Appendix Terminal Server
A
-
17
Remote Control
Terminal Server allows an administrator to view or take control of a user’s session. This
feature not only allows administrators to monitor user actions on a terminal server, but
also acts like Remote Assistance, allowing a help desk employee to control a user’s ses­
sion and perform actions that the user is able to see as well.
To establish remote control, both the user and the administrator must be connected to
terminal server sessions. The administrator must open the Terminal Server Manager
console from the Administrative tools group, right-click the user’s session, and choose
Control. By default, the user will be notified that the administrator wishes to connect to
the session, and can accept or deny the request.
Important
Remote Control is available only when using Terminal Server Manager within a
terminal server session. You cannot establish remote control by opening Terminal Server
Manager on your PC.
Remote control settings include the ability to remotely view and remotely control a ses­
sion, as well as whether the user should be prompted to accept or deny the adminis­
trator’s access. These settings can be configured in the user account properties on the
Remote Control tab, as shown in Figure A-13, and can be configured by the properties
of the RDP-Tcp connection, which will override user account settings. Group Policy
can also be used to specify remote control configuration.
Figure A-13 The Remote Control tab of a user’s properties dialog box
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
A-18
Appendix Terminal Server
In addition to enabling remote control settings, an administrator must have permis­
sions to establish remote control over the terminal server connection. Using the Per-
missions tab of the RDP-Tcp Properties dialog box, you can assign the Full Control

permission template or, by clicking Advanced, assign the Remote Control permission to
a group, as shown in Figure A-14.
Figure A-14 The Remote Control permission
Review
This appendix provides an overview of Terminal Server and the tools, technologies,
and processes used to configure and, ultimately, troubleshoot the feature. The aim of
this appendix, like the rest of this training kit, is to prepare you for the 70-290 certification
exam. If you plan to deploy or support Terminal Server in your production network, be
sure to refer to online help and the Microsoft Knowledge Base for additional detail.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Glossary
Numbers
802.11 Refers to a family of Institute of Electrical and Electronics Engineers (IEEE)
specifications for wireless networking.
802.11a An extension to 802.11 that applies to wireless local area networks (WLANs)
and provides up to 54 Mbps in the 5 GHz band.
802.11b An extension to 802.11 that applies to wirelessLANs and provides 11 Mbps
transmission (with a fallback to 5.5, 2, and 1 Mbps) in the 2.4 GHz band. 802.11b
is a 1999 ratification to the original 802.11 standard, allowing wireless functionality
comparable to Ethernet. Also called Wi-Fi.
802.11g An extension to 802.11 that applies to wireless LANs and provides 54 Mbps
transmission in the 2.4 GHz band. 802.11g is backward compatible with 802.11b,
allowing the two to work together.
A
access control entry (ACE) An entry in an access control list (ACL) that defines the
level of access for a user or group.
access control list (ACL) A set of data associated with a file, directory, or other
resource that defines the permissions users or groups have for accessing it. In
Active Directory, the ACL is a list of access control entries (ACEs) stored with the
object it protects. In Microsoft Windows NT, an ACL is stored as a binary value

called a security descriptor.
access token or security access token A collection of security identifiers (SIDs)
that represent a user and that user’s group memberships. The security subsystem
compares SIDs in the token to SIDs in an access control list (ACL) to determine
resource access.
account lockout A security feature that disables a user account if failed logons
exceed a specified number in a specified period of time. Locked accounts cannot
log on and must be unlocked by an administrator.
Active Directory Beginning in Microsoft Windows 2000 Server and continuing in
Windows Server 2003, Active Directory replaces the Windows NT collection of
directory functions with functionality that integrates with and relies upon stan­
dards including Domain Name System (DNS), Lightweight Directory Access Proto­
col (LDAP), and Kerberos security protocol.
G-1
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
G-2
Glossary
Active Directory–integrated zone A DNS (Domain Name System) zone stored in
Active Directory so it has Active Directory security features and can be used for
multimaster replication.
Active Directory Service Interface (ADSI) A programming interface that provides
access to Active Directory.
ActiveX A loosely defined set of technologies that allows software components to
interact with each other in a networked environment.
ActiveX component Reusable software component that adheres to the ActiveX
specification and can operate in an ActiveX–compliant environment.
address A precise location where a piece of information is stored in memory or on
disk. Also, the unique identifier for a node on a network. On the Internet, the code
by which an individual user is identified. The format is username@hostname,
where username is your user name, logon name, or account number, and host-

