vdisk command, 620 Data Execution Prevention (DEP), 55, definition updates, 1155 CreateProcess function, 988 58, 75 defragmentation, disk, 622, 1124 CreateSymbolicLink function, 666 Data Manager, 947–949 del command, 404 Credential_ENU .xml file, 221 data recovery agent, configuring, delete volume command, 619 credentials management 658–659 deleting Credentials Manager, 984, 987 data stores browser history, 913–914 CustomSettings .ini file, 360 choosing location, 234–235 files, 674 enhancements, 52 defined, 133 folders, 404 Windows Deployment Services local, 234–235 tasks, 1004 considerations, 299 remote, 235 text files, 404 specifying location, 243–244 volumes, 619 1672 Please purchase PDF Split-Merge on to remove this watermark.
Đồng bộ tài khoản