whoami.exe
is used to query /priv
)
Option | Output | Example | Comment |
/UPN | User Principal Name format. | r.nyffenegger@tq84.xyz | |
/FQDN | Fully Qualified Distinguished Name format. | CN=R.NYFFENEGGER,OU=Users,OU=Switzerland,OU=Europe,DC=tq84,DC=xyz | |
/LOGONID | Logon SID of the current user. | S-1-5-5-0-1952528 | Logon SIDs always start with S-1-5-5-… |
/USER | Current domain, username and Security Identifier (SID) | tq84domn\r.nyffenegger , S-1-5-21-xxxxxxxxx-xxxxxxxxxx-xxxxxxxxx-xxxxx5 (see also below) | Can be combined with /FO |
/GROUPS | group membership for current user, type of account, security identifiers (SID) and attributes. |
/CLAIMS | claims for current user, including claim name, flags, type and values. |
/PRIV | displays security privileges of the current user. |
/ALL | All of the above? |
/FO fmt | output format. possible values for fmt are: table , list and csv (the default being table ) |
/NH | print outout without header. |
whoami.exe
tells me, who I am (in NTLM format) C:\> whoami tq84\rene.nyffenegger
C:\> whoami /user User Name SID ================== ============================================ tq84\r.nyffenegger S-1-5-21-123457890-1234578912-345678901-1418
whoami.exe /groups
shows the memberships in groups. whoami /priv
displays the security privileges of the current user. C:\Users\r.nyffenegger> whoami /priv PRIVILEGES INFORMATION ---------------------- Privilege Name Description State ======================= ==================================== ======== SeShutdownPrivilege Shut down the system Disabled SeChangeNotifyPrivilege Bypass traverse checking Enabled SeUndockPrivilege Remove computer from docking station Disabled SeTimeZonePrivilege Change the time zone Disabled