Whoami - DOS/Command Prompt Reference
[Windows Vista or later] Displays information such as the username and permissions for the current login session.
Syntax
whoami[.exe] [/UPN | /FQDN | /LOGONID]
whoami[.exe] {/ALL | [/USER] [/GROUPS] [/CLAIMS] [/PRIV]} [/FO <format>] [/NH]
Options
| (none) | /UPN | /FQDN | /LOGONID |
Displays one of the following based on the specified options.
|
||||||||
| /ALL | [/USER] [/GROUPS] [/CLAIMS] [/PRIV] | Specifies either ‘/ALL’ or one or more of the desired pieces of information (see below). ‘/ALL’ is equivalent to ‘/USER /GROUPS /CLAIMS /PRIV’. | ||||||||
| /USER | Displays user information, specifically the mapping between the username and SID. | ||||||||
| /GROUPS | Displays information about the groups to which the user belongs, including the group name, type, SID, and attributes. | ||||||||
| /CLAIMS | Displays the attributes (claims) assigned to the user, primarily used in Dynamic Access Control. | ||||||||
| /PRIV | Displays the privileges held by the user. These privileges are based on the session, taking into account control and restrictions imposed by UAC. | ||||||||
| /FO <format> |
Specifies the output format for /ALL, /USER, /GROUPS, /CLAIMS, /PRIV. The three possible values are as follows. If /FO is omitted, the format defaults to ‘TABLE’.
* When using /ALL or two or more of ‘/USER /GROUPS /CLAIMS /PRIV’, if the type of data in the output changes, the header appears again with an empty line in between (/NH, if present, introduces the next data format after the empty line). |
||||||||
| /NH | Does not add headers when outputting list data. This is effective when using ‘/FO TABLE’ or ‘/FO CSV’. |
Details
Using Whoami, you can obtain information about the user, such as the name and permissions, who is currently running the command prompt or batch file. Since there is information, such as group membership and permissions, that cannot be obtained through environment variables, it can be useful not only for simply checking the output on the screen but also for extracting and checking values using the extended syntax of the For command or etc.
There is a command with the same name on Linux systems, but the Windows Whoami provides more information that can be outputted based on the options.
Samples
Sample 1
whoami
Outputs the username based on the current session in the format ‘Domain\Username’.
Sample 2
for /F "delims=" %A in ('whoami') do set "MY_NAME=%A"
[Extensions] The content output in Sample 1 has been set as the value of the environment variable ‘MY_NAME’.
Sample 3 (Batch file)
@echo off setlocal enableextensions set CREATE_SYMLINK= for /F "tokens=1 delims=," %%A in ('whoami /priv /fo csv /nh') do ( if "%%~A"=="SeCreateSymbolicLinkPrivilege" set CREATE_SYMLINK=1 ) if not "%CREATE_SYMLINK%"=="1" ( echo warning: Cannot create symbolic link on this session. ) dosetup.bat
[Extensions] Sets the value in the environment variable ‘CREATE_SYMLINK’ if the user based on the current session has the ‘Create Symbolic Link’ privilege, and then execute the batch file ‘dosetup.bat’ in that state (it will not return after execution). By combining Whoami's ‘/PRIV’ and the For command, you can extract the names (list) of privileges, so this script can check if ‘SeCreateSymbolicLinkPrivilege’ is among them.
As mentioned earlier, due to the influence of UAC, even if the user is an administrator, if elevation of privileges has not occurred, the ‘/PRIV’ list does not include the relevant privilege. Therefore, using Whoami allows for proper checking of the required privileges.
* Since the output format is CSV, each value may be enclosed in " ". Therefore, the script uses ‘%~A’ to remove the " ".