Диспетчер учетных данных позволяет просматривать и удалять сохраненные учетные данные для веб-сайтов, приложений и сетей.
-
Чтобы открыть диспетчер учетных данных, введите диспетчер учетных данных в поле поиска на панели задач и выберите панель управления диспетчера учетных данных.
-
Выберите Учетные данные веб-сайтов или Учетные данные Windows для доступа к учетным данным, которыми вы хотите управлять.
Нужна дополнительная помощь?
Нужны дополнительные параметры?
Изучите преимущества подписки, просмотрите учебные курсы, узнайте, как защитить свое устройство и т. д.
В сообществах можно задавать вопросы и отвечать на них, отправлять отзывы и консультироваться с экспертами разных профилей.
On Windows 10, Credential Manager is the feature that stores your sign-in information for websites (using Microsoft Edge), apps, and networks (such as mapped drives or shared folders) when you check the option to save your credentials for future logins.
Credential Manager isn’t new since it has been around for a long time, and it allows you to save your login usernames and passwords and view, delete, add, backup, and restore credentials.
This guide will teach you how to use the Credential Manager on Windows 10 to control all your login information.
- Edit existing sign-in information from Credential Manager
- Delete sign-in information from Credential Manager
- Add new sign-in information from Credential Manager
- Backup sign-in information from Credential Manager
- Restore sign-in information from Credential Manager
Edit existing sign-in information from Credential Manager
To update a password or username already stored on Windows 10, use these steps:
-
Open Control Panel on Windows 10.
-
Click on User Accounts.
-
Click on Credential Manager.
-
Click the Windows Credentials tab (or Web Credentials).
-
Select the account.
-
Click the Edit button.
-
Update the username and password as necessary.
-
Click the Save button.
Once you complete the steps, the information will update with the new credentials, which means no more login prompts if you initially saved the wrong username or password or changed the sign-in information.
Delete sign-in information from Credential Manager
To delete an account credential already stored on Windows 10, use these steps:
-
Open Control Panel.
-
Click on User Accounts.
-
Click on Credential Manager.
-
Click the Windows Credentials tab (or Web Credentials).
-
Select the account.
-
Click the Remove button.
-
Click the Yes button.
After you complete the steps, the account credentials will no longer be available on the device, meaning that future logins will require you to enter a username and password.
Add new sign-in information from Credential Manager
To add an app or network credential on Windows 10, use these steps:
-
Open Control Panel.
-
Click on User Accounts.
-
Click on Credential Manager.
-
Click the Windows Credentials tab.
-
Click the “Add a Windows credential” (or “Add a certificate-based credential”) option.
-
Specify the internet or network address corresponding to the app or network resource.
-
Specify the username and password to authenticate.
-
Click the OK button.
Once you complete the steps, the new account information will be added to your device to sign in automatically the next time you access the apps or network shared.
Backup sign-in information from Credential Manager
To export and backup all your credentials for apps and networks, use these steps:
-
Open Control Panel.
-
Click on User Accounts.
-
Click on Credential Manager.
-
Click the Windows Credentials tab.
-
Click the Back up Credentials option.
-
Click the Browse button to specify a destination for the backup.
-
Specify a name for the .crd backup file.
-
Click the Save button.
-
Click the Next button.
-
Use the Ctrl + Alt + Delete keyboard shortcut to continue.
-
Specify a password to protect the Credential Manager file on Windows 10.
-
Click the Next button.
-
Click the Finish button.
After you complete the steps, you’ll end up with a .crd file containing all your Windows 10 and web credentials that you can import to another computer or the same device after a clean installation.
Restore sign-in information from Credential Manager
To restore your sign-in information from backup on Windows 10, use these steps:
-
Open Control Panel.
-
Click on User Accounts.
-
Click on Credential Manager.
-
Click the Windows Credentials tab.
-
Click the Restore Credentials option.
-
Click the Browse button.
-
Select the “.crd” files with the backup information.
-
Click the Open button.
-
Click the Next button.
-
Use the “Ctrl + Alt + Delete” keyboard shortcut to continue.
-
Confirm the password to unlock the Credential Manager backup.
-
Click the Next button.
-
Click the Finish button.
Once you complete the step, your device’s credentials for sites, apps, and networks will be restored.
While this guide focuses on Windows 10, Credential Manager has been available for a long time, which means the steps will also work on Windows 8.1 and Windows 7.
Windows Credential Manager (диспетчер учетных данных) позволяет сохранять учетные записи и пароли для доступа к сетевым ресурсам, сайтам и приложениям. Благодаря диспетчеру учётных записей Windows вы можете подключаться к удаленным ресурсам автоматически, без ввода пароля. Приложения могут самостоятельно обращаться в Credential Manager и использовать сохраненный пароль.
