Finding the Logged-on User's Groups

When testing security settings, I sometimes want a quick way to get a report listing the groups to which the user I'm currently logged on as belongs. Can I get such a report?

Yes, you can use the Whoami command with the /groups option to get a report like the one in Figure 1. As you can see, the sample report shows that the user is a member of Administrators and Users and has the following special security principal SIDs in his or her access token: Local, Authenticated Users, Interactive, NTLM Authentication, Remote Interactive Logon, and This Organization.

One caveat: If you lock a workstation, go home, and then log back on to the system remotely through Terminal Services, you won't see the REMOTE INTERACTIVE LOGON special SID. The original logon wasn't remote, so the access token isn't rebuilt.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish