1

I'm learning about the "local system" account (aka "system" or SID "S-1-5-18") in Windows. This server fault answer is very helpful, but one thing I still don't understand is why the value returned by the whoami command is different from the %username% environment variable.

enter image description here

The latter is the name of my computer followed by a dollar sign "$".

Improve this question
2
  • Please edit the question with these answers : Which specific version of Windows is this (Windows 10v1809 for instance) ? Are you starting cmd in a non-standard way, for instance, choosing "Run as Administrator" ?
    – MountainMan
    Commented Feb 1, 2019 at 19:04
  • Windows 7 Pro SP1, just start > run > cmd.
    – rory.ap
    Commented Feb 2, 2019 at 15:20

1 Answer 1

Reset to default
0

Basically System is a special User, it effectively is your computers internal user so it kinda makes sense to use the hostname as name.

Take a look in Task Manager, go to the Details tabs and click PID ("Process ID") to sort the processes. The lowest few PIDs and the only process without a PID are all owned by SYSTEM and start at the earliest stages of the boot process. The Processes are run under the user "SYSTEM" and several are instances of ntoskrnl.exe - the Windows NT Kernel itself.

This Windows startup process article describes the general boot process and identifies the main components all of which are run as System.

Also worth mentioning the System user has special permissions so avoid modifying it or using it for none system tasks.

Improve this answer
1
  • This doesn’t explain the reason whoami behaves the way it does. It explains what the system user is, but that isn’t, what he author asked about
    – Ramhound
    Commented Feb 1, 2019 at 18:59

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .