"Chris" <Chris@discussions.microsoft.com> wrote in message
news:FDC41606-AD25-419B-9F27-57F2FA24187E@microsoft.com...
Technically Rights and Permissions are two distinct things in NT-class
operating
systems; what you are referencing are NTFS Permissions.
The standard built-in tools are CACLS.exe or XCACLS.exe (support tools)
or just Explorer which all show everything directly assigned or inherited by
the object.
But it doesn't do anything for you to figure out precisely what a user
can/cannot
do -- it just shows the ACEs (access control entries).
In the resource kit are two utilities (Perms.exe & ShowAcls.exe) that focus
on
an individual user. Perms.exe is probably best.
This is usually a different (type of) question. Since theoretically a user
may have access to resources in ANY NTFS resource on any volume
of any machine (not just servers, or even those machines with sharing
enabled) of the domain, and even other domains in a forest or trust
relationship.
Perms can test a single machine, one volume or directory tree at a time.
(But I just found a bug in perms <UGH>) which ruins some of that.
Cacls and Xcalcs are probably closest since perms is buggy (I didn't know
that until just now).
The free SourceForge.exe "SetACL.exe" might also be used (to capture
and even later reload permissions) but it is one of THE most complicated
command lines tools in existence. This is because it was built to do
'everything' by Unix/Linux folks to work on a Windows box. (Combination
of all the worst possible switches, but it is cool when you need it.)
Probably have to combine any of the above with a (Perl, grep etc) program
filter
to get exactly what you want.
--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)