Содержание:
- Используем диспетчер учетных данных Windows для хранения паролей
- Доступ к менеджеру учетных данных Windows из PowerShell
Используем диспетчер учетных данных Windows для хранения паролей
Впервые Credential Manager появился в Windows 7 и позиционируется как достаточное безопасное место для хранения ваших паролей.
В диспетчере учетных данных могут хранится следующие типы аккаунтов:
- Учетные данные Windows (Windows Credentials)– данные для входа в Windows, для доступа на удаленные компьютеры, сохраненные пароли для RDP подключений, пароли к сайтам, поддерживающих встроенную аутентификацию Windows и т.д;
- Учетные данные на основе сертификатов (Certificate-Based Credentials) – для аутентификации с помощью смарт-карт;
- Общие учетные данные (Generic Credentials) – используются сторонними приложениями, совместимые с Credential Manager;
- Учетные данные для интернета (Web Credentials) – сохранённые пароли в браузерах Edge и IE, приложениях Microsoft (MS Office, Teams, Outlook, Skype и т.д).
Например, если при доступе к сетевой папке вы включите опцию “Сохранить пароль”, то введенный вами пароли будет сохранен в Credential Manager.
Аналогично пароль для подключения к удаленному RDP/RDS серверу сохраняется в клиенте Remote Desktop Connection (mstsc.exe).
Также в менеджере паролей сохраняются пароли пользователей при их сохранении командой runas /savecred.
Вы можете получить доступ к диспетчеру учетных данных в Windows 10 из классической панели управления (Control Panel\User Accounts\Credential Manager, Панель управления -> Учетные записи пользователей -> Диспетчер учетных данных).
Как вы видите, в Credential Manager теперь хранятся два пароля, которые мы сохранили ранее.
Сохраненный пароль для RDP подключения сохраняется в формате
TERMSRV\hostname
.
Здесь вы можете добавить сохранённый пароль, отредактировать (просмотреть сохраненный пароль из графического интерфейса нельзя) или удалить любую из записей.
Также для работы с сохраненными паролями можно использовать классический диалоговый интерфейс Windows – Stored User Names and Password. Для его вызова, выполните:
rundll32.exe keymgr.dll,KRShowKeyMgr
Здесь вы также можете управлять сохраненными учетными данными, а также есть функции резервного копирования и восстановления данных в Credential Manager (можно использовать для переноса базы Credential Manager на другой компьютер).
Для управления Credential Manager из командной строки используется утилита
vaultcmd
. Например, чтобы вывести список сохраненных учетных данных типа Windows Credentials выполните команду:
vaultcmd /listcreds:"Windows Credentials"
Credential schema: Windows Domain Password Credential Resource: Domain:target=msk-dc00 Identity: RESOURCE\anovak Hidden: No Roaming: No Property (schema element id,value): (100,3) Property (schema element id,value): (101,SspiPfc)
Следующая команда удалит из Credential Manager все сохраненные пароли для RDP доступа:
For /F "tokens=1,2 delims= " %G in ('cmdkey /list ^| findstr "target=TERMSRV"') do cmdkey /delete %H
Все сохраненные пароли хранятся в хранилище Windows Vault. Windows Vault это защищенное хранилище секретов, паролей и другой информации пользователя. Данные в Windows Vault структурированы и представляют собой набор записей, принадлежащих определенной схеме Vault. Набор ключей шифрования для записей Windows Vault хранится в файле Policy.vpol.
Для доменных он хранится в каталоге
%userprofile%\AppData\Roaming\Microsoft\Vault
. Для локальных пользователей в
%userprofile%\AppData\Local\Microsoft\Vault
.
Для работы Credential Manager должна быть запущена служба VaultSvc:
get-service VaultSvc
Если служба отключена, при попытке получить доступ к Credential Manager появится ошибка
Credential Manager Error The Credential Manager Service is not running. You can start the service manually using the Services snap-in or restart your computer to start the service. Error code: 0x800706B5 Error Message: The interface is unknown.
Если вы хотите заблокировать пользователям возможность сохранения сетевых паролей в Credential Manager, нужно включить политику Network access: Do not allow storage of passwords and credentials for network authentication в разделе GPO Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options.
Теперь, если пользователь попытается сохранить пароль в хранилище, появится ошибка:
Credential Manager Error Unable to save credentials. To save credentials in this vault, check your computer configuration. Error code: 0x80070520 Error Message: A specified logon session does not exist. It may already have been terminated.
Доступ к менеджеру учетных данных Windows из PowerShell
В Windows нет встроенных командлетов для обращения к хранилищу PasswordVault из PowerShell. Но вы можете использовать модуль CredentialManager из галереи PowerShell.
Установите модуль:
Install-Module CredentialManager
Список командлетов в модуле можно вывести так:
get-command -module CredentialManager
В модуле всего 4 командлета:
- Get-StoredCredential – получить учетные данные из хранилища Windows Vault;
- Get-StrongPassword – сгенерировать случайный пароль;
- New-StoredCredential – добавить ученые записи;
- Remove-StoredCredential – удалить учетные записи.
Чтобы добавить новые данные в хранилище CredentialManager, выполните команду:
New-StoredCredential -Target 'contoso' -Type Generic -UserName '[email protected]' -Password '123qwe' -Persist 'LocalMachine'
Проверить, есть в хранилище сохраненные данные для пользователя:
Get-StoredCredential -Target contoso
Сохраненные пароли из Credential Manager можно использовать в ваших скриптах PowerShell. Например, в следующем примере я получаю сохраненные имя и пароль в виде объекта PSCredential и подключаюсь с ними к Exchange Online из PowerShell:
$psCred = Get-StoredCredential -Target "Contoso"
Connect-MSolService -Credential $psCred
Также обратите внимание на новый модуль, PowerShell Secret Management, который можно использовать для безопасного хранения паролей в Windows (поддерживает различные хранилища паролей: KeePass, LastPass, HashiCorp Vault, Azure Key Vault, Bitwarden.
Чтобы удалить определенную учетные данные из Windows Vault, выполните:
Remove-StoredCredential -Target Contoso
Отобразить пароли в открытом виде с помощью встроенных средств нельзя. Но вы можете использовать утилиты типа Mimikatz для получения сохраненных паролей из credman в открытом виде (смотри пример).
These days just about every part of our digital lives involves some form of credentials for authentication. It’s enough to make it virtually impossible to manage them yourself.
While third-party solutions abound, Microsoft Windows has its own built-in credentials manager, but just what can it do?
How Windows Credential Manager Works
Windows Credential Manager is a built-in Windows feature that allows users to securely store and manage their login credentials for various network resources, websites, and applications.
It’s available in the following versions of Windows:
- Windows 10
- Windows 8.1
- Windows 8
- Windows 7
- Windows Vista
It acts as a central repository for storing and managing these generic credentials, allowing users to easily log in to their user accounts without having to remember and enter their username and password every time.
When a user logs in to a network resource, website, or apps for the first time, Windows Credential Manager prompts them to save their login credentials. If users save their credentials, they will be securely stored in the Windows Credential Manager vault.
When the user attempts to access the same network resource, website, or application again, Windows Credential Manager automatically retrieves their saved credentials and logs them in automatically, without the user having to enter their username and password again.
Windows Credential Manager also allows users to manage their stored credentials and update, backup, or delete them as needed. This can be done through the Windows Control Panel or by using the command line interface.
Benefits of Using Windows Credential Manager
There are several benefits to using Windows Credential Manager, including:
- It saves time and effort by automatically filling in login credentials for network resources, websites, and applications that the user has previously logged in to. This eliminates the need for the user to remember and manually enter their username and password.
- It improves security by securely storing login credentials in an encrypted vault, protecting them from unauthorized access. This reduces the risk of password-related security breaches, such as password cracking or phishing attacks.
- It allows users to manage and update their stored login credentials easily. Users can also back up and restore credentials.
- It integrates seamlessly with Windows, making it a convenient and reliable option for managing login credentials on a Windows computer.
Windows credentials manager may not be as elaborate or feature-rich as third-party alternatives such as LastPass or 1Password. Still, it’s free, pre-installed, and designed to be part of the operating system.
How to Access and Manage Credentials in Windows Credential Manager
To access and manage credentials in Windows Credential Manager, follow these steps:
- Open the Windows Control Panel by searching for it in the Start Menu.
- In the search box, type credential manager and select it from the search results.
- In the Credential Manager window, select the Web Credentials or Windows Credentials tab, depending on the type of credentials you want to manage.
- To view the details of a specific credential, select it from the list and click the Dropdown arrow.
- To update a credential, select it from the list and click the Edit button. Make the necessary changes and click OK to save them.
- To delete a credential, select it from the list and click the Remove button. Confirm that you want to delete the credential by clicking Yes in the confirmation window.
- To add a credential, select the type of credential you want to add, and then enter the details.
Alternatively, you can manage credentials in Windows Credential Manager using the command line interface. To do this, follow these steps:
- Open the command prompt by typing cmd in the search box and selecting Command Prompt from the search results.
