This chapter goes beyond providing simple definitions of terms, and includes in-depth information and many suggested user actions or examples wherever appropriate. The terms are also defined with regard to how they relate to Windows NT messages. Many of these terms are very technical and do not appear in the Windows NT Workstation System Guide or Windows NT Server System Guide. Those terms that do may be slightly altered here to provide more information for understanding how they are used in messages.
Reading the information presented here should make subsequent technical discussions more understandable, both in reading this book and talking with technical support people.
access control entry (ACE)
An entry in an access control list (ACL). Each access control entry defines the protection or auditing to be applied to a file or other object for a specific user or group of users.
access control list (ACL)
The part of a security descriptor that enumerates both the protections to accessing and the auditing of that accessing that are applied to an object. The owner of an object has discretionary access control of the object and can change the object's ACL to allow or disallow others access to the object. Access control lists are ordered lists of access control entries (ACEs).
access right
A permission granted to a process to manipulate a particular object in a particular way (for example, by calling a service). Different object types support different access rights, which are stored in an object's access control list (ACL).
access token, or security token
An object that uniquely identifies a user who has logged on. An access token is attached to all the user's processes and contains the user's security ID (SID), the SIDs of any groups to which the user belongs, any privileges that the user owns, the default owner of any objects that the user's processes create, and the default access control list (ACL) to be applied to any objects that the user's processes create. See also privilege.
access violation
An attempt to carry out a memory operation that is not allowed by Windows NT memory management. An access violation has nothing to do with the Security Manager's checking of User-mode access rights to objects.
There are four basic kinds of actions that can cause access violations:
address space, or virtual address space
The set of addresses available for a process's threads to use. In Windows NT, every process has a unique address space of 4 GB.
algorithm
In its most general sense, an algorithm is any set of instructions that can be followed to carry out a particular task. In computer usage, an algorithm is a set of instructions within a program. If, for example, in the Network option in Control Panel, you encounter a message that says that "A binding algorithm failed," this means that the program was unable to execute a set of instructions designed to bind together elements necessary for a functional network configuration.
allocation units
See clusters.
anonymous-level security token
The type of security token used when a server impersonates a client. If, when the client calls the server, the client specifies an anonymous impersonation mode, the server cannot access any of the client's identification information, such as its security identifier (SID) or privileges. The server will have to use an anonymous-level security token when representing the client in successive operations. See also access token.
application programming interface (API)
A set of routines that an application program uses to request and carry out lower-level services performed by the operating system.
For example, programming code is built using a series of function calls or routines that perform certain actions. Suppose that every workday you got up at 7 a.m., showered, dressed, fixed and ate breakfast, brushed your teeth, and then drove to work. If you were really a computer and never deviated from this pattern, a programmer could write a program for you called DAILY_ROUTINE that would perform these actions automatically. So, instead of having to specify each action, the programmer could just write DAILY_ROUTINE in the code, and the actions would be carried out. Thus, in this example, DAILY_ROUTINE would constitute an API.
authentication package
A subsystem that verifies that the logon information that a user supplies matches the information stored in a security database.
AUTOEXEC.NT and CONFIG.NT files
Windows NT configures the MS-DOS environment by reading the AUTOEXEC.BAT file when you log on, and by reading the AUTOEXEC.NT and CONFIG.NT files when you start an application in a new command window. The AUTOEXEC.NT and CONFIG.NT files are the Windows NT versions of AUTOEXEC.BAT and CONFIG.SYS.
When you log on to Windows NT, the path and environment variables stored in the AUTOEXEC.BAT file are appended to the Windows NT path and environment settings. Because this portion of the operating environment is established at logon, the values set for the path and environment variables are available to each application you use. If you change these values, you must log off from and then log on to Windows NT again so that the changes take effect.
