Get current logged in user name command line (CMD)

In Windows OS, we can find the current logged in username from windows command line. The logged in user information is stored in environment variables. So just by printing the value in these environment variables we can get to know the login name.

To know the login name of the currently logged in user we can run the below command.

This works on all releases of Windows OS(Windows XP, Server 2003, Windows Vista and Windows 7).

There is another command whoami which tells us the domain name also.

Both of these options to find user name can be useful in batch files to write code in such a way that it works for every user. For example, if your batch file need to access a user specific folder, say Application data, then you can refer the directory as ‘C:\users\%username%\appdata‘.

how to know the current user password in windows 7?

run cmd in admin mode and type net user (user name) (12345)
then your password change to 12345

Use this command:
net user “%username%” “%random%%random%%random%%random%%random%”

Suggestion to use command:
net user “%username%” “%random%%random%%random%%random%%random%”
will change your current users password to something completely random

I don’t think it would be possible to find the password as it is stored in encrypted form and not in plain text. However, there are lots of third party tools to reset a administrator password if you have forgotten the same.

when i go onto command promt it says my username is “user” and say c:/users>user

I HAVE THE SAME PROBLEM. HAVE YOU SOLVE YOUR PROBLEM YET?

The whoami command does not work in Windows XP without the SP2 Support Tools download. The command is not native to the OS. http://www.microsoft.com/en-us/download/details.aspx?id=18546

Can the %username% command be used to determine the user logged into a differnent computer. ex I am at computer x and want to know who is logged on to computer y. I can remote to the c drive using RDP \\computery\c$ I would also like to definively likt to know who is logged on to that computer. Possible?

No, it does not work that way. %username% always shows the user of the current login session. When you run it on remote computer, I am not sure what you would get but it won’t tell you who logged on to the machine.

You can use PSEXEC to run a command on another PC. It can be found in the PS Tools package available for download on many sites.

With System Internal tools (free http://technet.microsoft.com/en-us/sysinternals/bb897545.aspx )
psloggedon \\targetComputer
or
psloggedon \\192.167.0.0

Is it possible to get current User Name when it’s an AD where each user has an ID?
For example, if I run whoami or %username% I get “XX00000” but I want to get “Name SecondName”. I know windows has this info because I see my full name in Start Menu (Win 7).
Thanks

net user %username% for accounts stored in local or net user %username% /domain for accounts stored on domain.

you know this answer…?… anyone please let me know solution for georges’ question.. thanks in advance..

I would also really like a solution for this

If you are asking to find the full name or Surname run this as administrator.
net user
It will show you all the information about that user, full name, logon time, the group this user belongs to, the time it is allowed to login all of that.

When I run whoami from the cmdline I get my username. However I want to find my username from within SQL Server. If I shell out and run whoami I get the sql service user . Any ideas?

what username lets you look at the history

what does it mean by username

Please show screen shot

I have 2 accounts one for me and one for my nephews and nieces so I forgot my password because it makes me change it every other month it seems like and idk why… but I looked up a way to change it by going into the command prompts but it’s only giving me the kids for net user it says mine doesn’t exist I could use some help asap

I need to find my administrator account password when its logged in so is there way i can do it from cmd to find my password without changing it ?

does we have a vraiable like %username% for user group name ?

Windows 10: Find Who is Logged in

By Mitch Bartlett 17 Comments

If you’re wondering how to find out who is currently logged into a Microsoft Windows 10 computer, there are several ways to proceed. Here are a few common methods you can use from a remote computer or logged into the local computer you are querying.

WhoAmI Command

The “whoami” command displays the user you are currently logged in and using in Windows.

1. Hold down the Windows Key, and press “R” to bring up the Run window.
2. Type “CMD“, then press “Enter” to open a command prompt.
3. At the command prompt, type the following then press “Enter“:
   whoami
4. The computer name or domain followed by the username is displayed.

Query User Command

This command allows you to see all users currently logged into the computer.

Locally

1. Hold down the Windows Key, and press “R” to bring up the Run window.
2. Type “CMD“, then press “Enter” to open a command prompt.
3. At the command prompt, type the following then press “Enter“:
   query user
4. The computer name or domain followed by the username is displayed.

Remotely

1. Hold down the Windows Key, and press “R” to bring up the Run window.
2. Type “CMD“, then press “Enter” to open a command prompt.
3. At the command prompt, type the following then press “Enter“:
   query user /server:computername
   Replace “computername” with the actual computer name of the system you are querying.
   
4. The computer name or domain followed by the username is displayed.

Task Manager

1. Right-click the taskbar, then select “Task Manager“.
2. Select the “Users” tab.
3. Details on the users logged into the machine are displayed.

1. Hold down the Windows Key, and press “R” to bring up the Run window.
2. Type “CMD“, then press “Enter” to open a command prompt.
3. At the command prompt, type the following then press “Enter“:
   WMIC /NODE:»computername» COMPUTERSYSTEM GET USERNAME
   Replace “computername” with the actual computer name of the system you are querying. You can also replace “computername” with the IP address of the system.
   WMIC /NODE:192.168.1.1 COMPUTERSYSTEM GET USERNAME

You Might Also Like

Filed Under: Windows Tagged With: Windows 10

Get the logged in Windows user name associated with a desktop

I wish to enumerate all desktops in a system and get the logged in user name for that desktop. So far I have the following code snippit as an example of obtaining a HDESK handle and trying to determine the user name associated with it (if any), but the call to LookupAccountSid fails with ERROR_NONE_MAPPED («No mapping between account names and security IDs was done»).

