- Shopping Bag ( 0 items )
Network administrators get A-to-Z detail about Microsoft networking technologies — straight from the source. This encyclopedia delivers essential coverage of Microsoft Windows NT, Windows 2000, and the BackOffice "RM" family, as well as third-party products and general networking terminology — providing comprehensive information for real-world network administration. Entries span the gamut from hardware to software, from theory to practice, and from current products to legacy systems. Practical examples, plus ...
Ships from: acton, MA
Usually ships in 1-2 business days
Network administrators get A-to-Z detail about Microsoft networking technologies — straight from the source. This encyclopedia delivers essential coverage of Microsoft Windows NT, Windows 2000, and the BackOffice "RM" family, as well as third-party products and general networking terminology — providing comprehensive information for real-world network administration. Entries span the gamut from hardware to software, from theory to practice, and from current products to legacy systems. Practical examples, plus ample illustrations and screen shots, help illuminate the concepts under discussion.
An encoding standard developed by the International Telecommunication Union (ITU) for interfacing data communications equipment (DCE) with digital high-speed synchronous communication services. G.703 is not used in North America but is widely used in Europe, and it covers specifications for digital transmission from rates of 64 Kbps to 2.048 Mbps. Private Branch Exchange (PBX) systems often use 64-Kbps leased lines utilizing the G.703 standard, as do E-carrier services such as E1 communication links. Some U.S. vendors sell converters for connecting synchronous V.35, RS-449, or X.21 interfaces to G.703 in order to sell their switching equipment in Europe.
G.703. (Image unavailable)
Global Address List (GAL)
A term for a broad category of network components that allow communication between different networking architectures and different protocols. Gateways generally operate at the higher levels of the Open Systems Interconnection (OSI) reference model for networking. They are commonly used to provide connectivity between two different protocol stacks that might be running on different systems. Examples include the following:
A gateway is usually a dedicated device or a set of services running on a dedicated computer. Gateways are essentially devices that direct network traffic in some fashion and translate that information.
A service for servers running Microsoft Windows 2000 and Windows NT (called Gateway Services for NetWare in Windows NT) that can be installed on these servers to enable them to directly access file and print resources on Novell NetWare servers. Gateway Service for NetWare (GSNW) can also enable a Windows-based server to act as a gateway for other Microsoft clients, such as Windows for Workgroups, Windows 95, Windows 98, Windows NT Workstation, or Windows 2000 Professional, allowing them to access the resources on the NetWare server.
GSNW can connect to NetWare 2.x, 3.x, or 4.x servers. The 4.x servers can run either bindery emulation or Novell Directory Services (NDS). Using GSNW, Microsoft clients can access the resources on the NetWare server by connecting to a share on the server running Windows NT or Windows 2000. The process is totally transparent to users—to the client, the resource appears to be located on the Windows-based server.
How it Works
A server that has GSNW installed also must have the NWLink protocol loaded. This protocol, which is an IPX/SPX-Compatible Transport, makes it possible for the Windows server to communicate with the NetWare server. If it is not already installed, NWLink will install automatically on the server when you install GSNW.
To prepare the NetWare server for the gateway, you must create a group and a user account as follows:
GSNW will use this user account for creating a connection to the NetWare server. The connection will appear on the server running Windows NT or Windows 2000 as a redirected drive that can be shared, as if it were a resource located on the Windows-based server. Windows clients can then connect to the shared resource by browsing Network Neighborhood, by mapping a drive using Windows Explorer, or by using the net use command.
From the perspective of the Windows clients on the network, the shared resources they access appear to reside on the Windows-based server. In actuality, the GSNW service on the server is performing protocol conversion between the Server Message Block (SMB) protocol, which the Windows clients understand, and the NetWare Core Protocol (NCP), which the NetWare file server uses.
Gateway Service for NetWare (GSNW). (Image unavailable)
After GSNW is installed, the first time you log on to the server for connectivity to a NetWare 4.x server using NDS, you are prompted to specify a default tree and context for connecting to the NetWare server. If the NetWare server is running in bindery-emulation mode or is an earlier 2.x or 3.x server, you must specify a preferred server when you log on. You can also configure these settings using the GSNW utility in Control Panel.
