This week, I present the second in an occasional series of Windows 2000 Ready columns that I'll devote to defining new Windows 2000 (Win2K) terms and concepts. With this series, I'll be compiling a Win2K glossary for the Windows NT Magazine Web site. If you'd like me to address any particular Win2K topics, acronyms, or concepts, email me at

The Advanced Configuration and Power Interface (ACPI) is an industry standard that defines power management on computers and peripherals, and it plays an important role in the power management and Plug and Play (PnP) features of Windows 2000 (Win2K). ACPI is also the key to the OnNow industry technology that vendors are using to build systems that start instantly when you touch a key. In Win2K, the Control Panel's Power Options let you manage different power schemes that take advantage of ACPI.

Authenticated Users
A Win2K group whose membership the OS or the domain controls. In Windows NT 4.0, administrators control Administrators and Users groups, and the OS or the domain controls the Everyone group, which you can use to assign permissions. In Win2K, administrators can control the Administrators, the Power Users, and the Users groups; Authenticated Users is the only group the OS can control. Unlike the Everyone group, the Authenticated Users group doesn’t contain anonymous or guest users. By default, the Authenticated Users group is a member of Power Users group.

Distributed File System (dfs) consists of two components: A service that runs on Win2K servers and a dfs client that runs on client computers. Dfs provides an easy and efficient way for network clients to access files dispersed across a network. A network administrator can configure either a standalone dfs or a domain-based dfs; domain-based dfs offers fault tolerance. A dfs client comes with Win2K, NT, and Windows 98. You can download the dfs client for Win95 from Microsoft. Only NT 4.0 (standalone dfs server) and Win2K (standalone and domain-based server) support the dfs server component.

A computer’s Globally Unique Identifier (GUID), a special ID that computer manufacturers supply, consist of 32 hexadecimal text digits--8 digits followed by 4, 4, 4, and 12 digits (e.g., hhhhhhhh-hhhh-hhhh-hhhh-hhhhhhhhhhhh, where h is a hexadecimal digit). Valid entries are limited to 0123456789 abcdef-ABCDEF. You can find a computer’s GUID either on the machine's case or in the BIOS. If you're using Windows 2000's (Win2K) Remote Installation Services, you can pre-authorize a computer by using its GUID. This is a 32 digit number that consists of the computer’s hardware address (i.e. MAC address) preceded by 24 zeros (e.g. 00000000000000000000-0060979C6AB9).The GUID is also known as the Universal Unique IDentifier (UUID).

Mandatory User Profile
A mandatory user profile is a preconfigured user profile that lets a user make modifications to the profile while logged on, but prevents the changes from saving when the user logs off. Each time the user logs on, the mandatory user profile downloads for the user. To create a mandatory user profile, an administrator has to rename the user’s ntuser.dat file on the server to and enter the path to the user’s profile in the User Account properties in Active Directory (AD) Users and Computers. The Authenticated Users group must have read only permissions to the share where you store the user profiles. Administrators can assign the same mandatory user profile to several users.

Microsoft Authentication
An AppleShare extension that's part of Services for Macintosh that provides secure logon for Macintosh clients connecting to Windows 2000 (Win2K) servers. By default, Macintosh passwords travel over the network wire in plain-text format, and installing this extension on Macintosh clients lets clients encrypt passwords. Microsoft Authentication also lets Macintosh users specify a domain name so they can log on to a Win2K domain with individual accounts. Macintosh clients running System 7.1 or later will see Microsoft Authentication as their only option if you’ve disabled the guest and clear-text options on the server.

Public Key Infrastructure (PKI) is a term that describes the standards, policies, and software components that manage certificates. Electronic transactions use PKI with digital certificates and certificate authorities to verify and authenticate participants. PKI offers a strong authentication mechanism and simplifies administration because it lets you issue certificates (which you can map to user accounts in AD) instead of passwords. PKI deployment secures exchange of information over public networks such as the Internet. You can transfer data securely using Secure Sockets Layer (SSL), Transport Layer Security (TLS), or Secure MIME (S/MIME).