Forum Discussion
PowerShell data explanation and advice
Hi everyone. Not even sure how to ask and maybe it seems dramatic but I am reaching out for a little help here. Can someone help me understand this data I copied from PowerShell? I typed the same commands for user "smell" and user "Public". I have a node in network probably and I really hope for the worse to be honest. Reading about it got me pumped. Of course I have no idea if this could be the small window sun shines through or just another big nothing. Anyway, thanks to anyone who sets me straight about it.
Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.
Install the latest PowerShell for new features and improvements! https://aka.ms/PSWindows
PS C:\Users\smell> whoami / user
ERROR: Invalid argument/option - '/'.
Type "WHOAMI /?" for usage.
PS C:\Users\smell> whoami /user
USER INFORMATION
----------------
User Name SID
=================== ============================================
thinkpadt16g2\smell S-1-5-21-2399413288-642862217-314349489-1001
PS C:\Users\smell> wmic useraccount where name='%username%' get domain,name,sid
Node - THINKPADT16G2
ERROR:
Description = Invalid query
PS C:\Users\smell> wmic useraccount where name='%username%' get domain,name,sid
Node - THINKPADT16G2
ERROR:
Description = Invalid query
PS C:\Users\smell> [Security.Principal.WindowsIdentity]::GetCurrent() | Select-Object -Property @('Name', 'User')
Name User
---- ----
THINKPADT16G2\smell S-1-5-21-2399413288-642862217-314349489-1001
PS C:\Users\smell> [System.Security.Principal.WindowsIdentity]::GetCurrent().User.Value
S-1-5-21-2399413288-642862217-314349489-1001
PS C:\Users\smell> wmic useraccount where name='smell' get sid
Node - THINKPADT16G2
ERROR:
Description = Invalid query
PS C:\Users\smell> wmic useraccount where sid='<sid>' get domain,name
Node - THINKPADT16G2
ERROR:
Description = Invalid query
PS C:\Users\smell> wmic useraccount where sid='S-1-5-21-2399413288-642862217-314349489-1001' get domain,name
Unexpected switch at this level.
PS C:\Users\smell> wmic useraccount get domain,name,sid
Domain Name SID
ThinkPadT16G2 Administrator S-1-5-21-2399413288-642862217-314349489-500
ThinkPadT16G2 DefaultAccount S-1-5-21-2399413288-642862217-314349489-503
ThinkPadT16G2 Guest S-1-5-21-2399413288-642862217-314349489-501
ThinkPadT16G2 smell S-1-5-21-2399413288-642862217-314349489-1001
ThinkPadT16G2 WDAGUtilityAccount S-1-5-21-2399413288-642862217-314349489-504
PS C:\Users\smell> Get-WmiObject win32_useraccount | Select domain,name,sid
domain name sid
------ ---- ---
ThinkPadT16G2 Administrator S-1-5-21-2399413288-642862217-314349489-500
ThinkPadT16G2 DefaultAccount S-1-5-21-2399413288-642862217-314349489-503
ThinkPadT16G2 Guest S-1-5-21-2399413288-642862217-314349489-501
ThinkPadT16G2 smell S-1-5-21-2399413288-642862217-314349489-1001
ThinkPadT16G2 WDAGUtilityAccount S-1-5-21-2399413288-642862217-314349489-504
PS C:\Users\smell>
PS C:\Users\smell> Get-LocalUser | Select-Object -Property @('Name', 'SID')
Name SID
---- ---
Administrator S-1-5-21-2399413288-642862217-314349489-500
DefaultAccount S-1-5-21-2399413288-642862217-314349489-503
Guest S-1-5-21-2399413288-642862217-314349489-501
smell S-1-5-21-2399413288-642862217-314349489-1001
WDAGUtilityAccount S-1-5-21-2399413288-642862217-314349489-504
PS C:\Users\smell> Get-CimInstance -query 'Select * from win32_useraccount' | ft name, SID
name SID
---- ---
Administrator S-1-5-21-2399413288-642862217-314349489-500
DefaultAccount S-1-5-21-2399413288-642862217-314349489-503
Guest S-1-5-21-2399413288-642862217-314349489-501
smell S-1-5-21-2399413288-642862217-314349489-1001
WDAGUtilityAccount S-1-5-21-2399413288-642862217-314349489-504
PS C:\Users\smell> [Security.Principal.WindowsIdentity]::GetCurrent() | Select-Object -Property @('Name', 'User')
Name User
---- ----
THINKPADT16G2\smell S-1-5-21-2399413288-642862217-314349489-1001
PS C:\Users\smell> C:\Users\Public
C:\Users\Public : The term 'C:\Users\Public' is not recognized as the name of a cmdlet, function, script file, or
operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try
again.
At line:1 char:1
+ C:\Users\Public
+ ~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (C:\Users\Public:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
PS C:\Users\smell> C:\Users\Public>
C:\Users\Public> : The term 'C:\Users\Public>' is not recognized as the name of a cmdlet, function, script file, or
operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try
again.