- Type the following command to view the list of stored credentials: cmdkey /list
- To view the details of a specific credential, use the following command, replacing “CREDENTIAL_NAME” with the name of the credential you want to view:
cmdkey /v CREDENTIAL_NAME
- To add or update a credential, use the following command, replacing “CREDENTIAL_NAME” and “USERNAME” with the appropriate values:
cmdkey /add:CREDENTIAL_NAME /user:USERNAME /pass:PASSWORD
- To delete a credential, use the following command, replacing “CREDENTIAL_NAME” with the name of the credential you want to delete:
cmdkey /delete:CREDENTIAL_NAME
The command line method is hardly ever necessary, but it’s nice to have the option!
Troubleshooting Common Issues With Windows Credential Manager
Credential Manager can be useful for storing login information for websites, network resources, and other services that you access on a regular basis. However, like any other tool, Credential Manager can sometimes encounter issues and may not work as expected.
These are some common issues you may encounter with some possible solutions:
- Credential Manager is not saving your login information: This could be due to a problem with the service itself. Try restarting the service by going to the Start menu and typing services.msc into the search box and press Enter. Locate the Credential Manager service, right-click on it and select Restart.
- Credential Manager is not showing your login information: This could be due to a problem with the stored credentials. Try deleting the existing credentials and re-entering them to see if that fixes the issue. To do this, open Credential Manager, select the credentials that you want to delete, and click on the Remove button. Then, re-enter the credentials and save them. Of course, copy and paste them somewhere safe first!
- Credential Manager is not working: This could be due to a problem with the service itself or with the operating system. Try restarting your computer and see if that fixes the issue. If the problem persists, you may need to update Windows.
Since Credential Manager is an integral part of Windows, it can actually be harder to troubleshoot than a third-party solution. Luckily serious issues seem to be rare and the above fixes are usually enough.
How to Back Up Credentials
It’s great that Credential Manager keeps all your credentials safe and encrypted, but what if something happens to your computer? To back up your passwords with Windows Credential Manager, follow these steps:
- Open Credential Manager by going to the Start menu and typing credential manager into the search box.
- Click on the Back up credentials to export the selected credentials to a file.
- Choose a location to save the file and give it a name.
- Click on the Save button to save the file.
- You can then use this file to restore your credentials if they are lost or deleted.
The exported backup file will be in a special format that can only be read by Credential Manager, so you cannot open it with a text editor or other program. It is also a good idea to keep the file in a safe and secure location, such as an external hard drive or cloud storage service, in case your computer is lost or damaged.
Certificate-Based Credentials
Credential Manager can be used to store and manage certificate-based credentials, which are digital certificates that are used to authenticate your identity and grant you access to certain resources or services.
To use certificate-based credentials with Credential Manager, you will need to install the certificate on your computer and then add it to Credential Manager using Add a certificate-based credential under Windows Credentials.
Generating Strong Passwords
The Windows Credential Manager does not include a password generation feature. It is primarily used to store and manage login credentials for various websites and applications.
This means you’ll have to rely on your web browser of choice, which virtually all both have strong password generators and managers. That includes Microsoft Edge (which replaces Internet Explorer), which is also included with Windows, so you don’t have to download anything extra to generate passwords.
If you want to be more involved with making secure passwords of your own, have a look at 3 Ways To Come Up With the Most Secure Password.
Alternatives to Windows Credential Manager
If you are looking for an alternative to Windows Credential Manager, there are several options available, both free and paid. Some popular alternatives include:
- LastPass: LastPass is a free password manager that can store your login information and automatically fill in forms for you. It also has a feature called “Security Challenge” that can help you identify and fix weak passwords.
- 1Password: 1Password is a paid password manager that offers features such as password generation, password sharing, and password auditing. It also has a built-in password manager for your browser.
- KeePass: KeePass is a free and open-source password manager that can store your login information and automatically fill in forms for you. It also has features such as password generation, password sharing, and password auditing.
- Dashlane: Dashlane is a paid password manager that offers features such as password generation, password sharing, and password auditing. It also has a built-in password manager for your browser.
- RoboForm: RoboForm is a paid password manager that offers features such as password generation, password sharing, and password auditing. It also has a built-in password manager for your browser.
There are many more alternatives to Windows Credential Manager that offer similar or additional features. It may be worth considering switching to a different password manager if you are experiencing issues with Credential Manager or if you want more advanced features.
This is especially true, since with Windows Credential Manager, anyone with admin access to your computer can see your credentials. This is a vulnerability not shared by third-party managers, and should be a primary consideration when choosing where to store your passwords.
