Windows Credential Manager
Intro
My notes on using the Windows Credential Manager
Â
Documentation
cmdkey - Creates, lists, and deletes stored user names and passwords or credentials.
Example on how to use cmdkey to add Azure key: How To Mount And Persist Azure Files As A Windows Share
Example on how to use cmdkey to add Azure key: How to map a Network Drive to an Azure File Share
Secure Password with PowerShell: Encrypting Credentials – Part 1
Â
Tips and Tidbits
cmdkey utility only works with the current user.
The credentials you manage are for the current user, not for another user on the same system.
Use TheÂ
Get-Credential
 cmdlet to create the PSCredential object like the username and password.The PSCredential is a placeholder for a set of credentials – it basically contains a username and a password.
Â
Working With Secure Strings
Â
$cred.Password | ConvertFrom-SecureString
creates a textual string of the encrypted password.You can save this to a file and use it later, in the same computer and same account, to restore the password.
$pass = Get-Content "c:\Password.txt"
$user = "roger@roger.com"
$cred = New-Object -TypeName PSCredential -ArgumentList $user, ($pass | ConvertTo-SecureString)
or
$secPass = ConvertTo-SecureString $pass -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential ($user, $secPass)
Â
Note that if you try to use the textual string in another computer or account, you will get an error
$pass | ConvertTo-SecureString
ConvertTo-SecureString : Key not valid for use in specified state.
At line:1 char:9
+ $pass | ConvertTo-SecureString
+ ~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [ConvertTo-SecureString], CryptographicException
+ FullyQualifiedErrorId : ImportSecureString_InvalidArgument_CryptographicError,Microsoft.PowerShell.Commands.ConvertToSecureStringCom
mand
Â
Beginning with PowerShell 3.0, he could even set a default parameter value so that any cmdlet that had a –Credential parameter would use the domain account.
$cred = get-credential globomantics\da_jack
$PSDefaultParameterValues.add("*:Credential",$cred)
Examples
Â
cmdkey /list to list all saved credentials
Â
Â
Get-Credentials Use
Â
Get the cleartext password with GetNetworkCredential
Â
Add the AD domain password to the Windows Credential Manager so we can issue commands without entering the AD credentials
Â
Â
Â
© Roger Cruz - All rights reserved