Controlling Access to Network Resources
Windows Server 2003 allows you to control who has access to network resources through permissions that
are stored in an Access Control List.
7.1 Access Control List
NTFS stores an access control list (ACL) with every file and folder on an NTFS volume. The ACL
contains a list of all user accounts and groups that have been granted access to the file or folder, as well as
the type of access that they have been granted. When a user attempts to gain access to a resource, the ACL
must contain an entry, called an access control entry (ACE), for the user account or a group to which the
user belongs. The entry must allow the type of access that is requested for the user to gain access. If the
access control entry does not exist or the entry does not match the type of access the user requests, the user
will not be granted access to the resource.