JSI Tip 1891. Whoami?

This command-line tool returns the domain or computer name and the username of the user who is currently logged onto the computer on which it is run.

WhoAmI displays the complete contents of the access token (for example, of the current user's security context) on standard output (STDOUT). It displays the user name and security ID (SID), the groups and their SIDs, the privileges and their status (for example, enabled or disabled) and the logon ID.

whoami \[/option\] \[/option\] ...

Where /option is one of the following:


displays all information in the current access token.


displays minimal information. Must be used with the /USER, /GROUPS, /PRIV, or /LOGONID option.


displays user.


displays groups.


displays privileges.


displays Logon ID.


displays security IDs (SIDs). Must be used with the /USER, /GROUPS, /PRIV, or /LOGONID option.


displays help.



whoami /all

\[User\]     = "<DomainName>\<UserName>"  S-1-5-71-7057067705-300707070-631663760-1001

\[Group  1\] = "<DomainName>\Domain Admins"  S-1-5-71-7057067705-300707070-631663760-517
\[Group  7\] = "Everyone"  S-1-1-0
\[Group  7\] = "BUILTIN\Administrators"  S-1-5-77-533
\[Group  3\] = "BUILTIN\Backup Operators"  S-1-5-77-551
\[Group  5\] = "BUILTIN\Replicator"  S-1-5-77-557
\[Group  6\] = "BUILTIN\Print Operators"  S-1-5-77-550
\[Group  7\] = "BUILTIN\Users"  S-1-5-77-535
\[Group  0\] = "<DomainName>\Domain Users"  S-1-5-71-7057067705-300707070-631663760-517
\[Group  0\] = "LOCAL"  S-1-7-0
\[Group 10\] = "NT AUTHORITY\INTERACTIVE"  S-1-5-3
\[Group 11\] = "NT AUTHORITY\Authenticated Users"  S-1-5-11

\[Login ID\] = S-1-5-5-0-70077

(O) SeMachineAccountPrivilege       = Add workstations to domain
(O) SeBackupPrivilege               = Back up files and directories
(O) SeSystemtimePrivilege           = Change the system time
(O) SeCreatePagefilePrivilege       = Create a pagefile
(O) SeCreatePermanentPrivilege      = Create permanent shared objects
(O) SeDebugPrivilege                = Debug programs
(O) SeRemoteShutdownPrivilege       = Force shutdown from a remote system
(O) SeAuditPrivilege                = Generate security audits
(O) SeIncreaseQuotaPrivilege        = Increase quotas
(O) SeIncreaseBasePriorityPrivilege = Increase scheduling priority
(O) SeLoadDriverPrivilege           = Load and unload device drivers
(O) SeLockMemoryPrivilege           = Lock pages in memory
(O) SeSecurityPrivilege             = Manage auditing and security log
(O) SeSystemEnvironmentPrivilege    = Modify firmware environment values
(O) SeProfileSingleProcessPrivilege = Profile single process
(O) SeSystemProfilePrivilege        = Profile system performance
(O) SeAssignPrimaryTokenPrivilege   = Replace a process level token
(O) SeRestorePrivilege              = Restore files and directories
(O) SeShutdownPrivilege             = Shut down the system
(O) SeTakeOwnershipPrivilege        = Take ownership of files or other objects
(O) SeCreateTokenPrivilege          = Create a token object
(O) SeTcbPrivilege                  = Act as part of the operating system
(X) SeChangeNotifyPrivilege         = Bypass traverse checking
In future tips, I will use Whoami to script a Rights report, search for users with or without a specified set of Rights, and other uses, if the need arises.
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.