PowerShell data explanation and advice

Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.

Install the latest PowerShell for new features and improvements! https://aka.ms/PSWindows

PS C:Userssmell> whoami / user
ERROR: Invalid argument/option – ‘/’.
Type “WHOAMI /?” for usage.
PS C:Userssmell> whoami /user

USER INFORMATION
—————-

User Name SID
=================== ============================================
thinkpadt16g2smell S-1-5-21-2399413288-642862217-314349489-1001
PS C:Userssmell> wmic useraccount where name=’%username%’ get domain,name,sid
Node – THINKPADT16G2
ERROR:
Description = Invalid query

PS C:Userssmell> wmic useraccount where name=’%username%’ get domain,name,sid
Node – THINKPADT16G2
ERROR:
Description = Invalid query

PS C:Userssmell> [Security.Principal.WindowsIdentity]::GetCurrent() | Select-Object -Property @(‘Name’, ‘User’)

Name User
—- —-
THINKPADT16G2smell S-1-5-21-2399413288-642862217-314349489-1001

PS C:Userssmell> [System.Security.Principal.WindowsIdentity]::GetCurrent().User.Value
S-1-5-21-2399413288-642862217-314349489-1001
PS C:Userssmell> wmic useraccount where name=’smell’ get sid
Node – THINKPADT16G2
ERROR:
Description = Invalid query

PS C:Userssmell> wmic useraccount where sid='<sid>’ get domain,name
Node – THINKPADT16G2
ERROR:
Description = Invalid query

PS C:Userssmell> wmic useraccount where sid=’S-1-5-21-2399413288-642862217-314349489-1001′ get domain,name
Unexpected switch at this level.
PS C:Userssmell> wmic useraccount get domain,name,sid
Domain Name SID
ThinkPadT16G2 Administrator S-1-5-21-2399413288-642862217-314349489-500
ThinkPadT16G2 DefaultAccount S-1-5-21-2399413288-642862217-314349489-503
ThinkPadT16G2 Guest S-1-5-21-2399413288-642862217-314349489-501
ThinkPadT16G2 smell S-1-5-21-2399413288-642862217-314349489-1001
ThinkPadT16G2 WDAGUtilityAccount S-1-5-21-2399413288-642862217-314349489-504

PS C:Userssmell> Get-WmiObject win32_useraccount | Select domain,name,sid

domain name sid
—— —- —
ThinkPadT16G2 Administrator S-1-5-21-2399413288-642862217-314349489-500
ThinkPadT16G2 DefaultAccount S-1-5-21-2399413288-642862217-314349489-503
ThinkPadT16G2 Guest S-1-5-21-2399413288-642862217-314349489-501
ThinkPadT16G2 smell S-1-5-21-2399413288-642862217-314349489-1001
ThinkPadT16G2 WDAGUtilityAccount S-1-5-21-2399413288-642862217-314349489-504

PS C:Userssmell>
PS C:Userssmell> Get-LocalUser | Select-Object -Property @(‘Name’, ‘SID’)

Name SID
—- —
Administrator S-1-5-21-2399413288-642862217-314349489-500
DefaultAccount S-1-5-21-2399413288-642862217-314349489-503
Guest S-1-5-21-2399413288-642862217-314349489-501
smell S-1-5-21-2399413288-642862217-314349489-1001
WDAGUtilityAccount S-1-5-21-2399413288-642862217-314349489-504

PS C:Userssmell> Get-CimInstance -query ‘Select * from win32_useraccount’ | ft name, SID

name SID
—- —
Administrator S-1-5-21-2399413288-642862217-314349489-500
DefaultAccount S-1-5-21-2399413288-642862217-314349489-503
Guest S-1-5-21-2399413288-642862217-314349489-501
smell S-1-5-21-2399413288-642862217-314349489-1001
WDAGUtilityAccount S-1-5-21-2399413288-642862217-314349489-504

PS C:Userssmell> [Security.Principal.WindowsIdentity]::GetCurrent() | Select-Object -Property @(‘Name’, ‘User’)

Name User
—- —-
THINKPADT16G2smell S-1-5-21-2399413288-642862217-314349489-1001

PS C:Userssmell> C:UsersPublic
C:UsersPublic : The term ‘C:UsersPublic’ is not recognized as the name of a cmdlet, function, script file, or
operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try
again.
At line:1 char:1
+ C:UsersPublic
+ ~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (C:UsersPublic:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException

