QueryDACL is a tool for querying the ACLs (access control lists) and ACEs (access control entries) of files, services, registry keys, printers, processes, threads, timers, mutexes, tokens, events, and semaphores in Windows 2000 and later. QueryDACL allows you to quickly and easily see which accounts have what level of access to a particular securable Windows object without the need to open a GUI. In an ordinary Windows installation, about the only tools you get to be able to view DACLs on the command line are cacls/icacls for files, and sc for services. Even then, the output is more or less cryptic unless you know what all the abbreviations mean. QueryDACL not only centralizes this functionality of displaying discretionary access control lists (DACLs) in a single application, it provides the results in plain English.
Windows Server 2008,