This script uses WMI to enumerate each access control entry in an NTFS access control list, looking for explicit entries, that is, entries that are not inherited.

If SECURITY_PRINCIPAL is blank the script will return all explicit rights beneath granted from base path down. The script attempts to provide a summary for common rights.

Option Explicit

' Looks for a Trustee containing the SECURITY_PRINCIPAL string on
' the file system. Recurses from BASE_PATH down (file and folders).

' Set these values for the search.

Const BASE_PATH = "C:"
Const SECURITY_PRINCIPAL = "Chris"

Sub FSRecurse(strPath)
    ' Simple FS recursion

    Dim objFolder, objFile, objSubFolder

    Set objFolder = objFileSystem.GetFolder(strPath)

    For Each objFile in objFolder.Files
        CheckDescriptor objFile.Path
    Next
    For Each objSubFolder in objFolder.SubFolders
        CheckDescriptor objSubFolder.Path

        FSRecurse objSubFolder.Path
    Next

    Set objFolder = Nothing
End Sub

Sub CheckDescriptor(strPath)
    ' Look for the Trustee in the Security Descriptor and filter out
    ' inherited ACEs

    Const ACE_FLAG_INHERITED = &H10 ' 16

    Dim objSecuritySettings, objSecurityDescriptor, objACE, objTrustee

    Set objSecuritySettings = objWMIService.Get("Win32_LogicalFileSecuritySetting.Path='" & strPath & "'")
    objSecuritySettings.GetSecurityDescriptor objSecurityDescriptor

    For Each objACE in objSecurityDescriptor.dACL
        If InStr(1, objACE.Trustee.Name, SECURITY_PRINCIPAL, VbTextCompare) > 0 Then

            ' ACEFlags is binary. Must perform binary comparison.
            If objACE.ACEFlags And ACE_FLAG_INHERITED Then
                ' Problems with negation of the above.
                ' This is just easier.
            Else
                EnumAccess strPath, objACE
            End If
        End If
    Next
End Sub

Sub EnumAccess(strPath, objACE)
    ' Most access mask values have matching Folder versions. These are not
    ' numerically different, they only differ when interpreted.

    ' ACE Type

    Const ACCESS_ALLOWED_ACE_TYPE = &H0
    Const ACCESS_DENIED_ACE_TYPE  = &H1

    ' Base Access Mask values

    Const FILE_READ_DATA = &H1
    Const FILE_WRITE_DATA = &H2
    Const FILE_APPEND_DATA = &H4
    Const FILE_READ_EA = &H8
    Const FILE_WRITE_EA = &H10
    Const FILE_EXECUTE = &H20
    Const FILE_DELETE_CHILD = &H40
    Const FILE_READ_ATTRIBUTES = &H80
    Const FILE_WRITE_ATTRIBUTES = &H100
    Const FOLDER_DELETE = &H10000
    Const READ_CONTROL = &H20000
    Const WRITE_DAC = &H40000
    Const WRITE_OWNER = &H80000
    Const SYNCHRONIZE = &H100000

    ' Constructed Access Masks

    Dim FULL_CONTROL
    FULL_CONTROL = FILE_READ_DATA + FILE_WRITE_DATA + FILE_APPEND_DATA + _
    FILE_READ_EA + FILE_WRITE_EA + FILE_EXECUTE + FILE_DELETE_CHILD + _
    FILE_READ_ATTRIBUTES + FILE_WRITE_ATTRIBUTES + FOLDER_DELETE + _
    READ_CONTROL + WRITE_DAC + WRITE_OWNER + SYNCHRONIZE

    Dim READ_ONLY
    READ_ONLY = FILE_READ_DATA + FILE_READ_EA + FILE_EXECUTE + _
    FILE_READ_ATTRIBUTES + READ_CONTROL + SYNCHRONIZE

    Dim MODIFY
    MODIFY = FILE_READ_DATA + FILE_WRITE_DATA + FILE_APPEND_DATA + _
    FILE_READ_EA + FILE_WRITE_EA + FILE_EXECUTE + _
    FILE_READ_ATTRIBUTES + _
    FILE_WRITE_ATTRIBUTES + FOLDER_DELETE + READ_CONTROL + SYNCHRONIZE


    Dim strRights
    Dim intAccessMask

    WScript.Echo "Path: " & strPath
    WScript.Echo "Username: " & objACE.Trustee.Name
    WScript.Echo "Domain: " & objACE.Trustee.Domain
    WScript.Echo "ACE Flags (Decimal): " & objACE.ACEFlags

    ' ACE Type

    If objACE.ACEType = ACCESS_ALLOWED_ACE_TYPE Then
        WScript.Echo "ACE Type: Allow"
    Else
        WScript.Echo "ACE Type: Deny"
    End If

    ' Attempt to generate a basic summary of access rights

    strRights = ""
    intAccessMask = objACE.AccessMask

    If intAccessMask = FULL_CONTROL Then
        strRights = " (FullControl)"
    ElseIf intAccessMask = MODIFY Then
        strRights = " (Modify)"
    ElseIf intAccessMask = READ_ONLY Then
        strRights = " (ReadOnly)"
    End If

    ' Echo the decimal mask with any summarised rights

    WScript.Echo "Access Mask (Decimal): " & intAccessMask & strRights

    WScript.Echo
End Sub

'
' Main code block
'

Dim objFileSystem, objWMIService

Set objFileSystem = CreateObject("Scripting.FileSystemObject")
' WMI Connection to the local machine
Set objWMIService = GetObject("winmgmts:\\")

FSRecurse BASE_PATH

Set objWMIService = Nothing
Set objFileSystem = Nothing