Download AccessEnum.zip.

When you open the AccessEnum.exe GUI, you can select the Directory or Registry button.

The AccessEnum.exe Help file contains:

AccessEnum displays who has access to the files and folders within a directory. Although every file/directory is examined, AccessEnum displays only those with permissions that differ from their parent folder, allowing you to quickly determine deviations in your security policy.

AccessEnum abstracts Window's access-control model to just Read, Write and Deny permissions. A file is shown as granting Write permission whether it grants just a single write right (such as Write Owner) or the full suite of write rights via Full Control. Read and Deny permissions are handled similarly.

When AccessEnum compares a file/folder and its parent to determine whether their permissions are equivalent, it looks only at whether the same set of accounts are granted Read, Write and Deny access respectively. If a file grants just Write Owner access, and its parent just Delete access, the two will still be considered equivalent since both allow some form of writing.

AccessEnum condenses the number of accounts displayed as having access to a file/folder by hiding accounts with permissions that are duplicated by a group to which the account belongs. For example, if a file grants Read access to both user Bob and group Marketing, and Bob is a member of the Marketing group, then only Marketing will be shown in the list of accounts having Read access.

AccessEnum handles files slightly differently than folders. When comparing the permissions of a file to its parent the file is displayed only when its permissions are less strict than the parent folder. You can change this behavior using the Options menu.