Using SubInAcl.exe, I have scripted FindAccess.bat to enumerate the permissions of specified security principals on my servers.

The syntax for using FindAccess.bat on a server is:

FindAccess Drive Report Who1 \[Who2 Who3 ... WhoN\]

Where:

Drive  is a drive letter that you want to enumerate.                              Report is the location of the CSV output report. If Report exists, it will be updated. The format is:                                     "Security Principal","Computer Name","File System Object","Allow/Deny","Permissions","Owner"                              WhoX   are the security principals you wish to report upon.
NOTE: If Owner is a specified security principal it will be reported.

Sample Usage:

If you wanted to report on "JSIINC\Domain Sales" and "JSIINC\Domain Marketing" on Server1, which has drive D: and E: with shared data, and Server2, which only has Drive C: with shared data:
                              Run on Server1:                              FindAccess D: \\YourWorkstation\YourShare\FindAccess.txt "JSIINC\Domain Sales" "JSIINC\Domain Marketing"                               When finished, run on Server1:                              FindAccess E: \\YourWorkstation\YourShare\FindAccess.txt "JSIINC\Domain Sales" "JSIINC\Domain Marketing"                               When finished, run on Server2:                              FindAccess C: \\YourWorkstation\YourShare\FindAccess.txt "JSIINC\Domain Sales" "JSIINC\Domain Marketing"
FindAccess.bat contains:
                              @echo off                              if \{%3\}

\{\} @echo Syntax: FindAccess Drive Report Who1 \[Who2 Who3 ... WhoN\]&goto :EOF setlocal EnableDelayedExpansion set RepVar=# @echo +File>"%TEMP%\ZS.tmp" @echo /owner>>"%TEMP%\ZS.tmp" @echo /pace>>"%TEMP%\ZS.tmp" @echo Special acccess :>>"%TEMP%\ZS.tmp" set work=%1 set work=%work:"=% set drv=%work:~0,1%: set obj=%drv% if exist "%TEMP%\FindAccess.tmp" del /q "%TEMP%\FindAccess.tmp" set out=%2 :loop if \{%3\}

