• Greg Zejer

Windows Desktop – Credential Manager CLI

If you armanage-your-blog-from-your-live-sitee like me, I’m not a big fan of credential manager. User accounts always get locked out because of this feature, especially when they change their password. If I can disable Credential Manager, I do via GPO.

If disabling credential manager does not work for the client, managing it becomes cumbersome.

There is a CLI users can use in order to manage it: rundll32.exe keymgr.dll,KRShowKeyMgr





This command doesn’t capture everything though. There is another option, POWERSHELL to the rescue! Well, sort of a hybrid solution.

You can use cmdkey to get a list of all saved password, both for the user and machine:



Once you have the list, you can use it with a ForEach-Object powershell combination in order to delete them all:

cmdkey /list | ForEach-Object{if($_ -like “*Target:*”){cmdkey /delete:($_ -replace ” “,”” -replace “Target:”,””)}}




Adding this command to the user login script GPO works wonders. Does it upset people that they have to type their password all the time, sure, but it’s a more secure solution so this doesn’t happen to you:


https://www.peew.pw/blog/2017/11/26/exploring-cmdkey-an-edge-case-for-privilege-escalation

7 views

Chicago – North Shore

899 Skokie Blvd. Suite 520
Northbrook, IL 60062

Phone: 847-464-3900

sales@globalpointllc.com

Chicago – Downtown

27 N. Wacker Dr. Suite 910
Chicago, IL 60606

Phone: 312-582-4343

sales@globalpointllc.com

Detroit Michigan

888 West Big Beaver Rd. Suite 200
Troy, MI 48084

248-929-5800

sales@globalpointllc.com