The Files & Folders Effective Permissions Nightmare
Effective Permissions stands for: “the resulting real permission a file system user will have on a specific file”The difference between Set Permissions and Effective Permissions resides mainly in NTFS-based File Systems, while the POSIX standard takes advantage of a simpler permissions system.
The “Effective Permission” feature on Microsoft Windows Explorer only provides an approximation of the real effective permissions that apply to a user on a file (from Microsoft Windows Server documentation ). The NTFS security and data store method make it difficult to get an exact reading on things like effective permissions, so the Operating System only calculates few ACL levels, not all.
Should you need to know which real permissions apply on a file system object, a dedicated tool is required. You need a tool to scan ACL settings and to calculate the resulting effective permissions on a given file system object, in relation to a specific AD account. This is a hard job, no doubt.
Do you already have an Auditing Tool? Consider that auditing tools are just made to log activities, not to analyze them in different contexts. This means you won't be able to get the real effective permissions a User has on a file or folder, just to know that the User has accessed or removed a file.