In tip 9610, I scripted MbrShp.bat to return the groups in the logged on user's security token.

If you are running Windows XP, the WhoAmi.exe program from the Support Tools on the operating system CD-ROM, can be used to script MbrShp.bat:

@echo off                              for /f "Tokens=2* Delims

" %%a in ('whoami /groups ^|find /v "LOCAL"') do ( @echo %%b )

When I ran the WhoAmi.exe from my Windows Server 2003 SP1, the output looked like:
GROUP INFORMATION                              -----------------                              Group Name                       Type             SID                                           Attributes                              =========================




JSIINC\Domain Admins Group S-1-5-21-4696543212-689049625-1231234552-512 Mandatory group, Enabled by default, Enabled group

To use this version, I needed VLen.bat in my MbrShp.bat:
@echo off                              setlocal enabledelayedexpansion                              :: If not all domain controllers are runningt W2K3, change %LOGONSERVER% to \\ServerName                              for /f "Tokens=1" %%a in ('%LOGONSERVER%\ADMIN$\System32\Whoami.exe /groups^|find "="') do set slength=%%a                              call vlen "%slength%" len                              for /f "Skip=6 Tokens=*" %%a in ('%LOGONSERVER%\ADMIN$\System32\Whoami.exe /groups^|find /v "LOCAL"') do (                               set line=%%a                               call set grp=!line:~0^,%len%!                               set grp="!grp:  =!"                               set grp=!grp: "="!                               @echo !grp!                              )                              endlocal