How do I mimic Advanced Security Settings 'Effective Access' tab in command line (Win10 notably)? Prefer built-in tools, I'm about to evaluate if sysinternals AccessChk can accomplish this
icacls only shows domain groups given permission to this folder, so how can I check an individual user? A logical answer might be use net user gregg /domain to validate if the user-in-question is part of the domain group given permission to that folder. Would those two steps give all the info 'Effective Access' would give?
Background info:
- I'm a sysadmin with two domain accounts (one normal/limited, one domain admin). So when someone says they can't access a file I have to remote into server to get admin access to use 'effective access' which is kind of inconvenient. Can I somehow do that with RSAT tools?
- Our network drive folders each have unique permissions that used domain user groups. Management staff sometimes move files from a secure location to a less-secure (everyone has access) folder, but the secure permissions follow it causing trouble for other staff. Permissions are handled differently when you copy vs move/cut (see kb310316 or this blog post), but good luck explaining that to an end user since I've just slowly grasped the concept
Related questions:
Best Answer
My preferred method for doing this is to use a non-native PowerShell Module NTFSSecurity available in the PowerShell Gallery.
You can install the module from most modern Windows Powershell windows by running
In order to retrieve the Effective Access, you would run the following command:
It will work on local paths as well; the output takes the following format: