Using WHOAMI.exe to troubleshoot NTFS Permissions in Windows

Home > Videos > Windows 10 > Using WHOAMI.exe to troubleshoot NTFS Permissions in Windows

Using WHOAMI.exe to troubleshoot NTFS Permissions in Windows

Like This Video 0 232 Rick Trader
Added by July 9, 2015

See our class schedule for complete Windows 7 and Server 2012 Training.
Classes are held in Phoenix, AZ and can be attended online from anywhere in the world with RemoteLive™.

Instructor: Rick Trader


Video Transcript:

One of the most common problems you will run into as an IT administrator when working in an enterprise or a domain environment is when a user attempts to access a resource and receives a message stating “Access Denied”.  Or visa-versa, a user is able to access a resource that they shouldn’t have access to.

WHOAMI.exe is one of the tools that I like to use to help me troubleshoot user NTFS permissions. This is a tool that a lot of us administrators have over-looked for years.

Here’s how to use WHOAMI.exe and some of its switches.

Starting at my command prompt and logged on as the user.

001-command-prompt-whoami-trobleshooting-tool-for-it-admins

As a Help Desk person, I can have the user on the phone and bring up their command prompt or I could remote desktop with them with any of the corporate tools that you may already have that allows you to connect to them or you can have the user do this over the phone by having them launch a command prompt and have them type [whoami].

002-command-prompt-whoami-trobleshooting-tool-for-it-admins

Most of us administrators in the IT industry already know about this command, we’ve used it frequently to determine whether the user is logged on with the appropriate credentials. You can find out if they’re logged into the domain and to see if they’re logged into the machine.

{01:09}

A switch that many people don’t know is “whoami forward slash all”       whoami /all

003-whoami-all-trobleshooting-tool-for-it-admins

This switch will show me not only who I’m logged in as but it will also show me my current user SID and it also shows me the Groups that I am currently a member of.

004-group-information-whoami-all-trobleshooting-tool-for-it-admins

In other words, it’s showing me my current access token. In Windows NT 4.0 and Windows 2000, you may have heard of a utility called “MYTOKEN.exe”. You could download it and accomplish the same thing.

In Windows 7, it shows me that I’m a member of groups. For example, Everyone, Users, Console Logon, Authenticated Users etc…  These are all the built-in groups and local groups.

005-groups-whoami-all-trobleshooting-tool-for-it-admins

But notice; it also shows me that I’m logged on as “rickt” and that I’m a member of a group called [_D Sales SP A Change] , [_G Sales Users]  [_G Sales Manager] etc…

006-groups-whoami-all-trobleshooting-tool-for-it-admins

WHOAMI is displaying all the groups I’m currently a member of in standard naming conventions. I.e. “_D” is a Domain Local Group while “_G” is a Global group. Therefore, I know that the “_G Sales Special Project A” is in the “SP A Change” folder.

WHOAMI /all also shows me the privileges I currently have on this machine.

007-privileges-whoami-all-trobleshooting-tool-for-it-admins

You’ll notice the “Change the time zone” requires elevated permission levels to do this and it’s displaying the state of “Disabled”. Others are also Disabled such as “Shut down the system”.  Therefore, when you try to shut down, it’s going to ask you for elevated privileges.

The big concept is that it’s showing me the groups.

{02.57}

Many students have asked me “How long has whoami / all been around?”  It’s been available in Windows XP, Windows 2003, Windows 2008 & 2008 R2, Windows 7, Server 2012 and now in Windows 8. They all have the whoami.exe command. It’s an awesome command available for troubleshooting.

There are a couple additional switches in “whoami.exe”.

If we use the question mark:      whoami /?

008-privileges-whoami-all-trobleshooting-tool-for-it-admins

009-whoami-help-trobleshooting-tool-for-it-admins

I can show my logon information and parameters such as:

010-whoami-help-trobleshooting-tool-for-it-admins

/UPN – User Principle Name

/FQDN – Fully Qualified Distinguished Name

I can show just my USER SID or Just my Group SID

/PRIV – Privileges

/LOGONID – Is an option if my logon id is different than my user ID.

We can also format with the /FO option and format it as a table, list or a CSV.

011-whoami-format-trobleshooting-tool-for-it-admins

{03:47}

If I format it as a CSV

Using “FO” Format Out

whoami /all /fo csv

012-whoami-format-trobleshooting-tool-for-it-admins

Notice that it did format this as a coma separated values CSV file. Notice the comas between each field?

If you wanted to output this to a file you would need toe pipe it “|” out or perform the typical “out” such as [C:\myacccestoken.txt]

013-whoami-format-trobleshooting-tool-for-it-admins

This outputted to a text file. If I go into Windows Explorer and look into the user folder:

Select my folder which is names “rickt”:

014-whoami-format-trobleshooting-tool-for-it-admins

The file is located:

015-myaccesstoken-whoami-format-csv-trobleshooting-tool-for-it-admins

And here is the coma separated values CSV file:

016-whoami-format-csv-trobleshooting-tool-for-it-admins

Having it in a text file allows the user to troubleshoot much easier.

One of the changes that is made to this if you’re looking at whoami from Windows Server 2012 or a Windows 8 computer is underneath privilege name you will see an area called “Claims”. If you’re doing Claimed-Based Authentication this will show you your claims.

I hope this has helped you with troubleshooting NTFS Permissions and determining what a Groups a particular user is a member of.

Until next time, ride safe.
Rick Trader
Windows Server Instructor – Interface Technical Training
Phoenix, AZ

Videos You May Like

A Simple Introduction to Cisco CML2

0 3523 0

Mark Jacob, Cisco Instructor, presents an introduction to Cisco Modeling Labs 2.0 or CML2.0, an upgrade to Cisco’s VIRL Personal Edition. Mark demonstrates Terminal Emulator access to console, as well as console access from within the CML2.0 product. Hello, I’m Mark Jacob, a Cisco Instructor and Network Instructor at Interface Technical Training. I’ve been using … Continue reading A Simple Introduction to Cisco CML2

Configuring Windows Mobility Center and How to Turn it On and Off

1 1396 1

Video transcription Steve Fullmer: In our Windows training courses, we often share information about the Windows 8.1 Mobility Center. Mobility Center was introduced for mobile and laptop devices in Windows 7. It’s present and somewhat enhanced in Windows 8. Since we don’t have mobile devices in our classrooms, I decided to take a little bit … Continue reading Configuring Windows Mobility Center and How to Turn it On and Off

Agile Methodology in Project Management

0 187 0

In this video, you will gain an understanding of Agile and Scrum Master Certification terminologies and concepts to help you make better decisions in your Project Management capabilities. Whether you’re a developer looking to obtain an Agile or Scrum Master Certification, or you’re a Project Manager/Product Owner who is attempting to get your product or … Continue reading Agile Methodology in Project Management

Write a Comment

Share your thoughts...

Please fill out the comment form below to post a reply.