See belo,w the weirdest thing: the whoami tool does not report any information:
Windows10/1511
C:\Users\mjordao>whoami
DOMAIN\MJORDAO
C:\Users\mjordao>whoami /user
DOMAIN\MJORDAO
C:\Users\mjordao>whoami /SID
DOMAIN\MJORDAO
C:\Users\mjordao>whoami /GROUPS
DOMAIN\MJORDAO
C:\Users\mjordao>whoami /?
DOMAIN\MJORDAO
As you can see, no output at all
tests i did:
1) psloggedon shows correct SID of the user
2) if i copy/clone/duplicate the user, no problem
3) If i open the CMD as admin, the SIDs are all there, no problem
4) Several logofss and reboots
The problem came up after usier complaining about a specific sub-sub-folder of a multi-terabyte file server and the user can read and write with no problem, during the investigation, i noticed that the behaviour is consisten like the user hasn´t anymore member of any group (access denied on folder) but in many other folders under the same mapped drive letter, the access is ok
whic tools can I use to check for kerberos tokens, groups, etc?