How do I mimic Advanced Security Settings 'Effective Access' tab in command line (Win10 notably)? Prefer built-in tools, I'm about to evaluate if sysinternals AccessChk can accomplish this
icacls only shows domain groups given permission to this folder, so how can I check an individual user? A logical answer might be use net user gregg /domain
to validate if the user-in-question is part of the domain group given permission to that folder. Would those two steps give all the info 'Effective Access' would give?
Background info:
- I'm a sysadmin with two domain accounts (one normal/limited, one domain admin). So when someone says they can't access a file I have to remote into server to get admin access to use 'effective access' which is kind of inconvenient. Can I somehow do that with RSAT tools?
- Our network drive folders each have unique permissions that used domain user groups. Management staff sometimes move files from a secure location to a less-secure (everyone has access) folder, but the secure permissions follow it causing trouble for other staff. Permissions are handled differently when you copy vs move/cut (see kb310316 or this blog post), but good luck explaining that to an end user since I've just slowly grasped the concept
Related questions:
xcopy /x /o
orrobocopy /sec
,/dats
or/copyall
switches