account lockout policy
A collection of settings, such as lockout duration, that control account lockouts.
application manifest
An XML file that describes the structure of an application, including required DLL files and privilege requirements.
AppLocker
A new feature in Windows 7 that is used to define which programs are allowed to run. This is a replacement for the software restriction policies found in Windows XP and Windows Vista.
asymmetric encryption algorithm
An encryption algorithm that uses two keys to encrypt and decrypt data. Data encrypted with one key is decrypted by the other key.
audit policy
The settings that define which operating system events are audited.
auditing
The security process that records the occurrence of specific operating system events in the Security log.
BitLocker Drive Encryption
A new feature in Windows 7 that encrypts the operating system partition of a hard drive and protects system files from modification.
BitLocker To Go
A new feature in Windows 7 that allows you to encrypt removable storage.
Encrypting File System (EFS)
An encryption technology for individual files and folders that can be enabled by users.
Full Volume Encryption Key (FVEK)
The key used to encrypt the VMK when BitLocker Drive Encryption is enabled.
hash encryption algorithm
A one-way encryption algorithm that creates a unique identifier that can be used to determine whether data has been changed.
local security policy
A set of security configuration options in Windows 7. These options are used to control user rights, auditing, password settings, and more.
malware
Malicious software designed to perform unauthorized acts on your computer. Malware includes viruses, worms, and spyware.
Microsoft Security Essentials
Free antivirus software that is available if your copy of Windows 7 is genuine.
Network Access Protection (NAP)
A computer authorization system for networks that prevents unhealthy computers from accessing the network.
password policy
A collection of settings to control password characteristics such as length and complexity.
Secedit
A command-line tool that is used to apply, export, or analyze security templates.
Security Configuration and Analysis tool
An MMC snap-in that is used to apply, export, or analyze security templates.
security template
An .inf file that contains security settings that can be applied to a computer or analyzed against a computer's existing configuration.
symmetric encryption algorithm
An encryption algorithm that uses the same key to encrypt and decrypt data.
Trusted Platform Module (TPM)
A motherboard module that is used to store encryption keys and certificates.
User Account Control (UAC)
A new feature in Windows 7 that elevates user privileges only when required.
Volume Master Key (VMK)
The key used to encrypt hard drive data when BitLocker Drive Encryption is enabled.
Windows Defender
Antispyware software included with Windows 7.
Windows Server Update Services (WSUS)
A service that collects and distributes patches to Windows workstations by using the automatic updates process.