compatibility layer A feature of Protected mode in Windows Internet Explorer that redirects requests for protected resources such as the user’s Documents folder to safe locations such a
Trang 1Glossary
cloud In peer-to-peer networks, a grouping of
com-puters that uses addresses of a specific scope A scope
is an area of the network over which the address is unique
CNg services See Crypto Next Generation (CNG)
services
Code Integrity A feature of Windows that detects
changes to system files and drivers
compatibility layer A feature of Protected mode in
Windows Internet Explorer that redirects requests for protected resources (such as the user’s Documents folder) to safe locations (such as the Temporary Internet Files folder)
component store A portion of an operating system
image that stores one or more operating system tures or language packs
fea-configuration pass A phase of Windows installation
in which different parts of the operating system are installed and configured You can specify unattended installation settings to be applied in one or more con-figuration passes
configuration set A file and folder structure containing
files that control the preinstallation process and define customizations for the Windows installation
Confirmation Identifier A digitally signed value
returned by a Microsoft clearinghouse to activate a system
core application An application that is common to
most computers in your organization, such as a virus scanner or a management agent
Crypto Next generation (CNg) services An
exten-sible cryptographic configuration system that replaces the CryptoAPI of Windows XP and earlier versions
Cryptographic Service Provider (CSP) An
infrastruc-ture that developers can use to create applications that use cryptographic functions such as encryption, hashes, and digital signatures
CSC See client-side cache (CSC) CSP See Cryptographic Service Provider (CSP)
BranchCache A new feature of Windows 7 and
Windows Server 2008 R2 that improves the
responsive-ness of intranet applications for remote offices while
simultaneously reducing WAN utilization BranchCache
keeps a local copy of data that clients access from
remote Web and file servers The cache can be placed
on a hosted server located in the branch office, or it can
reside on users’ individual computers If another client
requests the same file, the client downloads it across
the LAN without having to retrieve it over the WAN
BranchCache ensures that only authorized clients can
access requested data, and it is compatible with secure
data retrieval over SSL or IPsec
buffer overflow An attack that submits larger or
longer values than an application or API is designed to
process
build In the context of MDT 2010, the association of
source files from the distribution share with a
configura-tion See also Microsoft Deployment Toolkit 2010 (MDT
2010)
C
catalog The system index together with the property
cache
catalog file A binary file that contains the state of all
settings and packages in a Windows image
central store In the context of Group Policy, a location
for storing administrative templates for use throughout
an organization Only Windows Vista and later versions
support using a central store
channel In Meeting Space, the basis for
communi-cation between participants in a meeting There are
three kinds of Meeting Space channels: metadata, file,
and streaming The term channel can also refer to an
application-specific event log
Clear key A key stored unencrypted on the disk
volume This key is used to freely access the VMK and,
in turn, the FVEK if BitLocker protection is disabled but
disk volume remains encrypted
client-side cache (CSC) A Microsoft internal term
referring to Offline Files
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 21654 Glossary
D
data store In deployment, the location in which the
USMT stores a user state between the time it is read
from the original computer and the time it is deployed
to the target computer
defense-in-depth A proven technique of layered
pro-tection that reduces the exposure of vulnerabilities For
example, you might design a network with three layers
of packet filtering: a packet-filtering router, a hardware
firewall, and software firewalls on each of the hosts
(such as Internet Connection Firewall) If an attacker
manages to bypass one or two of the layers of
protec-tion, the hosts are still protected
Deploying Phase In deployment, this is the phase in
which computers are actually set up and configured
Additionally, in this phase the deployment team verifies
that deployed computers are stable and usable
Deployment Image Servicing and Management
(DISM) A new command-line tool introduced in
Windows 7 that can be used to service a Windows
image or to prepare a Windows PE image It replaces
Package Manager (Pkgmgr exe), PEImg, and Intlcfg,
which were included in Windows Vista The
functional-ity that was included in these tools is now consolidated
in DISM, and new functionalities have been added to
improve the experience for offline servicing
Desktop Windows Manager (DWM) A feature of
Windows that performs desktop composition to enable
visual effects such as glass window frames, three-
dimensional window transition animations, Windows
Flip and Windows Flip3D, and high-resolution support
destination computer The computer on which you
install Windows during deployment You can either run
Windows Setup on the destination computer or copy a
master installation onto the destination computer
developing phase In deployment, the period during
which the team builds and unit-tests the solution
DirectAccess A new feature of Windows 7 and
Windows Server 2008 R2 that increases the
productiv-ity of remote users by enabling them to seamlessly and
securely access the corporate network any time they
have an Internet connection, without requiring a VPN connection DirectAccess also enhances the security and flexibility of the corporate network infrastructure, enabling IT professionals to remotely manage and update corporate computers whenever they connect to the Internet—even when users are not logged in
directory junction A technique for redirecting
requests for a specific folder to a different location Directory junctions are used to provide backward compatibility for folder locations used in earlier versions
of Windows
discoverable A state in which a Bluetooth-enabled
device sends out radio signals to advertise its location
to other devices and computers
Dll See dynamic-link library (DLL)
DNS Security Extensions (DNSSEC) An Internet
standard supported by Windows 7 and Windows Server
2008 R2 that enables computers to authenticate DNS servers, which mitigates man-in-the-middle attacks
A man-in-the-middle attack redirects clients to a
mali-cious server, which can allow an attacker to intercept passwords or confidential data
DNSSEC See DNS Security Extensions (DNSSEC) DWM See Desktop Windows Manager (DWM)
Dynamic Driver Provisioning A new feature of
Windows Deployment Services in Windows Server 2008 R2 that stores drivers in a central location, which saves
IT professionals time by not requiring operating system images to be updated when new drivers are required (for example, when the IT department buys different hardware) Drivers can be installed dynamically based
on the Plug and Play IDs of a PC’s hardware or as predetermined sets based on information contained in the BIOS
dynamic-link library (Dll) A file containing
execut-able code that programs can run Multiple programs can reference a single DLL, and a single program might use many different DLLs
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 3Glossary
E
envisioning phase The phase in a MDT 2010
deploy-ment in which managedeploy-ment creates teams, performs
an assessment of existing systems and applications,
defines business goals, creates a vision statement,
defines scope, creates user profiles, develops a solution
concept, creates risk-assessment documents, writes a
project structure, and approves milestones See also
Microsoft Deployment Toolkit 2010 (MDT 2010)
escalated Remote Assistance (RA) See solicited
Remote Assistance (RA)
expert In a Remote Assistance scenario, the user who
provides help Also known as a helper.
F
feature team In the context of MDT 2010, a
cross-organizational team that focuses on solving a particular
problem such as security See also Microsoft Deployment
Toolkit 2010 (MDT 2010)
feature team guide In the context of MDT 2010, a
document that addresses the tasks required of a specific
feature team See also Microsoft Deployment Toolkit
2010 (MDT 2010)
Federated Search A new feature of Windows 7 and
Windows Server 2008 R2, based on the OpenSearch
protocol, which enables users to search remote data
sources from within Windows Explorer The goal of
Federated Search is not to replace server repositories,
like Microsoft Office SharePoint Server, but to enable
these repositories to expose their search capabilities
through Windows and thus get more value out of the
repositories for users
file sharing The process of making files or folders
available to more than one user
folder redirection A technique for configuring
computers to access user profile data from an alternate
location Folder redirection is commonly used to store
user documents and data files on a shared folder
forced guest See ForceGuest
Forceguest A common term for one of the network
access models used by Windows XP that requires all network users to be treated as guests Beginning with Windows Vista, however, ForceGuest is no longer a supported setting; turning this setting on is not recommended
Full Volume Encryption Key (FVEK) The
algorithm-specific key used to encrypt (and optionally, diffuse) data on disk sectors Currently, this key can vary from
128 bits through 512 bits The default encryption rithm used on disk volumes is AES 128 bit with Diffuser
algo-FVEK See Full Volume Encryption Key (algo-FVEK)
ggadget A mini-application that can do almost any-
thing, including show news updates, display a picture slideshow, or show weather reports
gPT See GUID Partition Table (GPT)
group Policy preferences Lets you manage drive
mappings, registry settings, local users and groups, services, files, and folders without the need to learn a scripting language You can use preference items to reduce scripting and the number of custom system images needed, standardize management, and help secure your networks By using preference item-level targeting, you can streamline desktop management by reducing the number of GPOs needed
gUID Partition Table (gPT) A new disk-partitioning
technology that offers several advantages over MBR, including support for larger partitions and up to 128 partitions on a single disk
H
HAl See Hardware Abstraction Layer (HAL)
Hard-link Migration A new feature of the USMT for
Windows 7 that enables customers to install Windows Vista or Windows 7 on an existing computer while retaining data locally on that computer during operat-ing system installation
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 41656 Glossary
Hardware Abstraction layer (HAl) A feature of
Windows that simplifies how the operating system
accesses hardware by providing a single interface that
behaves identically across different platforms
helper See expert
high-volume deployment A deployment project that
involves a large number of computers
Homegroup A new networking feature of Windows 7
that makes it easier to share files and printers on a
home network You can share pictures, music, videos,
documents, and printers with other people in your
HomeGroup Other people can't change the files that
you share unless you give them permission to do so
hybrid image An imaging strategy that combines
thick and thin images In a hybrid image, you
config-ure the disk image to install applications on first run,
giving the illusion of a thick image but installing the
applications from a network source Hybrid images
have most of the advantages of thin images However,
they aren’t as complex to develop and do not require
a software distribution infrastructure They do require
longer installation times, however, which can raise initial
deployment costs
I
ICMP See Internet Control Message Protocol (ICMP)
IFilter A feature of the Windows search engine that
is used to convert documents in different formats into
plain text so they can be indexed IFilters are
also responsible for extracting a number of format-
dependent properties such as Subject, Author, and
Locale Microsoft provides IFilters for many common
document formats by default, while third-party vendors
such as Adobe provide their own IFilters for indexing
other forms of content
IID See Installation Identifier (IID)
image-based setup A setup process based on
applying a disk image of an operating system to the
computer
in place sharing See in profile sharing
in profile sharing Sharing a file or folder from within
your user profile Also known as in place sharing.
