Automated way to delete cached credentials on MS Servers 2003/2008


I've recently disabled the option to store cached credentials via GPO, also set the amount of records of cached credentials to "0" but this did not clear the already existing records which can be seen under "control userpasswords2" > advanced .

I am looking for a way to clear all existing cached records for 2008/2003 servers inside our domain.

Who is Participating?
McKnifeConnect With a Mentor Commented:
Are you saying that the syntax of cmdkey.exe is your problem?
cmdkey /?
Shows how the syntax would be.
You should go about and have each server list what credentials are saved and direct the output to a text file on some share using
 cmdkey /list >>\\server\share\%username%'sSavedcredentials@%computername%.txt
After getting this list please examine if that really is what you need. Listed are saved passwords of only one user: the account you used to execute the command with.

So if that is enough and you know what user was used on those 20+ servers to save credentials, then we could analyze the output files and setup a script that uses commands like this:
cmdkey /delete:Domain:target=TERMSRV/someseversname
You can Purge the DNS Server Cache From the Command Prompt.

At the command prompt, run the following command:

Dnscmd /ClearCache

This applies to 2003 and 2008.
iNc0gAuthor Commented:
What? how does purging the dns server cache would clean up the cached credentials under Windows Vault ?

besides, Dnscmd is not a recognized command under Server 2008.
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Manjunath SulladTechnical ConsultantCommented:
Hi,  Pls refer EE document. 

On Server2008, try using "schtasks.exe" - this will schedule the task
iNc0gAuthor Commented:
I came across that document already and it did not help me as there are no keys under:
in the server, but when I open the "control userpasswords2" > Advanced > Manage Passwords, I do see a cached domain user credentials.
On server 2008 and higher, we have a command line utility to solve this with a script.
However not on 2003 server. And wildcards are not possible, so you would need to provide a list of what should be deleted.
iNc0gAuthor Commented:
so if I have 20+ win2k8 servers I would like to clear the cached passwords from, what script could help me achieve that ?
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.