How can I determine which groups I'm a member of for my current logon session?

A. You can use the whoami command with the /groups switch to display all the groups in the currently logged on user token as the following command and output show:

whoami /groups[Group 1] = "SAVILLTECHDomain Users"[Group 2] = "Everyone"[Group 3] = "WKSSAVD800Debugger Users"[Group 4] = "BUILTINUsers"[Group 5] = "BUILTINAdministrators"[Group 6] = "NT AUTHORITYINTERACTIVE"[Group 7] = "NT AUTHORITYAuthenticated Users"[Group 8] = "LOCAL"[Group 9] = "SAVILLTECHDomain Admins"[Group 10] = "SAVILLTECHEnterprise Admins"

In this example, my user account is a member of the Domain and Enterprise Admin groups as well as all the other displayed groups. You can use this same command to determine the group membership for the local computer account. To do so, start a command session under the system context, which you do by using the scheduler to start a command session 1 minute in the future, as the following command shows:

<1 minute in future> /inter cmd.exe

When the new command session starts, run the whoami /groups command to show the groups that the computer account is a member of, as this example shows:

C:WINDOWSsystem32>whoami /groups[Group 1] = "BUILTINAdministrators"[Group 2] = "Everyone"[Group 3] = "NT AUTHORITYAuthenticated Users"

Notice that the computer account is a member of the Authenticated Users group, which you might not have expected.