SWWhoAmI is a Windows version of the famous WHOAMI command that is incorporated in just about every network Operating System. WhoAmI usually only returns the username of the current user, but this implementation also returns other data associated with the user.
SWWhoAmI can make a summary of all the users available on the computer it runs on. Simply start the program with the switch /ListUsers and the result will look something like this.
Is Admin? | Username
------------------
Yes | Administrator
| ASPNET
Yes | Bobbi Flekman
| Guest (Disabled)
| Harry
| HelpAssistant (Disabled)
Yes | Hermione
| Ron
| SUPPORT_388945a0 (Disabled)
As can be seen, shown will be the Username and whether the user is a member of the Administrators group. If the account is disabled it will be shown between parentheses following the username.
Which brings us to the information shown for a given user. When invoked without a parameter data will be fetched for the current user
SID: S-1-5-21-1060284298-1214440339-682003330-1003
Days since last password change: 253
Privilege: 2 (USER_PRIV_ADMIN)
Home directory:
Comment: ''
Flags: 66049 (UF_SCRIPT, UF_NORMAL_ACCOUNT, UF_DONT_EXPIRE_PASSWD)
Script path:
Operator privilege: 0 ()
Full name:
User comment: ''
Parms: ''
Workstations:
Last logon time: 17 december 2006 14:22:27
Last logoff time: unknown
Account expires: never
Maximum discspace: unlimited
Units per week: 168
Logonhours: 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF
0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF
0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF
Bad password count: 0
Total logins count: 118
Logonserver: \\*
Countrycode: 0
Codepage: 0
User ID: 1003
Primary Group ID: 513
Profile path:
Home directory:
Password is not expired
Groups: ----------------------------------------------------------------------
STEELWERX\None (S-1-5-21-1060284298-1214440339-682003330-513)
Everyone (S-1-1-0)
STEELWERX\Debugger Users (S-1-5-21-1060284298-1214440339-682003330-1005)
STEELWERX\Administrators (S-1-5-32-544)
STEELWERX\Users (S-1-5-32-545)
NT AUTHORITY\INTERACTIVE (S-1-5-4)
NT AUTHORITY\Authenticated Users (S-1-5-11)
<??> (S-1-5-5-0-41850)
LOCAL (S-1-2-0)
Privileges: ------------------------------------------------------------------
(0) SeTakeOwnershipPrivilege = Take ownership of files or other objects
(0) SeCreateTokenPrivilege = Create a token object
(0) SeAssignPrimaryTokenPrivilege = Replace a process level token
(0) SeLockMemoryPrivilege = Lock pages in memory
(0) SeIncreaseQuotaPrivilege = Adjust memory quotas for a process
(0) SeUnsolicitedInputPrivilege = SeUnsolicitedInputPrivilege
(0) SeMachineAccountPrivilege = Add workstations to domain
(0) SeTcbPrivilege = Act as part of the operating system
(0) SeSecurityPrivilege = Manage auditing and security log
(0) SeTakeOwnershipPrivilege = Take ownership of files or other objects
(X) SeLoadDriverPrivilege = Load and unload device drivers
(0) SeSystemProfilePrivilege = Profile system performance
(0) SeSystemtimePrivilege = Change the system time
(0) SeProfileSingleProcessPrivilege = Profile single process
(0) SeIncreaseBasePriorityPrivilege = Increase scheduling priority
(0) SeCreatePagefilePrivilege = Create a pagefile
(0) SeCreatePermanentPrivilege = Create permanent shared objects
(0) SeBackupPrivilege = Back up files and directories
(0) SeRestorePrivilege = Restore files and directories
(0) SeShutdownPrivilege = Shut down the system
(0) SeDebugPrivilege = Debug programs
(0) SeAuditPrivilege = Generate security audits
(0) SeSystemEnvironmentPrivilege = Modify firmware environment values
(X) SeChangeNotifyPrivilege = Bypass traverse checking
(0) SeRemoteShutdownPrivilege = Force shutdown from a remote system
(X) SeUndockPrivilege = Remove computer from docking station
(0) SeSyncAgentPrivilege = Synchronize directory service data
(0) SeEnableDelegationPrivilege = Enable computer and user accounts to be trusted for delegation
(0) SeManageVolumePrivilege = Perform volume maintenance tasks
(X) SeImpersonatePrivilege = Impersonate a client after authentication
(X) SeCreateGlobalPrivilege = Create global objects
Environment variables: -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Bobbi Flekman\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=STEELWERX
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Bobbi Flekman
LOGONSERVER=\\STEELWERX
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\;C:\Program Files\Borland\BDS\4.0\Bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Diskeeper Corporation\Diskeeper\;C:\Mijn Documenten\Borland Studio Projects\Bpl
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0208
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\BOBBIF~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\BOBBIF~1\LOCALS~1\Temp
USERDOMAIN=STEELWERX
USERNAME=Bobbi Flekman
USERPROFILE=C:\Documents and Settings\Bobbi Flekman
windir=C:\WINDOWS
For specifics I refer you to Google as the implementation of the data fetched can change. In short the data shown is the return value for the Windows function NetUserGetInfo, the privileges associated with this user as passed to the SWWhoAmI process and the environment variables associated with the current user.
When a privilege is enabled (ergo the user can do this) the display will show an X, else it will show an 0.
As privileges and environment variables are only applicable to the current user these will be omitted when asked to return data for a specific user by following the SWWhoAmI command with a Username.
SID: S-1-5-21-1060284298-1214440339-682003330-1007
Days since last password change: 0
Privilege: 1 (USER_PRIV_USER)
Home directory:
Comment: ''
Flags: 66049 (UF_SCRIPT, UF_NORMAL_ACCOUNT, UF_DONT_EXPIRE_PASSWD)
Script path:
Operator privilege: 0 ()
Full name: Harry
User comment: ''
Parms: ''
Workstations:
Last logon time: unknown
Last logoff time: unknown
Account expires: never
Maximum discspace: unlimited
Units per week: 168
Logonhours: 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF
0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF
0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF
Bad password count: 0
Total logins count: 0
Logonserver: \\*
Countrycode: 0
Codepage: 0
User ID: 1007
Primary Group ID: 513
Profile path:
Home directory:
Password is not expired
Groups: ----------------------------------------------------------------------
STEELWERX\None (S-1-5-21-1060284298-1214440339-682003330-513)
STEELWERX\Users (S-1-5-32-545)
Privileges: ------------------------------------------------------------------
Environment variables: -------------------------------------------------------
Click on the link to download the program.
Note: unlike normal Windows programs switches to this program can only be done with a slash (/), not the minus sign (-) as that can be used in the names of users.
