Script to Clear Credman
With my customer facing role, there are lot of demonstrations to enterprise customers. Manually reverting machines back to the initial starting point for the next demo can be time consuming and error prone.
One example of this is clearing out the contents on Window's Credential Manager. There is no option to do a block select to delete multiple entries at once. Worse still is that Modern Authentication will create multiple entries inside Credential Manager. An example is shown below for an Windows 7 test machine. The same premise applies to Windows 10.
In order to remove the entry, the Remove From Vault option must be clicked. This is per entry which is a lot of overhead.
Thankfully, there are some options...
CmdKey To the Rescue
Windows has the cmdkey.exe utility which can be used to manage the contents of Credential Manager.
While we will look at the deletion option in this post, the documentation can be consulted for all of the other available options.
cmdkey.exe /delete will remove the specified credential
The base cmdkey commands can be automated using some old skool batch commands.
FOR can be used to loop through the credentials and then pass them to the delete command.
The below is a sample command which can be executed in a cmd prompt.
For /F "tokens=1,2 delims= " %G in ('cmdkey /list ^| findstr Target') do cmdkey /delete %H
Cmdkey Batch File Automation
Now that we have some tool which can be used to manipulate the saved credentials, it can be easily automated.
The below is a sample command which can be executed in a batch file.
Note that the syntax is changed slightly from the previous command
For /F "tokens=1,2 delims= " %%G in ('cmdkey /list ^| findstr Target') do cmdkey /delete %%H
In case you are wondering about the pipe to findstr, this is due to the output returned by cmdkey. There are multiple lines per credential, and we want to select the correct line for manipulation.
I'll let you figure out the % and %% differences. Those who wrote batch files in the last century should remember the difference…..
The same can be said for the circumflex character.