whoami - User, Group and Privileges in Windows Access Tokens

whoami.exe is a Windows command-line utility designed to help you find out who is currently logged on to a Windows user machine, as well as what groups and privileges are contained in the user-access token of the currently logged-on user.

whoami

How to Use WhoAmiI to View The Currently Logged-on User's Windows Access Token

The following is usage information of whoami -

C:\Users\STaylor>whoami /?

WhoAmI has three ways of working:

Syntax 1:
    WHOAMI [/UPN | /FQDN | /LOGONID]

Syntax 2:
    WHOAMI { [/USER] [/GROUPS] [/PRIV] } [/FO format] [/NH]

Syntax 3:
    WHOAMI /ALL [/FO format] [/NH]

Description:
    This utility can be used to get user name and group information
    along with the respective security identifiers (SID), privileges,
    logon identifier (logon ID) for the current user (access token)
    on the local system. i.e. who is the current logged on user?
    If no switch is specified, tool displays the user name in NTLM
    format (domain\username).

Parameter List:
    /UPN                    Displays the user name in User Principal
                            Name (UPN) format.

    /FQDN                   Displays the user name in Fully Qualified
                            Distinguished Name (FQDN) format.

    /USER                   Displays information on the current user
                            along with the security identifier (SID).

    /GROUPS                 Displays group membership for current user,
                            type of account, security identifiers (SID)
                            and attributes.

    /PRIV                   Displays security privileges of the current
                            user.

    /LOGONID                Displays the logon ID of the current user.

    /ALL                    Displays the current user name, groups
                            belonged to along with the security
                            identifiers (SID) and privileges for the
                            current user access token.

    /FO       format        Specifies the output format to be displayed.
                            Valid values are TABLE, LIST, CSV.
                            Column headings are not displayed with CSV
                            format. Default format is TABLE.

    /NH                     Specifies that the column header should not
                            be displayed in the output. This is
                            valid only for TABLE and CSV formats.
    /?                      Displays this help message.

Examples:
    WHOAMI
    WHOAMI /UPN
    WHOAMI /FQDN
    WHOAMI /LOGONID
    WHOAMI /USER
    WHOAMI /USER /FO LIST
    WHOAMI /USER /FO CSV
    WHOAMI /GROUPS
    WHOAMI /GROUPS /FO CSV /NH
    WHOAMI /PRIV
    WHOAMI /PRIV /FO TABLE
    WHOAMI /USER /GROUPS
    WHOAMI /USER /GROUPS /PRIV
    WHOAMI /ALL
    WHOAMI /ALL /FO LIST
    WHOAMI /ALL /FO CSV /NH
    WHOAMI /?

whoami can be used to determine what security groups are contained in your own access token, but it cannot be used to determine what security groups are contained in another user's access token.

How to View Another User's Windows Access Token

Our Gold Finger Active Directory Audit Tool can be used to determine what security groups are contained in any domain user account's access-token. In fact, you can even use it to view an Active Directory / Windows domain user's access token in an Active Directory environment.

Gold Finger - Windows Access Token Viewer

Gold Finger's Active Directory Security Analysis capabilities are endorsed by Microsoft Corporation.

For more information, and to learn more about Gold Finger's Windows Access Token Viewer capabilities, please visit - http://www.paramountdefenses.com/goldfinger.html