InPrivate Browsing Prevents Windows Internet
Explorer from storing data about your browsing session
InPrivate Filtering Helps prevent Web site content
pro-viders from collecting information about sites you visit
Installation Identifier (IID) A code generated by
combining a system’s hardware ID (created by scanning the system hardware) and the product ID (derived from the Windows installation) This code is transmitted to
a Microsoft activation clearinghouse during system activation
installation image An operating system image that
can be installed on a computer Unlike boot images, installation images cannot be booted directly from the image and must be deployed to a computer before running
IntelliMirror A set of change and configuration
management features based on Active Directory Domain Services that enables management of user and computer data and settings, including security data IntelliMirror also provides a limited ability to deploy software to workstations or servers running Microsoft Windows 2000 and later versions
Internet Control Message Protocol (ICMP) A Layer
3 protocol that IP applications use to test connectivity and communicate routing changes ICMP is most commonly used by the Ping tool
IPConfig A command-line tool that displays the
cur-rent network configuration
JJump list A list of recent items, such as files, folders,
or Web sites, organized by the program that you use
to open them In addition to being able to open recent items using a Jump List, you can also pin favorites to a Jump List so that you can quickly get to the items that you use every day
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 5Glossary
K
Kernel mode A processing mode provided by
x86-based processors that provides processes with
unrestricted access to memory and other system
resources Beginning with Windows Vista, only system
features and trusted drivers should run in Kernel mode
Key Management Service (KMS) An infrastructure
that simplifies tracking product keys in enterprise
environments
KMS See Key Management Service (KMS)
known folders Windows user profile folders that can
be redirected with Folder Redirection
l
legacy mode A Windows Deployment Services mode
that uses OSChooser and Riprep (sector-based) images
This mode is compatible with RIS Moving from RIS-only
functionality to legacy mode happens when you install
the Windows Deployment Services update on a server
that is running RIS
library A virtual container for users’ content A library
can contain files and folders stored on the local
computer or in a remote storage location In Windows
Explorer, users interact with libraries in a way similar
to the way they would interact with other folders
Libraries are built upon the known folders (such as My
Documents, My Pictures, and My Music) that users are
familiar with, and these known folders are automatically
included in the default libraries and set as the default
save location
lite Touch Installation (lTI) A deployment option in
MDT 2010 that deploys client computers with little
hu-man interaction An alternative deployment option, ZTI,
deploys client computers with no human interaction,
but that requires more preparation and engineering
time beforehand Therefore, LTI is more appropriate for
environments that deploy fewer computers See also
Microsoft Deployment Toolkit 2010 (MDT 2010), Zero
Touch Installation (ZTI)
local sharing The process of making files and folders
available to other users on the same computer Also
known as same computer sharing.
local user profile The default approach for storing
user profiles in Windows in which the user profile is stored on the computer’s hard disk
location-aware printing A new feature of Windows 7
and Windows Server 2008 R2 that makes the Default Printer setting location aware Mobile and laptop users can set a different default printer for each network to which they connect They may have a default printer set for home use and a different default printer set for the office Their computers can now automatically select the correct default printer depending on where the users are currently located
lTI See Lite Touch Installation (LTI)
M
MAK See Multiple Activation Key (MAK)
malware A term that describes a broad range of
mali-cious software, including viruses, worms, Trojan horses, spyware, and adware
managed service account A new feature of Windows 7
and Windows Server 2008 R2 that allows administrators
to create a class of domain accounts that can be used to manage and maintain services on local computers
Mandatory Integrity Control (MIC) A model in which
lower-integrity processes cannot access higher-integrity processes The primary integrity levels are Low, Medium, High, and System Windows assigns to each process an integrity level in its access token Securable objects such
as files and registry keys have a new mandatory ACE in the system ACL
mandatory label An ACE used by MIC mandatory user profile A user profile that cannot be
modified by the user Mandatory user profiles are useful for ensuring consistent desktop environments
Master Boot Record (MBR) The most common disk
partition system, MBR is supported by every version of Windows Gradually, MBRs are being replaced by GPTs
See also GUID Partition Table (GPT)
master computer A fully assembled computer
con-taining a master installation of Windows
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 61658 Glossary
master image A collection of files and folders
(some-times compressed into one file) captured from a master
installation This image contains the base operating
system as well as additional configurations and files
master index A single index formed by combining
shadow indexes by using a process called the master
merge See also master merge
master installation A Windows installation on a
master computer to be captured as a master image You
create the master installation by using automation to
ensure a consistent and repeatable configuration each
time See also master computer, master image
master merge The process of combining index
frag-ments (shadow indexes) into a single content index
called the master index See also master index
MBR See Master Boot Record (MBR)
MBSA See Microsoft Baseline Security Analyzer
(MBSA)
MBSAClI See Microsoft Baseline Security Analyzer
Command Line Interface (MBSACLI)
MIC See Mandatory Integrity Control (MIC)
Microsoft Baseline Security Analyzer (MBSA) A free
tool available for download from Microsoft com that
administrators can use to scan computers for security
vulnerabilities and missing security updates
Microsoft Baseline Security Analyzer Command
line Interface (MBSAClI) A command-line interface
for MBSA, which administrators can use to scan
com-puters for security vulnerabilities and missing security
updates from scripts See also Microsoft Baseline
Security Analyzer (MBSA)
Microsoft Deployment Toolkit 2010 (MDT 2010) An
SA that enables rapid deployment of Windows 7,
Windows Server 2008 R2, Windows Vista SP1, Windows
Server 2008, Windows XP SP3, and Windows 2003 SP2
MDT 2010 provides unified tools, scripts, and
docu-mentation for desktop and server deployment using an
integrated deployment console called the Deployment
Workbench
mixed mode A Windows Deployment Services mode
that supports both OSChooser and Windows PE for boot environments and Riprep and ImageX imaging Moving from legacy mode to mixed mode happens when you configure Windows Deployment Services and add wim image files to it
Multicast Multiple Stream Transfer A new feature
of Windows Deployment Services in Windows Server
2008 R2 that enables you to more efficiently deploy images to multiple computers across a network Instead
of requiring separate direct connections between deployment servers and each client, it enables deploy-ment servers to send image data to multiple clients simultaneously Windows 7 includes an improvement that allows servers to group clients with similar network bandwidth and stream at different rates to each group
so that total throughput is not limited by the slowest client
Multiple Activation Key (MAK) A limited-use product
key that can be used to activate Windows on multiple computers
Nname resolution The process of converting a host
name to an IP address
NAP See Network Access Protection (NAP)
native mode A Windows Deployment Services mode
that supports only the Windows PE boot environment and ImageX image files The final move to native mode occurs after you have converted all legacy images to the wim image file format and disabled the OSChooser functionality
Nbtstat A command-line tool used to display NetBIOS
networking information including cached NetBIOS computer names
Net A command-line tool used to perform a variety
of networking tasks including starting and stopping services, sharing resources, and connecting to shared resources
Netstat A command-line tool used to display
network-ing statistics
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 7Glossary
Network Access Protection (NAP) A feature
sup-ported by Windows Vista and later versions that uses
network authentication to validate the identity and
integrity of client computers before they are allowed to
connect to the network
Network Monitor A graphical tool that administrators
can use to capture and analyze network
communica-tions
Network Sharing The process of making a folder
available across the network
New Computer scenario In MDT 2010, a deployment
scenario that deploys the operating system and
applications to a computer that has not been previously
configured and therefore contains no user data See
also Microsoft Deployment Toolkit 2010 (MDT 2010)
nondestructive imaging A deployment technique
supported by ImageX and Windows Setup in which an
operating system image is deployed without destroying
the existing data
novice In a Remote Assistance (RA) scenario, the user
seeking assistance
Nslookup A command-line tool used to test DNS
name resolution
O
OEM See Original Equipment Manufacturer (OEM)
offered Remote Assistance (RA) See unsolicited
Remote Assistance (RA)
Office genuine Advantage (OgA) An initiative that
tracks the product keys from licensed versions of
Microsoft Office programs to ensure that they are not
reused on other computers Users who validate their
copies of Microsoft Office products gain access to
add-ins and updates to those products
offline In the context of preparing an image for
deployment, when the operating system is not started
and changes or updates are made directly to the image
Offline Files A feature of Windows that locally stores a
copy of a file located on a shared folder Windows can
then access the local copy of the file if the user needs
it while disconnected from the network Windows includes technology for synchronizing Offline Files that have been modified and resolving synchronization conflicts
OgA See Office Genuine Advantage (OGA)
online In the context of preparing an image for
deployment, when the operating system is started and changes or updates are made while Windows is running
Original Equipment Manufacturer (OEM) An
organization that designs and manufactures computer hardware
P
P2P See peer-to-peer (P2P)
package A group of files that Microsoft provides to
modify Windows features Package types include service packs, security updates, language packs, and hotfixes
panning hand A specialized cursor that enables
drag-ging a page
Patchguard Microsoft’s kernel patch protection
tech-nology for 64-bit versions of Windows that is designed
to prevent unauthorized and unsupported access to the kernel It prohibits all software from performing unsup-ported patches
PathPing A command-line tool used to test
connec-tivity to an endpoint PathPing collects connecconnec-tivity statistics for every gateway between the client and the tested endpoint and displays latency and availability statistics for every node
PCR See platform configuration register (PCR)
Peer Name Resolution Protocol (PNRP) A
mecha-nism for distributed, serverless name resolution of peers
in a P2P network See also peer-to-peer (P2P)
peer-to-peer (P2P) A method for communicating
directly between client computers without involving a separate server In Windows Vista and later versions, P2P refers to a set of networking and collaboration technologies that are used by Windows Meeting Space and other applications
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 81660 Glossary
pen flick A Tablet PC pen technique that enables
users to call menu commands by moving the pen using
various gestures
People Near Me A subnet-level system that enables
users who are signed on to this service to automatically
publish their availability onto the local subnet and
discover other users using the Web Services Dynamic
Discovery (WS-Discovery) protocol Once users are
published using People Near Me, they can be invited to
start activities such as Windows Meeting Space
personal identification number (PIN) This is an
administrator-specified secret value that must be
entered each time the computer starts (or resumes
from hibernation) The PIN can have 4 to 20 digits and
internally is stored as a 256-bit hash of the entered
Unicode characters This value is never displayed to the
user in any form or for any reason The PIN is used to
provide another factor of protection in conjunction with
TPM authentication See also Trusted Platform Module
(TPM)
phishing A form of Internet fraud that aims to steal
valuable information such as credit cards, Social
Secu-rity numbers, user IDs, and passwords A fake Web site
is created that is similar to that of a legitimate
organiza-tion, typically a financial institution such as a bank or
in-surance company An e-mail is sent requesting that the
recipient access the fake Web site and enter personal
details including security access codes The page looks
genuine because it is easy to fake a valid Web site
Any HTML page on the Web can be modified to suit a
phishing scheme
PIN See personal identification number (PIN)
Ping A command-line tool used to test connectivity to
an endpoint
Planning Phase A phase in a MDT 2010 deployment
in which the deployment team lays the groundwork for
the deployment See also Microsoft Deployment Toolkit
2010 (MDT 2010)
platform configuration register (PCR) A register of a
TPM This register is sufficiently large to contain a hash
(currently only SHA-1) A register can normally only be
extended, which means that its content is a running
hash of all values that are loaded to it To learn when these registers are reset, refer to the TCG specification
document See also Trusted Platform Module (TPM)
PNRP See Peer Name Resolution Protocol (PNRP)
Point-to-Point Tunneling Protocol (PPTP) A
net-working technology that supports multiprotocol VPNs This enables remote users to securely access corporate
or other networks across the Internet, to dial into an ISP,
or to connect directly to the Internet PPTP tunnels, or encapsulates, IP or IPX banter traffic inside IP packets This means that users can remotely run applications that depend on particular network protocols PPTP is described in RFC 2637
PortQry A command-line tool that tests connectivity
to a network service by attempting to establish a TCP connection to an endpoint
PPTP See Point-to-Point Tunneling Protocol (PPTP)
Pre-Boot Execution Environment (PXE) A
DHCP-based remote boot technology used to boot or install
an operating system on a client computer from a remote server A Windows Deployment Services server
is an example of a PXE server
Print Management An MMC snap-in that
administra-tors can use to manage printers, print servers, and print jobs across an enterprise
printer driver isolation A new feature of Windows 7
and Windows Server 2008 R2 that lets you configure printer driver features to run in an isolated process separate from the print spooler process By isolating the printer driver, you can prevent a faulty printer driver from stopping all print operations on a print server, which results in a significant increase in server reliability
Printer Migrator A tool for backing up printer
con-figurations on print servers so that the configuration can be moved between print servers or consolidated from multiple servers onto a single server A command-line version (Printbrm exe) is also available
product key A code used to validate installation media
such as CDs during installation Product keys, also known as CD keys, do not prove licensing for a product, but they do discourage casual copying of software All
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 9Glossary
Windows product keys use five groups of five
charac-ters, with the format
XXXXX-XXXXX-XXXXX-XXXXX-XXXXX.
protocol handler A feature of the Windows search
engine that is used to communicate with and
enumer-ate the contents of stores such as the file system, MAPI
e-mail database, and the CSC or offline files database
See also client-side cache (CSC)
proximity A measurement of the network latency
between two computers For Windows Media Sharing
to work, the network latency between two computers
must be 7 milliseconds or less
Punycode The self-proclaimed “bootstring encoding”
of Unicode strings into the limited character set
sup-ported by DNS, as defined in RFC 3492 The encoding
is used as part of IDNA, which is a system enabling the
use of internationalized domain names in all languages
that are supported by Unicode where the burden of
translation lies entirely with the user application (such
as a Web browser)
PXE See Pre-Boot Execution Environment (PXE)
R
RAC See Reliability Analysis Component (RAC)
Reliability Analysis Component (RAC) A Windows
feature that gathers and processes reliability data
Replace Computer scenario In MDT 2010, a
deploy-ment scenario that involves giving a new computer
to an existing user In this scenario, the user receives
a new computer, and the user’s data is migrated to
the replacement computer to minimize impact on the
user See also Microsoft Deployment Toolkit 2010 (MDT
2010)
requested execution level manifest An application
marking that indicates the privileges required by the
application Windows uses the requested execution
level manifest, among other factors, to determine
whether to provide a UAC prompt to the user to elevate
privileges when the application is run
Roaming User Profile An alternative approach for
storing user profiles that involves storing them on a
shared folder on the network Roaming user profiles provide simplified backup and enable users to use the same profile on different computers
S
SAM See Software Asset Management (SAM) same computer sharing See local sharing
screen scraping A technique for automating
applica-tions by simulating keystrokes as if a human were sitting
at the keyboard Screen scraping is the least reliable automation technique and should be used only when
no other automation option is available
Server Message Block (SMB) A network protocol
used for file and printer sharing
Server Performance Advisor (SPA) A report that
provides a summary of logged performance data
shadow index A temporary index created during the
indexing process The shadow indexes created during indexing are later combined into a single index called
the master index.
