Ntaccesscheck !full!

| Tool | Scope | User context | |------|-------|---------------| | ntaccesscheck | Any securable object | Any user (simulated) | | accesschk (Sysinternals) | Files, registry, services, processes, etc. | Any user (simulated) | | icacls | Files/registry | Only current user's effective access (or viewer's) | | PowerShell Get-Acl + .CheckAccess() | .-based | Only current/impersonated |

The function signature for NtAccessCheck (as documented in NTDoc) is:

While developers typically use the high-level Win32 AccessCheck API , NtAccessCheck is its underlying "native" counterpart located in ntdll.dll . 1. Functional Purpose ntaccesscheck

ntaccesscheck -t -p lsass.exe C:\Users\Admin\.ssh\id_rsa

However, the Win32 API is essentially a translation layer. It sits atop the (or ntdll.dll ), which interfaces directly with the Windows Kernel ( ntoskrnl.exe ). NtAccessCheck is a native API function. | Tool | Scope | User context |

Windows security isn't just about files.

: The specific rights requested (e.g., Read, Write, Delete). Functional Purpose ntaccesscheck -t -p lsass

:

| Option | Description | |--------|-------------| | -c | Object path (e.g., C:\Windows\System32\config , HKLM\Software\ , \\.\C: ) | | -u | User to check (e.g., DOMAIN\user ). If omitted, current user is used. | | -p | Password for the user (if needed for token creation). | | -d | Show ACEs as well. | | -a | Show all access rights, not just generic. | | -s | Use raw security descriptor (advanced). |

ntaccesscheck -c "C:\Program Files\VulnService\svc.dll" -u "NT AUTHORITY\SYSTEM"