whoami /all
Show current user info including groups, privileges, and SID.
whoami /all
Command: whoami /all
Category: Configuration
Type: CMD
Purpose
Displays comprehensive information about the currently logged-in user, including username, security identifier (SID), group memberships, security privileges, and token information. Essential for troubleshooting permission issues and understanding user context.
Quick Summary
See everything about your current user account in one command. Get your username, domain, SID, all group memberships, and security privileges. Perfect for troubleshooting permissions, verifying group membership, checking privilege escalation, and documenting user context.
How to Use
- Open Command Prompt or PowerShell.
- Type
whoami /alland press Enter. - View comprehensive user information.
Common variations:
whoami - Just username
whoami /user - Username and SID
whoami /groups - Group memberships
whoami /priv - User privileges
whoami /all - Everything
whoami /upn - User Principal Name (UPN)
whoami /fqdn - Fully Qualified Distinguished Name
Tips and Best Practices
- Use
/allfor complete picture during troubleshooting. - Check
/groupsto verify group memberships affecting permissions. - Use
/privto see what administrative privileges you have. - Look for "Mandatory Label" to see integrity level (elevation status).
- Save output for documentation:
whoami /all > userinfo.txt - Compare before and after elevation to see privilege changes.
- Use in scripts to verify user context before performing actions.
Understanding the Output
Example output sections:
USER INFORMATION:
User Name SID
===================================== ========
DOMAIN\JohnDoe S-1-5-21-...
GROUP INFORMATION:
Group Name Type SID
=========================================== ================ ============
Everyone Well-known group S-1-1-0
BUILTIN\Administrators Alias S-1-5-32-544
BUILTIN\Users Alias S-1-5-32-545
PRIVILEGES INFORMATION:
Privilege Name Description State
============================= ==================================== ========
SeShutdownPrivilege Shut down the system Disabled
SeChangeNotifyPrivilege Bypass traverse checking Enabled
MANDATORY LABEL:
Mandatory Label\Medium Mandatory Level Label S-1-16-8192
Common Use Cases
- Permission troubleshooting: Verify group memberships affecting access.
- Privilege verification: Check if running with admin privileges.
- Security auditing: Document user context and privileges.
- Script validation: Ensure script runs with correct user/privileges.
- Group membership confirmation: Verify user is in expected groups.
- Elevation checking: Confirm if running elevated (admin) or standard.
Prerequisites
- Windows Command Prompt or PowerShell
- No administrator rights required for own user information
- Available on Windows XP and later
- Admin rights required to query other users' information
Group Types Explained
Well-known group:
- Universal groups like Everyone, Authenticated Users
- Standard across all Windows systems
Alias:
- Built-in local groups like Administrators, Users
- Defined locally on the computer
Group:
- Domain groups (in domain environments)
- Local groups on workgroup computers
Label:
- Integrity level/mandatory label
- Controls UAC and privilege elevation
Understanding Privileges
Common privileges:
- SeShutdownPrivilege: Shut down local computer
- SeChangeNotifyPrivilege: Bypass traverse checking (nearly everyone has this)
- SeIncreaseWorkingSetPrivilege: Increase process memory
- SeTimeZonePrivilege: Change time zone
- SeDebugPrivilege: Debug programs (admin only)
- SeBackupPrivilege: Back up files and directories (admin)
- SeRestorePrivilege: Restore files and directories (admin)
- SeLoadDriverPrivilege: Load device drivers (admin)
Privilege states:
- Enabled: Currently active and usable
- Disabled: Available but not currently active (can be enabled by application)
- Removed: Not available at all
Integrity Levels (Mandatory Labels)
Common integrity levels:
- Low (S-1-16-4096): Untrusted processes (e.g., Internet Explorer Protected Mode)
- Medium (S-1-16-8192): Standard user applications
- High (S-1-16-12288): Elevated administrator processes
- System (S-1-16-16384): System-level processes
Check your elevation status:
whoami /groups | find "S-1-16-"
- S-1-16-8192 = Not elevated (standard user)
- S-1-16-12288 = Elevated (running as administrator)
Understanding SIDs (Security Identifiers)
SID format: S-1-5-21-domain-domain-domain-RID
Well-known SIDs:
- S-1-1-0: Everyone
- S-1-5-18: Local System
- S-1-5-19: Local Service
- S-1-5-20: Network Service
- S-1-5-21-...-500: Administrator account
- S-1-5-32-544: Builtin\Administrators
- S-1-5-32-545: Builtin\Users
Checking Specific Information
Get just username:
whoami
Get username and domain:
whoami /user
Check group memberships:
whoami /groups
Check privileges:
whoami /priv
Get UPN (User Principal Name):
whoami /upn
Example: john.doe@company.com
Get FQDN (Fully Qualified Distinguished Name):
whoami /fqdn
Example: CN=John Doe,OU=Users,DC=company,DC=com
Verifying Administrator Rights
Check if running as admin:
whoami /groups | find "S-1-16-12288"
- Found = Running elevated
- Not found = Standard user mode
Or check for Administrators group:
whoami /groups | find "S-1-5-32-544"
PowerShell alternative:
([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
Troubleshooting
- "Access denied" when running - Rare; whoami should work for all users checking their own info.
- Domain groups not showing - May be in workgroup; domain info requires domain connection.
- UPN or FQDN not available - Not in domain environment or user doesn't have UPN set.
- Unexpected group memberships - Check with administrator; you may have been added to new groups.
- Missing expected privileges - Not running elevated, or not member of appropriate group.
Output Formats
Table format (default):
whoami /all
CSV format:
whoami /all /fo csv
List format:
whoami /all /fo list
Comparing User Contexts
Save standard user context:
whoami /all > user-normal.txt
Run Command Prompt as Administrator, then:
whoami /all > user-elevated.txt
Compare:
fc user-normal.txt user-elevated.txt
Differences show additional groups and privileges gained through elevation.
Scripting Examples
Batch - check if running as admin:
whoami /groups | find "S-1-16-12288" >nul
if %errorlevel% == 0 (
echo Running as Administrator
) else (
echo Running as Standard User
)
PowerShell - get current user:
$currentUser = whoami
Write-Host "Current user: $currentUser"
PowerShell - check admin:
$isAdmin = ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
if ($isAdmin) { Write-Host "Running as Administrator" }
Related Commands
Get computer name:
hostname
Get all user accounts on computer:
net user
Get user account details:
net user %USERNAME%
Get local groups:
net localgroup
PowerShell alternatives:
[System.Security.Principal.WindowsIdentity]::GetCurrent()
Get-LocalUser
Get-LocalGroupMember -Group "Administrators"
Security Implications
Information revealed by whoami:
- Username and domain
- Group memberships (including hidden memberships)
- Security privileges available
- SID (permanent identifier)
- Elevation/integrity level
Use caution when sharing output:
- Contains detailed security information
- Can reveal organizational structure
- Shows security group memberships
- May expose privilege levels
Related Tools
net user- Manage and view user accountsnet localgroup- View and manage local groupsrunas- Run programs as different userGet-LocalUser(PowerShell) - PowerShell user managementgpresult- Group Policy results (shows applied policies)