Manipulate stored credentials
This is more of a note to self so I dont forget the nifty cmd line tool included in 2k3 by default.
https://msdn2.microsoft.com/en-us/library/aa374731.aspx
Low-level Credentials Management Functions
The following are low-level credentials management functions.
Function | Description |
---|---|
CredDelete | Delete a credential from a user's credentials set. |
CredEnumerate | List the credentials in a user's credentials set. |
CredFindBestCredential | Searches the Credentials Management (CredMan) database for the set of generic credentials that are associated with the current logon session and that best match the specified target resource. |
CredFree | Free the memory used for a buffer returned by any of the credentials management functions. |
CredGetSessionTypes | Retrieve the maximum persistence supported by the current logon session. |
CredGetTargetInfo | Retrieve all known target name information for a named resource. |
CredIsProtected | Specifies whether the specified credentials are encrypted by a previous call to the CredProtect function. |
CredMarshalCredential | Transform a credential into a text string. |
CredPackAuthenticationBuffer | Converts a string user name and password into an authentication buffer. |
CredProtect | Encrypts the specified credentials so that only the current security context can decrypt them. |
CredRead | Read a credential from a user's credentials set. |
CredReadDomainCredentials | Read the domain credentials from a user's credentials set. |
CredRename | Rename a credential from a user's credentials set. |
CredUnmarshalCredential | Transform a marshaled credential string back into its nonmarshaled form. |
CredUnPackAuthenticationBuffer | Converts an authentication buffer returned by a call to the CredUIPromptForWindowsCredentials function into a string user name and password. |
CredUnprotect | Decrypts credentials that were previously encrypted by using the CredProtect function. |
CredWrite | Create a new credential or modify an existing credential in a user's credentials set. |
CredWriteDomainCredentials | Write domain credentials to a user's credentials set. |
C:\WINDOWS\system32>cmdkey /?
Creates, displays, and deletes stored user names and passwords.
The syntax of this command is:
CMDKEY [{/add | /generic}:targetname {/smartcard | /user:username {/pass{:passw
rd}}} | /delete{:targetname | /ras} | /list{:targetname}]
Examples:
To list available credentials:
cmdkey /list
cmdkey /list:targetname
To create domain credentials:
cmdkey /add:targetname /user:username /pass:password
cmdkey /add:targetname /user:username /pass
cmdkey /add:targetname /user:username
cmdkey /add:targetname /smartcard
To create generic credentials:
The /add switch may be replaced by /generic to create generic credentials
To delete existing credentials:
cmdkey /delete:targetname
To delete RAS credentials:
cmdkey /delete /ras
spat
Comments
Anonymous
July 03, 2007
Are credentials those things that are found via cmdkey or the Control Panel operation (Stored User Names and Passwords) or does it include the normal Windows acct. password and that stored in Active Directory?Anonymous
July 06, 2007
Im not sure I understand the question, but it seems to revolve around "What are credentials?" But, that doesnt sound right. So maybe it is - "What does the cmdkey store or list?" If so, then it is the control panel operation you mentioned. spatdsgAnonymous
February 12, 2008
Any idea how to store & manipulate credential information through my application on Windows 2000? Simply put, what you can do with the credui.dll in Windows XP, is there any way Windows 2000?Anonymous
March 12, 2008
Thansk ..... Spat ... thank you very much ... for cmdkey Cheers ! email: saurabh_bhatkar@rediffmail.com