Active Accessibility

A COM-based mechanism that allows applications to actively cooperate with software tools running in the system, such as automation tools, testing tools, and accessibility aids used by people with disabilities.

Active Directory

Provides the ability to build applications that give a single point of access to multiple directories in a network environment, whether those directories are LDAP, NDS, or NTDS-based directories.


These constants provide a unique system-independent way to identify special folders. Used in conjunction with SHGetFolderPath and other APIs.

Degrade gracefully

Does not crash the application or the operating system (GPF or blue screen), and does not lose user data. A dialog box or other visual and audio cue appears informing the user, for example, that the functionality is not available on X version of Y operating system. User is not required to close the application, and can continue to use the other functionality.

Down-level operating system

Any combination of these three operating systems: Windows 95, Windows 98, Windows NT Workstation 4.0, or Windows NT Server 4.0.

Group Policy

Used to specify settings for groups of users and computers, including software policies, scripts, user documents and settings, application deployment, and security settings.

High Contrast support

An option set by the user indicating that they require a high degree of contrast to improve screen legibility. Some application features may be exempted, such as when the use of color is intrinsic and indispensable to the goal of the feature.






A set of management technologies that mirror systems, data, and applications on a server. Part of the Zero Administration initiative for Windows (ZAW).

long file name (LFN)

Any file name that exceeds 8.3 characters in length or contains a character that is not valid in the 8.3 namespace.

multi-master replication

In Active Directory, means that all replicas of a given partition are writeable. This allows updates to be applied to any replica of a given partition. The Active Directory replication system propagates the changes from a given replica to all other replicas. Replication is automatic and transparent.

Resource (wrt clustering)

A physical or logical entity that is capable of being owned by a node, brought online and taken offline, moved between nodes, and managed as a server cluster object. A resource can only be owned by a single node at any point in time.

Secure Windows Environment

A configuration that prevents unprivileged users from intentionally or accidentally compromising the operating system. This is defined as the environment on Windows 2000 exposed to a normal (non-admin\non-power) User by default on a clean-installed NTFS system. In this environment, Users can only write to three* specific locations:

  1. Their own portion of the registry

  2. Their own user profile directory (CSIDL_PROFILE)

  3. A Shared Documents location

    Users have Read-Only access to the rest of the system.

    *Applications are free to modify the default security for an application-specific subdirectory of CSIDL_COMMON_APPDATA provided the modification is documented in the vendor questionnaire. This may provide a fourth location for Users to write to for a given application.

    **Users can not write to the following sections of HKCU:



    ***By default, Users cannot write to other Users shared documents, they can only read other Users shared documents. Applications are free to modify this default security on an application-specific subdirectory of CSIDL_COMMON_DOCUMENTS provided the modification is documented in the vendor questionnaire.

Side-by-side sharing

A new form of sharing in Windows 2000 and Windows 98 Second Edition that enables multiple versions of the same DLL to run at the same time.

System caret

Normally the flashing vertical bar that indicates the insertion point in text, it can actually have a range of appearances and is used to indicate keyboard focus location to other software utilities.

trusted domain account

An account that is in the same domain as the machine that the service is running on or in a domain which that domain trusts.

universal naming convention (UNC)

The system for indicating names of servers and computers, such as \\Servername\Sharename.

user profile

A computer-based record maintained about an authorized user of a multi-user computer system. A user profile is needed for security and other reasons; it can contain such information as the user's access restrictions, mailbox location, type of terminal, and so on.

Windows Installer service

Provides end users with a way to install and remove applications, or components of software as needed. System administrators can more easily manage applications and support roaming users.


Endnote 1. The Windows 2000 Datacenter Server is on a different release schedule than the other Windows 2000 operating systems. Microsoft is currently evaluating whether additional requirements specific to Datacenter will be required for Certification on Windows 2000 Datacenter server.

Endnote 2. In this context, "client" refers to the portion of your application requesting services, and "server" is the portion of your application that provides these services. Note that is possible that in some cases, the "client" could be running on a computer running Windows 2000 Server, and a "server" could be running on a computer running Windows 2000 Professional.

Endnote 3. An XML "document" is a set of XML tags and content constructed according to the rules of XML. For Certification, the document must be well formed, meaning that it conforms to the rules of XML. It must also be valid, meaning that it conforms to a schema. See the latest information on XML standards.

Endnote 4. To run a service under a specific account, 1) right click on My Computer and select "Manage" 2) Expand the "Services and Applications" node. 3) Select the "Services" node in the left pane. 4) In the right pane, double click the service for which you want to adjust the account properties. 5) Select the Log On tab. Select the This Account radio button. Type in the account you wish to use.

Endnote 5. Windows 2000 Datacenter Server is on a different release schedule than the other Windows 2000 operating systems. Microsoft is currently evaluating whether additional requirements specific to Datacenter will be required for Certification on Windows 2000 Datacenter server.


This document is provided for informational purposes only and Microsoft makes no warranties, either express or implied, in this document. Information in this document is subject to change without notice. The entire risk of the use or the results of the use of this document remains with the user.

The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual, company, product, or event, unless otherwise noted. Complying with all applicable copyright laws is the responsibility of the user.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in a written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

Active Accessibility, Active Desktop, Active Directory, IntelliMirror, Microsoft, Microsoft Press, MSDN, Outlook, Windows, the Windows logo, Win32, Win64, and Windows NT are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

Other product and company names mentioned herein may be the trademarks of their respective owners.