PS C:Userssmell> C:UsersPublic>
C:UsersPublic> : The term ‘C:UsersPublic>’ is not recognized as the name of a cmdlet, function, script file, or
operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try
again.
At line:1 char:2
+ C:UsersPublic>
+ ~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (C:UsersPublic>:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException

PS C:Userssmell> C:Users
C:Users : The term ‘C:Users’ is not recognized as the name of a cmdlet, function, script file, or operable
program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:2
+ C:Users
+ ~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (C:Users:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException

PS C:Userssmell> C:Users
C:Users : The term ‘C:Users’ is not recognized as the name of a cmdlet, function, script file, or operable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:2
+ C:Users
+ ~~~~~~~~
+ CategoryInfo : ObjectNotFound: (C:Users:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException

PS C:Userssmell> PS C:> Set-Location -PathC:UsersPublic
Get-Process : A positional parameter cannot be found that accepts argument ‘Set-Location’.
At line:1 char:1
+ PS C:> Set-Location -PathC:UsersPublic
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Get-Process], ParameterBindingException
+ FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.PowerShell.Commands.GetProcessCommand

PS C:Userssmell> Set-Location -Path C:UsersPublic
PS C:UsersPublic> whoami /user

USER INFORMATION
—————-

User Name SID
=================== ============================================
thinkpadt16g2smell S-1-5-21-2399413288-642862217-314349489-1001
PS C:UsersPublic> wmic useraccount where name=’%username%’ get domain,name,sid
Node – THINKPADT16G2
ERROR:
Description = Invalid query

PS C:UsersPublic> [Security.Principal.WindowsIdentity]::GetCurrent() | Select-Object -Property @(‘Name’, ‘User’)

Name User
—- —-
THINKPADT16G2smell S-1-5-21-2399413288-642862217-314349489-1001

PS C:UsersPublic> [System.Security.Principal.WindowsIdentity]::GetCurrent().User.Value
S-1-5-21-2399413288-642862217-314349489-1001
PS C:UsersPublic> wmic useraccount where name=’username’ get sid
Node – THINKPADT16G2
ERROR:
Description = Invalid query

PS C:UsersPublic> wmic useraccount where name=’smell’ get sid
Node – THINKPADT16G2
ERROR:
Description = Invalid query

PS C:UsersPublic> wmic useraccount where sid='<sid>’ get domain,name
Node – THINKPADT16G2
ERROR:
Description = Invalid query

PS C:UsersPublic> wmic useraccount where sid=’S-1-5-21-2399413288-642862217-314349489-1001′ get domain,name
Unexpected switch at this level.
PS C:UsersPublic> wmic useraccount get domain,name,sid
Domain Name SID
ThinkPadT16G2 Administrator S-1-5-21-2399413288-642862217-314349489-500
ThinkPadT16G2 DefaultAccount S-1-5-21-2399413288-642862217-314349489-503
ThinkPadT16G2 Guest S-1-5-21-2399413288-642862217-314349489-501
ThinkPadT16G2 smell S-1-5-21-2399413288-642862217-314349489-1001
ThinkPadT16G2 WDAGUtilityAccount S-1-5-21-2399413288-642862217-314349489-504

PS C:UsersPublic> Get-WmiObject win32_useraccount | Select domain,name,sid

PS C:UsersPublic> Get-LocalUser | Select-Object -Property @(‘Name’, ‘SID’)

PS C:UsersPublic> Get-CimInstance -query ‘Select * from win32_useraccount’ | ft name, SID

PS C:UsersPublic>

Hi everyone. Not even sure how to ask and maybe it seems dramatic but I am reaching out for a little help here. Can someone help me understand this data I copied from PowerShell? I typed the same commands for user “smell” and user “Public”. I have a node in network probably and I really hope for the worse to be honest. Reading about it got me pumped. Of course I have no idea if this could be the small window sun shines through or just another big nothing. Anyway, thanks to anyone who sets me straight about it. Windows PowerShellCopyright (C) Microsoft Corporation. All rights reserved.Install the latest PowerShell for new features and