HI.
You can do it in 4 steps.
1) Create a report of the NTFS permissions, and save it to a text file.
You can use a tool like DumpSec from here:
Let's say you saved the report to file:
C:\PERMISSIONS.TXT
2) Create a list of group names:
NET GROUP >GROUPLIST.TXT
3) Create a batch file that takes 1 parameter (group name) and checks if that parameter is found in the report.
Something similar to this one:
Lest call the batch file: LOOKFORGROUP.CMD
FIND /I "%1" C:\PERMISSIONS.TXT
IF ERRORLEVEL 1 ECHO %1 >>C:\NOTFOUND.TXT
Test by running the batch file to verify that it works as expected.
4) Now play with the GROUPLIST.TXT file in a powerfull text editor (like NOTEPAD) to create a batch file that will run the previous batch file agains any group in the list, something like this:
CALL LOOKFORGROUP.CMD GROUP1
CALL LOOKFORGROUP.CMD GROUP2
CALL LOOKFORGROUP.CMD GROUP3
....
An alternate option of the above step, you can keep the GROUPLIST.TXT file as is (just trim the first few unneeded lines from it), and use a command like this:
FOR /F %G IN (GROUPLIST.TXT) DO LOOKFORGROUP.CMD %G
This will work on XP machines. I don't think that the FOR /F syntax works on NT4 .
I suggest that you take the initial reports from the real server, but run the batch files on a workstation and not at the server itself.
Good luck.
Yizhar Hurwitz