name is the name of the computer or Internet provider you use. The host name
might be a few words strung together with periods.
Address Resolution Protocol (ARP) A Transmission Control Protocol/Internet Pro­
tocol (TCP/IP) and AppleTalk protocol that provides IP-address-to-MAC (media
access control) address resolution for IP packets.
Advanced Configuration Power Interface (ACPI) An industry specification, defin­
ing power management on a range of computer devices. ACPI compliance is nec­
essary for devices to take advantage of Plug and Play and power management
capabilities.
allocation unit The smallest unit of managed space on a hard disk or logical vol­
ume. Also called a cluster.
anonymous FTP A way to use an FTP program to log on to another computer to
copy files when you do not have an account on that computer. When you log on,
enter anonymous as the user name and your e-mail address as the password. This
gives you access to publicly available files. See also File Transfer Protocol (FTP).
AppleTalk Local area network architecture built into Macintosh computers to con­
nect them with printers. A network with a Windows Server 2003 server and Mac­
intosh clients can function as an AppleTalk network with the use of AppleTalk
network integration (formerly Services for Macintosh).
Archive (A) attribute An attribute of each file that is used by backup utilities to
determine whether or not to back up that file. The Archive attribute is set to TRUE
whenever a file is created or modified. Differential and incremental backup jobs
will back up files only if their archive attribute is TRUE.
Associate To connect files having a particular extension to a specific program. When
you double-click a file with the extension, the associated program is launched and
the file you clicked is opened. In Windows, associated file extensions are usually
called registered file types.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Glossary
G

-
3
Asynchronous Transfer Mode (ATM) A network technology based on sending
data in cells or packets of a fixed size. It is asynchronous in that the transmission
of cells containing information from a particular user is not necessarily periodic.
attribute A characteristic. In Windows file management, it is information that shows
whether a file is read-only, hidden, compressed, encrypted, ready to be backed up
(archived), or should be indexed.
audit policy Defines the type of security events to be logged. It can be defined on a
server or an individual computer.
authentication Verification of the identity of a user or computer process. In Windows
Server 2003, Windows 2000, and Windows NT, authentication involves comparing
the user’s security identifier (SID) and password to a list of authorized users on a
domain controller.
authoritative restore Specifies a type of recovery of Active Directory. When an
authoritative restore is performed using the Backup Utility and Ntdsutil in the
Directory Services Restore Mode, the directory or the specific object(s) in the
directory that have been authoritatively restored are replicated to other domain
controllers in the forest. See also non-authoritative restore.
Automated System Recovery (ASR) A feature of Windows Server 2003 that allows
an administrator to return a failed server to operation efficiently. Using the ASR
Wizard of the Backup Utility, you create an ASR set which includes a floppy disk
with a catalog of system files, and a comprehensive backup. When a server fails,
boot with the Windows Server 2003 CD-ROM and press F2 when prompted to start
Automated System Recovery.
Automatic Updates A client-side component that can be used to keep a system up
to date with security rollups, patches, and drivers. Automatic Updates is also the
client component of a Software Update Services (SUS) infrastructure, which allows
an enterprise to provide centralized and managed updates.
B

Background Intelligent Transfer Service (BITS) A service used to transfer files
between a client and a Hypertext Transfer Protocol (HTTP) server. BITS intelli­
gently uses idle network bandwidth, and will decrease transfer requests when
other network traffic increases.
backup domain controller (BDC) In a Windows NT domain, a computer that
stores a backup of the database that contains all the security and account informa­
tion from the primary domain controller (PDC). The database is regularly and
automatically synchronized with the copy on the PDC. A BDC also authenticates
logons and can be promoted to a PDC when necessary. In a Windows Server 2003
or Windows 2000 domain, BDCs are not required; all domain controllers are
peers, and all can perform maintenance on the directory.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
G-4
Glossary
backup media pool A logical set of backup storage media used by Windows Server
2003 and Windows 2000 Server Backup.
bandwidth On a network, the transmission capacity of a communications channel
stated in megabits per second (Mbps). For example, Ethernet has a bandwidth of
10 Mbps. Fast Ethernet has a bandwidth of 100 Mbps.
basic disk A physical disk that is configured with partitions. The disk’s structure is
compatible with previous versions of Windows and with several non-Windows
operating systems.
Basic Input/Output System (BIOS) The program used by a personal computer’s
microprocessor to start the system and manage data flow between the operating
system and the computer’s devices, such as its hard disks, CD-ROM, video adapter,
keyboard, and mouse.
binding A software connection between a network card and a network transport
protocol such as Transmission Control Protocol/Internet Protocol (TCP/IP).
BOOTP Used on Transmission Control Protocol/Internet Protocol (TCP/IP) networks
to enable a diskless workstation to learn its own IP address, the location of a