It might be because I am pulling out a logon SID via GetUserObjectInformation rather then a user SID. If so can I convert that to the logged in users SID?

Can anybody point me in the right direction for getting the logged in user name for an arbitrary desktop (via either it’s respective HDESK or HNWD handle or even the desktop’s stations HWINSTA handle)? thanks in advance.

6 Answers 6

If what you want is the user information then this will work.

call WTSEnumerateSessions to obtain an array of WTS_SESSION_INFO structures. for each structure, pass the SessionId member to WTSQuerySessionInformation with the WTSInfoClass member set to WTSUserName. This will give you the name of the user (if there is one) associated with the session.

Alternatively you can set the WTSInfoClass to WTSSessionInfo and get a WTSINFO structure back. This contains a lot of information including the user name and domain. Look at the header file definition of WTSINFO though as the MSDN page is wrong.

You have to call WTSEnumerateSessions twice, once to get the required buffer size and then once to get your information.

Relationships: One or more Desktop objects are in a Windows Station. A Windows Station is associated with a Session.

The problem is that desktops aren’t associated with users at all. Try using psexec to run Notepad under the SYSTEM account. It’s running on your window station, on your desktop. Otherwise, you wouldn’t be able to see it.

But if you want to get the session associated with the window station, then yes it’s possible. You need to call NtQueryObject with ObjectNameInformation to get the name of the object. For example, here’s what I get: \Sessions\1\Windows\WindowStations\WinSta0 . There’s your session ID.

This is not a solution but is a good description of station/desktop. From http://www.microsoft.com/technet/security/bulletin/fq00-020.mspx

What’s a windows station? A windows station is a secure container that contains a clipboard, some global information, and a set of one or more desktops. A Windows 2000 session will have several windows stations, one assigned to the logon session of the interactive user, and others assigned to the Winlogon process, the secure screen saver process, and any service that runs in a security context other than that of the interactive user. The interactive window station assigned to the logon session of the interactive user also contains the keyboard, mouse, and display device. The interactive window station is visible to the user and can receive input from the user. All other window stations are noninteractive, which means that they cannot be made visible to the user, and cannot receive user input.

What’s a desktop? A desktop is a secure container object that is contained within a window station. There may be many desktops contained within a windows station. A desktop has a logical display surface and contains windows, menus, and hooks. Only the desktops of the interactive window station can be visible and receive user input. On the interactive window station, only one desktop at a time is active. This active desktop, also known as the input desktop, is the one that is currently visible to the user and that receives user input.

Getting user name/password of the logged in user in Windows

Is there any API to get the currently logged in user’s name and password in Windows?

Thank you in advance.

10 Answers 10

Password: No, this is not retained for security reasons — it’s used, then discarded. You could retrieve the encrypted password for this user from the registry, given sufficient privileges, then decrypt it using something like rainbow tables, but that’s extremely resource intensive and time consuming using current methods. Much better to prompt the user.

Alternatively, if you want to implement some sort of ‘single signon’ system as Novell does, you should do it via either a GINA (pre-Vista) or a Credential Provider (Vista), which will result in your code being given the username and password at login, the only time at which the password is available.

For username, getting the current username (the one who is running your code) is easy: the GetUserName function in AdvApi32.dll does exactly this for you.

If you’re running as a service, you need to remember there is no one «logged in user»: there are several at any time, such as LocalSystem, NetworkService, SYSTEM and other accounts, in addition to any actual people. This article provides some sample code and documentation for doing that.

For the many commenters who believe it is not possible to reveal the password of the currently logged-in user, see Dump cleartext passwords of logged in user(s) which shows how to use mimikatz to do just that:

I’d consider it a huge security flaw if that were possible!

You can’t get the password of a user since its encrypted (not to mention that its a standard practice not to store passwords in plaintext).

For getting the username, you can use GetUserName or NPGetUser

Note sure how it is done, but «Network Password Recovery» tool from http://www.nirsoft.net/utils/network_password_recovery.html seems to get the password from some cache.

GetUserName will get you the name, but the password you can’t get. It’s not even something Windows stores, AFAIK — only a hash of your password.

Depending on what you’re trying to achieve (you can tell us a bit more..) it’s possible to impersonate a logged on user and do stuff on his/her behalf.

Full details of Authentication in the Windows API can be found on MSDN: http://msdn.microsoft.com/en-us/library/aa374735(VS.85).aspx

I don’t know about the windows login password. but you can definitely pull plaintext passwords from the Credentials Manager. For example here is a program to pull the password for TFS. In most cases, this is the same as the Windows Login.

I compiled this as «console» app under vs 2015 with Nuget package TeamFoundation ExtendedClient.

You can get the user name with GetUserName(), but you cannot get the password; this would violate security for dummies 101.

re «Network Password Recovery» tool
Windows (upto XP) stores a copy of the passwd with a simpler easy to break encryption — for connecting to older style lanmanager network shares. The tools generaly try all possible passwords against this, using rainbow tables (precaluted encrypted versions of dictionary words) speeds this up.

In XPsp2/3 Vista this feature is removed. The new encryption is much harder to crack and needs many hours to try all possible values, there are online services that will run it on large number of machines to give you a quick answer for a price.

To answer the original poster — you do not generally store the password and compare it with what the user typd in. You encrypt (actually hash) the entered password and store that. To check a password you perform the same encryption on whatever the user enetered and compare that. It is generally impossible to go from the encrypted form back to the real password.

EDIT I suspect you are asking the wrong question here — why do you want the password, what are you trying to verify and when?