Operating system security
Windows Credential Manager is a Windows feature that, both due to its user-friendliness and popularity, was brought over to Windows 10. Since its debut in Windows 7, Credential Manager has helped users store both their web and Windows credentials in one convenient location which can be managed with just a few clicks.
This article will detail how to use Credential Manager in Windows 10, including an introductory explanation of Credential Manager, security concerns associated with Credential Manager, how to add new login information, how to edit login information, how to delete login information, how to back up credentials and how to restore credentials.
A little about Credential Manager
Windows Credential Manager is a digital locker that stores your saved login credentials — passwords, usernames and addresses. It is a carry-over from previous Windows versions and allows users to better manage this very sensitive and very useful information.
These login credentials fall into one of two categories, which are explored below.
Web credentials
The Credential Manager’s web credentials are login information which are stored in Windows, Edge, Internet Explorer, Skype and other apps. This credential categorization first appeared in Windows 8.1 and puts the proverbial hustle in storing your web credentials — those that use the internet frequently will be surprised to find just how many web credentials they use (which will still be dwarfed by the Windows Credential count for most).
Windows credentials
The other categorization of credentials in Credential Manager are Windows credentials login information. This category of login credentials is used by (and only by) Windows services and applications to automatically log you in.
Security concerns
Despite the usability and convenience of Credential Manager, it is not the most secure as many have noted.
Most of these concerns stem from the fact that an elevated process can easily access these credentials: simply put, if an attacker or hacker accesses an elevated process (as they normally do in a successful attack campaign), your credentials are as good as theirs. Any additional security measures users take, including encrypting the contents or storing values pre-hashed, remove Credential Manager from the simplicity and ease it was designed for.
For those that have not been scared away from Credential Manager by my slightly doomsday analysis of its security prospects, let’s take a look at how to accomplish some common, useful tasks with it.
How to add new login information
The most basic task you can complete with Credential Manager is to add new login information. This process is the same whether the login information is a Web or Windows credential.
First, you will need to navigate to Credential Manager on your Windows 10 system. To find it, either navigate to the Control Panel (it is in the alphabetized list of Control Panel selections) or search Credential Manager in your Windows 10 search bar. Double click on it once you find it.
Within Credential Manager, you will see a window labeled “Manage your credentials” with two icons below it for Web Credentials and Windows Credentials. Double-click on the credential you want to add to proceed — for this example, we will use Windows Credentials.
On the right-hand side of the window, you will see “Add a Windows credential.” Click on it. You will be presented with a window with text entry boxes for the internet address, username and password for the credential. Enter the information and click OK. The new login information has been saved.
How to edit login information
Editing login information is most useful when you have changed a credential (for example, when your password changes) and need to update it. Within Credential Manager, click on Windows Credentials. Within Windows Credentials, you will see a list of all Windows Credentials saved to Credential Manager.
Click on the credential you want to edit. This will expand the credential to show the address, username and password that is saved for the credential. Below this information (on the left-hand side), you will see Edit. Click on it, replace your old credential information with the new information and click OK. This will save your edit.
How to delete login information
Deleting login information is made easy with Credential Manager. To delete a credential, click on the credential you want to delete. Under the credential information next to Edit, you will see Remove. Click on remove and voila — the login information has been deleted.
How to back up credentials
A solid functionality that Credential Manager comes equipped with is the ability to back up your credentials. This only applies to Windows Credentials.
To back up your credentials, click on Windows Credentials. Under Windows Credentials, click “Back up credentials.” You will be presented with a window asking you where you want to back up your stored login credentials to. Click browse, navigate to your desired location and specify a name for the backup file, which will be saved as a .crd format file. Click Save and then Next.
Credential Manager allows you to password-protect this file (which is definitely recommended for security). Use the Ctrl+Alt+Delete shortcut to bring up this option, set your password and click Next and Finish. Your credentials are now backed up and password-protected.
How to restore credentials
Unsurprisingly, Credential Manager also lets you restore the credentials you have backed up. To restore, click on Restore Credentials. In the next window, click Browse. Locate the .crd file you want to restore and click open. Now, click next.
At this point, you will need to enter the password you set for the file. Use Ctrl+Alt+Delete and enter your password. Click Next, then Finish, and your credentials have been restored.
Conclusion
Credential Manager is a feature available in Windows 10 to help users better manage their web and Windows login credentials. It allows users to easily add, edit, delete, back up and restore their credentials. Credential Manager makes managing these credentials easy from a usability perspective, but it must be noted that this is at the expense of security.
Sources
- Accessing Credential Manager, Microsoft Support
- How to use Credential Manager on Windows 10, Pureinfotech
- How to Use Credential Manager in Windows 10, Howtoconnect