BOOTP server on the network, and the location of a file to be loaded into memory
to boot the machine. This allows a computer to boot without a hard disk or a
floppy disk. Stands for “Boot Protocol.”
bottleneck Refers to the point of resource insufficiency when demand for computer
system resources and services becomes extreme enough to cause performance
degradation.
broadcasting To send a message to all computers on a network simultaneously. See
also multicasting.
Browser service The service that maintains a current list of computers and provides
the list to applications when needed. When a user attempts to connect to a
resource in the domain, the Browser service is contacted to provide a list of avail-
able resources. The lists displayed in My Network Places and Active Directory
Users and Computers (among others) are provided by the Browser service. Also
called the Computer Browser service.
C
Caching A process used to enhance performance by retaining previously-accessed
information in a location that provides faster response than the original location.
Hard disk caching is used by the File and Print Sharing for Microsoft Networks ser­
vice, which stores recently accessed disk information in memory for faster
retrieval. The Remote Desktop Connection client can cache previously viewed
screen shots from the terminal server on its local hard disk to improve perfor­
mance of the Remote Desktop Protocol (RDP) connection.
catalog An index of files in a backup set.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Glossary
G
-
5
certificate A credential used to prove the origin, authenticity, and purpose of a pub­
lic key to the entity that holds the corresponding private key.

certificate authority (CA) The service that accepts and fulfills certificate requests
and revocation requests and that can also manage the policy-directed registration
process a user completes to get a certificate.
certificate revocation list (CRL) A digitally signed list (published by a certificate
authority) of certificates that are no longer valid.
child domain A domain located directly beneath another domain name (which is
known as a parent domain). For example, Engineering.scribes.com is a child
domain of scribes.com, the parent domain. Also called a subdomain.
child object An object inside another object. For example, a file is a child object
inside a folder, which is the parent object.
Client Access License (CAL) The legal right to connect to a service or application.
CALs can be configured per server or per device/per user.
cluster A set of computers joined together in such a way that they behave as a single
system. Clustering is used for network load balancing as well as fault tolerance. In
data storage, a cluster is the smallest amount of disk space that can be allocated
for a file.
Cluster service The collection of software on each node that manages all cluster-
specific activity.
codec Technology that compresses and decompresses data, particularly audio or
video. Codecs can be implemented in software, hardware, or a combination of both.
common name (CN) The primary name of an object in a Lightweight Directory
Access Protocol (LDAP) directory such as Active Directory. The CN must be
unique within the container or organizational unit (OU) in which the object exists.
concurrent Simultaneous.
console tree The default left pane in a Microsoft Management Console (MMC) that
shows the items contained in a console.
container An Active Directory object that has attributes and is part of the Active
Directory namespace. Unlike other objects, it does not usually represent some-
thing concrete. It is a package for a group of objects and other containers.
D

delegate Assign administrative rights over a portion of the namespace to another
user or group.
Device Driver A program that enables a specific device, such as a modem, network
adapter, or printer, to communicate with the operating system. Although a device
might be installed on your system, Windows cannot use the device until you have
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
G-6
Glossary
installed and configured the appropriate driver. Device drivers load automatically (for
all enabled devices) when a computer is started, and thereafter run transparently.
Device Manager An administrative tool that you can use to administer the devices
on your computer. Using Device Manager, you can view and change device prop­
erties, update device drivers, configure device settings, and uninstall devices.
digital signature An attribute of a driver, application, or document that identifies the
creator of the file. Microsoft’s digital signature is included in all Microsoft-supplied
drivers, providing assurance as to the stability and compatibility of the drivers with
Windows Server 2003 and Windows 2000 Server.
directory service A means of storing directory data and making it available to net-
work users and administrators. For example, Active Directory stores information
about user accounts, such as names, passwords, phone numbers, and so on, and
enables other authorized users on the same network to access this information.
disk quota A limitation set by an administrator on the amount of disk space available
to a user.
distinguished name (DN) In the context of Active Directory, “distinguished” means
the qualities that make the name distinct. The DN identifies the domain that holds
the object, as well as the complete path through the container hierarchy used to
reach the object.
Distributed file system (Dfs) A file management system in which files can be
located on separate computers but are presented to users as a single directory tree.
DNS name servers Servers that contain information about part of the Domain Name