When you start an MS-DOS-based or a 16-bit Windows-based application in a new command window, Windows NT reads the CONFIG.NT and AUTOEXEC.NT files to configure the environment for the application. If, for example, you change an application's driver in the CONFIG.NT file, restarting the application puts the change into effect. You can edit these files just as you would CONFIG.SYS and AUTOEXEC.BAT. The files are located in the /systemroot\SYSTEM32 directory.
bad-sector mapping
A technique used by the NTFS file system to handle write errors. When an error is detected, the file system takes a free block, writes the data to that block instead of to the bad block, and updates a bad-block map. A copy of this map is written to disk.
binding
A series of bound paths from the upper-layer network services and protocols to the lowest layer of adapter card device drivers. Each network component can be bound to one or more network components above it or below it to make the component's services available to any component that can benefit from them.
boot partition
The boot partition for Windows NT is the volume, formatted for either a Windows NT file system (NTFS), file allocation table (FAT), or high-performance file system (HPFS), that has the Windows NT operating system and its support files. The boot partition can be (but does not have to be) the same as the system partition. It cannot be part of a stripe set or volume set, but it can be part of a mirror set. See also system partition.
circular dependency
A dependency in which an action that appears later in a chain is contingent upon an earlier action. For example, three services (A, B, and C) are linked. A is dependent upon B to start. B is dependent upon C to start. A circular dependency results when C is dependent upon A to start. See also dependency.
clusters, or allocation units
In data storage, a cluster is a disk-storage unit consisting of a fixed number of sectors (storage segments on the disk) that the operating system uses to read or write information to; typically, a cluster consists of two to eight sectors, each of which holds a certain number of bytes (characters).
A formatted disk is divided into sectors, and a cluster is a set of contiguous sectors allocated to files as a single unit. This clustering of sectors reduces disk fragmentation but may result in wasted space within the cluster.
Under both the NTFS and FAT file systems, the size of a cluster is based upon the size of the partition. However, with NTFS, you can override this with a switch, which forces a smaller (or larger) cluster size. Under FAT, the size of a cluster cannot be changed; the larger the partition, the more sectors you will have per cluster. Therefore, under FAT, you can have 1, 2, 4, 8, 16, 32, and 64 sectors per cluster.
CONFIG.NT files
See AUTOEXEC.NT and CONFIG.NT files.
control set
All Windows NT startup-related data that is not computed during startup is saved in one of the Registry hives. This startup data is organized into control sets, each of which contains a complete set of parameters for starting up devices and services. The Registry always contains at least two control sets, each of which contains information about all the configurable options for the computer: the current control set and the LastKnownGood control set. See also LastKnownGood (LKG) control set.
corrupted data
Data in memory or on disk that has been unintentionally changed, thereby altering or obliterating its meaning.
current control set
The control set that was used most recently to start the computer and that contains any changes made to the startup information during the current session. See also LastKnownGood (LKG) control set.
cyclic redundancy check (CRC)
A procedure used on disk drives to ensure that the data written to a sector is read correctly later.
This procedure is also used in checking for errors in data transmission. The procedure is known as a redundancy check because each data transmission includes not only data but extra (redundant) error-checking values. The sending device generates a number based on the data to be transmitted and sends its result along with the data to the receiving device. The receiving device repeats the same calculation after transmission. If both devices obtain the same result, it is assumed that the transmission is error-free.
deadlock condition
A run-time error condition that occurs when two threads of execution are blocked, each waiting to acquire a resource that the other holds, and both unable to continue running.
debugger breakpoints
Set by the user of the Kernel debugger (KD) before running the Windows NT Executive, a breakpoint is put into the Executive code at an instruction. Then, when the Executive is run, if and when that instruction is executed, execution is stopped, and the current values of registers and flags are displayed. KD breakpoints are "sticky" in the sense that they remain in the program until explicitly removed. It is possible for code to have breakpoints in it that are never explicitly removed. See also Kernel debugger.
dependency
A situation in which one action must take place before another can happen. For example, if action A does not occur, then action D cannot occur.
Some Windows NT drivers have dependencies on other drivers or groups of drivers. For example, driver A will not load unless some driver from the G group loads first. See also circular dependency.
domain
For Windows NT Server, a collection of computers that share a common accounts database and security policy. Each domain has a unique name.
A set of servers and workstations grouped together for efficiency and security, and the basic administrative unit in Windows NT Server. A network can be divided, for example, into domains by department, workgroup, or building floor.
Domains keep large networks manageable. For example, users displaying a list of servers will see only the servers for their domain. But they can still access resources on servers in any domain if they have been granted the necessary rights.
domain controller
For a Windows NT Server domain, this refers to the server that maintains the security policy and the master database for a domain and, along with backup domain controllers, authenticates domain logons.
down level
A term that refers to earlier operating systems, such as Windows for Workgroups or LAN Manager, that can still interoperate with Windows NT Workstation or Windows NT Server.
dynamic-link library (DLL)
A library of routines that User-mode applications access through ordinary procedure calls. The operating system automatically modifies the user's executable image to point to DLL procedures at run time. That way, the code for the procedures does not have to be included in the user's executable image.
enumeration operation
The counting, accessing, or listing of an entire set of similar objects. When the last object in the set has been counted, accessed, or listed, the enumeration operation is complete.
error logging
The process by which errors that cannot readily be corrected by the majority of end users are written to a file instead of being displayed on the screen. System administrators, support technicians, and users can use this log file to monitor the condition of the hardware in a Windows NT computer, to tune the configuration of the computer for better performance, and to debug problems as they occur.
exception
A synchronous error condition resulting from the execution of a particular computer instruction. Exceptions can be either hardware-detected errors, such as division by zero, or software-detected errors, such as a guard-page violation.
Executive
The Executive is the part of the Windows NT operating system that runs in Kernel mode. Kernel mode is a privileged processor mode in which a thread has access to system memory and to hardware. (In contrast, User mode is a nonprivileged processor mode in which a thread can only access system resources by calling system services.) The Windows NT Executive provides process structure, thread scheduling, interprocess communication, memory management, object management, object security, interrupt processing, I/O capabilities, and networking.
The Windows NT Kernel is the part of the Windows NT Executive that manages the processor. It performs thread scheduling and dispatching, interrupt and exception handling, and multiprocessor synchronization. It also provides primitive objects to the Windows NT Executive, which uses them to create User-mode objects.
Executive messages
Two types of character-mode messages occur when the Windows NT Kernel detects an inconsistent condition from which it cannot recover: STOP messages and hardware-malfunction messages.
Character-mode STOP messages are always displayed on a full character-mode screen rather than in a Windows-mode message box. They are also uniquely identified by a hexadecimal number and a symbolic string, as in the following example:
*** STOP: 0x00000001 APC_INDEX_MISMATCH
The content of the symbolic string may suggest, to a trained technician, the part of the Kernel that detected the condition from which there was no recourse but to stop. However, keep in mind that the cause may actually be in another part of the system.
Character-mode hardware-malfunction messages are caused by a hardware condition detected by the processor. The first one or two lines of a hardware-malfunction message may differ depending on which company manufactured the computer. However, these lines always convey the same idea, as shown in the following example for an x86-based computer:
Hardware malfunction. Call your hardware vendor for support.
The additional lines in each manufacturer's message screen also differ in format and content.
The Executive displays a Windows-mode STATUS message box when it detects conditions within a process (generally, an application) that you should know about. STATUS messages can be divided into three types:
For an in-depth discussion of the these messages, see Chapter 2, "Windows NT Executive Messages."
extended attribute
Windows NT FAT files have four basic parts: the data, the file system attributes (such as creation time and date, and FAT attributes), the security descriptors, and the extended attributes (EAs). EAs make up the set of extended information about a file, and are structured as name/value pairs. Typical Windows NT system uses of EAs are actions such as storing the icon of an executable image or indicating that the file is a symbolic link.
extended partition
This is created from free space on a hard disk and can be subpartitioned into zero or more logical drives. The free space in an extended partition can also be used to create volume sets or other kinds of volumes for fault-tolerance purposes. Only one of the four partitions allowed per physical disk can be an extended partition, and no primary partition needs to be present to create an extended partition.
file control block (FCB)
In MS-DOS, a 36-byte block of memory that contains all the information MS-DOS needs to know about an open file, such as the filename, what drive it is on, current file size, and date and time of creation.
globally unique identifier (GUID)
See universally unique identifier (UUID).
guard-page protection
The Windows NT Virtual Memory Manager can put a guard page at the end of a data structure, such as a dynamic array, and generate a warning message when a User-mode thread accesses the guard-page memory. The User-mode process can respond appropriately, for example, by extending the array.
handle
In general, a unique identifier (often an integer) by which a client refers to an object in the Windows NT operating system. Clients call servers to get a handle to an object on which the client wants to operate. Then the client sends requests for operations to the object, referring to the object by its handle. The server actually does the operation. This ensures that the client does not operate on the object directly.
In the Registry, each of the first-level key names begins with HKEY_ to indicate to software developers that this is a handle that can be read by a program. A handle is a value used to provide a unique identifier for a resource so that a program can access it.
hexadecimal
A base-16 number system that consists of the digits 0 through 9 and the uppercase and lowercase letters A (equivalent to decimal 10) through F (equivalent to decimal 15).
high memory area (HMA)
A 64K memory block located just above the 1 MB address in a Virtual DOS Machine (VDM). This memory becomes visible when the A20 address line is turned on, enabling 21-bit addressing in the VDM.
hive
The Registry is divided into parts called hives, so named as an analogy to the cellular structure of a beehive. A hive is a part of the Registry that maps to a file on your hard disk. Each user profile is a separate hive, which means that it is also a separate file. Therefore, an administrator can copy a user profile as a file, and view, repair, or copy entries using Registry Editor on another computer.
hot key
In a user interface, hot keys provide an alternative to the mouse for manipulating interface objects. For example, instead of using the mouse, you can press the key combination ALT+F to open the File menu on the menu bar. ALT+F is a hot key.
impersonation
The ability of a thread in one process to take on the security identity of a thread in another process and to perform operations on the other thread's behalf. Impersonation is used by the Windows NT environment subsystems and network services to access remote resources on behalf of client applications.
.INF file
One of a set of files used by the Setup program, either during Windows NT installation or during maintenance Setup, or both. An .INF file generally contains a script for Setup to follow, along with configuration data that ends up in the Registry.
input/output control (IOCTL)
An IOCTL command enables a program to communicate directly with a device driver. This is done, for example, by sending a string of control information recognized by the driver. None of the information passed from the program to the device driver is sent to the device itself (in other words, the control string sent to a printer driver is not displayed on the printer).
installable file system (IFS)
A file system that can be loaded into the operating system dynamically. Windows NT can support multiple installable file systems at one time, including the file allocation table (FAT) file system, the high-performance file system (HPFS), the Windows NT file system (NTFS), and the CD-ROM file system (CDFS). Windows NT automatically determines the format of a storage medium, and reads and writes files in the correct format.
interrupt
An asynchronous operating system condition that disrupts normal execution and transfers control to an interrupt handler. Interrupts can be issued by both software and hardware devices requiring service from the processor. When software issues an interrupt, it calls an interrupt service routine (ISR). When hardware issues an interrupt, it signals an interrupt request (IRQ) line.
interrupt request level (IRQL)
A ranking of interrupts by priority. A processor has an interrupt request level (IRQL) setting that threads can raise or lower. Interrupts that occur at or below the processor's IRQL setting are masked, whereas interrupts that occur above the processor's IRQL setting are not. Software interrupts are almost always lower priority than hardware interrupts.
I/O bus
A hardware path inside a computer that is used for transferring information to and from the processor and various input and output devices.
Kernel
The Windows NT Kernel is the part of the Windows NT Executive that manages the processor. It performs thread scheduling and dispatching, interrupt and exception handling, and multiprocessor synchronization. It also provides primitive objects to the Windows NT Executive, which uses them to create User-mode objects.
Kernel debugger
The Windows NT Kernel debugger (KD) is a 32-bit application that is used to debug the Kernel and device drivers, and to log the events leading up to a Windows NT Executive STOP, STATUS, or hardware-malfunction message.
The Kernel debugger runs on another Windows NT host computer that is connected to your Windows NT target computer. The two computers send debugging (troubleshooting) information back and forth through a communications port that must be running at the same baud rate on each computer. See also debugger breakpoints; system debugger, and WINDBG.EXE.