improvements! https://aka.ms/PSWindowsPS C:Userssmell> whoami / userERROR: Invalid argument/option – ‘/’.Type “WHOAMI /?” for usage.PS C:Userssmell> whoami /userUSER INFORMATION—————-User Name SID=================== ============================================thinkpadt16g2smell S-1-5-21-2399413288-642862217-314349489-1001PS C:Userssmell> wmic useraccount where name=’%username%’ get domain,name,sidNode – THINKPADT16G2ERROR:Description = Invalid queryPS C:Userssmell> wmic useraccount where name=’%username%’ get domain,name,sidNode – THINKPADT16G2ERROR:Description = Invalid queryPS C:Userssmell> [Security.Principal.WindowsIdentity]::GetCurrent() | Select-Object -Property @(‘Name’, ‘User’)Name User—- —-THINKPADT16G2smell S-1-5-21-2399413288-642862217-314349489-1001PS C:Userssmell> [System.Security.Principal.WindowsIdentity]::GetCurrent().User.ValueS-1-5-21-2399413288-642862217-314349489-1001PS C:Userssmell> wmic useraccount where name=’smell’ get sidNode – THINKPADT16G2ERROR:Description = Invalid queryPS C:Userssmell> wmic useraccount where sid='<sid>’ get domain,nameNode – THINKPADT16G2ERROR:Description = Invalid queryPS C:Userssmell> wmic useraccount where sid=’S-1-5-21-2399413288-642862217-314349489-1001′ get domain,nameUnexpected switch at this level.PS C:Userssmell> wmic useraccount get domain,name,sidDomain Name SIDThinkPadT16G2 Administrator S-1-5-21-2399413288-642862217-314349489-500ThinkPadT16G2 DefaultAccount S-1-5-21-2399413288-642862217-314349489-503ThinkPadT16G2 Guest S-1-5-21-2399413288-642862217-314349489-501ThinkPadT16G2 smell S-1-5-21-2399413288-642862217-314349489-1001ThinkPadT16G2 WDAGUtilityAccount S-1-5-21-2399413288-642862217-314349489-504PS C:Userssmell> Get-WmiObject win32_useraccount | Select domain,name,siddomain name sid—— —- —ThinkPadT16G2 Administrator S-1-5-21-2399413288-642862217-314349489-500ThinkPadT16G2 DefaultAccount S-1-5-21-2399413288-642862217-314349489-503ThinkPadT16G2 Guest S-1-5-21-2399413288-642862217-314349489-501ThinkPadT16G2 smell S-1-5-21-2399413288-642862217-314349489-1001ThinkPadT16G2 WDAGUtilityAccount S-1-5-21-2399413288-642862217-314349489-504PS C:Userssmell>PS C:Userssmell> Get-LocalUser | Select-Object -Property @(‘Name’, ‘SID’)Name SID—- —Administrator S-1-5-21-2399413288-642862217-314349489-500DefaultAccount S-1-5-21-2399413288-642862217-314349489-503Guest S-1-5-21-2399413288-642862217-314349489-501smell S-1-5-21-2399413288-642862217-314349489-1001WDAGUtilityAccount S-1-5-21-2399413288-642862217-314349489-504PS C:Userssmell> Get-CimInstance -query ‘Select * from win32_useraccount’ | ft name, SIDname SID—- —Administrator S-1-5-21-2399413288-642862217-314349489-500DefaultAccount S-1-5-21-2399413288-642862217-314349489-503Guest S-1-5-21-2399413288-642862217-314349489-501smell S-1-5-21-2399413288-642862217-314349489-1001WDAGUtilityAccount S-1-5-21-2399413288-642862217-314349489-504PS C:Userssmell> [Security.Principal.WindowsIdentity]::GetCurrent() | Select-Object -Property @(‘Name’, ‘User’)Name User—- —-THINKPADT16G2smell S-1-5-21-2399413288-642862217-314349489-1001PS C:Userssmell> C:UsersPublicC:UsersPublic : The term ‘C:UsersPublic’ is not recognized as the name of a cmdlet, function, script file, oroperable program. Check the spelling of the name, or if a path was included, verify that the path is correct and tryagain.At line:1 char:1+ C:UsersPublic+ ~~~~~~~~~~~~~~~+ CategoryInfo : ObjectNotFound: (C:UsersPublic:String) [], CommandNotFoundException+ FullyQualifiedErrorId : CommandNotFoundExceptionPS C:Userssmell> C:UsersPublic>C:UsersPublic> : The term ‘C:UsersPublic>’ is not recognized as the name of a cmdlet, function, script file, oroperable program. Check the spelling of the name, or if a path was included, verify that the path is correct and tryagain.At line:1 char:2+ C:UsersPublic>+ ~~~~~~~~~~~~~~~~+ CategoryInfo : ObjectNotFound: (C:UsersPublic>:String) [], CommandNotFoundException+ FullyQualifiedErrorId : CommandNotFoundExceptionPS C:Userssmell> C:UsersC:Users : The term ‘C:Users’ is not recognized as the name of a cmdlet, function, script file, or operableprogram. