The built-in Windows Remote Desktop Connection (RDP) consumer (
mstsc.exe) saves the distant pc title (or IP deal with) and the username that’s used to login after every profitable connection to the distant pc. On the subsequent begin, the RDP consumer affords the consumer to choose one of many connections that was used beforehand. The consumer can choose the title of the RDS/RDP host from the listing, and the consumer routinely fills the username used earlier for login.
This is handy from the end-user perspective, however unsafe from the safety standpoint. Especially whenever you join to your RDP server from a public or untrusted pc.
Information about all RDP (terminal) classes is saved individually in the registry hive of every consumer, i.e. a non-admin received’t have the option to view the RDP connection historical past of one other consumer.
In this text we are going to present the place Windows shops the historical past and saved credentials of Remote Desktop connections, how to take away entries from the mstsc window, and clear RDP logs.
How to Remove RDP Connection Cache from the Registry?
Information about all RDP connections is saved in the registry of every consumer. It’s unimaginable to take away a pc (or computer systems) from the listing of RDP connection historical past utilizing built-in Windows instruments. You may have to manually clear some registry keys.
- Run the Registry Editor (
regedit.exe) and browse to the registry key HKEY_CURRENT_USERSoftwareMicrosoftTerminal Server Client;
- You want two registry keys in this part: Default (shops the historical past of the final 10 RDP connections) and Servers (comprises the listing of all RDP servers and usernames used beforehand to login);
- Expand the registry key HKEY_CURRENT_USERSoftwareMicrosoftTerminal Server ClientDefault which comprises the listing of 10 IP addresses or DNS names of distant computer systems which have been used not too long ago (MRU – Most Recently Used). The title (or the IP deal with) of the distant desktop server is saved in the worth of the MRU*. parameter. To clear the historical past of the newest RDP connections, choose all parameters with the names of MRU0-MRU9, right-click and choose Delete;
- Now develop the important thing HKEY_CURRENT_USERSoftwareMicrosoftTerminal Server ClientServers. It comprises the listing of all RDP connections which have ever been established by this consumer. Expand the reg key with the title (or ip deal with) of any host. Pay consideration to the worth of the UsernameHint parameter. It reveals the username used to join to the RDP/RDS host. This username might be used to join to the RDP host routinely. In addition, the CertHash variable comprises the RDP server SSL certificates thumbprint (see the article “Configuring trusted TLS/SSL certificates for RDP”);
- In order to clear the historical past of all RDP connections and saved usernames, you will need to clear the contents of Servers registry key. Since it’s unimaginable to choose all nested registry keys without delay, it’s simpler to delete the complete Servers key after which recreate it manually;
- Next you want to delete the default RDP connection file (which comprises details about the latest rdp session) – Default.rdp (this file is a hidden file positioned in Documents listing).
- Windows additionally saves the current Remote Desktop connections in Jump Lists. If you kind
mstscin the , the beforehand used RDP connections will seem in the listing. You can fully disable Windows 10 current file and placement in Jump listing with the registry dword parameter Start_TrackDocs in the reg key
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced(set it to zero), or you’ll be able to clear the Resent Items lists by deleting information in the listing
Note. The described technique for clearing the connection historical past of Remote Desktop works on all Windows desktop variations (from Windows XP to Windows 10) and for Windows Server.
Script to Clear RDP Connection History
Above we now have confirmed how to clear the historical past of RDP connection in Windows manually. However, doing it manually (particularly on a number of computer systems) is time consuming. Therefore, we provide a small script (BAT file) that enables to routinely clearing the RDP historical past.
To automate the RDP historical past cleanup, you’ll be able to place this script to Windows Startup or run it on consumer computer systems by way of a GPO logoff script.
reg delete "HKEY_CURRENT_USERSoftwareMicrosoftTerminal Server ClientDefault" /va /f
reg delete "HKEY_CURRENT_USERSoftwareMicrosoftTerminal Server ClientServers" /f
reg add "HKEY_CURRENT_USERSoftwareMicrosoftTerminal Server ClientServers"
attrib -s -h %userprofilepercentdocumentsDefault.rdp
del /f /s /q /a %AppData%MicrosoftWindowsRecentAutomaticDestinations
Let’s think about all of the actions of the script:
- Disable the output of the data to the console;
- Delete all of the parameters in the registry key HKCUSoftwareMicrosoftTerminal Server ClientDefault (clear the listing of current RDP connections);
- Delete the complete reg key HKCUSoftwareMicrosoftTerminal Server ClientServers (clears the listing of all RDP connection and saved consumer names);
- Recreate the beforehand deleted registry key;
- Change the Default.rdp file attributes in the profile listing of the present consumer (by default it’s Hidden and System);
- Delete the Default.rdp file;
- Clear Remote Desktop Connection entries from bounce listing current gadgets.
