none
credential manager to see credentials stored for all users? RRS feed

  • Question

  • Is there a way to see and manage credentials stored for all users on a server (we use 2008 R2) rather than just the user who logs on and uses credential manager (or the cmdkey command)? We have users using three terminal servers and some of them store incorrect creds (wrong username or password), so would be good for myself as domain admin, if I could go to the servers myself, and remove any credentials that OTHER users have stored.
    Thursday, August 21, 2014 9:35 AM

Answers

  • You can view the user sessions and user names on the system

    1) query session /server: "servename" . Eg: query session /server:localhost - will display sessions of logged on users

    2) control panel \credential manager displays both web and computer user credentials

    3) Remote desktop session Manager gives detail about user sessions

    4) PsLoggedon http://technet.microsoft.com/en-au/sysinternals/bb897545.aspx excellent tool to display logged on session info

    hope you are after these info

    Thursday, August 21, 2014 10:53 AM
    Moderator
  • Hi

    The cached credential are stored in a special location in the registry. (an example there; http://msitpros.com/?p=1029)

    I doubt you can manipulate the string directly as it's encrypted (possibly "salted" with the user token), but maybe their is some workaround that I don't know of. (edited; to erase it's surelly easily doable)


    Regards, Philippe

    Don't forget to mark as answer or vote as helpful to help identify good information. ( linkedin endorsement never hurt too :o) )

    Answer an interesting question ? Create a wiki article about it!


    Thursday, August 21, 2014 12:36 PM
    Moderator

All replies

  • You can view the user sessions and user names on the system

    1) query session /server: "servename" . Eg: query session /server:localhost - will display sessions of logged on users

    2) control panel \credential manager displays both web and computer user credentials

    3) Remote desktop session Manager gives detail about user sessions

    4) PsLoggedon http://technet.microsoft.com/en-au/sysinternals/bb897545.aspx excellent tool to display logged on session info

    hope you are after these info

    Thursday, August 21, 2014 10:53 AM
    Moderator
  • Hi

    The cached credential are stored in a special location in the registry. (an example there; http://msitpros.com/?p=1029)

    I doubt you can manipulate the string directly as it's encrypted (possibly "salted" with the user token), but maybe their is some workaround that I don't know of. (edited; to erase it's surelly easily doable)


    Regards, Philippe

    Don't forget to mark as answer or vote as helpful to help identify good information. ( linkedin endorsement never hurt too :o) )

    Answer an interesting question ? Create a wiki article about it!


    Thursday, August 21, 2014 12:36 PM
    Moderator