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.At line:1 char:2+ C:Users+ ~~~~~~~~~+ CategoryInfo : ObjectNotFound: (C:Users:String) [], CommandNotFoundException+ FullyQualifiedErrorId : CommandNotFoundExceptionPS C:Userssmell> C:UsersC:Users : The term ‘C:Users’ is not recognized as the name of a cmdlet, function, script file, or operable program.Check the spelling of the name, or if a path was included, verify that the path is correct and try again.At line:1 char:2+ C:Users+ ~~~~~~~~+ CategoryInfo : ObjectNotFound: (C:Users:String) [], CommandNotFoundException+ FullyQualifiedErrorId : CommandNotFoundExceptionPS C:Userssmell> PS C:> Set-Location -PathC:UsersPublicGet-Process : A positional parameter cannot be found that accepts argument ‘Set-Location’.At line:1 char:1+ PS C:> Set-Location -PathC:UsersPublic+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+ CategoryInfo : InvalidArgument: (:) [Get-Process], ParameterBindingException+ FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.PowerShell.Commands.GetProcessCommandPS C:Userssmell> Set-Location -Path C:UsersPublicPS C:UsersPublic> whoami /userUSER INFORMATION—————-User Name SID=================== ============================================thinkpadt16g2smell S-1-5-21-2399413288-642862217-314349489-1001PS C:UsersPublic> wmic useraccount where name=’%username%’ get domain,name,sidNode – THINKPADT16G2ERROR:Description = Invalid queryPS C:UsersPublic> [Security.Principal.WindowsIdentity]::GetCurrent() | Select-Object -Property @(‘Name’, ‘User’)Name User—- —-THINKPADT16G2smell S-1-5-21-2399413288-642862217-314349489-1001PS C:UsersPublic> [System.Security.Principal.WindowsIdentity]::GetCurrent().User.ValueS-1-5-21-2399413288-642862217-314349489-1001PS C:UsersPublic> wmic useraccount where name=’username’ get sidNode – THINKPADT16G2ERROR:Description = Invalid queryPS C:UsersPublic> wmic useraccount where name=’smell’ get sidNode – THINKPADT16G2ERROR:Description = Invalid queryPS C:UsersPublic> wmic useraccount where sid='<sid>’ get domain,nameNode – THINKPADT16G2ERROR:Description = Invalid queryPS C:UsersPublic> wmic useraccount where sid=’S-1-5-21-2399413288-642862217-314349489-1001′ get domain,nameUnexpected switch at this level.PS C:UsersPublic> wmic useraccount get domain,name,sidDomain Name SIDThinkPadT16G2 Administrator S-1-5-21-2399413288-642862217-314349489-500ThinkPadT16G2 DefaultAccount S-1-5-21-2399413288-642862217-314349489-503ThinkPadT16G2 Guest S-1-5-21-2399413288-642862217-314349489-501ThinkPadT16G2 smell S-1-5-21-2399413288-642862217-314349489-1001ThinkPadT16G2 WDAGUtilityAccount S-1-5-21-2399413288-642862217-314349489-504PS C:UsersPublic> Get-WmiObject win32_useraccount | Select domain,name,siddomain name sid—— —- —ThinkPadT16G2 Administrator S-1-5-21-2399413288-642862217-314349489-500ThinkPadT16G2 DefaultAccount S-1-5-21-2399413288-642862217-314349489-503ThinkPadT16G2 Guest S-1-5-21-2399413288-642862217-314349489-501ThinkPadT16G2 smell S-1-5-21-2399413288-642862217-314349489-1001ThinkPadT16G2 WDAGUtilityAccount S-1-5-21-2399413288-642862217-314349489-504PS C:UsersPublic> Get-LocalUser | Select-Object -Property @(‘Name’, ‘SID’)Name SID—- —Administrator S-1-5-21-2399413288-642862217-314349489-500DefaultAccount S-1-5-21-2399413288-642862217-314349489-503Guest S-1-5-21-2399413288-642862217-314349489-501smell S-1-5-21-2399413288-642862217-314349489-1001WDAGUtilityAccount S-1-5-21-2399413288-642862217-314349489-504PS C:UsersPublic> Get-CimInstance -query ‘Select * from win32_useraccount’ | ft name, SIDname SID—- —Administrator S-1-5-21-2399413288-642862217-314349489-500DefaultAccount S-1-5-21-2399413288-642862217-314349489-503Guest S-1-5-21-2399413288-642862217-314349489-501smell S-1-5-21-2399413288-642862217-314349489-1001WDAGUtilityAccount S-1-5-21-2399413288-642862217-314349489-504PS C:UsersPublic> Read More

Cart

Cart