In addition, you’ll be able to clear the historical past of RDP connections utilizing the next PowerShell script:
Get-Little oneItem "HKCU:Software programMicrosoftTerminal Server Client" -Recurse | Remove-ItemProperty -Name UsernameHint -Ea zero
Remove-Item -Path 'HKCU:Software programMicrosoftTerminal Server Clientservers' -Recurse 2>&1 | Out-Null
Remove-ItemProperty -Path 'HKCU:Software programMicrosoftTerminal Server ClientDefault' 'MR*' 2>&1 | Out-Null
$docs = [environment]::getfolderpath("mydocuments") + 'Default.rdp'
remove-item $docs -Force 2>&1 | Out-Null
Note. By the best way, the function of the RDP historical past cleanup is constructed into many system and registry “cleaners”, reminiscent of, CCleaner, and so on.
How to Prevent Windows from Saving RDP Connection History?
If you do NOT need Windows to save the RDP connection historical past, you will need to deny writing to the registry key
HKCUSoftwareMicrosoftTerminal Server Client for all consumer accounts. First, disable permission inheritance on the required reg key (Permissions -> Advanced -> Disable inheritance). Then change the registry key ACL by ticking the Deny choice for customers (however it is best to perceive that that is an unsupported configuration).
As a consequence, mstsc.exe merely can’t write RDP connection information to the registry.
How to Clear Remote Desktop Bitmap Cache?
The Remote Desktop Connection consumer has picture persistent bitmap caching function. The RDP consumer saves not often altering fragments of the distant display as a raster picture cache. Thanks to this, the mstsc.exe consumer hundreds elements of the display that haven’t modified for the reason that final rendering from the native drive cache. This RDP caching function reduces the quantity of knowledge transmitted over the community.
RDP cache is 2 forms of information in a listing
%LOCALAPPDATA%MicrosoftTerminal Server ClientCache:
These information retailer uncooked RDP display bitmaps in the type of 64×64 pixel tiles. Using easy PowerShell or Python scripts (simply looked for by the
RDP Cached Bitmap Extractor question), you will get PNG information with items of the distant desktop display and use them to get delicate data. The measurement of the tiles is small, however adequate to present helpful data to an individual learning the RDP cache.
You can forestall the RDP consumer from storing the distant desktop display picture cache by disabling the Persistent bitmap caching choice on the Advanced tab.
Bitmap Disk Cache Failure. Your disk is full or the cache listing is lacking or corrupted. Some bitmaps might not seem.
In this case, you want to clear the RDP cache listing or disable the Bitmap Caching choice.
Clearing Saved RDP Credentials
If when establishing a brand new distant RDP connection, earlier than getting into the password, the consumer checks an choice Remember Me, then the username and password might be saved in the Windows Credential Manager. The subsequent time you join to the identical pc, the RDP consumer routinely makes use of the beforehand saved password for authentication on the distant host.
You can take away the saved RDP password immediately from the consumer’s mstsc.exe window. Select the identical connection from the listing of connections, and click on on the Delete button. Then verify deletion of the saved credentials.
Alternatively, you’ll be able to delete the RDP saved password immediately from the Windows Credential Manager. Go to the Control PanelUser AccountsCredential Manager part. Select Manage Windows Credentials and in the listing of saved passwords discover the pc title (in the next format
TERMSRV/192.168.1.100). Expand the discovered merchandise and click on the Remove button.
In an Active Directory area atmosphere, you’ll be able to disable saving passwords for RDP connections through the use of the particular GPO – Network entry: Do not permit storage of passwords and credentials for community authentication (see an ).
Removing RDP-Related Event Logs on a Remote Host
Connection logs are additionally saved on the RDP/RDS host facet. You can discover details about RDP connection historical past in Event Viewer logs:
- Applications and Services Logs -> Microsoft -> Windows -> TerminalServices-RemoteConnectionManager -> Operational;
- TerminalServices-LocalSessionManager -> Admin.
You can clear the Event Logs on an RDP server .