Client Services for NetWare (CSNW), File and Print Services for NetWare (FPNW),NetWare protocols
A type of adapter with two connectors of the same type and gender, making it possible to change the gender of the connector to which it is joined from male (with pins) to female (with sockets) or vice versa.
This allows two male or two female cable ends to be joined. Gender changers come in a wide variety of types and are specified by connector type and gender. An example is a V.35 to V.35 male/male gender changer, which can be used to connect two V.35 serial cables (or one cable and a CSU/DSU) that terminate with female connectors
Gender changer. Examples of V.35 gender changers. (Image unavailable)
An upgrade to the Time Division Multiple Access (TDMA) cellular phone system. General Packet Radio Service (GPRS) uses packet switching instead of the existing circuit-switching technologies of TDMA systems to provide more efficient use of available bandwidth. GPRS provides subscribers with up to eight separate 14.4-Kbps communication channels. In theory, GPRS has a maximum data transmission rate of 171.2 Kbps, but in practice the maximum rate is only about 44 Kbps downstream and 22 Kbps upstream because of the overhead of combining channels and the power limitations on the subscriber end. Implementation of GPRS requires that existing TDMA hardware be upgraded accordingly.
Some limited trials of GPRS began in 1999, with widespread trials set to begin in the summer of 2000. A number of European and Asian countries are piloting GPRS systems and have an edge over the United States in the arena of wireless communication systems running at more than 20 Kbps.
With its higher data rates, GPRS makes possible the kinds of wireless applications and services that have simply not been feasible on the existing Global System for Mobile Communications (GSM) circuit-switched data services, which are limited to 9.6 Kbps, or by using the existing Short Message Service (SMS), which is limited to a maximum of 160 characters of transmitted information. Possible uses for GPRS include services such as wireless mobile Web browsing, discussion groups, chat services, mobile commerce, and home automation through wireless remote control.
Another cost involved in the GPRS upgrade process is that of replacing the circuit-switched core network connecting existing base stations with an IP-based backbone network for interfacing between the wireless system and the Internet. You create an interface between a GPRS network and an Internet Protocol (IP) network by using a gateway GPRS support node (GGSN). You can also use GGSNs to connect GPRS networks with legacy X.25 packet-switching networks.
GPRS might have a short implementation lifetime if the International Mobile Telecommunications-2000 (IMT-2000) initiative from the International Telecommunication Union (ITU) gathers steam, because IMT-2000 upgrades will support data throughput speeds of up to 2 Mbps—much greater than what GPRS can provide.
Time Division Multiple Access (TDMA)
A type of Ethernet that allows the transmission of data at 1 Gbps (or 1000 Mbps) over both fiber-optic cabling and copper twisted-pair cabling. Gigabit Ethernet competes with Fiber Distributed Data Interface (FDDI) and Asynchronous Transfer Mode (ATM) technologies as an alternative for high-speed network backbones. Gigabit Ethernet is defined in the IEEE 802.3z and 802.3ab specifications.
Gigabit Ethernet. (Image unavailable)
How it Works
Gigabit Ethernet supports a modified Carrier Sense Multiple Access with Collision Detection (CSMA/CD) media access method similar to those supported by previous versions of 10-Mbps Ethernet and 100-Mbps Fast Ethernet. Modifications to CSMA/CD for Gigabit Ethernet include extending the length of the carrier and slot times to pack out all frames to a minimum carrier length of 512 bytes. From the point of view of the MAC (media access control) interface, the minimum packet size still appears as 64 bytes. These modifications are performed to maintain a 200-meter-diameter topology for Gigabit Ethernet networks when a shared-media topology is used in half-duplex communications. The modifications can affect the performance of traffic involving smaller packets, but this is accommodated for by building a packet-bursting feature into Gigabit Ethernet that allows a station to take temporary control of the wire to send out a number of small packets. Note that these changes to CSMA/ CD occur only during half-duplex communication. When using switched full-duplex connections, these changes do not apply.
