To successfully implement a secure Terminal Server, you must have a clear understanding of both the Windows NTFS and registry security. As with all objects in the Windows 2003/2000 operating system, security is managed through the object’s security descriptor. Access to view or manipulate the object is controlled through a special data structure in the security descriptor called the Discretionary Access Control List (DACL). The entries in this list determine who has what type of access to the object. Each entry in the DACL is known as an access control entry (ACE). Each ACE contains the following information: