PowerShell Credentials Manager

CredMan.ps1 is a PowerShell script that provides access to the Win32 Credential Manager API used for management of stored credentials.

4 Star
26,064 times
Add to favorites
E-mail Twitter del.icio.us Digg Facebook
Sign in to ask a question

  • Error using script in gpo
    1 Posts | Last post January 25, 2019
    • Hello,
      First, thanks for you great job with this script. It might save my life !
      Unfortunatelly when I use it through a GPO to store a login/password, I got an error :
      Failed to write to credentials store for target 'app.digitalize4.com' using 'xxxxxxxxxx', 'yyyyyyyyyyyy',
      'Last edited by vvvv\sssssss on DESKTOP123456'
          + CategoryInfo          : Security error : (:) [], ManagementException
          + FullyQualifiedErrorId : 80070520
      Any help would be appreciate.
  • How to get the DOMAIN_PASSWORD credential's password?
    2 Posts | Last post August 14, 2018
    • Hi, I tried to create a credential of type DOMAIN_PASSWORD, and when I tried to get the credential, the CredentialBlob attribute is $null. Is there any ways that I can get the credential password?
    • This can only work in a domain environment - are you specifying the credentials on creation and recall?
  • can this be exported to csv?
    3 Posts | Last post April 03, 2018
    • Wondering if the GetCred can be exported to a csv? I added the | Export-Csv, and it creates the file but it ends up being a blank file. wanting to capture the password in the credential so it can be called up in a future script. I know it wouldn't be secure but for now I need it to perform that function.
    • Hi,
      In the original Script ouput is a Text String, and it uses a write-host to perform the output.
      You should transform it as an Object, for example:
                 'Username' = $($Cred.UserName)
                 'Password' = $($Cred.CredentialBlob)
                 'Target' = $($Cred.TargetName.Substring($Cred.TargetName.IndexOf("=")+1))
                 'Updated' = $([String]::Format("{0:yyyy-MM-dd HH:mm:ss}", $Cred.LastWritten.ToUniversalTime())) + ' UTC'  #  UTC
                 'Comment' = $($Cred.Comment)
      In this way output can be used into a variable, or exported to a file easily
    • Actually, the information is already *in* object form, but the author decided to explicitly convert it to a string. I replaced lines 962-986 with 'Write-Output $creds', which spits out roughly the same thing as -All but as objects.
  • licensing?
    1 Posts | Last post April 03, 2018
    • The licensing for this is unclear. 'TechNet terms of use' includes a section on software, but has very little to say about software that does not include a specific license: "If Microsoft makes any other Software available on this web site without a license agreement, you may use it solely to design, develop and test your programs to run on Microsoft products and services. "
      I'd like to include a modified version of CredMan in a project I'm developing (for the sole purpose of exporting credentials via command-line, which is bizarrely not provided by standard Windows functionality). Can you please provide an explicit license that either allows or disallows reuse/redistribution of your code?
  • Used the following to clean up all credentials
    1 Posts | Last post August 01, 2017
    • Use at your own risk of course;
      Enum-Creds | ForEach-Object {Del-Creds -Target (($_.TargetName -split "target=")[1])}
  • Why can't I see the added creds in Windows 7 Tresos
    1 Posts | Last post May 22, 2017
    • This is realy great code. Works like a charme.
      But when I add a new credential by unsing –AddCreds, why can’t we see this entry in the 'Control Panel/Tresor'?
  • How can I used a credential in PS script
    1 Posts | Last post September 12, 2016
    • Hi i was wondering how I can use a saved credential in a ps script   
      I am looking to run the Connect-MSOLService -credential cmdlet in a scheduled task run script
  • Possible to update credentials after password change?
    1 Posts | Last post September 07, 2016
    • I'm not familar with powershell, but I think something like
      "PS C:\> .\CredMan.ps1 -UpdCred -User '[domain]\[user]' -Pass '[NewPassword]'" 
      would help after changing Domain Passwords...
      ...if this would update all entries matching [domain]\[user] with the [NewPassword]
      Is it difficult to add such a function? I have no idea, how to do this.
  • Error when executing via cygwin SSH "cmd /c"
    2 Posts | Last post March 14, 2016
    • heya, great code that helps me alot :)
      1 thing though. I want to install simple credentials through a script. the script is on the target machine, and works fine as long as I'm runinng it on the machine console (i.e. with mstsc).  but when I'm trying to run my script with cygwin "cmd /c" I'm recieving an Error similar to @Omar IT's:
      Failed to write to credentials store for target '' using 'my_user', 'my_passs', 'Last edited by my_machine\g_user on MY_MACHINE'
    • Ned,
      As I responded to Omar, this script was never intended to be used against a remote machine (much less using a non-Windows remoting mechanism). It's conceivable that you might use PS remoting to accomplish your goals, but I've never tested this.
  • Error when executing on remote machine
    2 Posts | Last post January 29, 2016
    • Hi, first, thanks for this code. Works great when I execute it locally. But when I execute it remotely, get this error: 
      Failed to write to credentials store for target '' using 'RUDO\Admin', 'p@4w0r1d', 'Last edited by NGGROUP\administrator on NGPC280'
          + CategoryInfo          : NotSpecified: (:) [], ManagementException
          + FullyQualifiedErrorId : 80070520
      1.I have 2 domains. RUDO.local and NGGROUP.local. All my computers are in NGGROUP, but I need to store RUDO's Admin credentials in my NGGROUP domain client computers.
      2.All my computers have the WINRM service ON (service+listeners(all*)+ports), even I tried to run others commands remotely, server to client, and winrm works fine!
      3.I used two kind of methods-commands to run your CredMan.ps1 from my server(admin creds) to client NGPC280: 
      ***a)invoke-command -computername NGPC280 {powershell.exe -executionpolicy byPass -file C:\CredMan.ps1 -AddCred -Target '' -User 'rudo\admin'  -Pass 'p@4w0r1d' -CredType 'domain_password'} 
      (obviously CredMan.ps1 is located in NGPC280' C root) and.....
      ***b)enter-pssession NGPC280--> [norgue280]:PS C:\CredMan.ps1 -AddCred -Target '' -User 'rudo\admin'  -Pass 'p@4w0r1d' -CredType 'domain_password' 
      (obviously executionpolicy is set to bypass).
      4.When I execute this code (3.b) on both computers in the PS localy, server and client, works wonderful.
      So, please help me, since Cpassword died, my life is a mess...
      Thanks a lot.
    • Sorry, but Credman was never intended to be used remotely.
      It sounds like you really should be using a domain for what it was designed - not as an expensive workgroup.
      You will find that establishing a trust between the domains and creating service accounts will serve your cross-domain needs much better than duplicating credentials all over the place.
1 - 10 of 24 Items