Clearing Credential Manager Fast

(Last Updated On: 2019-10-03)

I recently had some issues with authentication on Windows Apps. This especially happens when a user’s password changes. Then you have to clean the Credential Manager and WOW can Microsoft pile up a list.
So I had to figure out how to Clear out the Credential Manager fast.

There are three ways we are going to go through to do this. The Slow, the little bit faster but still slow, and the extremely fast.

Credential Manager

The first is the way we all learn first by opening the Credential Manager.
Open the Control Panel, in the Search type Credential Manager. It should show as you are typing. Open it up and you will see Windows Credentials.

Credential Manager

This is very simple click the drop-down next to the application giving you issues, Click remove and Acknowledge. As you can see this list is already clear out but depending on the user you are working with this can have upwards of 15 and more saved.

Key Manager

The next option is using the key Manager, the only problem is you need to remember the below command, this is my preferred method as it looks a bit cleaner although and argument can be made it has less detail, I have found that when you drill down into the details the Key Manager is more accurate. Open the Run dialog paste the command and Enter.

Note this is Case-Sensitive

rundll32.exe keymgr.dll, KRShowKeyMgr 
KEY Manager

Again very simple click the application in the list giving you issues, Click remove and Acknowledge.

CMDKEY

The last one is a CMD Command called CMDKEY. This command is specifically used to Create, Display and Deleted passwords but only one per command. Which in itself is a bit of an issue but when you combine this with a For Loop in can quickly run through all the password saved and clear it out. See below the Syntax CMDKEY the Command:

CMDKEY /?

Creates, displays, and deletes stored user names and passwords.

The syntax of this command is:

CMDKEY [{/add | /generic}:targetname {/smartcard | /user:username {/pass{:password}}} | /delete{:targetname | /ras} | /list{:targetname}]

Examples:

To list available credentials:
cmdkey /list
cmdkey /list:targetname

To create domain credentials:
cmdkey /add:targetname /user:username /pass:password
cmdkey /add:targetname /user:username /pass
cmdkey /add:targetname /user:username
cmdkey /add:targetname /smartcard

To create generic credentials:
The /add switch may be replaced by /generic to create generic credentials

To delete existing credentials:
cmdkey /delete:targetname

To delete RAS credentials:
cmdkey /delete /ras

Example


Display a list of Saved passwords:

cmdkey /list
CMD
CMDKey

Delete a Password from the list:

cmdkey /delete:MicrosoftAccount:target=SSO_POP_Device
CMD
CMDKEY

Creating the Script

To create the script you need to know a bit about the For command.
For now, I will explain the argument as it is used below:

For /F "tokens=1,2 delims= " %%F in ('cmdkey /list ^| findstr Target') do  cmdkey /delete %%G
For /Fwould parse each line in a given file or Command output
“tokens=1,2 delims= ”The Options to use when splitting the Line:
tokens=1,2
Specify which tokens from each line are to be passed on. This will cause additional variable names to be allocated.
delims=
Specifies a delimiter set. This replaces the default delimiter set of space and tab.
%%F
%%G
The First Variable that will be created and the Second Variable that will be autogenerated due to the Token being passed on when delimitated by an Empty Space
(‘cmdkey /list ^| findstr Target’)The Command where the data will be pulled from only parsing back lines with the word Target in it
cmdkey /delete %%GThe Command to run with the new Variable received Back

Notice the script use %% when specifying variable this is as per the for /? help file. When Running the command directly Variables is used with only one %. In a Script, it needs to be changed to %%.

CMDKEY: Element not found

Unfortunately, there are some applications that have more spaces in. This will cause the second variable being created to be only a section of the required string. These will have to be manually deleted.

Even though you might have this clearing out 32 of 38 passwords with a simple double click is much faster and you can now also run this script from task scheduler or Group Policy.

If you liked what you read Please Share.

I’d love it if you followed me on Twitter and Facebook.

Also, feel free to subscribe to my posts by email. Thanks for reading.

Spread the love

Leave a Reply

Your email address will not be published. Required fields are marked *