\{\} goto fnd set perm=%3 shift set perm=%perm:"=% @echo %perm%>>"%TEMP%\FindAccess.tmp" goto loop :fnd SubInAcl /outputlog="%TEMP%\Z1.tmp" /nostatistic /file %obj% /display=Owner /display=DACL SubInAcl /outputlog="%TEMP%\Z2.tmp" /nostatistic /subdirectories=DirectoriesOnly %obj%\ /display=Owner /display=DACL type "%TEMP%\Z1.tmp">"%TEMP%\Z3.tmp" type "%TEMP%\Z2.tmp">>"%TEMP%\Z3.tmp" del /q "%TEMP%\Z1.tmp" del /q "%TEMP%\Z2.tmp" findstr /I /G:"%TEMP%\ZS.tmp" "%TEMP%\Z3.tmp">"%TEMP%\Z4.tmp" del /q "%TEMP%\ZS.tmp" del /q "%TEMP%\Z3.tmp" set Prev=None if exist "%TEMP%\Z5.tmp" del /q "%TEMP%\Z5.tmp" @echo.dim fso, readfile, contents, objArguments, oShell>"%TEMP%\FindAccess.vbs" @echo.dim FullFileName, object, work>>"%TEMP%\FindAccess.vbs" @echo.dim OutFileName, writefile>>"%TEMP%\FindAccess.vbs" @echo.Set oShell = CreateObject( "WScript.Shell" )>>"%TEMP%\FindAccess.vbs" @echo.comp=oShell.ExpandEnvironmentStrings("%ComputerName%")>>"%TEMP%\FindAccess.vbs" @echo.Set objArguments = Wscript.Arguments>>"%TEMP%\FindAccess.vbs" @echo.set fso = CreateObject("Scripting.FileSystemObject")>>"%TEMP%\FindAccess.vbs" @echo.FullFileName=objArguments(0)>>"%TEMP%\FindAccess.vbs" @echo.OutFileName=objArguments(1)>>"%TEMP%\FindAccess.vbs" @echo.set readfile = fso.OpenTextFile(FullFileName, 1, false)>>"%TEMP%\FindAccess.vbs" @echo.set writefile = fso.CreateTextFile(OutFileName, 2)>>"%TEMP%\FindAccess.vbs" @echo prev = "NONE">>"%TEMP%\FindAccess.vbs" @echo.Do until readfile.AtEndOfStream = True>>"%TEMP%\FindAccess.vbs" @echo. contents = readfile.ReadLine>>"%TEMP%\FindAccess.vbs" @echo. contents = Replace(contents, vbTab, " ") ^& " ">>"%TEMP%\FindAccess.vbs" @echo. contents = Replace(contents, " ", "")>>"%TEMP%\FindAccess.vbs" @echo. contents = Replace(contents, " ", "")>>"%TEMP%\FindAccess.vbs" @echo. If InStr(contents, "+File") Then>>"%TEMP%\FindAccess.vbs" @echo. object = Replace(contents, "+File ", "")>>"%TEMP%\FindAccess.vbs" @echo. End If>>"%TEMP%\FindAccess.vbs" @echo. If InStr(contents, "/owner") Then>>"%TEMP%\FindAccess.vbs" @echo. owner = Replace(contents, "/owner ", "")>>"%TEMP%\FindAccess.vbs" @echo. owner = Replace(owner, " ", "")>>"%TEMP%\FindAccess.vbs" @echo. owner = Replace(owner, "=", "")>>"%TEMP%\FindAccess.vbs" @echo. user = "">>"%TEMP%\FindAccess.vbs" @echo. perm = "">>"%TEMP%\FindAccess.vbs" @echo. End If>>"%TEMP%\FindAccess.vbs" @echo. If InStr(contents, "/pace") Then>>"%TEMP%\FindAccess.vbs" @echo. user = Replace(contents, "/pace ", "")>>"%TEMP%\FindAccess.vbs" @echo. user = Replace(user, "=", "")>>"%TEMP%\FindAccess.vbs" @echo. user = "#" ^& user ^& "#">>"%TEMP%\FindAccess.vbs" @echo. user = Replace(user, " ", "")>>"%TEMP%\FindAccess.vbs" @echo. user = Replace(user, " ", "")>>"%TEMP%\FindAccess.vbs" @echo. user = Replace(user, "# ", "#")>>"%TEMP%\FindAccess.vbs" @echo. user = Replace(user, " #", "#")>>"%TEMP%\FindAccess.vbs" @echo. user = Replace(user, "#", "")>>"%TEMP%\FindAccess.vbs" @echo. if InStr(user, "ACCESS_ALLOWED_ACE_TYPE-0x0") Then>>"%TEMP%\FindAccess.vbs" @echo. ptype = "Allow">>"%TEMP%\FindAccess.vbs" @echo. user = Replace(user, "ACCESS_ALLOWED_ACE_TYPE-0x0", "")>>"%TEMP%\FindAccess.vbs" @echo. End If>>"%TEMP%\FindAccess.vbs" @echo. if InStr(user, "ACCESS_DENIED_ACE_TYPE-0x1") Then>>"%TEMP%\FindAccess.vbs" @echo. ptype = "Deny">>"%TEMP%\FindAccess.vbs" @echo. user = Replace(user, "ACCESS_DENIED_ACE_TYPE-0x1", "")>>"%TEMP%\FindAccess.vbs" @echo. End If>>"%TEMP%\FindAccess.vbs" @echo. End If>>"%TEMP%\FindAccess.vbs" @echo. If InStr(contents, "Special acccess :") Then>>"%TEMP%\FindAccess.vbs" @echo. perm = Replace(contents, "Special acccess :", "")>>"%TEMP%\FindAccess.vbs" @echo. perm = Replace(perm, " ", "")>>"%TEMP%\FindAccess.vbs" @echo. perm = Replace(perm, " -", "-")>>"%TEMP%\FindAccess.vbs" @echo. if perm = " " Then>>"%TEMP%\FindAccess.vbs" @echo. perm = Replace(perm, " ", "")>>"%TEMP%\FindAccess.vbs" @echo. End If>>"%TEMP%\FindAccess.vbs" @echo. if perm ^ nul Then>>"%TEMP%\FindAccess.vbs" @echo. wrk1 =
" ^& user ^&
,
^& comp ^&
,
^& object ^&
,
^& ptype ^&
,
^& perm ^&
,
^& owner ^&
">>"%TEMP%\FindAccess.vbs" @echo wrk2 = Replace(wrk1, "
,
")>>"%TEMP%\FindAccess.vbs" @echo wrk3 = Replace(wrk2, "
,
")>>"%TEMP%\FindAccess.vbs" @echo. if wrk3 ^ prev Then>>"%TEMP%\FindAccess.vbs" @echo. writefile.writeLine wrk3>>"%TEMP%\FindAccess.vbs" @echo. prev = wrk3>>"%TEMP%\FindAccess.vbs" @echo. End If>>"%TEMP%\FindAccess.vbs" @echo. End If>>"%TEMP%\FindAccess.vbs" @echo. End If>>"%TEMP%\FindAccess.vbs" @echo.loop>>"%TEMP%\FindAccess.vbs" @echo.readfile.close>>"%TEMP%\FindAccess.vbs" @echo.writefile.close>>"%TEMP%\FindAccess.vbs" cscript //nologo "%TEMP%\FindAccess.vbs" "%TEMP%\Z4.tmp" "%TEMP%\Z5.tmp" del /q "%TEMP%\Z4.tmp" if exist "%TEMP%\Z6.tmp" del /q "%TEMP%\Z6.tmp" if exist "%TEMP%\Z7.tmp" del /q "%TEMP%\Z7.tmp" findstr /L /I /G:"%TEMP%\FindAccess.tmp" "%TEMP%\Z5.tmp">"%TEMP%\Z6.tmp" del /q "%TEMP%\Z5.tmp" del /q "%TEMP%\FindAccess.tmp" del /q "%TEMP%\FindAccess.vbs" if exist %out% call :quiet1>nul 2>&1 if not exist %out% call :quiet2>nul 2>&1 sort "%TEMP%\Z7.tmp" /O %out% del /q "%TEMP%\Z7.tmp" endlocal goto :EOF :quiet1 copy %out%+"%TEMP%\Z6.tmp" "%TEMP%\Z7.tmp" del /q "%TEMP%\Z6.tmp" del /q %out% goto :EOF :quiet2 copy "%TEMP%\Z6.tmp" "%TEMP%\Z7.tmp" del /q "%TEMP%\Z6.tmp"