Because CSMA/CD is used, Gigabit Ethernet can be viewed as a relatively easy upgrade path for network administrators familiar with 10BaseT and Fast Ethernet technologies. Gigabit Ethernet uses the same standard 802.3 framing structure of standard Ethernet, with frames between 64 and 1514 bytes in length. In standard half-duplex mode, Gigabit Ethernet supports speeds of 1 Gbps using CSMA/CD, but full-duplex versions support speeds of 2 Gbps for high-speed network backbones.
Gigabit Ethernet can be implemented in four different cabling or physical layer (PHY) options:
Gigabit Ethernet networks can function as shared-media half-duplex networks using 1000-Mbps hubs, but they are usually implemented as switched full-duplex networks using 1000-Mbps Ethernet switches. Engineers currently envision two main uses for Gigabit Ethernet in corporate networking environments:
Gigabit Ethernet might eventually be used for direct connections to high-speed user workstations, but at present this is a costly scenario to implement, and most applications can achieve sufficient bandwidth using only Fast Ethernet.
On the Web
Gigabit Ethernet Alliance http://www.gigabit-ethernet.org
A variation of Asymmetric Digital Subscriber Line (ADSL) that is targeted for home Internet access. G.Lite typically has a downstream rate of up to 1.5 Mbps and an upstream rate of up to 384 Kbps, depending on the implementation. G.Lite is also called DSL Lite or Universal ADSL. The International Telecommunication Union (ITU) has endorsed the term "G.Lite" as a standard.
How It Works
G.Lite is sometimes referred to as "splitterless ADSL" because a voice-data splitter is not required at the customer premises to split the voice and data signals being carried over the line. This is different from normal ADSL, which uses a Plain Old Telephone Service (POTS) splitter at both the customer premises and the telco’s central office (CO) to separate the voice and DSL bands for transmission over the phone line to prevent them from causing interference with each other. Instead, the customer’s computer simply connects to a G.Lite ADSL modem and from the modem to the phone line. No rewiring of the customer premises is required, because G.Lite uses the installed local loop connection to the customer premises. Customers can make phone calls or send faxes while connected to the Internet over their G.Lite connection. G.Lite connections are "always on"; in other words, once you turn your computer on, the connection is active and you can send or receive e-mail without having to dial up a connection. Because of the elimination of the need to install splitters, G.Lite services should be less expensive for customers than ordinary ADSL services and should become widespread in the near future.
Also, the farther your home is from the telco CO, the less bandwidth might be available for your ADSL connection.
A list of all recipients in a Microsoft Exchange Server organization. The Exchange directory service maintains the Global Address List (GAL) in the Exchange directory database. The GAL typically contains
The GAL can be accessed by
A file used in Active Server Pages (ASP) applications running on Microsoft Internet Information Server or Internet Information Services that contains information global to all pages in the application. Global.asa does not generate content visible to the client Web browser—any Hypertext Markup Language (HTML) in the global.asa file is ignored by the server. The global.asa file can contain object declarations using <OBJECT> tags, type library declarations for COM components that your application uses, and application and session events. You can have only one global.asa file per ASP application.
A Microsoft Windows 2000 service and store that contains a partial replica of Active Directory information from all domains in your enterprise forest. The global catalog enables users to easily locate objects in any domain with maximum speed and minimum network traffic. In effect, the global catalog acts as a kind of index for looking up objects stored in Active Directory anywhere on your network. You can search the global catalog for Active Directory objects by using the Find dialog box in Active Directory Users and Computers.
How It Works
The global catalog resides on a selected group of the domain controllers in your Windows 2000 enterprise called global catalog servers. The administrative tool Active Directory Sites and Services is used to specify which domain controllers will host the global catalog—that is, which will be configured as global catalog servers. The global catalog is automatically created the first time you run the Active Directory Installation Wizard, and it is installed on the first domain controller in your root domain by default. The directory replication process controlled by Active Directory creates and maintains the contents of each global catalog server.
