Windows: View "all" permissions of a specific user or group

Solution 1:

Windows Sysinternals has a tool AccessEnum which states: "While the flexible security model employed by Windows NT-based systems allows full control over security and file permissions, managing permissions so that users have appropriate access to files, directories and Registry keys can be difficult. There's no built-in way to quickly view user accesses to a tree of directories or keys. AccessEnum gives you a full view of your file system and Registry security settings in seconds, making it the ideal tool for helping you for security holes and lock down permissions where necessary." Good Luck!

Solution 2:

The net user command might be what you are locking for. The syntax is as follows:

net user /domain [username]

Sample Return:

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Windows\system32>net user /domain joneswac
The request will be processed at a domain controller for domain MY.SCHOOL.EDU.

User name                    joneswac
Full Name                    Wesley P Jones
Comment
User's comment
Country code                 000 (System Default)
Account active               Yes
Account expires              Never

Password last set            5/6/2013 3:51:33 PM
Password expires             Never
Password changeable          5/6/2013 3:51:33 PM
Password required            Yes
User may change password     Yes

Workstations allowed         All
Logon script
User profile
Home directory               \\WONDERFULSCHOOL\students\joneswac
Last logon                   6/1/2013 3:31:50 PM

Logon hours allowed          All

Local Group Memberships
Global Group memberships     *SOCIAL AND BEHAVIORAL*IT Boot Camp Admin
                             *Students             *Registered for Classe
                             *Domain Users         *90B SOC SCI TCH PLAN
The command completed successfully.


C:\Windows\system32>

edit: removed typo character from command

Solution 3:

view all login user group (nested too):

DSQUERY USER -name %Username% | DSGET USER -memberof -expand | DSGET GROUP -sid -samid | more

view all user group (nested too):

DSQUERY USER -name <user name> | DSGET USER -memberof -expand | DSGET GROUP -sid -samid | more

view all memberof group (nested too):

DSQUERY GROUP -name "Nected Group Set of resources 1" | DSGET GROUP -memberof -expand | DSGET GROUP -sid -samid

view all members group (nested too):

DSQUERY GROUP -name "Nected Group Set of resources 1" | DSGET GROUP -members -expand | DSGET GROUP -sid -samid

view curent user permission, see too /Z /V ... /R options:

GPRESULT /USER %username%

view curent user prop:

dsquery *  -filter "(samAccountName=%username%)" -attr *