The Windows Cmdkey command creates, lists and deletes stored user names and passwords form a computer. The Cmdkey command helps administrators and security executives lists the user stored credentials and aids in finding evidence or troubleshooting remote access issues! This tool may become handy when administrators want to give users access to a shared resource for temporary use without exposing any login details. For example, a user wishes to access a shared folder /data on server \\win2k8web for temporary basis. An administrator would use a username that has access to the shared resource and either through a remote script or manually from the user workstation types:
Cmdkey /add:win2kweb /user:usernamewithrights /pass:userpassword
Where the syntax is as follows:
Cmdkey /add:<Shared resource> /user:<UserName> /pass:<Password>
Doing so, a new set of credentials are added on the user workstation without making the user aware of the username and password details! Although, a curious and slightly technical user would find the username, I suggest that the administrator would then delete these credentials when the user is ready with his temporary work by typing the following:
Cmdkey /delete:win2k8web
The delete operation denies the user access to that shared resource within the same session while the user may need to log off and log on to access the shared resource after adding the new credentials. Other examples of the cmdkey command are the following:
cmdkey /add:Servername /user:Username
Will add a Username to the current logged on user to access computer Servername and prompt for the password whenever Servername is accessed.
cmdkey /list
Will display a list of all user names and credentials that are stored in the computer.
The full syntax is:
cmdkey [{/add:<TargetName>|/generic:<TargetName>}] {/smartcard|/user:<UserName> [/pass:<Password>]} [/delete{:<TargetName>|/ras}] /list:<TargetName>