Ø 8.3 file name—A standard for naming files first introduced with MS-DOS operating systems. The numbers indicate the maximum number of characters that can be used for that part of the name, eight characters and three characters respectively. The period is a separator character between the two names. The three-character field is also known as the file extension.
Ø Access Control Entries (ACE)—A specific entry in a file or folder’s ACL that uniquely identifies a user or group by its security identifier and the action it is allowed or denied to take on that file or folder.
Ø Access Control List (ACL)—For those file systems that support ACLs for files and folders, such as NTFS, the ACL is a property of every file and folder in that file system. It holds a collection (that is, list) of ACE items that explicitly defines what actions are allowed to be taken on the file or folder to which it is attached.
Ø Disk quota—A system of tracking owners for file data within an NTFS-formatted partition or volume and the total disk space consumed by each owner. Limits or warnings can be established to restrict disk space usage.
Ø Drive letter—A letter of the alphabet assigned to a formatted partition or volume as a reference point for future access by the user or their applications.
Ø Encrypted File System (EFS)—A component of the NTFS file system that is responsible for encrypting individual files. These files are not readable without the correct digital identification.
Ø Extended File Allocation Table (exFAT)—A proprietary Microsoft file system used with external storage media to organize files and folders using a technology similar to FAT but without the space limitations of FAT32. Volume sizes over 32 GB are fully supported.
Ø FAT—A generic term that refers to early versions of the FAT file system (FAT12, FAT16) or to any FAT file system in general, also see File Allocation Table.
Ø File Allocation Table (FAT)—A file system used to organize files and folders in a partition or volume. A master File Allocation Table is used to indicate what files and folders exist within the file system. The FAT table entries point to the beginning cluster used to store a file’s data. The first cluster points to the next cluster used to store the next part of the file’s data. The file’s data is stored in a chain of clusters, with the last cluster marked with an end-of-file identifier. The FAT table stores the name and attributes of the files and folders on the disk, their starting cluster, and which clusters link to the next. The number of addressable clusters determines the size of the FAT table. The limit for how many addressable clusters exist is based on the size of the binary number used to address each cluster. The number of bits used for the cluster address distinguishes the different versions of FAT. The common versions of FAT include FAT16 and FAT32.
Ø File extension—Typically a three-character name at the end of a filename that is used to indicate the type of data contained in the file. Common extension examples include DOC for documents and EXE for executable programs.
Ø Long filenames—Filenames that can be a maximum of 255 characters in length.
Ø New Technology File System (NTFS)—A file system introduced with Windows NT. NTFS supports advanced features to add reliability, security, and flexibility that file systems such as FAT and FAT32 do not have.
Ø Shadow copy—A snapshot of the file system that tracks changes to files and allows the restoration of previous file versions.
Ø Terabyte—A unit of data that consists of 1024 gigabytes. Commonly abbreviated as TB.Ø advanced User Accounts applet—An applet for managing users that is available only from the command line. Some options in this applet are not available in other user management utilities.
Ø administrator account—The type of user account that is made a member of the Administrators local group and has full rights to the system.
Ø Administrator account—The built-in account that is created during installation and has full rights to the system. This account cannot be deleted or removed by the Administrators group.
Ø built-in local groups—Groups that are automatically created for each Windows 7 computer and stored in the SAM database.\
Ø cached credentials—Domain credentials that are stored in Windows 7 after a user has logged on to a domain. Cached credentials can be used to log on when a domain controller cannot be contacted.
Ø default profile—The profile that is copied when new user profiles are created.
Ø domain-based network—A network where security information is stored centrally in Active Directory.
Ø Fast user switching—Allows multiple users to have applications running at the same time. However, only one user can be using the console at a time.
Ø game controls—A part of Parental Controls that is used to limit access to games.
Ø Guest account—An account with minimal privileges intended to give minimal access to Windows 7. This account is disabled by default.
Ø initial account—The account with administrative privileges created during the installation of Windows 7.
Ø local user account—A user account that is defined in the SAM database of a Windows 7 computer. Local user accounts are valid only for the local computer.
Ø Local Users and Groups MMC snap-in—An MMC snap-in that is used to manage users and groups.
