How do I clear cached credentials from my Windows Profile?

  • Windows seems to be saving my credentials for a variety of applications (terminal servers, etc) and I'd like to purge this data.

    How can I backup and purge this data?

    Is there a way to automate the removal of cached credentials via a PowerShell script that I can invoke?

  • The utility to delete cached credentials is hard to find. It stores both certificate data and also user passwords.

    Open a command prompt, or enter the following in the run command

     rundll32.exe keymgr.dll,KRShowKeyMgr
    

    Image of cached credentials

    Windows 7 makes this easier by creating an icon in the control panel called "Credential manager"

    enter image description here

    good write up for both Admins and End-Users. Could have used a route guide to the Credential Manager, for those less-Admin knowledgeable.

    Excellent. This command saved my day. Didn't know about it

    My control panel item for this is hidden due to company group policies. The command you gave is the only way I could access my cached credentials. Thanks.

  • There is also a command-line utility:

    C:\> cmdkey /?
    
    Creates, displays, and deletes stored user names and passwords.
    
    The syntax of this command is:
    
    CMDKEY [{/add | /generic}:targetname {/smartcard | /user:username {/pass{:password}}} | /delete{:targetname | /ras} | /list{:targetname}]
    
    Examples:
    
      To list available credentials:
         cmdkey /list
         cmdkey /list:targetname
    
      To create domain credentials:
         cmdkey /add:targetname /user:username /pass:password
         cmdkey /add:targetname /user:username /pass
         cmdkey /add:targetname /user:username
         cmdkey /add:targetname /smartcard
    
      To create generic credentials:
         The /add switch may be replaced by /generic to create generic credentials
    
      To delete existing credentials:
         cmdkey /delete:targetname
    
      To delete RAS credentials:
         cmdkey /delete /ras
    
  • Use cmd:

    NET USE
    

    (to see what you're connected to)

    NET USE * /DELETE
    

    (to delete all connections)

    net use info is not the same info as listed in keymgr or credential mgr.

  • FYI, I just encountered a case where a credential (possibly corrupt, since it showed up under an entry named with only two, odd Unicode characters) appeared only in the rundll32.exe keymgr.dll,KRShowKeyMgr interface, and not in the Credential Manager interface found in the Windows 7 control panel. So it may be worth checking both interfaces for cached credentials.

License under CC-BY-SA with attribution


Content dated before 6/26/2020 9:53 AM