Remove an entry from credential manager for all users on Windows

Pettor picture Pettor · Sep 13, 2016 · Viewed 37.1k times · Source

I am currently implementing a "remove settings" for all users in a Windows uninstaller and came over an issue I am not even sure is possible to solve.

The application stores credential entries for the current user using the CredentialManager (keymgr.dll). Let's call the target of the credential "X". On uninstall all credentials with stored with target "X" should be removed on all users. The uninstaller of course requires administrator privileges but still I find it very difficult to accomplish this.

For the current user that command is generally solved via cmdkey /delete=:X from a command prompt. As far as I know cmdkey.exe /list only helps to list entries for the current user and can't remove local entries from another user.

I have learned that the credentials are stored as OS files under the C:\Users\_user_\AppData\Local\Microsoft\Credentials folder, but I can't know which files are the entries I want to delete and removing all would be dangerous for other applications. Also I assume removing OS files will be dangerous and could have limitations (extra UAC prompt?) as well.

Runas command is the closest shot I got but because it requires the password of the user it becomes very difficult and not something I would want in the uninstaller. I also would need a way to get the username and domain for each user and iterate them.

I would prefer to use either cmd or powershell for this.

Answer

Xanderu picture Xanderu · Aug 3, 2017

Don't want to necro an old post but I needed to do this myself so I figured I'd add this in case anyone else needs it:

cmdkey /list | ForEach-Object{if($_ -like "*Target:*" -and $_ -like "*microsoft*"){cmdkey /del:($_ -replace " ","" -replace "Target:","")}} 

Powershell one liner that will remove any credentials with Microsoft in the string.

Reference: https://gist.github.com/janikvonrotz/7819990

I ran this and it purged it locally without needing to run as admin (but I am a local admin)