You want to view the effective permissions for a user or group on a particular object.
Open the ACL Editor. You can do this by viewing the properties of an object (right-click on the object and select Properties) with a tool, such as Active Directory Users and Computers (ADUC) or ADSI Edit. Select the Security tab. To see the Security tab with ADUC, you must select View → Advanced Features from the menu.
Click the Advanced button.
Select the Effective Permissions tab.
Click the Select button to bring up the Object Editor.
Find the user or group you for which want to see the effective permissions.
The results will be shown under Effective Permissions.
The Effective Permissions tab is available only in the Windows Server
2003 version of the ACL Editor. For Windows 2000,
you’ll need to use the
> acldiag <
Viewing the permissions on an object does not tell the whole story as to what the actual translated permissions are for a user or group on that object. The effective permissions of an object take into account all group membership and any inherited permissions that may have been applied further up the tree.