Ø mandatory profile—A profile that cannot be changed by users. NTUSER.DAT is renamed to NTUSER.MAN.
Ø NTUSER.DAT—The file containing user-specific registry entries in a user profile.
Ø Parental Controls—A method for filtering Web access, configuring time limits, controlling game playing, allowing and blocking programs, and viewing activity reports.
Ø peer-to-peer network—A network where all computers store their own security information and share data.
Ø public profile—A profile that is merged with all other user profiles. The public profile does not contain an NTUSER.DAT file.
Ø roaming profile—A user profile that is stored in a network location and is accessible from multiple computers. Roaming profiles move with users from computer to computer.
Ø secure logon—Adds the requirement to press Ctrl+Alt+Del before logging on.
Ø Security Accounts Manager (SAM) database—The database used by Windows 7 to store local user and group information.
Ø Security Identifier (SID)—A number that is added to the access control list of a resource when a user or group is assigned access.
Ø Standard user account—A type of user account that does not have privileges to modify settings for other users. This type of account is a member of the Users local group.
Ø time limits—A part of Parental Controls that is used to control when users are allowed to log on to the computer.
Ø user account—User accounts are used for authentication to prove the identity of a person logging on to Windows 7.
Ø User Accounts applet—A simplified interface for user management in Control Panel.
Ø User Profiles applet—An applet that is used to copy or remove user profiles.
Ø Windows Welcome—The default logon method for Windows 7. This method presents icons representing each user.
Ø account lockout policy—A collection of settings, such as lockout duration, that control account lockouts.
Ø application manifest—An XML file that describes the structure of an application, including required DLL files and privilege requirements.
Ø AppLocker—A new feature in Windows 7 that is used to define which programs are allowed to run. This is a replacement for the software restriction policies found in Windows XP and Windows Vista.
Ø asymmetric encryption algorithm—An encryption algorithm that uses two keys to encrypt and decrypt data. Data encrypted with one key is decrypted by the other key.
Ø audit policy—The settings that define which operating system events are audited.
Ø auditing—The security process that records the occurrence of specific operating system events in the Security log.
Ø BitLocker Drive Encryption—A new feature in Windows 7 that encrypts the operating system partition of a hard drive and protects system files from modification.
Ø BitLocker To Go—A new feature in Windows 7 that allows you to encrypt removable storage.
Ø Encrypting File System (EFS)—An encryption technology for individual files and folders that can be enabled by users.
Ø Full Volume Encryption Key (FVEK)—The key used to encrypt the VMK when BitLocker Drive Encryption is enabled.
Ø hash encryption algorithm—A one-way encryption algorithm that creates a unique identifier that can be used to determine whether data has been changed.
Ø local security policy—A set of security configuration options in Windows 7. These options are used to control user rights, auditing, password settings, and more.
Ø malware—Malicious software designed to perform unauthorized acts on your computer. Malware includes viruses, worms, and spyware.
Ø Microsoft Security Essentials—Free antivirus software that is available if your copy of Windows 7 is genuine.
Ø Network Access Protection (NAP)—A computer authorization system for networks that prevents unhealthy computers from accessing the network.
Ø password policy—A collection of settings to control password characteristics such as length and complexity.
Ø Secedit—A command-line tool that is used to apply, export, or analyze security templates.
Ø Security Configuration and Analysis tool—An MMC snap-in that is used to apply, export, or analyze security templates.
Ø security template—An .inf file that contains security settings that can be applied to a computer or analyzed against a computer’s existing configuration.
Ø symmetric encryption algorithm—An encryption algorithm that uses the same key to encrypt and decrypt data.
Ø Trusted Platform Module (TPM)—A motherboard module that is used to store encryption keys and certificates.
Ø User Account Control (UAC)—A new feature in Windows 7 that elevates user privileges only when required.
Ø Volume Master Key (VMK)—The key used to encrypt hard drive data when BitLocker Drive Encryption is enabled.
Ø Windows Defender—Antispyware software included with Windows 7.
Ø Windows Server Update Services (WSUS)—A service that collects and distributes patches to Windows workstations by using the automatic updates process.