从 Windows 上的所有用户的凭据管理器中删除条目
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/39478018/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Remove an entry from credential manager for all users on Windows
提问by Pettor
I am currently implementing a "remove settings" for all users in a Windows uninstaller and came over an issue I am not even sure is possible to solve.
我目前正在 Windows 卸载程序中为所有用户实施“删除设置”,并遇到了一个我什至不确定是否可以解决的问题。
The application stores credential entries for the current user using the CredentialManager (keymgr.dll). Let's call the target of the credential "X". On uninstall all credentials with stored with target "X" should be removed on all users. The uninstaller of course requires administrator privileges but still I find it very difficult to accomplish this.
应用程序使用 CredentialManager ( keymgr.dll)存储当前用户的凭证条目。我们将凭证的目标称为“X”。卸载时,所有用户都应删除与目标“X”一起存储的所有凭据。卸载程序当然需要管理员权限,但我仍然觉得很难做到这一点。
For the current user that command is generally solved via cmdkey /delete=:Xfrom a command prompt. As far as I know cmdkey.exe /listonly helps to list entries for the current user and can't remove local entries from another user.
对于当前用户,该命令通常是通过cmdkey /delete=:X命令提示符解决的。据我所知,cmdkey.exe /list仅有助于列出当前用户的条目,而无法删除其他用户的本地条目。
I have learned that the credentials are stored as OS files under the C:\Users\_user_\AppData\Local\Microsoft\Credentialsfolder, but I can't know which files are the entries I want to delete and removing all would be dangerous for other applications. Also I assume removing OS files will be dangerous and could have limitations (extra UAC prompt?) as well.
我了解到凭据作为操作系统文件存储在文件C:\Users\_user_\AppData\Local\Microsoft\Credentials夹下,但我不知道哪些文件是我要删除的条目,并且删除所有条目对其他应用程序来说是危险的。此外,我认为删除操作系统文件会很危险,并且也可能有限制(额外的 UAC 提示?)。
Runascommand is the closest shot I got but because it requires the password of the user it becomes very difficult and not something I would want in the uninstaller. I also would need a way to get the username and domain for each user and iterate them.
Runas命令是我得到的最接近的镜头,但是因为它需要用户的密码,所以它变得非常困难,而不是我想要的卸载程序。我还需要一种方法来获取每个用户的用户名和域并对其进行迭代。
I would prefer to use either cmdor powershellfor this.
我更愿意为此使用cmd或powershell。
回答by Jebuz
Don't want to necro an old post but I needed to do this myself so I figured I'd add this in case anyone else needs it:
不想死掉一个旧帖子,但我需要自己做,所以我想我会添加这个以防其他人需要它:
cmdkey /list | ForEach-Object{if($_ -like "*Target:*" -and $_ -like "*microsoft*"){cmdkey /del:($_ -replace " ","" -replace "Target:","")}}
Powershell one liner that will remove any credentials with Microsoft in the string.
Powershell 一个衬垫,将删除字符串中与 Microsoft 的任何凭据。
Reference: https://gist.github.com/janikvonrotz/7819990
参考:https: //gist.github.com/janikvonrotz/7819990
I ran this and it purged it locally without needing to run as admin (but I am a local admin)
我运行了它并在本地清除了它而无需以管理员身份运行(但我是本地管理员)
回答by DeployGuy
The cmdkey.exe utility when run from a batch file or a PowerShell command may encounter two issues related to special characters. 1. If run from a batch file, if the credential has "(" or ")" without the double quotes, that is left and right paren, that credential will not be removed. 2. If the credential name aka targetname, has a hyphen surronded by spaces the cmdkey will not remove or create a a credential with that string " - ".
从批处理文件或 PowerShell 命令运行时 cmdkey.exe 实用程序可能会遇到两个与特殊字符相关的问题。1. 如果从批处理文件运行,如果凭证有没有双引号的“(”或“)”,即左右括号,则不会删除该凭证。2. 如果凭据名称又名目标名称,有一个由空格包围的连字符,则 cmdkey 将不会删除或创建带有该字符串“-”的凭据。
There are a few powershell modules written to try and do this, but the only one i found that handles this exceptions was on Github https://github.com/bamcisnetworks/BAMCIS.CredentialManager
有一些 powershell 模块可以尝试执行此操作,但我发现唯一一个处理此异常的模块是在 Github https://github.com/bamcisnetworks/BAMCIS.CredentialManager 上
BAMCIS.CredentialManager
BAMCIS.CredentialManager
Using this i was able to create credentials to set up a test environment with parens or hyphens, but more importantly to remove them by gathering the users list of cached credentials using the modules command and then passing the information in the command to the remove command to remove ALL cached credentials.
使用它,我能够创建凭据以设置带有括号或连字符的测试环境,但更重要的是通过使用 modules 命令收集缓存凭据的用户列表然后将命令中的信息传递给 remove 命令来删除它们删除所有缓存的凭据。
One caveat. After removing the command, after some period of time two cached credentials dynamically reappear.
一个警告。删除该命令后,一段时间后会动态重新出现两个缓存的凭据。
So to address frequent user lock out issues i am going to try and deploy this using SCCM under user context at logoff. Otherwise a system restart after removing the credentials may be needed. Here is a prototype script that imports the module and then uses it to remove all cached credentials, As always, test, test, test and use at your own risk!
因此,为了解决频繁的用户锁定问题,我将尝试在注销时在用户上下文下使用 SCCM 进行部署。否则,可能需要在删除凭据后重新启动系统。这是一个原型脚本,它导入模块,然后使用它来删除所有缓存的凭据,与往常一样,测试、测试、测试和使用风险自负!
Clear-host
import-Module "$PSScriptRoot\BAMCIS.CredentialManager\BAMCIS.CredentialManager.psd1"
$L = Get-CredManCredentialList -ErrorAction SilentlyContinue
If($L -eq $null)
{
Write-host "No Cached Credentials found to remove, no action taken"
$LASTEXITCODE = 0
Write-host "The last exit code is $LASTEXITCODE"
}
Else
{
ForEach($cred in $L)
{
Write-host "`tProcessing...`n"
Write-host "$($cred.TargetName.ToString())`n"
Write-host "$($cred.Type.ToString())`n`n"
$R = Remove-CredManCredential -TargetName $($cred.TargetName.ToString()) -Type $($cred.Type.ToString()) -Force
}
$L = Get-CredManCredentialList -ErrorAction SilentlyContinue -ErrorVariable $Cred_Error
If($L -eq $null)
{
Write-host "All Cached Credentials removed, program Complete"
$LASTEXITCODE = 0
Write-host "The last exit code is $LASTEXITCODE"
}
Else
{
Write-host "WARNING: One or more Cached Credentials were not removed, program Complete"
$LASTEXITCODE = 1
}
}
回答by John c
Batch, elevated cmd prompt:
批处理,提升的 cmd 提示:
To find the main ones, lists any with MS.O, Micro and teams:
要找到主要的,请列出任何带有MS.O、Micro 和团队的:
for /f "tokens=1-4 Delims=:=" %A in ('cmdkey /list ^| findstr Target: ^| findstr /i "MS.O Micro Teams"') do @echo %D
This deletesall the entries for teams:
这将删除团队的所有条目:
for /f "tokens=1-4 Delims=:=" %A in ('cmdkey /list ^| findstr /i teams') do @cmdkey /delete:%D
If you want to include this as a script the syntax will be slightly different. Double the %%A %%D vars
如果您想将其作为脚本包含,则语法会略有不同。将 %%A %%D 变量加倍
