This PowerShell script extracts and decrypts DPAPI-encrypted connection strings and credentials from SQL Server Management Studio (SSMS) privateregistry.bin files. It retrieves saved connections from SSMS configuration folders, decrypts them, and writes the results to text files for easy access.
- Locates
privateregistry.binfiles for SSMS 21 and SSMS 22. - Extracts and decrypts the
ConnectionMruListregistry keys. - Handles DPAPI-protected connection strings.
- Outputs decrypted connection strings and credentials to text files.
- Provides an option to retain intermediate
.regfiles for debugging.
- Administrator Rights: The script requires elevated privileges to access and modify the registry.
- PowerShell 7.0 or newer: I couldn't get PS 5.1 to work with the
[System.Security.Cryptography.ProtectedData]class. - SSMS Installed: Works with SSMS 21 and SSMS 22, both Preview and GA releases.
-
Close SSMS: Ensure all instances of SSMS are closed before running the script.
-
Run the Script:
.\Extract-SSMSSavedCredentials.ps1 -
Optional: Use the
-KeepRegFilesparameter to retain intermediate.regfiles:.\Extract-SSMSSavedCredentials.ps1 -KeepRegFiles
-
View Results:
DecryptedConnectionStrings.txtDecryptedCredentials.txt
- Backup: The script does not modify the original
privateregistry.binfiles. - Decryption Scope: Only works for the current user profile and machine due to DPAPI encryption.
- Output Files:
DecryptedConnectionStrings.txt- contains decrypted raw connection strings.DecryptedCredentials.txt- contains only data sources with matching user IDs and passwords extracted from the raw connection strings.
If you encounter issues:
- Ensure you are running the script as an administrator.
- Verify that SSMS 21 or SSMS 22 is installed on your machine.
- Check for errors in the console output for more details.
For more details, visit the PowerShell script to extract SSMS 21 and 22 saved connection data blog post.