I started to build a spreadsheet but decided there must be a better way:
I have a domain with workstation fileshares.
I've followed common practice in setting local groups (because there are non-joined accesses to be allowed).
One might call this the "permissions" level.
And, I've established domain groups.
One might call this the Role level.
And, I've made the domain groups members of the local groups.
Nice and tidy.... It's easy to remember the structure because it's consistent; i.e. used consistently.
But it's not so easy to analyze because there are groups within groups.
Who has permission?
Are there any duplicate or conflicting permissions?
What's a good way to *see* all this?
It should be easy.
For a small organization, it should fit on one page.
Part of the challenge is that some of the information is only on the workstation and some is only on the AD Server.
Maybe a PowerShell script?
I've not found any commercial or other tools that seem to address this.