Manipulate stored credentials
This is more of a note to self so I dont forget the nifty cmd line tool included in 2k3 by default.
http://msdn2.microsoft.com/en-us/library/aa374731.aspx
Low-level Credentials Management Functions
The following are low-level credentials management functions.
| Function |
Description |
| CredDelete |
Delete a credential from a user's credentials set. |
| CredEnumerate |
List the credentials in a user's credentials set. |
| CredFindBestCredential |
Searches the Credentials Management (CredMan) database for the set of generic credentials that are associated with the current logon session and that best match the specified target resource. |
| CredFree |
Free the memory used for a buffer returned by any of the credentials management functions. |
| CredGetSessionTypes |
Retrieve the maximum persistence supported by the current logon session. |
| CredGetTargetInfo |
Retrieve all known target name information for a named resource. |
| CredIsProtected |
Specifies whether the specified credentials are encrypted by a previous call to the CredProtect function. |
| CredMarshalCredential |
Transform a credential into a text string. |
| CredPackAuthenticationBuffer |
Converts a string user name and password into an authentication buffer. |
| CredProtect |
Encrypts the specified credentials so that only the current security context can decrypt them. |
| CredRead |
Read a credential from a user's credentials set. |
| CredReadDomainCredentials |
Read the domain credentials from a user's credentials set. |
| CredRename |
Rename a credential from a user's credentials set. |
| CredUnmarshalCredential |
Transform a marshaled credential string back into its nonmarshaled form. |
| CredUnPackAuthenticationBuffer |
Converts an authentication buffer returned by a call to the CredUIPromptForWindowsCredentials function into a string user name and password. |
| CredUnprotect |
Decrypts credentials that were previously encrypted by using the CredProtect function. |
| CredWrite |
Create a new credential or modify an existing credential in a user's credentials set. |
| CredWriteDomainCredentials |
Write domain credentials to a user's credentials set. |
C:\WINDOWS\system32>cmdkey /?
Creates, displays, and deletes stored user names and passwords.
The syntax of this command is:
CMDKEY [{/add | /generic}:targetname {/smartcard | /user:username {/pass{:passw
rd}}} | /delete{:targetname | /ras} | /list{:targetname}]
Examples:
To list available credentials:
cmdkey /list
cmdkey /list:targetname
To create domain credentials:
cmdkey /add:targetname /user:username /pass:password
cmdkey /add:targetname /user:username /pass
cmdkey /add:targetname /user:username
cmdkey /add:targetname /smartcard
To create generic credentials:
The /add switch may be replaced by /generic to create generic credentials
To delete existing credentials:
cmdkey /delete:targetname
To delete RAS credentials:
cmdkey /delete /ras
spat
