How to Clear Windows Explorer’s Cached Network Credentials for Samba/Windows Share Access


2 views

During cross-platform network troubleshooting between Windows and Samba shares, I encountered a frustrating behavior where Windows Explorer maintains cached credentials even when explicitly told not to remember them. This becomes particularly problematic when you need to test different authentication scenarios.

Example scenario:
1. Access \\server\share with credentials userA/passA
2. Disconnect all visible mappings via NET USE
3. Attempt to remap with userB/passB fails with:
   "The network folder specified is currently mapped using a different user name and password"

Windows maintains these cached credentials in multiple locations:

  • Credential Manager (Control Panel > Credential Manager)
  • Protected storage in the registry (HKEY_CURRENT_USER\Network)
  • Security subsystem's cache

Here are the most reliable methods I've found to purge these cached credentials:

:: Method 1: Command line credential purge
net use * /delete /y
cmdkey /delete:servername
klist purge

:: Method 2: PowerShell approach
Clear-Item -Path "HKCU:\\Network" -Recurse -Force
(New-Object -ComObject Shell.Application).Windows() | 
  Where-Object {$_.Name -eq "File Explorer"} | 
  ForEach-Object {$_.Quit()}

For frequent troubleshooting, I created this batch/PowerShell hybrid script:

@echo off
:: NetworkCredCleaner.bat
powershell -Command "Start-Process cmd -ArgumentList '/c net use * /delete /y' -Verb RunAs"
timeout /t 2 /nobreak
powershell -Command "cmdkey /list | ForEach-Object { if ($_ -match 'Target: ([^ ]+)') { cmdkey /delete:$matches[1] } }"
reg delete HKCU\Network /f
taskkill /f /im explorer.exe
start explorer.exe

For stubborn cases, manually clean these registry keys:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2]
@=""

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\NetHood]
@=""

To avoid credential caching issues in the future:

  1. Always use net use with the /delete flag when disconnecting
  2. Add persistent:no parameter for temporary connections
  3. Consider using IP addresses instead of hostnames during testing

For developers needing programmatic control, the Credential Management API provides functions like:

#include <wincred.h>

BOOL CredDelete(
  LPCWSTR TargetName,
  DWORD   Type,
  DWORD   Flags
);

// Example usage:
CredDelete(L"legacyGeneric:target=server/share", CRED_TYPE_GENERIC, 0);

Windows Explorer maintains an internal cache of network share credentials that persists even when explicitly told not to remember passwords. This becomes particularly frustrating during troubleshooting scenarios where you need to test different authentication combinations. The cache operates independently from the NET USE visible connections and survives Explorer restarts.

The credentials are stored in multiple locations:

1. LSA secrets (protected storage)
2. Credential Manager (via vault)
3. MUP (Multiple UNC Provider) cache
4. Network Provider cache

Here are several methods to clear the cached credentials without requiring a system reboot:

Method 1: Using Windows Credential Manager API

// C# example using Credential Management API
using System;
using CredentialManagement;

class Program {
    static void Main() {
        using (var cred = new Credential()) {
            cred.Target = "TERMSRV/servername";
            cred.Type = CredentialType.Generic;
            cred.PersistanceType = PersistanceType.Enterprise;
            cred.Delete();
        }
        
        // Alternative for network shares
        using (var cred = new Credential()) {
            cred.Target = "Microsoft_Windows_Network_Share:target=servername";
            cred.Delete();
        }
    }
}

Method 2: Command Line Approach

Create a batch file with these commands:

@echo off
:: Clear existing connections
net use * /delete /y

:: Clear MUP cache
reg delete "HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider" /v RestoreConnection /f
reg delete "HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider" /v RestoreConnectionPersist /f

:: Restart relevant services
sc stop LanmanWorkstation
sc start LanmanWorkstation
sc stop Mup
sc start Mup

Method 3: PowerShell Script

# Clear credential cache
cmdkey /list | ForEach-Object {
    if ($_ -match "target=(.*?)$") {
        cmdkey /delete:$matches[1]
    }
}

# Reset network provider
Stop-Service -Name LanmanWorkstation -Force
Start-Service -Name LanmanWorkstation

# Clear MUP cache
Remove-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\NetworkProvider" -Name "RestoreConnection" -ErrorAction SilentlyContinue
Remove-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\NetworkProvider" -Name "RestoreConnectionPersist" -ErrorAction SilentlyContinue

For cases where the above methods don't work, you can directly modify these registry keys:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"DisableDomainCreds"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters]
"DomainCompatibilityMode"=dword:00000001
"DNSNameResolutionRequired"=dword:00000000

1. Some methods require administrative privileges
2. The cache might repopulate if Explorer automatically reconnects to shares
3. Group Policy settings may override these changes
4. Always test changes in a non-production environment first

If you can't clear the cache immediately, try accessing the share via IP address instead of hostname:

net use Z: \\192.168.1.100\share /user:domain\username