Just so I know I have understood your question properly, you want to show a form to all authenticated users who do not belong to a specific group, is that correct?
You could create a role for all users that should see the form and then set that role in the "Roles that can view this content" security setting for the form. You would remove the "All Users" and "Authenticated Users" from that setting as well. Then, you would create another role for all users that should see the downloads and set that role in the "Roles that can view this content" security setting for the content containing the downloads (preferrably using the Shared Files module because it is secure). The admin would have to manually remove users from the first role and add them to the second after they've completed the form, unless you write a Form Submission Handler to do that for you. You would also need to add all of the correct users to the role for viewing the form.