sharing The process of making files, folders, printers,
or other resources available to other users
shatter attack An attack in which a process attempts
to use Windows messages to elevate privileges by injecting code into another process
Simple Service Discovery Protocol (SSDP) This
protocol forms the basis of the discovery protocol used
by UPnP and PNRP
single instance storage A technique for storing
multi-ple Windows images efficiently and in a single location The deployment engineer configuring a computer has the option to select one of the images for deployment from the client computer
Sleep A new power state that combines the quick
resume time of Standby with the data-protection benefits of Hibernate
slipstreaming The process of integrating a service
pack into operating system setup files so that new computers immediately have the service pack installed
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 101662 Glossary
SMB See Server Message Block (SMB)
SME See subject matter expert (SME)
SMS See Systems Management Server (SMS)
sniffer A tool such as Network Monitor that collects
network communications Sniffers are also known as
protocol analyzers
Software Asset Management (SAM) An initiative
promoted by Microsoft as a way to maintain accurate
inventories of installed and licensed software This
practice helps organizations maintain legally licensed
versions of all the software they need
solicited Remote Assistance (RA) A Remote
Assis-tance request initiated by the novice (the user seeking
help) Also known as escalated Remote Assistance (RA)
SPA See Server Performance Advisor (SPA)
SSDP See Simple Service Discovery Protocol (SSDP)
stabilizing phase In deployment, the phase that
addresses the testing of a solution that is feature
complete This phase typically occurs when pilots are
conducted, with an emphasis on real-world testing
and with the goal of identifying, prioritizing, and fixing
bugs
stack A list of memory locations that identify the
calling methods of return locations Windows uses the
stack to remember the location to return to when a
called method has finished running
start address A URL that points to the starting
loca-tion for indexed content When indexing is performed,
each configured starting address is enumerated by a
protocol handler to find the content to be indexed
Starter gPO Collections of preconfigured
administra-tive templates in Windows 7 that IT professionals can
use as standard baseline configurations to create a
live GPO They encapsulate Microsoft best practices,
containing recommended policy settings and values for
key enterprise scenarios IT professionals also can create
and share their own Starter GPOs based on internal or
industry regulatory requirements
startup key A key stored on a USB flash drive that
must be inserted every time the computer starts The startup key is used to provide another factor of protec-
tion in conjunction with TPM authentication See also
Trusted Platform Module (TPM)
Stop error An error that Windows raises when a Kernel
mode process has been compromised or has enced an unhandled exception
experi-subject matter expert (SME) A person who is skilled
in a particular topic During deployment, you should use SMEs to help in the planning, development, and stabilizing processes SMEs are users who are most fa-miliar with the applications and data to migrate (though despite their name, they are not necessarily experts), and they’re usually stakeholders in seeing that the pro-cess is properly performed
subscription Provides the ability to collect copies of
events from multiple remote computers and store them locally
supplemental application An application installed
on a select few computers in your environment, such
as specialized applications used by individual groups Supplemental applications are in contrast to core ap-plications, which are installed on most computers
Sync Center A tool that provides a user interface for
managing content synchronization activities including redirected folders and other folders marked for offline use
System Starter gPO A read-only GPO that provides a
baseline of settings for a specific scenario Like Starter GPOs, System Starter GPOs derive from a GPO, let you store a collection of Administrative template policy set-
tings in a single object, and can be imported See also
Starter GPO
Systems Management Server (SMS) A Microsoft
computer management infrastructure used to improve administrative efficiency and help distribute and manage software
Ttask sequence A series of actions to run on a destina-
tion computer to install Windows and applications and
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 11Glossary
then configure the destination computer In MDT 2010,
the task sequence is part of a build, and the feature
responsible for executing the task sequence is the Task
Sequencer See also Microsoft Deployment Toolkit 2010
(MDT 2010)
Task Sequencer The MDT 2010 feature that runs the
task sequence when installing a build See also
Microsoft Deployment Toolkit 2010 (MDT 2010)
TCP receive window size The number of bytes that a
TCP/IP host can transmit without receiving a response
from the remote computer The TCP receive window
size can have a significant impact on performance If the
size is too large and the network is unreliable, a great
deal of data might need to be retransmitted if data is
lost If the size is too small, utilization is unnecessarily
low while the sending computer waits for confirmations
from the receiving computer
technician computer The computer on which you
install MDT 2010 or Windows SIM This computer is
typically in a lab environment, separated from the
pro-duction network In MDT 2010, this computer is usually
called the build server See also Microsoft Deployment
Toolkit 2010 (MDT 2010)
Telnet A protocol and tool for remotely managing
computers using a text-based interface similar to a
command prompt
Test TCP A network troubleshooting tool for testing
TCP connectivity between two computers
thick image An operating system installation image
that contains core, and possibly supplemental,
applica-tions Thick images simplify deployment by installation
applications alongside the operating system However,
because they are more specialized, you typically require
more thick images than thin images
thin image An operating system installation image
that contains few if any core applications Thin images
have the advantage of being applicable to a larger
number of computers in your organization than a thick
image, which is more specialized
TPM See Trusted Platform Module (TPM)
Trusted Platform Module (TPM) The Trusted
Platform Module is a hardware device defined by the Trusted Computing Group (TCG) A TPM provides
a hardware-based root of trust and can be used to provide a variety of cryptographic services Version 1 2 TPMs with TCG-compliant BIOS upgrades allow BitLocker to provide drive encryption as well as integrity checking of early boot features, which helps prevent tampering and provides a transparent startup experience
U
UIPI See User Interface Privilege Isolation (UIPI)
Unattend.xml The generic name for the Windows
answer file Unattend xml replaces all the answer files in earlier versions of Windows, including Unattend txt and Winbom ini
unhandled exception An error that is not processed
by an application When a User mode process has an unhandled exception, the process is closed and Windows can present the user with an opportunity to send an error notification to Microsoft When a Kernel mode process has an unhandled exception, a Stop error occurs
unsolicited Remote Assistance (RA) A Remote
Assis-tance request initiated by the expert (the user offering
help) Also known as offered Remote Assistance (RA).
Upgrade Computer scenario In MDT 2010, a
deploy-ment scenario that deploys a new version of Windows
to an existing computer that has an earlier version of Windows installed The Upgrade Computer scenario
preserves user data See also Microsoft Deployment
Toolkit 2010 (MDT 2010)
URl-based Quality of Service A new feature of
Windows 7 and Windows Server 2008 R2 that enables
IT administrators to use Group Policy settings to tize Web traffic based on a URL With URL-based QoS,
priori-IT administrators can ensure critical Web traffic receives appropriate prioritization, improving performance on busy networks
User Broker A feature of Protected mode in Windows
Internet Explorer that provides a set of functions that lets the user save files to areas outside low-integrity areas
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 121664 Glossary
User Interface Privilege Isolation (UIPI) A feature
of Windows that blocks lower-integrity processes from
accessing higher-integrity processes This helps protect
against shatter attacks See also shatter attack
User mode A processing mode provided by x86-based
processors that provides only limited access to memory
and other system resources Processes that run in User
mode can access memory allocated to the process, but
must be elevated to Kernel mode by calling system APIs
before the process can access protected resources
user profile The set of user documents and settings
that make up a user’s desktop environment
user profile namespace The hierarchy of folders
within a user’s profile folder
user state The data files and settings associated with a
user profile
user state migration The process of transferring user
files and settings from one computer to another or
from an older version of Windows to a newer version of
Windows installed on the same computer
V
VHD Boot The Windows 7 bootloader can be
con-figured to start Windows from a VHD file exactly as
though the VHD file were a standard partition Simply
copy the VHD file to the local computer and then use
BCDEdit exe to add an entry to the boot menu for the
VHD file Windows 7 can also mount VHD files in the
Disk Management console as if they were native
partitions
View Available Networks A new feature of wireless
