When you inspect permissions on the Security tab of the Properties sheet of a file or folder, unknown users and groups are listed by their SID, in a format that starts with S-1-.

Using the corrected version of SubInAcl, I have scripted RevokePermSID.bat to revoke the permissions of unknown users or groups.

The syntax for using RevokePermSID.bat is:

RevokePermSID DriveOrFolder1 \[DriveOrFolder2 ... DriveOrFolderN\]

Where each DriveOrFolderX is a drive or folder you wish to purge.

RevokePermSID.bat contains:

@echo off
if \{%1\}<h1><a name="_echo_Syntax_RevokePermSID_DriveOrFolder1_DriveOrFolder2_DriveOrFolderN_amp_goto_EOF_setlocal_set_work_TEMP_RevokePermSID__RANDOM_TMP_loop_if_1_">\{\} @echo Syntax RevokePermSID DriveOrFolder1 \[DriveOrFolder2 ... DriveOrFolderN\]&goto :EOF
setlocal
set work="%TEMP%\RevokePermSID_%RANDOM%.TMP"
:loop
if \{%1\}</a></h1>\{\} goto finish
set obj=%1
shift
call :findSID %obj%
for /f "Tokens=*" %%a in ('dir %obj% /s /b /a') do (
 call :findSID "%%a"
)
goto loop
:finish
del /q %work%
endlocal
goto :EOF
:findSID
subinacl /outputlog=%work% /nostatistic /File %1
for /f "Tokens=*" %%b in ('type %work%^|FIND "=S-1-"') do (
 for /f "Tokens=1* Delims==" %%c in ('@echo %%b') do (
   for /f "Tokens=1" %%e in ('@echo %%d') do (
    subinacl /nostatistic /File %1 /revoke=%%e
   )
 )
)