(account name of trustee of it & " - " & (if (generic all permission of it) then “Full Control” else “”) & (if (generic read permission of it) then “Read” else “”) & (if (generic write permission of it) then “Write” else “”) ) of entries whose (generic all permission of it OR generic read permission of it OR generic write permission of it) of dacl of security descriptor of folder (expand environment string of “C:\Program Files (x86)\ADAP”)
Result:
TrustedInstaller - Full Control
SYSTEM - Full Control
Administratoren - Full Control
Benutzer - Read
ERSTELLER-BESITZER - Full Control
Evaluation time: 9.246 ms
But in the attachment you can see that this is not correct for the User “Benutzer”.
permission" inspectors don’t seem to work for very often either. Try this:
effective access mode for “Benutzer” of dacls of security descriptors of folder “C:\Program Files (x86)\ADAP”
That will put Benutzer’s effective permission on the folder in decimal format. I wrote relevance to convert this decimal format to GUI-ish output, but it’s really long. See attachment if you’d like to use it.
If you click the “Advanced” button in the permissions dialog, is the “Full Control” entry for that user listed as inherited from a parent folder? If so, I don’t think it’s explicitly in the access control entries for that folder. At the moment, the only way I know of to get around that is to use the “effective” inspectors from the dacls:
effective generic all permission for of dacls of security descriptors of folder “xyz”