networking in Windows 7 that lets users display
avail-able wireless networks and quickly choose one to
connect to
VMK See Volume Master Key (VMK)
Volume license A license purchased from Microsoft
or another software vendor to use multiple copies of an
operating system or program
Volume Master Key (VMK) The key used to encrypt
the FVEK
VPN Reconnect A new feature of Windows 7 that
provides seamless and consistent VPN connectivity
by automatically re-establishing a VPN connection if users temporarily lose their Internet connection For example, if a user connected over mobile broadband passes through an area without reception, Windows 7 automatically reconnects any active VPN connections once Internet connectivity is reestablished
WWake on Wireless lAN (WoWlAN) A new feature of
Windows 7 that can reduce electricity consumption by enabling users and IT professionals to wake computers connected to wireless networks from Sleep mode remotely Because users can wake computers to access them across the network, IT professionals can configure them to enter the low-power Sleep mode when not in use
WAU See Windows Anytime Upgrade (WAU) WCS See Windows Color System (WCS)
Web Services for Devices (WSD) A new type of
network connectivity supported by Windows Vista and later versions WSD enables users to have a Plug and Play experience similar to that of USB devices, except over the network instead of for locally connected devices
WER See Windows Error Reporting (WER) WgA See Windows Genuine Advantage (WGA)
.wim A file name extension that identifies Windows
image files created by ImageX
Windows AIK See Windows Automated Installation Kit
(Windows AIK)
Windows Anytime Upgrade (WAU) An upgrade
service primarily intended for home users that allows upgrades from one edition of Windows to a more advanced edition
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 13Glossary
Windows Automated Installation Kit (Windows
AIK) A collection of tools and documentation that you
can use to automate the deployment of the Windows
operating system Windows AIK is one of several
resources that you can use to deploy Windows; for
example, tools and software such as MDT 2010 and
Microsoft System Center Configuration Manager use
features of Windows AIK to create system images and
automate operating system installations
Windows Color System (WCS) A feature that works
with the Windows print subsystem to provide a richer
color printing experience that supports wide-gamut
printers (inkjet printers that use more than four ink
colors) for lifelike printing of color photos and
graphic-rich documents
Windows Defender A feature of Windows that
provides protection from spyware and other potentially
unwanted software
Windows Easy Transfer The feature in Windows 7
and Windows Vista that replaces the Windows XP Files
And Settings Transfer Wizard This tool leads the user
through a series of pages to determine how much data
to migrate and which migration method (disc or
remov-able media, direct cremov-able connection, or network) to use
Windows Error Reporting (WER) The client
fea-ture for the overall Watson Feedback Platform (WFP),
which allows Microsoft to collect reports about failure
events that occur on a user’s system, analyze the data
contained in those reports, and respond to the user in a
meaningful and actionable manner WER is the
technol-ogy that reports user-mode hangs, user-mode faults,
and kernel-mode faults to the servers at Microsoft or to
an internal error-reporting server
Windows genuine Advantage (WgA) A Microsoft
initiative to ensure that users of copied Windows
operating systems become aware of their counterfeit
versions By recording the product key and a signature
from the computer’s BIOS, Microsoft can effectively
determine when retail versions of Windows have been
copied and when volume-activated versions of
Windows have been excessively distributed
Windows Imaging A single compressed file containing
a collection of files and folders that duplicates a Windows installation on a disk volume
Windows PowerShell Integrated Scripting ment (ISE) A GUI for Windows PowerShell that lets
Environ-you run commands and write, edit, run, test, and debug scripts in the same window It offers up to eight inde-pendent execution environments and includes a built-in debugger, multiline editing, selective execution, syntax colors, line and column numbers, and context-sensitive Help
Windows PowerShell Modules Windows PowerShell
modules let you organize your Windows PowerShell scripts and functions into independent, self-contained units You can package your cmdlets, providers, scripts, functions, and other files into modules that you can distribute to other users Modules are easier for users to install and use than Windows PowerShell snap-ins
Windows PowerShell Remoting A feature introduced
in Windows PowerShell 2 0 that lets you run Windows PowerShell commands for automated or interactive remote management
Windows Product Activation (WPA) A way to ensure
that customers are using genuine Windows operating systems purchased from Microsoft resellers This tool, which began with Windows XP, defeated casual copying
of Windows XP by ensuring that other systems had not recently been activated with the same product key
Windows Server Update Services (WSUS) A free
server tool available for download from Microsoft com that administrators can use to manage which updates are distributed to computers running Windows on their internal network
Windows System Assessment Tool (WinSAT) A
command-line tool included with Windows for ing the features, capabilities, and attributes of computer hardware
assess-Windows Troubleshooting Packs Collections of
Windows PowerShell scripts that attempt to diagnose
a problem and, if possible, solve the problem with the user’s approval Windows 7 includes 20 built-in Trouble-shooting Packs that address more than 100 root causes
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 141666 Glossary
of problems Troubleshooting Packs can also perform
ongoing maintenance of a specific feature
Windows Virtual PC A new optional feature that you
can use to evaluate and migrate to Windows 7 while
maintaining compatibility with applications that run on
older versions of Windows This feature is available as a
downloadable update package for Windows 7
WinSAT See Windows System Assessment Tool
(WinSAT)
WPA See Windows Product Activation (WPA)
WSD See Web Services for Devices (WSD)
WSUS See Windows Server Update Services (WSUS)
X
XMl Paper Specification (XPS) A set of conventions
for using XML to describe the content and appearance
of paginated documents
XPS See XML Paper Specification (XPS)
z
zero Touch Installation (zTI) A MDT 2010
deploy-ment option that fully automates the deploydeploy-ment of
client computers During a ZTI installation, the Windows
operating system and all applications are automatically
deployed the first time a computer is connected to the
network and turned on See also Microsoft Deployment
Toolkit 2010 (MDT 2010)
zTI See Zero Touch Installation (ZTI)
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 15access control entry (ACE), 898
access control list (ACL), 324, 1236
access tokens, 70, 1126
ACE (access control entry), 898
ACL (access control list), 324, 1236
ACM (Application Compatibility
Manager)
configuring, 155–156defined, 143, 145Quick Reports area, 158testing and mitigation issues, 169–178
ACPI (Advanced Configuration and
Compatibility Administrator, 153,
169, 173–177compatibility evaluators, 147–148configuring, 155–156
functionality, 128, 143–145, 902hardware requirements, 154installing, 155
migrating user state data, 233planning considerations, 148–153, 250
preparation process, 153–154software requirements, 153support topologies, 146synchronizing data, 167ACT Community, 162, 164ACT database, 145–146, 153, 167ACT Log Processing Service, 145–146, 154–155
ACT Log Processing share, 145–146,
152, 154Action Centerconfiguring WER, 1029–1033functionality, 12
notification area changes, 6Reliability Monitor support, 1477Remote Desktop support, 388Windows Defender support, 39Windows Memory Diagnostics, 1496
actionsbulk print, 790–791defining, 996–997functionality, 985activation count cache, 339–340activation threshold, 339Active Directory And Computers MMC snap-in, 297, 325Active Directory Domain Services
See AD DS (Active Directory Domain
Services)ActiveX controls, 1125ActiveX Data Objects, 276
AD DS (Active Directory Domain Services)
802 1x authentication, 1201–1202configuring UAC, 1135
connection considerations, 1223–1224
DirectAccess support, 1303Group Policy support, 61, 152, 481GUID support, 324
implementing Folder Redirection, 562–563
key management and, 64KMS support, 341logon considerations, 60preparing for BitLocker, 658pre-staging client computers, 325publishing printers, 783–784roaming user profiles, 533Windows Deployment Services support, 297, 304
Windows Firewall support, 50Adaptive Display Brightness, 17Add Features Wizard, 858Add Printer Wizard, 792–793, 801–802
Add-BitsFile cmdlet, 1093Add-on Manager, 906address autoconfiguration, 1383–1385
Address Resolution Protocol (ARP),
1196, 1381–1382Address Space Layout Randomization (ASLR), 59
ADM (Administrative Template) filescomparison to ADMX files, 494, 518–520
filtering policy settings, 486functionality, 482
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 16admin Broker process
setting enhancements, 487Admin Broker process, 901
administrative privileges
security considerations, 71UAC considerations, 1121–1122, 1129–1131, 1133
Administrative Template (ADM) files
See ADM (Administrative Template)
trustworthy, 65UAC considerations, 1126–1128Administrators group, 1121
AdminStudio tool, 263
ADML (Architecture Description
Markup Language), 484
ADMX Migrator, 518–520
ADMX template files
adding to central store, 497, 503–504
considerations when working with, 497–498
domain storage, 496functionality, 484, 494local storage, 496migrating ADM templates, 518–520