Every directory object in the entire enterprise is represented in the global catalog, but only a subset of the properties of each object is stored in the catalog. The properties represented are those most likely to be used as search attributes, such as the user’s first or last name. However, administrators can specify storing additional object attributes in the catalog if desired. Having the global catalog store only a subset of an object’s attributes in Active Directory improves the response time for performing search queries on Active Directory.
global catalog server
A Microsoft Windows 2000 domain controller that stores a copy of the global catalog. Administrators and users can utilize global catalog servers on a Windows 2000–based network to locate objects that are stored in Active Directory. Information stored on global catalog servers is updated each time Active Directory undergoes directory replication.
A group that exists only in the Security Accounts Manager (SAM) database on a Microsoft Windows NT–based network. Global groups are created on domain controllers and are used within an enterprise-level Windows NT network to organize users by function (for example, Accountants global group), location (for example, Third-Floor global group), or some other criteria, to simplify account administration. Global groups contrast local groups, whose primary function is to provide users with permissions for accessing network resources and rights for performing system tasks. Note that global groups can contain only global user accounts from their own domain. They cannot contain global user accounts from other domains, and they cannot contain other groups.
If the Windows 2000 domain is in native mode, global groups can contain both user accounts and global groups from the same domain; however, in mixed mode, global groups can contain only user accounts.
AGLP, built-in global group, built-in group group, local group
A hardware-based or software-based solution that can direct requests for Web content to multiple geographical locations where the content is stored. For example, if an electronic business has several data centers around the world, it can use global load balancers to direct Web customers’ traffic to centers that can provide the fastest response time for each customer’s location. If a data center goes down as a result of a power outage or some other condition, traffic to that site can be transparently redirected to other sites. The overall effect of implementing global load balancers in an e-business enterprise is an increase in reliability and performance from the customer’s point of view.
How It Works
Global load balancers essentially act as intelligent Domain Name System (DNS) name servers, performing name lookups for Uniform Resource Locators (URLs) and directing requests to the most appropriate IP addresses. The following five criteria are typically used to determine which address to forward a request to. (Not all global load balancers support all five criteria.)
Of course, the DNS standard itself has built-in load balancing in the form of round-robin DNS. If multiple IP addresses are mapped to the same domain name, clients requesting the domain are directed to each IP address in a round-robin fashion. However, this rudimentary load-balancing scheme does not take into account such factors as which IP address belongs to the nearest host, the relative capability of the hosts to respond to requests, the availability of hosts, and so on. This is where global load balancers come in—they take over the role of authoritative name server for a company’s domain.
Global load balancers come in three varieties:
Global load balancers talk only to the local DNS server configured for the client, not to the client itself. This works well, except when mobile users travel to other cities and use their laptops to try to access the site. In this situation, if the client is still using a preconfigured DNS server at the home location, the global load balancer thinks that the client is still there as well. Also, once a DNS-based global load balancer has directed a client to the appropriate site or server, it is no longer involved in the client’s session and cannot tell whether the server goes down or whether some problem occurs with the connection.
For this reason, some global load balancers also use Hypertext Transfer Protocol (HTTP) redirects to masquerade as the target site and redirect HTTP requests to different servers. The client actually talks to the load balancer itself, and performance is faster than using DNS because fewer Transmission Control Protocol (TCP) connections are required. If the client’s connection to the server is interrupted, the global load balancer can redirect the client to a different server with minimal interruption. The downside of using HTTP redirects is that they work only with HTTP and not with other Internet protocols, such as File Transfer Protocol (FTP) or Network News Transfer Protocol (NNTP), or with streaming multimedia. This can be a limitation if your e-business delivers this type of content to the customer.
Other mechanisms can be used to perform global load balancing, including cookie-based and proprietary schemes. Windows NT 4, Enterprise Edition, provides a load-balancing service called Windows NT Load Balancing Service (WLBS). This IP load-balancing service employs a fully distributed clustering design that is ideal for creating highly available and scalable IP-based services such as Web, virtual private networking (VPN), streaming media, and proxy services.
