Here's the situation. Often I need to tell how a user is getting access to a specific folder. I can see in "Effective permissions" that they have read/write/etc, but because of nested groups I can't immediately tell why.
I'd like a tool/script that I can run that will take the input of a path, and user and tell me how that user has permissions.
Example.
I'm on Server01 and I browse to c:\folder and I see that user MathewC has effective permissions to write, but when I look at the permissions for the folder, I can see that many groups have access to write, but I don't know which of those groups MathewC is a memeber of.
So, the permissions of the folder would look like this:
C:\folder
- Group 01 Read/Write
- Group 02 Read/Write
- Group 03 Read/Write
… - Group 99 Read/Write
And the tool/script would report back
User MathewC is a memeber of "Group 42" which has Read/Write access.
Or even more complex:
User MathewC is a memeber of "Group humans" which is a member of "Group 42" which has Read/Write access.
Best Answer
Technically this question (and this answer) are Off-Topic as "shopping" but I'll try and help you out.
You should be able to use Chris' NTFS Permissions Reporter to do what you need. I've been using it for a while now.
NTFS Permissions Reporter
The free one can basically do what you are asking.
For instance, you can ask about a specific folder like: "\server01\share\folder\subfolder" and set the options as below:
Then after the report runs, you can click on one of the users in the results pane to see how they got their effective permissions and from what Group.
Hope that helps.