Kernel mode
See Executive.
keyword
A special type of command parameter that includes a value. The syntax of the "width" keyword illustrates this: width = 40.
LastKnownGood (LKG) control set
The most recent control set that correctly started the system and resulted in a successful startup. The control set is saved as the LKG control set when you have a successful logon.
A copy of the control set used to start the system is also stored as the Clone subkey in the Registry. At startup time, the Service Control Manager copies the Clone subkey to the LastKnownGood control set before any new changes are made to the control set. This helps to ensure that the computer always contains a working control set. See also current control set.
local security authority (LSA)
A component of the Windows NT security system that maintains all aspects of local security on a system. This collection of information is known as the local security policy. The local security policy identifies, among other things, the following: domains trusted to authenticate logon attempts, who may access the system, how they may access it (locally, from the network, or as a service), who is assigned privileges, and what security auditing is to be performed.
mapped I/O, or mapped file I/O
This is file I/O that is performed by reading and writing to virtual memory that is backed by a file.
memory control block (MCB)
MS-DOS organizes available memory as a pool of blocks that are maintained as a chain (or linked list). The memory control block (MCB) occupies the bottom 16 bytes of each memory block and, among other things, points to the next memory block in the chain. If a memory control block is corrupted, MS-DOS cannot find the next block in the chain and does not know which memory blocks have been allocated and which have not.
mounting a volume
Finding a file system that recognizes the format of a volume, and associating the file system with the volume. Windows NT does this automatically the first time a program accesses a volume (or, for other forms of removable media such as floppy disks or CD-ROMs, each time the user reinserts the floppy disk or CD into a drive and performs I/O on it). A volume must be mounted before I/O operations can be done on it.
named pipe
An interprocess communication mechanism that enables one process to send data to another local or remote process. See also pipe.
network control block (NCB)
A block of sequential data of fixed length. This data includes an operation code that indicates the operation to be performed, and elements that indicate the status of the operation. See also opcode.
network transport
This can be either a particular layer of the OSI reference model between the Network Layer and the Session Layer, or a communications protocol between two different computers on a network.
object
A single run-time instance of a Windows NT-defined object type. It contains data that can be manipulated only by using a set of services provided for objects of its type.
In Windows NT Performance Monitor, an object is a standard mechanism for identifying and using a system resource. Objects are created to represent individual processes, sections of shared memory, and physical devices. Performance Monitor groups counters by object type. Each object type can also have several instances. For example, the Processor object type will have multiple instances if a system has multiple processors. The Physical Disk object type has two instances if a system has two disks. Some object types (such as Memory and Server) do not have instances.
opcode
Operation code; a code, usually a number, that specifies an operation to be performed. An opcode is often the first component in a contiguous block of data; it indicates how other data in the block should be interpreted. See also network control block.
paging file, or swap file
A system file that contains the contents of virtual pages that have been temporarily removed from physical memory by the Virtual Memory Manager.
With virtual memory under Windows NT, some of the program code and other information are kept in RAM, while other information is temporarily swapped to a virtual-memory paging file. When that information is required again, Windows NT pulls it back into RAM and, if necessary, swaps other information to virtual memory. This activity is invisible, although you might notice that your hard disk is working. The resulting benefit is that you can run more programs at one time than your system's RAM would usually allow. See also virtual memory.
parameter
Parameters are used in commands entered at the Windows NT command prompt to customize that particular use of the command. For example, the MS-DOS copy command has two parameters: the path to the file to copy and the path to where the copy will be put. These two parameter values could be any valid path; by changing these each time you use the copy command, you are customizing the command.
partition
A portion of a physical disk that functions as though it were a physically separate unit. You can use a partitioning program, such as FDISK for the MS-DOS and OS/2® operating systems and Disk Administrator for Windows NT, to create these unformatted units. You must then use the format command (either from the command prompt or from within Disk Administrator) to format them for use with a specific file system. A partition is usually referred to as either a primary or an extended partition. See also volume.
partition table
A structure on a disk that the operating system uses to divide a disk into logical divisions called partitions, which can then be formatted to a specific file system. Primary partitions are defined by a data entry in the main partition table of a hard disk. Extended partitions are defined by a nondata entry in the main partition table.
permission
A rule associated with an object (usually a directory, file, or printer) in the form of a discretionary access control list (DACL) that is used to regulate which users or groups can have access to the object and in what manner. You can set file and directory permissions only on drives formatted to use the Windows NT File System (NTFS). See also right.
pipe
An interprocess communication mechanism. Writing to and reading from a pipe is much like writing to and reading from a file, except that the two processes are actually using a shared memory segment to communicate data. See also named pipe.
primary partition
A portion of a physical disk that can be marked as active for use by an operating system. Active means that the POST (power-on self-test) routine can locate a boot sector on the partition. There can be up to four primary partitions (or up to three if there is already an extended partition) per physical disk. A primary partition cannot be subpartitioned.
privilege
The representation of most user rights in access tokens. An example of one is the backup privilege. Holders of that privilege are allowed to bypass file-system security. In a secure system, not all users will have that privilege. See also access token.
privileged instruction
Processor-privileged instructions have access to system memory and the hardware.
process
A logical division of labor in an operating system.
A Windows NT process is created when a program runs. A process can be either an application (such as Microsoft Word or Corel® Draw), a service (such as Event Log or Computer Browser), or a subsystem (such as POSIX). In Windows NT, it comprises a virtual address space, an executable program, one or more threads of execution, some portion of the user's resource quotas, and the system resources that the operating system has allocated to the process's threads. A process is implemented as an object. See also object.
Registry
A secure, unified database that stores application configuration data, hardware configuration data (such as device-driver configuration data, and network protocol and adapter card settings), and user data in a hierarchical form for a Windows NT Workstation or Windows NT Server computer.
Registry key
The configuration data in the Registry is stored in a hierarchical form, and keys are the building blocks of this hierarchy. In the Registry, there are four top-level keys that contain per-computer and per-user databases. Each key can contain data items, called value entries, and can also contain additional subkeys. In the Registry structure, keys are analogous to directories, and the value entries are analogous to files. See also value entries.
remote procedure call (RPC)
A message-passing facility that enables a distributed application to call services available on various computers in a network without regard to their locations. Remote network operations are handled automatically. RPC provides a procedural, rather than a transport-centered, view of networked operations.
remote procedure call (RPC) binding
A logical connection between the client and server, or the process by which the client establishes a logical connection to the server.
remote procedure call (RPC) connection
A transport-level virtual circuit between the client and server. The RPC run time establishes the circuit when the client binds to the server interface instance. Connections are not visible to the client. A client may have more than one connection to the server.
remote procedure call (RPC) endpoint
An endpoint identifies a specific server instance (or address space) on a host. The format of the endpoint depends on the transport protocol used. There are well-known endpoints and dynamic endpoints. Well-known endpoints are registered in the name service database. Dynamic endpoints are assigned to server instances at run time.
remote procedure call (RPC) protocol sequence
A character string that identifies the network protocols used to establish a relationship between a client and a server. The protocol sequence contains a set of options that the RPC run time must know about to establish a binding. These options include the RPC protocol, the format of the network address, and the transport protocol. For example, a protocol sequence string might be as follows:
ncacn_ip_tcp
remote procedure call (RPC) server
The program or computer that processes remote procedure calls from a client.
revision level
A revision level is built into many Windows NT data structures, such as security descriptors and access control lists (ACLs). This enables the structure to be passed between systems or stored on disk even though it is expected to change in the future.
right
A right authorizes a user to perform certain actions on the system. In most situations, rights should be provided to a user by adding that user's account to one of the built-in groups that already possesses the needed rights, rather than by administering the user rights policy. Rights apply to the system as a whole, and are different from permissions, which apply to specific objects. See also permission.
root directory
In a file system structured as a hierarchy of directories on a partition or volume, the root directory is the parent of all the other directories. The root directory name in FAT, HPFS, and NTFS is a backslash (\).
secrets
Encrypted pieces of information.
security accounts manager (SAM)
A Windows NT-protected subsystem that maintains the security accounts database.
