Using SecTok.exe, I have scripted MbrShp.bat to return the NetBIOS local and domain group names that the logged on user's security token indicates they are a member of. The output is displayed on the console, like:

"Everyone"                              "NT AUTHORITY\Authenticated Users"                              "NT AUTHORITY\This Organization"                              "JSIINC\accountants"                              "JSIINC\Accounts Payables"                              "BUILTIN\Users"                              "NT AUTHORITY\INTERACTIVE"
The syntax for using MbrShp.bat is:

To output to a file:


To process the returned membership:

for /f "Tokens=*" %%a in ('MbrShp') do (
set group=%%a
:: do something

MbrShp.bat contains:

                              @echo off                              setlocal ENABLEDELAYEDEXPANSION                              set wrk="%TEMP%\MbrShp_%RANDOM%.TMP"                              @echo Logon Session>%wrk%                              @echo LOCAL>>%wrk%                              for /f "Tokens=*" %%a in ('sectok^|findstr /B "Group:"') do (                               set group=%%a                               set group=!group:* - =!                               for /f "Tokens=*" %%b in ('@echo !group!^|findstr /B /G:%wrk% /V') do (                                @echo "%%b"                               )                              )                              endlocal