Automated way to delete cached credentials on MS Servers 2003/2008


I've recently disabled the option to store cached credentials via GPO, also set the amount of records of cached credentials to "0" but this did not clear the already existing records which can be seen under "control userpasswords2" > advanced .

I am looking for a way to clear all existing cached records for 2008/2003 servers inside our domain.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

You can Purge the DNS Server Cache From the Command Prompt.

At the command prompt, run the following command:

Dnscmd /ClearCache

This applies to 2003 and 2008.
iNc0gAuthor Commented:
What? how does purging the dns server cache would clean up the cached credentials under Windows Vault ?

besides, Dnscmd is not a recognized command under Server 2008.
Manjunath SulladTechnical ConsultantCommented:
Hi,  Pls refer EE document. 

On Server2008, try using "schtasks.exe" - this will schedule the task
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

iNc0gAuthor Commented:
I came across that document already and it did not help me as there are no keys under:
in the server, but when I open the "control userpasswords2" > Advanced > Manage Passwords, I do see a cached domain user credentials.
On server 2008 and higher, we have a command line utility to solve this with a script.
However not on 2003 server. And wildcards are not possible, so you would need to provide a list of what should be deleted.
iNc0gAuthor Commented:
so if I have 20+ win2k8 servers I would like to clear the cached passwords from, what script could help me achieve that ?
Are you saying that the syntax of cmdkey.exe is your problem?
cmdkey /?
Shows how the syntax would be.
You should go about and have each server list what credentials are saved and direct the output to a text file on some share using
 cmdkey /list >>\\server\share\%username%'sSavedcredentials@%computername%.txt
After getting this list please examine if that really is what you need. Listed are saved passwords of only one user: the account you used to execute the command with.

So if that is enough and you know what user was used on those 20+ servers to save credentials, then we could analyze the output files and setup a script that uses commands like this:
cmdkey /delete:Domain:target=TERMSRV/someseversname

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.