System (DNS) database. These servers make computer names available to queries
for name resolution across the Internet. Also called domain name servers.
domain A group of computers that share a security policy and a user account data-
base. A Windows Server 2003 domain is not the same as an Internet domain. See
also domain name.
domain controller A server in a domain that accepts account logons and initiates
their authentication. In an Active Directory domain, a domain controller controls
access to network resources and participates in replication.
domain functional level The level at which an Active Directory domain operates.
As functional levels are raised, more features of Active Directory become avail-
able. There are four levels: Windows 2000 mixed, Windows 2000 native, Windows
Server 2003 interim, and Windows Server 2003.
domain local group A local group used on ACLs only in its own domain. A domain
local group can contain users and global groups from any domain in the forest,
universal groups, and other domain local groups in its own domain.
domain name In Active Directory, the name given to a collection of networked
computers that share a common directory. On the Internet, the unique text name
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Glossary
G
-
7
that identifies a specific host. A machine can have more than one domain name,
but a given domain name points to only one machine. Domain names are
resolved to IP addresses by DNS name servers.
Domain Name System (DNS) A service on Transmission Control Protocol/Internet
Protocol (TCP/IP) networks (including the Internet) that translates domain names
into IP addresses. This allows users to employ friendly names like FinanceServer
or Adatum.com when querying a remote system, instead of using an IP address
such as 192.168.1.10.

domain naming master The one domain controller assigned to handle the addition
or removal of domains in a forest. See also Operations Master.
DWORD A data type consisting of four bytes in hexadecimal.
Dynamic Data Exchange (DDE) Communication between processes implemented
in the Windows family of operating systems. When programs that support DDE
are running at the same time, they can exchange data by means of conversations.
Conversations are two-way connections between two applications that transmit
data alternately.
dynamic disk A disk that is configured using volumes. Its configuration is stored in
the Logical Disk Manager (LDM) database, and is replicated to other dynamic
disks attached to the same computer. Dynamic disks are compatible only with
Windows Server 2003, Windows XP, and Windows 2000.
Dynamic Host Configuration Protocol (DHCP) A Transmission Control Protocol/
Internet Protocol (TCP/IP) protocol used to automatically assign IP addresses and
configure TCP/IP for network clients.
dynamic-link library (DLL) A program module that contains executable code and
data that can be used by various programs. A program uses the DLL only when the
program is active, and the DLL is unloaded when the program closes.
E
effective permissions The permissions that result from the evaluation of group and
user permissions allowed, denied, inherited, and explicitly defined on a resource.
The effective permissions determine the actual access for a security principal.
enterprise Term used to encompass a business’s entire operation, including all
remote offices and branches.
environment variable A string of environment information such as a drive, path, or
filename associated with a symbolic name. The System option in Control Panel or
the Set command from the command prompt can be used to define environment
variables.
Ethernet A local area network (LAN) protocol. Ethernet supports data transfer rates
of 10 Mbps and uses a bus topology and thick or thin coaxial, fiberoptic, or

Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
G-8
Glossary
twisted-pair cabling. A newer version of Ethernet called Fast Ethernet supports
data transfer rates of 100 Mbps, and an even newer version, Gigabit Ethernet, sup-
ports data transfer rates of 1000 Mbps.
extended partition A nonbootable portion of a hard disk that can be subdivided
into logical drives. There can be only a single extended partition per hard disk.
Extensible Authentication Protocol (EAP) An extension to the Point-to-Point Pro­
tocol (PPP) that allows the use of arbitrary authentication methods for validating a
PPP Connection.
Extensible Markup Language (XML) An abbreviated version of the Standard Gen­
eralized Markup Language (SGML), it allows the flexible development of user-
defined document types and provides a non-proprietary, persistent, and verifiable
file format for the storage and transmission of text and data both on and off the Web.
external trust A one-way or two-way trust for providing access to a Windows NT 4
domain or a domain located in another forest that is not joined by a forest trust.
F
failover An operation that automatically switches to a standby database, server, or
network if the primary system fails or is temporarily shut down for servicing. In
server clusters, the process of taking resources off one node in a prescribed order
and restoring them on another node.
fault tolerance The ability of a system to ensure data integrity when an unexpected
hardware or software failure occurs. Many fault-tolerant computer systems mirror
all operations—that is, all operations are done on two or more duplicate systems,
so if one fails the other can take over.
File Replication Service (FRS) The service responsible for ensuring consistency of
the SYSVOL folder on domain controllers. FRS will replicate, or copy, any changes
made to a domain controller’s SYSVOL to all other domain controllers. FRS can
also be used to replicate folders in a Distributed File System (Dfs).

File Transfer Protocol (FTP) A method of transferring one or more files from one
computer to another over a network or telephone line. Because FTP has been
implemented on a variety of systems, it’s a simple way to transfer information
between usually incongruent systems such as a PC and a minicomputer.
firewall A protective filter for messages and logons. An organization connected
directly to the Internet uses a firewall to prevent unauthorized access to its net-
work. See also proxy server.
folder redirection An option in Group Policy to place users’ special folders, such as
My Documents, on a network server.
forest A group of one or more Active Directory trees that trust each other through
two-way transitive trusts. All trees in a forest share a common schema, configuration,
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.