runas /savecred... don't accept cmdkey /add (credentials)

Phiber picture Phiber · Jan 16, 2014 · Viewed 46.2k times · Source

I have a problem with runas /savecred ... and cmdkey /add....
I have a batch file contains this line:

runas /profile /savecred /user:MyDomain\MyUserName "MyProgram.exe"  

I'm logging to my computer as Administrator and I want to execute MyProgram.exe with another user: MyUserName.
When I launch my batch file the firt time, it prompts for password for MyUserName, I type the password and it works nice !!!
For second time, it don't ask for password because /savecred has saved MyUserName and password in Windows Credential. cool !!
The information in Credential Manager

Internet or network adress: MyDomain\MyUserName (Interactive logon)  
User name: MyDomain\MyUserName  
Password: ............
Persistence: Logon Session  

Now, I would like to avoid to type the password asked for the first time. For this I have used cmdkey.exe to add credential myself without /savecred by this line

cmdkey /add:domain:interactive=MyDomain\MyUserName /user:MyDomain\MyUserName /pass:***********  

and i have removed /savecred from line runas
The information in Credential Manager

Internet or network adress: MyDomain\MyUserName  
User name: MyDomain\MyUserName  
Password: ............
Persistence: Logon Session  

Look there is no (Interactive logon) in the first line. The poblem is when I launch the batch file, it prompt always to type password, it seems like the runas disacard the informaion saved by cmdkey !

So What I have missed? Or what other things that /savecred save in the Windows Credentials?

Answer

shello picture shello · May 13, 2014

Under windows 7, the runas/savecred (interactive logon) credential is saved in a HIDDEN file in the directory c:\users\username\appdata\roaming\microsoft\credentials.

If you move this file out of this directory, the credential is not displayed in the Windows credential manager. Move the file back into the referenced directory, and the credential reappears. No other manipulation or tweaking is necessary.

You should save the interactive logon by running the runas /savecred command once and then moving the hidden encrypted file in and out as needed.