WHOAMI komutu local bilgisayarınızda yada domain ortamında bulunan bilgisayarınızda oturum açan kullanıcılara ait login bilgilerini görmek için kullanılır.


WHOAMI -?

PS C:\Users\Ozan> WHOAMI -?
 
WhoAmI has three ways of working:
 
Syntax 1:
    WHOAMI [/UPN | /FQDN | /LOGONID]
 
Syntax 2:
    WHOAMI { [/USER] [/GROUPS] [/CLAIMS] [/PRIV] } [/FO format] [/NH]
 
Syntax 3:
    WHOAMI /ALL [/FO format] [/NH]
 
Description:
    This utility can be used to get user name and group information
    along with the respective security identifiers (SID), claims,
    privileges, logon identifier (logon ID) for the current user
    on the local system. I.e. who is the current logged on user?
    If no switch is specified, tool displays the user name in NTLM
    format (domain\username).
 
Parameter List:
    /UPN                    Displays the user name in User Principal
                            Name (UPN) format.
 
    /FQDN                   Displays the user name in Fully Qualified
                            Distinguished Name (FQDN) format.
 
    /USER                   Displays information on the current user
                            along with the security identifier (SID).
 
    /GROUPS                 Displays group membership for current user,
                            type of account, security identifiers (SID)
                            and attributes.
 
    /CLAIMS                 Displays claims for current user,
                            including claim name, flags, type and values.
 
    /PRIV                   Displays security privileges of the current
                            user.
 
    /LOGONID                Displays the logon ID of the current user.
 
    /ALL                    Displays the current user name, groups
                            belonged to along with the security
                            identifiers (SID), claims and privileges for
                            the current user access token.
 
    /FO       format        Specifies the output format to be displayed.
                            Valid values are TABLE, LIST, CSV.
                            Column headings are not displayed with CSV
                            format. Default format is TABLE.
 
    /NH                     Specifies that the column header should not
                            be displayed in the output. This is
                            valid only for TABLE and CSV formats.
 
    /?                      Displays this help message.
 
Examples:
    WHOAMI
    WHOAMI /UPN
    WHOAMI /FQDN
    WHOAMI /LOGONID
    WHOAMI /USER
    WHOAMI /USER /FO LIST
    WHOAMI /USER /FO CSV
    WHOAMI /GROUPS
    WHOAMI /GROUPS /FO CSV /NH
    WHOAMI /CLAIMS
    WHOAMI /CLAIMS /FO LIST
    WHOAMI /PRIV
    WHOAMI /PRIV /FO TABLE
    WHOAMI /USER /GROUPS
    WHOAMI /USER /GROUPS /CLAIMS /PRIV
    WHOAMI /ALL
    WHOAMI /ALL /FO LIST
    WHOAMI /ALL /FO CSV /NH
    WHOAMI /?

Bilgisayar üzerinde oturum açan kullanıcı yada kullanıcılara ait erişim görüntülemek için WHOAMI /all komutunu kullanabilirsiniz.


WHOAMI /all

PS C:\Users\Ozan> WHOAMI -all
 
USER INFORMATION
----------------
 
User Name    SID
============ ==============================================
ozan-wi\ozan S-1-5-21-3661689365-3437198906-1477799364-1001
 
 
GROUP INFORMATION
-----------------
 
Group Name                                                    Type             SID          Attributes                 
============================================================= ================ ============ ==================================================
Everyone                                                      Well-known group S-1-1-0      Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Local account and member of Administrators group Well-known group S-1-5-114    Group used for deny only   
BUILTIN\Administrators                                        Alias            S-1-5-32-544 Group used for deny only   
BUILTIN\Users                                                 Alias            S-1-5-32-545 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\REMOTE INTERACTIVE LOGON                         Well-known group S-1-5-14     Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\INTERACTIVE                                      Well-known group S-1-5-4      Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Authenticated Users                              Well-known group S-1-5-11     Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\This Organization                                Well-known group S-1-5-15     Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Local account                                    Well-known group S-1-5-113    Mandatory group, Enabled by default, Enabled group
LOCAL                                                         Well-known group S-1-2-0      Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\NTLM Authentication                              Well-known group S-1-5-64-10  Mandatory group, Enabled by default, Enabled group
Mandatory Label\Medium Mandatory Level                        Label            S-1-16-8192                             
 
 
PRIVILEGES INFORMATION
----------------------
 
Privilege Name                Description                          State
============================= ==================================== ========
SeShutdownPrivilege           Shut down the system                 Disabled
SeChangeNotifyPrivilege       Bypass traverse checking             Enabled
SeUndockPrivilege             Remove computer from docking station Disabled
SeIncreaseWorkingSetPrivilege Increase a process working set       Disabled
SeTimeZonePrivilege           Change the time zone                 Disabled

Bilgisayar üzerinde oturum açan kullanıcıların kerberos bilgilerini görüntülemek için klist.exe uygulamasını kullanabilirsiniz. Tgt parametresi ile detayları görüntüleyebilirsiniz.

PS C:\Users\Ozan> Klist
 
Current LogonId is 0:0x7b3f0
 
Cached Tickets: (0)