How to find where rights are inherited from in NTFS

I am trying to find a tool or a way to backtrack inherited rights in an NTFS structure.
Ex: I have a directoy structure like C:\ABC\123\DEF\456.
A group called Test has inherited rights in the 456 directory, but does not exist in the parent directories. So where did it inherit rights from?
Is it possible that it could have once existed in a parent directory and was removed? But if that was the case wouldn't the rights no longer show as inherited?
I once used a simple tool that was able to backtrack the inheritance of security through a directory structure, but I no longer have it and can't remember the name.
Any thoughts?

Who is Participating?
oBdAConnect With a Mentor Commented:
That folder probably was *moved* from another folder from which it inherited those permissions earlier on.
When a folder is moved within the same partition, the current ACL is kept, not inherited from the parent folder (which can lead to rather confusing results, as you've just noticed).
The tool I like best for security auditing is Somarsoft's DumpSec (; then there are Sysinternal's AccessEnum, AccessCheck, and ShareEnum (
Shift-3Connect With a Mentor Commented:
You can also right-click the file or folder, hit Properties, go to the Security tab, and click the Advanced button.  This will display where each permission was inherited from.  Any permissions which are explicit on the object will show <not inherited>.

This won't help in a situation where the object was moved and you want to know its original location.  You'd need to enable auditing to track that.
mrlevesqueAuthor Commented:
Thank-you both!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.