registry considerations, 495types supported, 495Advanced Configuration and Power
Interface (ACPI), 681, 732
Advanced Group Policy Management
(AGPM), 392, 521
Advanced Query Syntax (AQS), 822
AEM (Agentless Exception
Monitoring), 1019
Aero interface, 7, 15
Aero Peek feature, 6
Aero Shake feature, 7
Aero Snap feature, 7
allow list, 910Alt + Tab combination, 7AMD-V feature, 144answer filesautomating Windows PE, 289deployment process overview, 106functionality, 87, 91–92
platform interconnection, 90Windows SIM support, 87, 91–92Anti-Phishing Working Group, 909antivirus software, 205, 1107, 1632anycast addresses, 1374
API (application programming interface)
biometric support, 79EAPHost support, 1208–1209improved peer networking, 1206–1207
Layered Service Provider support, 1209
NAP support, 57, 1160Network Awareness, 1205–1206NLA support, 1240
notification-based indexing, 846Pacer sys driver support, 1176SUA support, 172
Windows Deployment Services support, 297
Windows PE support, 95, 276WSD support, 1209APIPA (Automatic Private IP Addressing), 1217, 1375, 1383AppHelp messages, 174, 176–177
application compatibility See also
ACT (Application Compatibility Toolkit)
Application Virtualization, 145assessing, 162–163
checking, 1632creating and assigning categories, 159–161
defined, 140deployment considerations, 149–152
filtering data, 166–167identifying missing applications, 168
Internet Explorer considerations, 901–902
managing issues, 164–166migration considerations, 132–133mitigation issues, 169–178primary testing tools, 141–145prioritizing compatibility data, 161–162
Program Compatibility Assistant, 142
Program Compatibility troubleshooter, 142rationalizing application inventory, 168–169
reasons for failure, 140–141selecting specific versions, 168–169
setting deployment status, 163–164
testing, 127–128, 169–178troubleshooting, 24UAC considerations, 1133–1134user profile namespace issues, 540–545
Windows XP Mode, 144Application Compatibility Manager
See ACM (Application Compatibility
Manager)Application Compatibility Toolkit
See ACT (Application Compatibility
Toolkit)Application Compatibility Toolkit Data Collector, 143
Application Data folder, 535application deploymentadding to deployment shares, 189–194, 265–267
adding to task sequence, 190, 205App-V support, 391
automating installation, 252, 257–261
choosing deployment strategy, 253–256
choosing sample data, 236injecting disk images, 264–269installing applications, 268–269
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 17Best Effort (BE)
manipulating dependencies, 193–194, 267–268
migrating user state data, 232planning deployment, 127–128, 249–253
preparing lab environment, 248repackaging legacy applications,
252, 262–264Windows PE support, 284application fixes, 173–176
application mitigation packages, 174,
177–178
application packaging software See
packages
application programming interface
See API (application programming
functionality, 61, 66–67, 390Group Policy support, 487rule types supported, 1143–1146software restriction policy comparison, 1142–1143Windows PowerShell support, 1149AppStations, 151
App-V (Application Virtualization),
145, 391–392
AQS (Advanced Query Syntax), 822
Architecture Description Markup
Sysprep tool support, 94Windows Firewall support, 1288–1290
Auditpol /get command, 76Auditpol /set command, 78authentication
802 1x support, 1199–1202BitLocker support, 648IKEv2 support, 1298–1301, 1333
IP address, 50logon considerations, 60PIN, 645
smart cards and, 79VPN Reconnect support, 1297VPN support, 1315–1316, 1332–1333
Auto-Cast transmissions, 330Automatic Private IP Addressing (APIPA), 1217, 1375, 1383Automatic Updates, 41, 43automatic variables, 406, 413, 426Autoruns tool, 389
Autounattend xml file, 87availability (CIA triad), 64
B
Background Intelligent Transfer
Service See BITS (Background
Intelligent Transfer Service)backtick character, 426backup/restore considerationsAction Center support, 12backup process overview, 625–626best practices, 632
BitLocker support, 64file and folder backup structure, 626–628
functionality, 624–625Group Policy settings, 632–634
manipulating previous versions, 634–639
reinstalling Windows, 1456–1457software updates, 1108System Image backups, 628–632Windows NT Backup-Restore utility, 389
BAD_POOL_CALLER (Stop message), 1621–1623
bandwidth considerations, 1089,
1093, 1106, 1176Base Filter Engine (BFE), 1232–1233batteries, 16–17
BBE (Better than Best Effort), 1177BCD registry file
additional information, 1423backing up/restoring settings, 1441–1442
enhancements, 1420manually updating, 1454modifying, 1421ntldr entry, 1423, 1443overview, 1420–1421removing boot entries, 1444viewing settings, 1441BCD stores, 1422–1423BCD WMI provider, 1421BCDboot tool, 96, 277BCDEdit exe utilitybacking up/restoring settings, 1441–1442
changing boot menu time-outs, 1442–1443
changing defaults, 1442changing menu item order, 1443creating entries for other OSs, 1443–1444
functionality, 1440–1441global debugger settings, 1445interpreting output, 1441modifying BCD registry file, 1421, 1424
removing boot entries, 1444BDD_Welcome_ENU xml file, 220BDT (Bitmap Differential Transfer), 587
BE (Best Effort), 1177Behavior xml file, 708Best Effort (BE), 1177
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 18beta testing
beta testing, 1114
Better than Best Effort (BBE), 1177
BFE (Base Filter Engine), 1232–1233
BgInfo tool, 389
BitLocker Drive Encryption
clear key, 646, 657configuring data recovery agent, 658–659
cost considerations, 662data theft and, 44decommissioning permanently, 657–658
disabling, 656–657enabling on data volumes, 652–653enabling on system volumes, 650–652
external key support, 646functionality, 61–66, 390, 641–643indexing considerations, 856managing from command line, 653–655
managing on local computer, 653managing with Group Policy, 659–661
MDT solution framework, 116phases, 648–649
preparing AD DS, 658protecting data, 643–646, 650recovering protected data, 655–656
recovery password, 646removing, 656–657TPM support, 643–646Windows Setup support, 94BitLocker Drive Preparation Tool, 650
BitLocker Repair Tool, 656
thin image strategy, 255Bitsadmin exe tool, 386, 1093
blackhole routers, 1548
Bluetooth protocol, 1516
Boolean logic, 209boot code, 1428boot imagesadding driver packages, 323capturing custom, 327–329importing, 315–316MDT support, 331staging, 285boot logs, 1461–1462, 1465–1466
Boot Manager See Windows Boot
ManagerBoot ini file, 1420Boot wim file, 91bootable media, creating, 285–288bootable partitions, 1428BootPRO tool, 1421Bootrec exe tool, 1424, 1451–1452Bootsect tool, 97, 277, 1424, 1454BootStrap ini file, 372
BranchCachearchitectures supported, 1185benefits, 1305–1306
configuring, 1187–1188Distributed Cache mode, 15, 1186–1187, 1306
functionality, 390, 1185, 1294, 1306
Hosted Cache mode, 15, 1185–1186, 1306implementing, 1307performance improvement, 15protocols supported, 1188–1189, 1307
SMB support, 1189web browsing considerations, 1189–1190
break statement (Windows PowerShell), 443
BrmDrivers xml file, 790BrmForms xml file, 790BrmLMons xml file, 790BrmPorts xml file, 790BrmPrinters xml file, 790BrmSpooolerAttrib xml file, 790broker process, 900
browsersBranchCache considerations, 1189–1190
Network Explorer support, 1168
protecting against malware, 41–42, 1157
buffer overflow attacks, 58, 903–904BUGCODE_USB_DRIVER (Stop message), 1627
Build SMF, 120–121built-in diagnostics, 1491–1499bundling malware, 39–40BYE message, 1171
C
CA (certification authority), 1223,
1230, 1304cachingclient-side, 587, 599, 607–608disabling nonvolatile, 1506transparent, 589–590calcs command, 281Capture utility, 297Case Else statement (VBScript), 449catalogs
automating Windows PE, 289default indexing scopes, 838default system exclusion rules, 835–836
defined, 88, 827FANCI bit, 836–837files/subfolders structure, 833–835functionality, 832–833
initial configuration, 838
cd command, 404central store, 484, 497, 502–504CER (Corporate Error Reporting), 1019
certificates See personal certificates
certification authority (CA), 1223,
1230, 1304Challenge Handshake Authentication Protocol (CHAP), 1315–1316channels, 965–966
CHAP (Challenge Handshake Authentication Protocol), 1315–1316ChkDsk tool
BitLocker support, 651examples, 1501functionality, 1500–1501graphical interface support, 1503NTFS support, 1503–1505scheduling considerations, 1503
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 19Control panel
self-healing NTFS comparison, 1481
syntax, 1501–1502System Recovery limitations, 1424time considerations, 612
CI (Code Integrity), 53
CIA triad, 64
CID (confirmation ID), 344
CIDR (Classless Inter-Domain Routing)
notation, 1373
CIFS (Common Internet File System)
See SMB (Server Message Block)
CIM (Common Information Model),
CMID support, 339–340deploying driver packages to, 317–321
grouping, 367–368pre-staging, 325print management, 792–804VAMT support, 344Client-Side Rendering (CSR), 762
Cmd exe (command prompt), 388
cmdlets See also specific cmdlets
alias support, 410, 413AppLocker support, 1149BITS support, 1093–1094filtering output, 416–418functionality, 385, 397gathering event information, 978–982
gathering performance data, 954–955
Group Policy support, 486, 509–511
naming convention, 397, 399output objects, 419–421parameter considerations, 411–412property considerations, 414verbs supported, 399–402wildcard characters, 412, 414CMID (client machine identification), 339–340
CNG (Crypto Next Generation) services, 58
Code Integrity (CI), 53CodeRed worm, 58Color Management CPL,, 800COM (Component Object Model), 508
command lineconfiguring disk quotas, 671–672configuring network settings, 1220–1221
configuring RDC, 1357configuring wireless settings,
1211, 1213–1215managing BitLocker, 653–655Remote Assistance support, 1055–1058
System Image backups, 628–629transitioning Windows PowerShell scripts, 425–427
WinSAT tool support, 1011Command Prompt tool, 1424Common Information Model (CIM), 384
Common Internet File System (CIFS)
See SMB (Server Message Block)
