How do I clear cached credentials from my Windows Profile?

Question

Windows seems to be saving my credentials for a variety of applications (terminal servers, etc) and I'd like to purge this data.

How can I backup and purge this data?

Is there a way to automate the removal of cached credentials via a PowerShell script that I can invoke? — , Sep 24 '15 at 20:05

score 79 · Accepted Answer · answered Jun 02 '12 at 15:41

79

The utility to delete cached credentials is hard to find. It stores both certificate data and also user passwords.

Open a command prompt, or enter the following in the run command

 rundll32.exe keymgr.dll,KRShowKeyMgr

Image of cached credentials

Windows 7 makes this easier by creating an icon in the control panel called "Credential manager"

enter image description here

answered Jun 02 '12 at 15:41

makerofthings7

50,090
54
250
536

good write up for both Admins and End-Users. Could have used a route guide to the Credential Manager, for those less-Admin knowledgeable. – GoldBishop Aug 28 '14 at 17:18
Excellent. This command saved my day. Didn't know about it – alfredocambera Sep 10 '14 at 18:29
My control panel item for this is hidden due to company group policies. The command you gave is the only way I could access my cached credentials. Thanks. – Francois Botha Jun 12 '19 at 09:11

score 17 · Answer 2 · edited Oct 29 '20 at 13:38

There is also a command-line utility:

C:\> cmdkey /?

Creates, displays, and deletes stored user names and passwords.

The syntax of this command is:

CMDKEY [{/add | /generic}:targetname {/smartcard | /user:username {/pass{:password}}} | /delete{:targetname | /ras} | /list{:targetname}]

Examples:

  To list available credentials:
     cmdkey /list
     cmdkey /list:targetname

  To create domain credentials:
     cmdkey /add:targetname /user:username /pass:password
     cmdkey /add:targetname /user:username /pass
     cmdkey /add:targetname /user:username
     cmdkey /add:targetname /smartcard

  To create generic credentials:
     The /add switch may be replaced by /generic to create generic credentials

  To delete existing credentials:
     cmdkey /delete:targetname

  To delete RAS credentials:
     cmdkey /delete /ras

Link to documentation page: https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/cmdkey

Thank you. Helped me to create a `cmd` file to delete the hundreds of crap entries I had. — Thomas Eyde, Oct 27 '20 at 07:25

score 6 · Answer 3 · edited Jun 08 '16 at 22:55

6

Use cmd:

NET USE

(to see what you're connected to)

NET USE * /DELETE

(to delete all connections)

net use info is not the same info as listed in keymgr or credential mgr.

edited Jun 08 '16 at 22:55

techraf

9,141
11
44
62

answered Jun 08 '16 at 22:29

user113896

61
1
1

score 4 · Answer 4 · edited Jul 30 '15 at 21:23

4

FYI, I just encountered a case where a credential (possibly corrupt, since it showed up under an entry named with only two, odd Unicode characters) appeared only in the rundll32.exe keymgr.dll,KRShowKeyMgr interface, and not in the Credential Manager interface found in the Windows 7 control panel. So it may be worth checking both interfaces for cached credentials.

edited Jul 30 '15 at 21:23

Gilles 'SO- stop being evil'

50,912
13
120
179

answered Jul 30 '15 at 18:27

Ryan

41
1

How do I clear cached credentials from my Windows Profile?

4 Answers4