security descriptor
A data structure that houses all the security information related to an object. It contains a discretionary access control list (DACL), a system access control list (SACL) that controls auditing on the object, an owner, and a primary group of the object.
security ID (SID)
A number that identifies a user, a global group of users, a local group of users, or a domain within Windows NT.
security token
See access token.
semaphore
Generally, semaphores are signaling devices or mechanisms. However, in Windows NT, system semaphores are objects used to synchronize activities on an interprocess level. For example, when two or more processes share a common resource such as a printer, video screen, or memory segment, semaphores are used to control access to those resources so that only one process can alter them at any particular time.
server message block (SMB)
A block of data that contains a work request from a workstation to a server, or that contains the response from the server to the workstation. SMBs are used for all communications that go through the server or workstation service, such as file I/O, creating and removing remote connections, or performing any other network function that the redirector needs to carry out.
Microsoft network redirectors use this structure to send remote requests or information over the network to a remote computer, which can be either a Windows NT Workstation or Windows NT Server computer.
single system image (SSI)
A domain that has the Logon service running and that propagates its user accounts database throughout the domain.
stand-alone
A workstation or server that is not currently a member of a domain. Or, a workstation or server at which logon requests are not validated by a logon server.
swap file
See paging file.
switch
A special type of command parameter that is denoted by a leading slash (/) or leading dash (-). Switches are normally used for parameters that are simple toggles (on/off switches). For example, in the chkdsk command, an optional parameter is the /f switch. If it is used, chkdsk attempts to fix any problems it finds on a disk. If it is not used, chkdsk only reports the problems and does not attempt to fix them.
syntax
The rules governing the structure and content of commands entered into the computer. For example, when you enter commands at the Windows NT command prompt, if the structure and content of a command violate the syntax rules, the Windows NT command processor cannot interpret the command and generates a syntax error message.
system debugger
The Windows NT system debugger (NTSD) is a 32-bit application that supports the debugging of User-mode applications and dynamic-link libraries (DLLs). NTSD can also read and write paged and nonpaged memory, and supports multiple-thread debugging and multiprocess debugging.
NTSD enables you to display and execute program code, set breakpoints that stop the execution of your program, and examine and change values in memory. NTSD also enables you to refer to data and instructions by name rather than by address. It can access program locations through addresses, global symbols, or line-number references, making it easy to locate and debug specific sections of code. You can debug C programs at the source-file level as well as at the machine-code level. You can also display the source statements of a program, the disassembled machine code of the program, or a combination of source statements and disassembled machine code.
In contrast to NTSD, the Windows NT Kernel debugger (KD) supports the debugging of Kernel-mode code. It cannot be used to set breakpoints in User-mode nor to read or write paged-out memory. KD also does not provide support for threads. However, it does support multiprocess debugging.
You would, therefore, use NTSD for debugging User-mode programs and KD for debugging the Kernel and device drivers. See also Kernel debugger and WINDBG.EXE.
system files
Files that are used by either the operating system or the file system to store special system data. NTFS uses them to store special data on the file system.
Operating systems use these files to store information and programs that are used to start the computer and load the operating system. MS-DOS system files include IO.SYS, MSDOS.SYS, and COMMAND.COM. Windows NT system files include NTLDR, NTDETECT.COM, BOOT.INI, and several of the files in the \systemroot\SYSTEM32 directory.
system partition
The system partition for Windows NT is the volume that has the hardware-specific files needed to load Windows NT. On x86-based computers, it must be a primary partition that has been marked as active for startup purposes and must be located on the disk that the computer accesses when starting up the system. There can be only one active system partition at a time, which is denoted on the screen by an asterisk. If you want to use another operating system, you must first mark its system partition as active before restarting the computer.
Partitions on a RISC-based computer are not marked active. Instead, they are configured by a hardware configuration program supplied by the manufacturer. On RISC-based computers, the system partition must be formatted for the FAT file system. On either type of computer, the system partition can never be part of a stripe set or volume set, but it can be part of a mirror set. See also boot partition.
terminated process
In Windows NT, a process object is a program invocation, including the address space and resources required to run the program. When the Windows NT Executive terminates a process, it quits running the program and returns the address space and resources to the system. From the user's point of view, the application is no longer running.
thread
An executable entity that belongs to one (and only one) process. It comprises a program counter, a User-mode stack, a Kernel-mode stack, and a set of register values. All threads in a process have equal access to the process's address space, object handles, and other resources.
In Windows NT Performance Monitor, threads are objects within processes that execute program instructions. They allow concurrent operations within a process and enable one process to execute different parts of its program on different processors simultaneously. Each thread running on a system shows up as an instance for the Thread object type and is identified by association with its parent process. For example, if Print Manager has two active threads, Performance Monitor identifies them as Thread object instances Printman ==> 0 and Printman ==> 1.
transport driver interface (TDI)
A Windows NT interface for network redirectors and servers to use in sending network-bound requests to network transport drivers. This interface provides transport independence by abstracting transport-specific information.
trap
A processor's mechanism for capturing an executing thread when an unusual event (such as an exception or interrupt) occurs, and then transferring control to a fixed location in memory where the handler code resides. The trap handler determines the type of condition and transfers control to an appropriate handling routine.
trust relationship
Trust relationships are links between domains that enable pass-through authentication, in which a user has only one user account in one domain, yet can access the entire network. User accounts and global groups defined in a trusted domain can be given rights and resource permissions in a trusting domain, even though those accounts don't exist in the trusting domain's database. A trusting domain honors the logon authentications of a trusted domain.
universal naming convention (UNC) name
A name given to a device, computer, or resource to enable other users and applications to establish an explicit connection and access the resources over the network. Also known as the uniform naming convention. The following example shows the syntax of a UNC name:
\\<computername>\<sharename>\<filename>
universally unique identifier (UUID)
A unique identification string associated with the remote procedure call interface. Also known as a globally unique identifier (GUID).
These identifiers consist of eight hexadecimal digits followed first by a hyphen, then by three groups of four hexadecimal digits with each group followed by a hyphen, and finally by twelve hexadecimal digits. For example, 12345678-1234-1234-1234-123456789ABC is a syntactically correct identifier. The identifiers on the client and server must match for the client and server to bind.
User mode
See Executive.
value entries
The value for a specific entry under a key or subkey in the Registry. Value entries appear as a string with three components: a name, a type, and the value. See also Registry key.
virtual address space
See address space.
virtual DOS machine (VDM)
Provides a complete MS-DOS environment and a character-based window in which to run an MS-DOS – based application. Any number of VDMs can run simultaneously.
virtual memory
A logical view of memory that does not necessarily correspond to the memory's physical structure.
Normally, virtual memory is the space on your hard disk that Windows NT uses as if it were actually memory. Windows NT does this through the use of the paging file. However, virtual memory can also be unused address space that is allocated to a process but not yet in use. In this case, the memory will not physically exist anywhere until it is actually used (that is, until data or code is loaded into it).
The benefit of using virtual memory is that you can run more applications at one time than your system's physical memory would otherwise allow. The drawbacks are the disk space required for the virtual-memory paging file and the decreased execution speed when swapping is required. See also paging file.
volume
A file-based medium that has been initialized with a file system structure (for example, a floppy disk, a hard disk, a tape reel, or a particular partition on a hard disk). A disk partition or collection of partitions that have been formatted for use by a file system and that can also be used as volume sets, stripe sets, and mirror sets. See also partition.
WINDBG.EXE
The Windows NT debugger (WINDBG.EXE) is a 32-bit application that, along with a collection of DLLs, is used for debugging the Kernel, device drivers, and applications. The same application can also be used on all hardware platforms, although there is a different build of it for each platform. It can be used for either remote or local debugging and can also be used in conjunction with the System Recovery option in Control Panel.
working set
The set of virtual pages that are in physical memory at any moment for a particular process. In a virtual memory system like Windows NT, a memory management system provides a large address space to each process by mapping the processes' virtual addresses into physical addresses as the processes' threads use them. When physical memory becomes full, the memory management system swaps selected memory contents to disk, reloading them from disk on demand.