Common Language Runtime (CLR), 278
comparison operators, 446–447Compatibility Administrator toolACT support, 169
creating AppHelp messages, 176–177
creating compatibility fixes, 174–176
creating compatibility mode, 176creating custom databases, 174
process flow, 173starting, 174system requirements, 153terminology supported, 173–174compatibility evaluators, 147–148, 157
compatibility mode, 173, 176Complete-BitsTransfer cmdlet, 1093Component Object Model (COM), 508
components, 88, 91–92Computer Browser service, 1170Conditions list
filtering groups, 206
If statements, 208operating system versions, 209task sequence variables, 207–208WMI queries, 209–210
confidentiality (CIA triad), 64Config xml file, 241
Configuration Manager See SCCM
(System Center Configuration Manager)
configuration passes, 88, 90–91, 107configuration sets, 88
confirmation ID (CID), 344constant special item ID list (CSIDL), 535–537
Contacts subfolder, 537Control Panel
Add Hardware utility, 696configuring index location, 851configuring indexing encrypted files, 856
configuring indexing scopes, 852–853
configuring indexing similar words, 857
configuring indexing text in TIFF documents, 858
configuring Offline Files indexing, 855
configuring power management, 733–734
configuring UAC, 1139Devices And Printers, 764Display utility, 683–684enabling BitLocker, 63Folder Options, 863–865
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 20Cookies folder
Indexing Options, 838, 847, 857managing Offline Files, 595–596managing Windows Firewall, 1262Power Options utility, 733–734WBF support, 79
BranchCache support, 1185–1190DNSSec support, 488, 1190efficiency considerations, 1191–1195
GreenIT, 1190–1191improved reliability, 1197IPv6 support, 1198–1199scalability considerations, 1196–1197
Server Message Block, 1202–1203strong host model, 1203Volume Activation scenario, 345, 347
wireless networking, 1203–1205Corporate Error Reporting (CER),
1019
corporate roaming See Folder
Redirection technology; roaming
user profiles
crawl scopes, 827, 838
Create Task dialog box
Actions tab, 996–997Conditions tab, 997–999depicted, 991
General tab, 991Settings tab, 999–1001Triggers tab, 992–996create vdisk command, 620
Credentials Manager, 984, 987Cross-Site Scripting (XSS), 74Crypto Next Generation (CNG) services, 58
CSC See client-side caching
CSIDL (constant special item ID list), 535–537
CSR (Client-Side Rendering), 762Ctrl + Alt + Delete combination, 1046CustomSettings ini file
adding custom migration files, 245configuring, 361–362
customizing, 371–372depicted, 243properties supported, 362–363providing credentials, 360Refresh Computer scenario, 364
D
DaRT (Diagnostics and Recovery Toolset), 392
Data Collection Package See DCP
(Data Collection Package)data collector sets
as diagnostic tools, 1492–1493configuring, 946–947creating, 943–945starting/stopping logging, 949troubleshooting support, 1545–1546
types supported, 942viewing performance data, 947–951
viewing properties, 947data collectors, 942Data Encryption Standard (DES), 1312–1315
Data Execution Prevention (DEP), 55,
58, 75Data Manager, 947–949data recovery agent, configuring, 658–659
data storeschoosing location, 234–235defined, 133
local, 234–235remote, 235specifying location, 243–244
data theftblocking IDN spoofing, 914–916copying confidential files, 45–46deleting browser history, 913–914phishing, 909–913
physical theft of device, 44protecting against, 907–916security considerations, 44–46Security Status bar, 907–908sharing confidential documents, 46
data volumes, 652–653DATA_BUS_ERROR (Stop message), 1609–1610
DCOM (Distributed Component Object Model), 1039, 1066–1067DCP (Data Collection Package)collecting compatibility data, 157creating, 157–158
defined, 145deployment considerations, 149–152
log file locations, 152–153
DCS See data collector sets
DDI (Device-Driver Interface), 682DDNS (Dynamic DNS), 340, 342dead gateway detection, 1197debugging
kernel debugger, 1602, 1633logging support, 524memory dump files and, 1598–1600
Default profile, 538default statement (Windows PowerShell), 449
Default User profile, 538defense-in-depth technique, 41, 899, 1142
definition files, 220definition updates, 1155defragmentation, disk, 622, 1124del command, 404
delete volume command, 619deleting
browser history, 913–914files, 674
folders, 404tasks, 1004text files, 404volumes, 619
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 21Deployment Image Servicing and
Management See DISM
(Deploy-ment Image Servicing and
Manage-ment)
deployment management See also
application deployment
answer files, 87, 90–92application mitigation packages, 177–178
BranchCache solution, 1307deploying printers, 806–812DirectAccess solutions, 1305DISM, 27, 87, 90, 96Dynamic Driver Provisioning, 28ImageX tool, 87, 90–91, 98–99LTI support, 365–366MDT support, 26, 105–110multicast, 330–331Multicast Multiple Stream Transfer, 28
platform components, 89–90, 96–97
process overview, 105–106RDC, 1354–1356
search connectors, 878–879software updates, 1080–1084, 1087–1088
Sysprep tool, 86, 90, 94terminology used, 87–89USMT, 27
VHD boot, 28Windows AIK 2 0, 26, 96–97, 107Windows Deployment Services, 86–87, 91, 95, 98
Windows Imaging, 87, 89–91Windows PE, 27
Windows PE support, 86, 90–91, 95
Windows Setup, 86–88, 91, 93–94, 101–104
Windows SIM, 86–88, 90–94
deployment planning See also
migration considerations
additional resources, 258application compatibility, 149–152
application deployment, 127–128, 249–253
business requirements, 253–254categories, 249, 251
choosing deployment strategy,
152, 253–256choosing installation method,
249, 252configuration considerations, 250, 253
Deployment Workbench, 135determining responsibility, 249hardware requirements, 126high-volume deployment, 116–122
KMS support, 341–343low-volume deployment, 122–125MDT support, 113–116, 133–136preparing for development, 127–133
priorities, 249–250subject matter experts, 249, 252upgrade paths, 126
deployment point, 184, 245deployment scenariosfor MDT, 356local data stores, 234new computers, 100, 235, 356Offline Files, 585
refreshing computers, 100, 225, 227–229, 234–235, 356, 364replacing computers, 101, 229–230, 235, 356upgrading computers, 99Windows PE support, 275deployment sharesadding applications, 189–192, 265–267
adding device drivers, 198–199adding operating systems, 187–189adding packages, 195–196configuring, 129, 183, 186–187creating, 183–185
defined, 88, 184Deployment Workbench, 135disabling applications, 193editing applications, 192folder structure, 186installing USMT, 237
LIT considerations, 361MDT support, 109replicating, 357–360updating, 183, 210–216Deployment Tools Command Prompt, 280, 282–284Deployment Workbenchadding applications, 189–194, 265–267
adding device drivers, 198–199adding operating systems, 188–189adding packages, 195–196capturing disk images for LTI, 217–218
checking for updated components, 137
creating deployment shares, 185, 203
creating section profiles, 358–359creating task sequences, 200–202depicted, 185
deployment documentation, 115Deployment Shares, 135downloading components, 136editing task sequences, 203–205functionality, 26, 109
Information Center, 135–136installation reboots, 194installing applications, 269–270manipulating application depen-dencies, 193–194, 267–268manipulating MDT database, 373–378
Operating Systems folder, 189Options tab, 203, 206–210Properties tab, 203, 205–206, 211removing operating systems, 189replicating deployment shares, 358–360
starting, 135templates, 134updating deployment shares, 210–216
DeployWiz_Definition_ENU xml file, 221
DES (Data Encryption Standard), 1312–1315
DES (Desktop Error Monitoring), 393Desktop folder, 233, 535
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 22Desktop Window Manager (DWM)
Desktop Window Manager (DWM),
1009
destination computer
configuring, 104defined, 88deployment process overview,
106, 132MDT support, 110testing application compatibility, 128
Windows Easy Transfer, 226device containers, 682, 706
Device Display Object, 706
device drivers
adding to deployment shares, 198–199
checking compatibility, 1632DISM support, 275
Driver Verifier, 725, 1481, 1507–1509
File Signature Verification, 1466, 1509–1510
finding updated, 1506–1507identifying failing, 1463–1466improved reliability, 1481INF files, 724
installing updates, 1633rolling back, 1466–1467, 1507solving USB problems, 1512troubleshooting problems, 1506–1510
troubleshooting unpredictable symptoms, 1484–1485Windows PE support, 284device installation
configuring settings, 702–703driver packaging, 685driver ranking, 693–695driver signing, 693driver staging comparison, 685–689
driver store, 685, 689–693enhancements, 679–682, 695–703managing with Group Policy, 709–719
troubleshooting, 720–725device management
device experience architecture, 705–709
Device Stage interface, 705Devices And Printers folder, 703–704
driver packages, 689–693enhancements, 679–682Device Manager
error codes supported, 724identifying failed devices, 1485–1486
viewing/changing resource usage,
1465, 1510Device Metadata Retrieval Client (DMRC), 706
Device Metadata System, 707–709Device Stage interface, 705Device-Driver Interface (DDI), 682DeviceInfo xml file, 708
Devices And Printers, 703–704, 796–797
devnode model, 706DFS (Distributed File System), 185,
275, 278DFSR (Distributed File System Replication), 146
DHCP (Dynamic Host Configuration Protocol)
application deployment, 248configuring client computers, 1216–1219
developing disk images, 182IPv4 support, 1383IPv6 support, 1199, 1389PXE support, 306–307TCP Chimney Offload consider-ations, 1196
testing application compatibility, 170
upgrading infrastructure, 1411Windows Deployment Services support, 298, 305, 308Windows Firewall support, 1233Windows PE support, 274WPAD support, 1096diacritics, default setting, 857Diagnostic Policy Service, 1480
diagnostics See also troubleshooting
Action Center support, 12built-in tools, 1491–1499
checking computer physical setup, 1486
