locked
Remove saved passwords older than 90 days RRS feed

  • Question

  • Hello and I am trying to create a PS script to be used as a logon script. This script is meant to remove all saved passwords if older than 90 days. Below is what I was able to come up with but I cant seem to get the two to work together as I am a novice is scripting. Hopefully, someone here can assist!

    I found this script but does not remove all saved passwords 

    # This script will delete files within the root folder and files within sub-folders older than X Days

    # Remove the "-WhatIf" at the end, else the script will only show the files rather than delete them.

    # Enter a number to indicate how many days old the identified file needs to be (must have a "-" in front of it).

    $HowOld = -1

    #Path to the Root Folder

    $Path = "$Env:LOCALAPPDATA\microsoft\Credentials\*"

    get-childitem $Path -recurse | where {$_.lastwritetime -lt (get-date).adddays($HowOld) -and -not $_.psiscontainer} |% {remove-item $_.fullname -force -whatif}

    This script removes all passwords missed with first script

    Stop-Process -processname OneDrive; cmdkey /list | ForEach-Object{if($_ -like "*Target:*"){cmdkey /del:($_ -replace " ","" -replace "Target:","")}}; Start-Process -processname OneDrive

    Monday, January 1, 2018 8:14 PM

All replies

  • Hi,

    Thank you for your question. I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.

    Thank you for your understanding and support.


    Best Regards,
    Frank


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, January 2, 2018 2:55 AM
  • Tuesday, January 2, 2018 5:01 AM
  • Thank you for your response however I am not seeing this meeting the requirements needed.

    Requirement 1 - run as logon script locally (no user input)

    Requirement 2 - Remove stored passwords older than 90 days

    Requirement 3 - call second script

    Tuesday, January 2, 2018 1:43 PM
  • Thank you i look forward to the response
    Tuesday, January 2, 2018 1:44 PM
  • The above link has the code needed to remove account credentials.  There is no way to know how old a credential is.

    This Forum is for Scripting Question Rather than script requests

    Script Gallery.

    Learn PowerShell  

    Script requests


    \_(ツ)_/


    • Edited by jrv Tuesday, January 2, 2018 2:58 PM
    Tuesday, January 2, 2018 2:57 PM
  • the system files located C:\Users\username\AppData\Local\Microsoft\Credentials have a date modified listed

    the 1st script addresses this. The 2nd script removes everything that was missed but does not check dates modified herein lies my issue

    Tuesday, January 2, 2018 3:34 PM
  • the system files located C:\Users\username\AppData\Local\Microsoft\Credentials have a date modified listed

    the 1st script addresses this. The 2nd script removes everything that was missed but does not check dates modified herein lies my issue

    Web Credentials have no dates assigned. Windows credentials have a modified date.  CmdKey does not manage dates.  The link supplied will show the dates of Windows credentials.


    \_(ツ)_/


    • Edited by jrv Tuesday, January 2, 2018 3:52 PM
    Tuesday, January 2, 2018 3:50 PM
  • I was thinking something along the lines of using if then logic. So if first script is true, then run second script
    • Proposed as answer by jrv Wednesday, January 3, 2018 3:00 PM
    • Unproposed as answer by jrv Wednesday, January 3, 2018 3:00 PM
    Wednesday, January 3, 2018 2:17 PM
  • What does that mean.   How does the first script get to be true?

    \_(ツ)_/

    • Proposed as answer by jrv Thursday, January 4, 2018 8:12 PM
    Wednesday, January 3, 2018 3:00 PM
  • if system files located C:\Users\username\AppData\Local\Microsoft\Credentials are older than 90 days then run end of script 1 % {remove-item $_.fullname -force -whatif} then script 2
    Wednesday, January 3, 2018 4:45 PM
  • help where-object -online


    \_(ツ)_/

    Wednesday, January 3, 2018 4:52 PM
  • again not helpful
    Thursday, January 4, 2018 7:49 PM
  • again not helpful

    What is it that is not helpful?

    Do you understand dates nd file dates?  Have you taken time to learn PowerShell or are you just looking for someone to give you a completed script?


    \_(ツ)_/

    Thursday, January 4, 2018 8:13 PM
  • Hi,
    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

    Best Regards,

    Frank

    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, January 9, 2018 6:33 AM
  • negative. the information provided was not helpful
    Tuesday, January 9, 2018 2:06 PM
  • 1. Which passwords(items) are not getting removed? is it "$Env:LOCALAPPDATA\microsoft\Credentials\*" or "<g class="gr_ gr_123 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling" data-gr-id="123" id="123">cmdkey</g> /list" items?