A 128-bit value based on time and space that can be used to uniquely identify an item. Globally unique identifiers (GUIDs) are used in the Component Object Model (COM) to uniquely identify classes and interfaces so that naming conflicts will not occur. A GUID is virtually guaranteed to be unique across all systems at any time. You can generate GUIDs using the console-based uuidgen utility or using the Microsoft Windows–based guidgen utility in Microsoft Visual C++.
In Windows 2000, each object, object class, or object attribute in Active Directory is assigned a unique GUID when it is created. The GUID of an entity in Active Directory never changes, even if the entity itself is renamed or moved to another location. The GUID acts as a kind of permanent name for the entity within the directory to ensure that it can be positively identified when needed.
A digital cellular phone technology popular in Europe, Asia, and other parts of the world. Global System for Mobile Communications (GSM) supports voice, data, Group 3 fax, and paging services for both vehicle-mounted and handheld mobile use. In addition, its speech quality equals that of the analog Advanced Mobile Phone Service (AMPS) and can interface with packet-switched networks.
How It Works
The GSM Phase 1 implementation uses a combination of Frequency Division Multiple Access (FDMA) and Time Division Multiple Access (TDMA) media access control methods to provide full-duplex communication over two frequency bands within the 862-to-960-MHz World Association of Radio Communications (WARC) portion of the electromagnetic spectrum. These two frequency bands are
Carrier signals are spaced 200 kHz apart within these bands to provide 124 pairs of superchannels based on frequency-division multiplexing (FDM), each of which is then subdivided into eight traffic channels using time-division multiplexing (TDM). Each channel carries voice communication at 13 Kbps (or 9.6 Kbps for data transmission). GSM thus provides 992 full-duplex channels for voice communication. Power classes for GSM mobile units range from 0.8 through 2.0 watts transmission power for handsets to 8 through 20 watts for vehicle-mounted units. Approximately half of a GSM transmission consists of overhead for signaling, such as synchronization and error handling. Such high overhead is typical in cellular phone systems, and is necessary—not so much because of external interference of buildings and other structures, but because of internal interference due to crosstalk between channels and across cell boundaries.
GSM is a secure system that uses key-based encryption for authentication and, optionally, for data transfer. The diagram shows the process that occurs when a mobile user wants to place a call. When the user dials a number, the mobile unit connects with the base station requesting authorization. The base station generates a random number and transmits it to the mobile unit, which then combines the random number with the owner’s secret key stored in the phone’s standard Subscriber Identity Module (SIM) card by using a ciphering algorithm called A3. The result of this process is transmitted to the base station. Meanwhile, the base station, which has the private keys for all its subscribers stored in a database, follows the same steps, using the A3 algorithm to combine the generated random number with the caller’s private key. The result is compared with the result transmitted by the user. If the two results agree, the user is logged on to the system.
Global System for Mobile Communications (GSM). The authentication process for GSM. (Image unavailable)
GSM Phase 1 supports call forwarding, global roaming, call barring, and other features. GSM Phase 2 adds additional features such as the following:
GSM Phase 2+ (just being implemented at the time of this writing) includes support for data transmission at 64 Kbps and higher, packet radio, virtual private networks, enhancements to the SIM card, higher spectral efficiency, integration with satellite links, and even GSM services in the local loop.
The SIM card is a small device about the size of a stamp that is issued when a user subscribes to the GSM service. It contains the user’s phone number, private key, billing information, and other information. When users visit a locale at which the GSM system is different, they can simply remove the SIM card from their phone and install it in a rented phone that can function in that locale.
Encryption of messages is similar to the encrypted authentication process, except that each transmitted frame is encrypted using a different random number. This makes encrypted GSM messages extremely difficult to crack, so much so that some countries prohibit GSM providers from encrypting user messages!