At line:1 char:2
+ C:\Users\Public>
+ ~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (C:\Users\Public>:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
PS C:\Users\smell> C:\Users\
C:\Users\ : The term 'C:\Users\' is not recognized as the name of a cmdlet, function, script file, or operable
program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:2
+ C:\Users\
+ ~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (C:\Users\:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
PS C:\Users\smell> C:\Users
C:\Users : The term 'C:\Users' is not recognized as the name of a cmdlet, function, script file, or operable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:2
+ C:\Users
+ ~~~~~~~~
+ CategoryInfo : ObjectNotFound: (C:\Users:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
PS C:\Users\smell> PS C:\> Set-Location -PathC:\Users\Public
Get-Process : A positional parameter cannot be found that accepts argument 'Set-Location'.
At line:1 char:1
+ PS C:\> Set-Location -PathC:\Users\Public
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Get-Process], ParameterBindingException
+ FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.PowerShell.Commands.GetProcessCommand
PS C:\Users\smell> Set-Location -Path C:\Users\Public
PS C:\Users\Public> whoami /user
USER INFORMATION
----------------
User Name SID
=================== ============================================
thinkpadt16g2\smell S-1-5-21-2399413288-642862217-314349489-1001
PS C:\Users\Public> wmic useraccount where name='%username%' get domain,name,sid
Node - THINKPADT16G2
ERROR:
Description = Invalid query
PS C:\Users\Public> [Security.Principal.WindowsIdentity]::GetCurrent() | Select-Object -Property @('Name', 'User')
Name User
---- ----
THINKPADT16G2\smell S-1-5-21-2399413288-642862217-314349489-1001
PS C:\Users\Public> [System.Security.Principal.WindowsIdentity]::GetCurrent().User.Value
S-1-5-21-2399413288-642862217-314349489-1001
PS C:\Users\Public> wmic useraccount where name='username' get sid​
Node - THINKPADT16G2
ERROR:
Description = Invalid query
PS C:\Users\Public> wmic useraccount where name='smell' get sid​
Node - THINKPADT16G2
ERROR:
Description = Invalid query
PS C:\Users\Public> wmic useraccount where sid='<sid>' get domain,name
Node - THINKPADT16G2
ERROR:
Description = Invalid query
PS C:\Users\Public> wmic useraccount where sid='S-1-5-21-2399413288-642862217-314349489-1001' get domain,name
Unexpected switch at this level.
PS C:\Users\Public> wmic useraccount get domain,name,sid
Domain Name SID
ThinkPadT16G2 Administrator S-1-5-21-2399413288-642862217-314349489-500
ThinkPadT16G2 DefaultAccount S-1-5-21-2399413288-642862217-314349489-503
ThinkPadT16G2 Guest S-1-5-21-2399413288-642862217-314349489-501
ThinkPadT16G2 smell S-1-5-21-2399413288-642862217-314349489-1001
ThinkPadT16G2 WDAGUtilityAccount S-1-5-21-2399413288-642862217-314349489-504
PS C:\Users\Public> Get-WmiObject win32_useraccount | Select domain,name,sid
domain name sid
------ ---- ---
ThinkPadT16G2 Administrator S-1-5-21-2399413288-642862217-314349489-500
ThinkPadT16G2 DefaultAccount S-1-5-21-2399413288-642862217-314349489-503
ThinkPadT16G2 Guest S-1-5-21-2399413288-642862217-314349489-501
ThinkPadT16G2 smell S-1-5-21-2399413288-642862217-314349489-1001
ThinkPadT16G2 WDAGUtilityAccount S-1-5-21-2399413288-642862217-314349489-504
PS C:\Users\Public> Get-LocalUser | Select-Object -Property @('Name', 'SID')
Name SID
---- ---
Administrator S-1-5-21-2399413288-642862217-314349489-500
DefaultAccount S-1-5-21-2399413288-642862217-314349489-503
Guest S-1-5-21-2399413288-642862217-314349489-501
smell S-1-5-21-2399413288-642862217-314349489-1001
WDAGUtilityAccount S-1-5-21-2399413288-642862217-314349489-504
PS C:\Users\Public> Get-CimInstance -query 'Select * from win32_useraccount' | ft name, SID
name SID
---- ---
Administrator S-1-5-21-2399413288-642862217-314349489-500
DefaultAccount S-1-5-21-2399413288-642862217-314349489-503
Guest S-1-5-21-2399413288-642862217-314349489-501
smell S-1-5-21-2399413288-642862217-314349489-1001
WDAGUtilityAccount S-1-5-21-2399413288-642862217-314349489-504
PS C:\Users\Public>
Your PowerShell output is showing user account details like usernames and SIDs, but you're encountering some issues with commands like wmic. Here's the key takeaway:
- whoami /user and [Security.Principal.WindowsIdentity]::GetCurrent() correctly display the current user and SID.
- wmic useraccount errors: Use actual usernames like wmic useraccount where name='smell' get domain,name,sid instead of %username%.
- File path errors: To change directories, use Set-Location -Path C:\Users\Public, not direct path execution.
For user account info, stick with Get-LocalUser or Get-CimInstance.