checking hardware, 1633–1635checking hardware configuration, 1487–1488
checking software, 1631–1633checking system temperature, 1486
disk failure diagnostics, 1480hardware problems, 1452, 1485–1491, 1634identifying failed devices, 1485–1486
Microsoft IPsec Diagnostic Tool, 389
Network And Sharing Center, 1168testing hardware, 1489–1490verifying firmware, 1489Windows Boot Performance Diagnostics, 1424–1425Windows Memory Diagnostics,
1479, 1493–1499Windows Shutdown Performance Diagnostics, 1425
Wireless Diagnostics, 1526Diagnostics and Recovery Toolset (DaRT), 392
dial-up connectionsadvanced settings, 1339configuring, 1339configuring incoming connections, 1340–1341
creating, 1337–1338functionality, 1308Differentiated Services Code Point
See DSCP (Differentiated Services
Code Point)Diffie-Hellman key exchange, 1230Digital Identity Management Services (DIMS), 52
digital signatures, 55Digital Subscriber Line (DSL), 1308DIMS (Digital Identity Management Services), 52
dir command, 402, 404, 669DirectAccess
benefits, 1301–1302firewall rules, 1253
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 23Do While statement (VBScript)
functionality, 18, 38, 391, 1294, 1303–1305
implementing, 1305IPsec support, 1231IPv6 support, 1390–1391VPN considerations, 1296directory junction (DJ) points,
adding updates, 196–197building, 129
capturing for LTI, 183, 217–218capturing with MDT, 183–184configuring deployment shares,
183, 186–187configuring task sequences, 183creating deployment shares, 183–185
creating task sequences, 183customizing MDT, 220–221editing task sequences, 203–216injecting, 264–269
lab requirements, 181–183preparing manually, 219–220prerequisite development skills, 181
reducing image count, 202
disk management See also backup/
restore considerations; BitLocker
Drive Encryption
checking settings, 1634checking space requirements, 1631
creating VHDs, 620–621diagnosing disk-related problems, 1490–1491
disabling nonvolatile caching, 1506disk failure diagnostics, 1480disk quotas, 670–672
file system fragmentation, 622–624hard disk drives vs removable storage, 860–863
partitioning disks, 612–615preparing for disk failures, 1499–1500
Stop messages space ments, 1602
require-tools supported, 673–677troubleshooting problems, 1484–1485, 1499–1506Windows Deployment Services considerations, 299
Windows PE support, 276Windows ReadyBoost, 639–641working with volumes, 615–621Disk Management snap-in, 613–614, 616
disk quotasconfiguring from command line, 671–672
configuring on single computer, 670–671
configuring with Group Policy, 672managing, 670
Disk Self Tests (DSTs), 1480Disk Usage tool, 673DiskPart toolbooting from hard disk drive, 287–288
converting MBR to GPT disks, 613–614
creating bootable media, 286creating spanned volumes, 617creating VHDs, 620
functionality, 87, 97, 277resizing volumes, 618startup support, 1424DiskView tool, 1516–1517DISM (Deployment Image Servicing and Management)
Add-Drive option, 284Add-Package option, 282, 284functionality, 27, 87, 96managing driver packages, 691–693
platform interconnection, 90Set-TargetPath option, 279Unmount-Wim option, 285
Windows AIK 2 0 support, 26Windows PE support, 275, 278, 288
Dism exe tool, 277Distributed Component Object Model (DCOM), 1039, 1066–1067Distributed File System (DFS), 185,
275, 278Distributed File System Replication (DFSR), 146
distribution sharedefined, 88, 184deployment process overview, 106metadata storage, 187
DJ (directory junction) points, 540–545, 665
djoin exe command, 366DLLs (dynamic link libraries), 1148, 1209
DMRC (Device Metadata Retrieval Client), 706
DNS (Domain Name System)deploying applications, 248developing disk images, 182KMS support, 341–342looking up records, 1538name resolution, 1385–1387, 1570–1573
Portqry tool support, 1550preparing infrastructure, 1410TCP support, 1538–1539transitioning from IPv4 to IPv6, 1413
verifying connectivity, 1571–1572verifying resolution, 1537Windows Deployment Services support, 304–305
WPAD support, 1096dnscmd command, 1387DnsDomainPublishList registry value, 341
DNSLint, 1538DNSSEC (DNS security), 488, 1190
Do Until statement (VBScript), 405, 435
do until statement (Windows PowerShell), 434–438
Do While statement (VBScript), 406,
432, 436
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 24do while statement (Windows powerShell)
do while statement (Windows
PowerShell), 432–434
documentation
LTI, 114MDT, 115–116Windows PE, 277ZTI, 114Documents folder, 10, 469
Documents library, 10, 546
Domain Admin permission, 326
domain isolation, 1253–1254
Domain Name System See DNS
(Domain Name System)
driver signing
functionality, 680, 693required, 55
troubleshooting, 726driver staging, 680, 685–689
driver store
device installation enhancements, 697–699
functionality, 680, 685managing driver packages, 689–693
repairing corruption, 725Driver Verifier, 725, 1481, 1507–1509
queues supported, 1177WMM access categories, 1178DSL (Digital Subscriber Line), 1308DSTs (Disk Self Tests), 1480DWM (Desktop Window Manager), 1009
dynamic disks, 615Dynamic DNS (DDNS), 340, 342dynamic driver provisioning, 28, 303Dynamic Host Configuration Protocol
See DHCP (Dynamic Host
Configuration Protocol)dynamic link libraries (DLLs), 1148, 1209
dynamic tunnel endpoints, 1230–1231
E
EAP (Extensible Authentication tocol), 1203, 1294, 1297, 1315–1316EAPHost, 1208–1209
Pro-Easy Connectfunctionality, 1037, 1062–1063initiating with GUI, 1054scenario using, 1058–1062Solicited RA support, 1039Easy Transfer Cable, 224EasyBCD tool, 1421
EC (Enterprise Client), 505ECDH (Elliptical Curve Diffie-Hellman), 1313
echo command, 674
EF (Expedited Forwarding), 1177EFI (Extensible Firmware Interface),
613, 1420, 1429EFI System Partition (ESP), 614EFS (Encrypting File System)data theft and, 44EFSDump tool, 673exporting personal certificates, 663
functionality, 51, 662–663granting user access, 664
importing personal certificates, 663–664
indexing support, 824, 856–857Single Sign-On mode, 51EFSDump tool, 673Elliptical Curve Diffie-Hellman (ECDH), 1313
e-mailconfiguring notifications, 816–817malware and, 1120
MSU file considerations, 1085
RA invitation files, 1055Solicited RA, 1038EMF (Enhanced Metafile) format, 766Encapsulation Security Payload (ESP), 1297
Encrypting File System See EFS
(Encrypting File System)
encryption See BitLocker Drive
Encryptionend-user license agreement (EULA), 280
Enhanced Metafile (EMF) format, 766Enterprise Client (EC), 505
Enterprise Resource Planning (ERP), 128
Enterprise Search Scopes, 391environmental variables, 453, 470,
473, 1435Envision SMF, 118–119ERC (Event Reporting Console), 1020ERP (Enterprise Resource Planning), 128
Err exe tool, 1008ESP (EFI System Partition), 614ESP (Encapsulation Security Payload), 1297
ETW (Event Tracing for Windows),
942, 964–965EUI-64-based interface ID, 1377, 1403
EULA (end-user license agreement), 280
event IDs, 523event logschannel support, 966configuring details, 818saving, 973
Task Scheduler support, 1006
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 25event monitoring
channel support, 965–966DCS support, 942Event Viewer support, 967–978improvements, 967
Windows event architecture, 964–965
Windows Events command-line utility, 978–979
Windows PowerShell support, 979–982
Event Reporting Console (ERC), 1020
Event Tracing for Windows (ETW),
942, 964–965
Event Viewer
accessing, 967
as diagnostic tool, 1492checking logs, 1632configuring event subscriptions, 973–975
creating new subscriptions, 975–978
Custom Views node, 968–970DHCP support, 1219Overview And Summary screen, 967
Remote Desktop support, 387saving event logs, 973troubleshooting support, 522–523, 1526
viewing event logs, 971–972Everyone special group, 1171
Exit For statement (VBScript), 443
exit statement (Windows PowerShell),
tasks, 1002Extensible Authentication Protocol (EAP), 1203, 1294, 1297, 1315–1316Extensible Firmware Interface (EFI),
613, 1420, 1429
F
Factory exe tool, 97FANCI bit, 836–837Fast User Switching (FUS), 1326fault-tolerant heap, 22Favorites folder, 535FDISK tool, 613FDRP (Function Discovery Resource Publication), 1170–1171
Federal Information Processing Standard (FIPS), 1312
Federated Search feature, 11, 825, 877–879
Fiddler tool, 926File Signature Verification, 1466, 1509–1510
file systems See also DFS (Distributed
File System); EFS (Encrypting File System)
fragmentation considerations, 622–624
symbolic links, 664–669file virtualization, 72filtering
ADM policy settings, 486boot-time, 1234cmdlet output, 416–418compatibility data, 166–167Cross-Site Scripting, 74firewall rules, 1228, 1250–1252groups, 206
If statements, 208InPrivate Filtering, 887–888operating system versions, 209Phishing Filter, 912–913pipeline support, 413–414SmartScreen filter, 74, 889–890, 909–912
steps, 209task sequence variables, 207–208task sequences, 203
Windows Firewall support, 50
WMI queries, 209–210FIPS (Federal Information Processing Standard), 1312
firewall logs, 1285–1287
firewalls See also Windows Firewall
DirectAccess considerations, 18, 1304
multiple active profiles, 61, 67transitioning from IPv4 to IPv6, 1412
troubleshooting problems, 1584–1585
Window Service Hardening, 56firmware, 1489, 1634
FixFAT tool, 97FixNTFS tool, 97
fl command, 410flexible single master operations (FSMO) role, 502
Folder Redirection technologybackground, 558–559client-side caching, 599configuring policy-removal options, 568–569
configuring redirection method, 564–565
configuring redirection options, 567–568
configuring target folder location, 566
considerations for mixed ments, 570–573
environ-enhancements, 559–562functionality, 25, 225Group Policy settings, 573–574implementing, 562–574improved logon performance, 561–562
Offline Files deployment, 585path considerations, 569–570roaming user profile support, 579security considerations, 563–564Sync Center support, 569troubleshooting, 574, 607
folders See also shared folders
application compatibility, 141configuring search options, 863–865
default save location, 547
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.