Advanced Mobile Phone Service (AMPS), Code Division Multiple Access (CDMA), Time Division Multiple Access (TDMA)
A type of user account in Microsoft Windows NT that has a domain-wide scope. (These accounts are called domain user accounts in Windows 2000.) In Windows NT, global user accounts are created using User Manager for Domains and are stored in the directory database on Windows NT domain controllers. In Windows 2000, domain user accounts are managed through the Active Directory Users and Computers snap-in. Global accounts allow users to take full advantage of the Windows NT Directory Services (NTDS). Users who have global accounts can access resources anywhere in the domain, provided they have appropriate permissions for those resources.
local user account
An Internet protocol used for distributed storage of documents.
How It Works
Gopher is similar to another Internet protocol, File Transfer Protocol (FTP), because it remotely accesses files over a TCP/IP internetwork such as the Internet. But while an FTP site exists on only one server and there can be many different FTP sites, there is really only one distributed Gopher file system. The Gopher file system is a single collection of all Gopher servers in the world (although private Gopher subnetworks also exist).
Gopher. (Image unavailable)
Each Gopher server can act as the root of the hierarchical distributed file system. To access a file or document, a person using a Gopher client (a standard Web browser such as Microsoft Internet Explorer will do) types the Uniform Resource Locator (URL) of an accessible Gopher server. For example, gopher://gopher.tc.umn.edu takes the user to a Gopher server for the University of Minnesota (where Gopher originated). The Gopher file system is presented as a series of folders, each of which can contain
Users then work their way down the "gopher hole" (to use the metaphor) until they locate the document they want, and then they display or download it. They can also use a search tool developed at the University of Nevada called Veronica (Very Easy Rodent-Oriented Netwide Index to Computerized Archives) to perform keyword searches to locate documents on the worldwide Gopher network.
General Packet Radio Service (GRPS)
Stands for global regular expression print, a command in the UNIX operating system. Grep lets you search a file or multiple files for a specific pattern or string of characters and, if desired, replace it with a different string. The output of grep is a display of each line of the file that contains the desired character string. You can use wildcards and other meta-characters to perform complex search and replace operations with grep. Grep is useful for searching for specific entries in text files such as log files, UNIX system error logs, or C program code files.
Typing grep 'a[b-f]' log.txt searches the text file called log.txt for any lines that contain the character a immediately followed by b, c, d, e, or f.
A condition created when two or more parts of a network are grounded at separate points, causing a voltage difference between connected networking components. These voltage differences typically occur because of nonuniformities in the electrical characteristics of the grounding at different locations.
How It Works
For example, consider two computers that are located some distance apart and are connected by coaxial cabling. Each device is also connected to the earth by the ground wire of its AC power cable, but the two devices are plugged into different power outlets. These power outlets are connected to different parts of your building’s electrical distribution system, and these different parts are under different loads (have different currents being drawn from them by different configurations of devices). Thus they provide slightly different voltages. You might also find slight differences in the ground potential at the two locations. These voltage differences can cause currents to be induced through the shielding of the network cabling, and these currents can be large because of the cable’s low resistance. Large pulses of current can occur when other devices on the power circuits are switched on or off abruptly. This situation can be potentially damaging to sensitive networking components and might cause them to reset or lock up.
Ground loops can be prevented by
A collection of user accounts. Groups simplify the task of network administration by allowing administrators to group similar user accounts together in order to grant them the same rights and permissions.
The scope of a group is the portion of the network where the group can be granted rights and permissions. For example, a group whose scope is global can be granted permissions to resources in its own domain and to resources in trusting domains. On the other hand, a group whose scope is local can be granted permissions to resources only on the machine where it was created.
On Microsoft Windows NT–based networks, groups are created using User Manager for Domains. Windows NT groups have two levels of scope:
The situation in Windows 2000 is a little different. First, you create Windows 2000 groups using Active Directory Users and Computers. Groups are stored as group objects within Active Directory. Also, there are two types of groups in Windows 2000–based networks:
These two types of groups are stored in Active Directory. There are three levels of scope for security groups in Windows 2000–based networks:
Group. Nesting of groups in Windows NT and in Windows 2000. (Image unavailable)
With Windows 2000, the nesting of groups is more complicated, as shown in the diagram. Furthermore, you can nest groups inside groups to any level, although nesting to one level is the recommended practice for effective administration.