    2. If it's in the credentials folder then what is the error you are getting?

    3. if it's in the "<g class="gr_ gr_331 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling" data-gr-id="331" id="331">cmdkey</g> /list" then what the target name?(like TERMSRV,virtualapp..etc)

    try the below code

    Stop-Process -processname OneDrive -Force
    Get-ChildItem -Directory "$Env:LOCALAPPDATA\microsoft\Credentials" -Recurse | ?{($_.LastWriteTime -lt (Get-Date).AddDays(-90)) -and $_ -isnot [System.IO.DirectoryInfo]} | Remove-Item -Force
    cmdkey.exe /list | ?{ $($_).Trim().Startswith("Target")} | %{ Start-Sleep 1; cmdkey.exe /del:$($($_).Trim()).Replace("Target:","") }
    Start-Process -processname OneDrive

    Tuesday, January 9, 2018 4:11 PM
  • Thank you for your response. I just tested your script (adjusting -90 to -1) and it did not work

    most of windows credentials are stored in this location

    C:\Users\<username>\AppData\Local\Microsoft\Credentials

    If i run this script

    Stop-Process -processname OneDrive; cmdkey /list | ForEach-Object{if($_ -like "*Target:*"){cmdkey /del:($_ -replace " ","" -replace "Target:","")}}; Start-Process -processname OneDrive

    everything is removed.

    I am trying to add logic to the script to check the file location above, if modified by some date the run script. this is where i am getting stuck.

    Wednesday, January 10, 2018 6:04 PM
  • Get-ChildItem C:\Users\<userid>\AppData\Local\Microsoft\Credentials -force |
        Where-Object{ $_.LastWriteTime -gt [datetime]::Today.AddDays(-90) }


    \_(ツ)_/

    Wednesday, January 10, 2018 6:17 PM
  • Thank you for your reply! Please see results below. I tried a few different variations from your suggestion and all failed. I did adjust days to -1 as I do not have any saved credentials on my machine older than 90 days. The last attempt did output information but it did not delete

    I need this to run as a logon or startup script for all users. Not to be run for a specific user.

    PS C:\WINDOWS\system32> Get-ChildItem C:\Users\%username%\AppData\Local\Microsoft\Credentials -force |
        Where-Object{ $_.LastWriteTime -gt [datetime]::Today.AddDays(-1) }
    Get-ChildItem : Cannot find path 'C:\Users\%username%\AppData\Local\Microsoft\Credentials' because it does not exist.
    At line:1 char:1
    + Get-ChildItem C:\Users\%username%\AppData\Local\Microsoft\Credentials ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : ObjectNotFound: (C:\Users\%usern...oft\Credentials:String) [Get-ChildItem], ItemNotFoundException
        + FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.GetChildItemCommand

    PS C:\WINDOWS\system32>

    PS C:\WINDOWS\system32> Get-ChildItem %allusersprofile%\AppData\Local\Microsoft\Credentials -force |
        Where-Object{ $_.LastWriteTime -gt [datetime]::Today.AddDays(-1) }
    Get-ChildItem : Cannot find path 'C:\WINDOWS\system32\%allusersprofile%\AppData\Local\Microsoft\Credentials' because it does not exist.
    At line:1 char:1
    + Get-ChildItem %allusersprofile%\AppData\Local\Microsoft\Credentials - ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : ObjectNotFound: (C:\WINDOWS\syst...oft\Credentials:String) [Get-ChildItem], ItemNotFoundException
        + FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.GetChildItemCommand

    PS C:\WINDOWS\system32>

    PS C:\WINDOWS\system32> Get-ChildItem "$Env:LOCALAPPDATA\microsoft\Credentials" -force |
        Where-Object{ $_.LastWriteTime -gt [datetime]::Today.AddDays(-1) }


        Directory: C:\Users\johnsanc\AppData\Local\microsoft\Credentials


    Mode                LastWriteTime         Length Name                                                                                                                                                                   
    ----                -------------         ------ ----                                                                                                                                                                   
    -a-hs-        1/11/2018   9:52 AM           2436 13372F623FFFE81949BAB78CBB704F84                                                                                                                                       
    -a-hs-        1/11/2018   9:52 AM           2468 1B7562398088E2263D417D3FC232EA87                                                                                                                                       
    -a-hs-        1/11/2018   9:52 AM           2468 5072EFE523C789B9AE9BDB5933EBD333                                                                                                                                       
    -a-hs-        1/11/2018   9:52 AM           2468 651ACD735A8AE17D86DA5FDF662719A3                                                                                                                                       
    -a-hs-        1/11/2018   8:48 AM           1796 6C7F4BF6FD0E69C5414EC29F6568E7A4                                                                                                                                       
    -a-hs-        1/11/2018   9:52 AM           2468 74F39E84D39BA2D1F32B2ED192B72AE6                                                                                                                                       
    -a-hs-        1/11/2018   9:52 AM           2468 7BF56A7B41CD23A0C1014C9C4F555027                                                                                                                                       
    -a-hs-        1/11/2018   9:52 AM           2444 90F5121D29EBA9F5D399F6AF1BAA9F56                                                                                                                                       
    -a-hs-        1/11/2018   9:52 AM           2468 D1F3B2F2BF09764E9237ED12D3D71EA1                                                                                                                                       

    PS C:\WINDOWS\system32>

    Thursday, January 11, 2018 2:55 PM