Windows: View "all" permissions of a specific user or group
The net user
command might be what you are locking for. The syntax is as follows:
net user /domain [username]
Sample Return:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Windows\system32>net user /domain joneswac
The request will be processed at a domain controller for domain MY.SCHOOL.EDU.
User name joneswac
Full Name Wesley P Jones
Comment
User's comment
Country code 000 (System Default)
Account active Yes
Account expires Never
Password last set 5/6/2013 3:51:33 PM
Password expires Never
Password changeable 5/6/2013 3:51:33 PM
Password required Yes
User may change password Yes
Workstations allowed All
Logon script
User profile
Home directory \\WONDERFULSCHOOL\students\joneswac
Last logon 6/1/2013 3:31:50 PM
Logon hours allowed All
Local Group Memberships
Global Group memberships *SOCIAL AND BEHAVIORAL*IT Boot Camp Admin
*Students *Registered for Classe
*Domain Users *90B SOC SCI TCH PLAN
The command completed successfully.
C:\Windows\system32>
edit: removed typo character from command
Windows Sysinternals has a tool AccessEnum which states: "While the flexible security model employed by Windows NT-based systems allows full control over security and file permissions, managing permissions so that users have appropriate access to files, directories and Registry keys can be difficult. There's no built-in way to quickly view user accesses to a tree of directories or keys. AccessEnum gives you a full view of your file system and Registry security settings in seconds, making it the ideal tool for helping you for security holes and lock down permissions where necessary." Good Luck!
view all login user group (nested too):
DSQUERY USER -name %Username% | DSGET USER -memberof -expand | DSGET GROUP -sid -samid | more
view all user group (nested too):
DSQUERY USER -name <user name> | DSGET USER -memberof -expand | DSGET GROUP -sid -samid | more
view all memberof group (nested too):
DSQUERY GROUP -name "Nected Group Set of resources 1" | DSGET GROUP -memberof -expand | DSGET GROUP -sid -samid
view all members group (nested too):
DSQUERY GROUP -name "Nected Group Set of resources 1" | DSGET GROUP -members -expand | DSGET GROUP -sid -samid
view curent user permission, see too /Z
/V
... /R
options:
GPRESULT /USER %username%
view curent user prop:
dsquery * -filter "(samAccountName=%username%)" -attr *