Note that on Windows 2000–based networks, universal groups are available only when your domain controllers are running in native mode, not when they are running in mixed mode. Also, repeated nesting of groups is allowed only in native mode.
On member servers and computers running Windows 2000 Professional, you can also create a fourth type of group called a local group, one that exists only within the local security database of the machine on which it is created. Local groups in Windows 2000 are similar to local groups in Windows NT. They can contain user accounts that are local to the machine, and user accounts and global groups from their own domain. A local group can be granted permissions only to resources on the machine where it was created. You use Local Users and Groups, a snap-in for Microsoft Management Console (MMC), to create local groups on a machine.
If your Windows 2000 network has only a single domain, use global groups and domain local groups for granting permissions to network resources. Create global groups according to function, add users to the global groups, create domain local groups according to groups of common resources, assign permissions to the domain local groups, and finally, place the global groups in the appropriate domain local groups. If you have a domain tree, use global and universal groups instead in a similar administrative approach.
In Windows 2000, you can change the scope of a group if desired. For example,
A group of settings that are applied to a subset of Active Directory objects in Microsoft Windows 2000. Group policies are created and assigned using Group Policy, a snap-in for the Microsoft Management Console (MMC). Group policies are typically used to simultaneously configure the desktop working environments of a group of users, but they have many other uses as well. Group policies can be used to
Group policies can be assigned to domains, sites, or organizational units (OUs). To create and configure a group policy, use Group Policy to create a new Group Policy object (GPO). Group policies are applied to users when they log on and to computers when they boot up. If two policies apply to a user or computer, and they do not conflict, they are applied in a cumulative fashion. Users are subject to group policies that apply to them as users and to group policies that apply to the computer at which they are working.
An administrative tool in Microsoft Windows 2000 that is used for configuring group policies; that is, user and computer settings for groups of users and computers. Group Policy is the successor to the Windows NT administrative tool called System Policy Editor.
How It Works
System Policy Editor for Windows NT stores system policy information in an ntconfig.pol file that modifies a portion of the Windows NT registry. Group Policy stores its settings in an Active Directory object called a Group Policy object (GPO) that contains the collection of settings for a group of users or computers created using Group Policy. A GPO is normally associated with a selected site, domain, or organizational unit (OU) object in Active Directory. Group policy information is also stored in a folder structure called the Group Policy Template on the SYSVOL volume on domain controllers. Group policies can also be configured for computers that are not domain members. Group Policy can be used to specify the following:
In addition, by using the Security Settings extension, you can configure users’ security settings, and by using the Software Installation extension, you can publish, update, or repair applications on user’s computers.
To configure a group policy for a specific site in Active Directory, open the administrative tool called Active Directory Sites and Services, select the specific site you want to configure, click the Action button on the toolbar, choose Properties from the drop-down menu, and select the Group Policy tab. Alternatively, you can install the Group Policy snap-in in a new Microsoft Management Console (MMC) (see screen capture).
Group Policy for Windows 2000 cannot be used to configure group policies for downlevel Windows NT, Windows 95, or Windows 98 clients. Use System Policy Editor instead.
Group Policy. (Image unavailable)
Global System for Mobile Communications (GSM)
Gateway Service for NetWare (GSNW)
In Microsoft Windows NT, a built-in account with a null password created during installation. The Guest user account is a member of the Domain Guests global group on the domain controller or member server on which it is defined.
The Guest account is intended for occasional users who need temporary access to resources on the network. It is disabled by default and can be enabled using User Manager for Domains. The Guest account is also created by default on machines running Windows 2000 during installation.
A Microsoft Windows NT built-in group existing on all Windows NT–based servers and workstations. The Guests group is a local group whose initial membership is the built-in Guest user account. If a member server or workstation joins a domain, the global group called Domain Guests is added to the local Guests group.
The Guests group has no preassigned rights or permissions on Windows NT domain controllers and has a single right, Log On Locally, on the Windows NT member server or workstation on which it exists. You can assign any network resource permissions to this group in order to grant temporary or guest users the access they require.
globally unique identifier (GUID)