Clearing RDP connection history in Windows II How to clear RDP Connection History

 How to clear RDP Connection History

The built-in Remote Desktop Connection (RDP) Windows client (mstsc.exe) saves in the system its name (or ip address) and the username under which the login was performed on each successful connection to a remote computer. The next time the RDP client is started, it prompts the user to select one of the connections they have used before. The user can select a remote RDP/RDS server name from the list, and the client automatically substitutes the username previously used to log in.

This is convenient from the end user's point of view, but not secure. Especially when you are connecting to your RDP server from a public or untrusted computer.

Information about all RDP sessions is stored individually for each computer user in the registry, i.e. a normal user (non-administrator) will not be able to view another user's remote connection history.

Clearing RDP connection history in Windows

In this article, we will show you where the history of remote desktop connections and saved passwords is stored in Windows, and how you can clear this history.

Deleting the RDP connection log from the system registry

The information of all RDP connections of each user is stored in the registry. Which can be easily viewed. It will not work to remove the computer(s) from the list of RDP connection history using regular Windows tools. You will have to manually delete the settings from the system registry.

  1. Open the registry editor regedit.exe and navigate to the HKEY CURRENT USER Software Microsoft Terminal Server Client branch ;

       2.Inside this section, we are interested in two branches: Default (stores the history of the last 9 RDP connections) and Servers (contains a list of all RDP servers and usernames previously used to log in);

How to clear RDP Connection History

3. Expand the registry branch HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\ Default , which contains a list of 10 addresses or names of remote computers that were used most recently (MRU - Most Recently Used). The name (IP address) of the remote server is stored in the MRU* key value. To clear the history of recent RDP connections, select all keys with the names MRU 0- MRU 6 , right-click and select Delete ;

How to clear RDP Connection History

4. Now expand the branch HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\ Servers . It contains a list of all RDP connections that were previously used under this user. Expand the branch with the name (IP address) of any host. This will be known by paying attention to the value of the UsernameHint parameter (username hint).. It specifies the username used to connect to the RDP/RDS host. This is the username that will be substituted into the mstsc.exe client window the next time you try to connect to this host.

5 - You will need to clear the server branch to clear the username and rdp connection history. Because it will not work to select all nested branches, the easiest way is to delete the entire Servers branch, and then recreate it manually;

Clearing RDP connection history in Windows

6 - In addition to deleting the following criteria registry branches, you must also delete the default rdp connection file. . This file stores information about the most recent RDP connection. The file is hidden and is located in the Documents directory

7 - Windows also stores RDP connection history in jump lists. If you type mstsc in Windows Search, a list of recently used RDP connections will appear.. You can turn off fast navigation history using the dword registry entry Start _ TrackDocs in the HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced , or you can clear the Resent Items lists by deleting the files in the %AppData%\Microsoft\Windows\Recent\AutomaticDestination

How to clear RDP Connection History

Note - The described method for clearing the Remote Desktop Connection history is applicable to all desktop versions (from Windows XP to Windows 10) and for Windows Server server platforms.


     Script for clearing the history (logs) of RDP connections

Above, we showed you how to manually clear the RDP connection history on Windows. However, doing this manually (especially on multiple computers) is very time-consuming a task. Therefore, to make things even easier we will create a small script (bat-file) that will allow you to automatically clear the history of remote desktop connections.

To automate the cleaning of the RDP history, this script can be placed at startup, or distributed to users' computers using the Group Policy script logo.

@echo off
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default" /va /f
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Servers" /f
reg add "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Servers"
attrib -s -h %userprofile%\documents\Default.rdp
del %userprofile%\documents\Default.rdp
del /f /s /q /a %AppData%\Microsoft\Windows\Recent\AutomaticDestinations

Let's analyze all the commands of the script one by one:

1 - Disabled output of information to the console;

2 - Deleting all parameters in the HKCU\Software\Microsoft\Terminal Server Client\Default branch (clearing the list of the last 10 RDP connections);

3 - Deleting the HKCU\Software\Microsoft\Terminal Server Client\Servers branch along with nested elements (clearing the list of all RDP connections and saved usernames);

4 - Recreate the Servers registry branch;

5 - Remove the Hidden and System attributes from the default.rdp file in the current user's profile directory;

6 - Removing the default.rdp file;

7 - Clearing Recent Items.

You can download the finished script here - 

Alternatively, you can clear the RDP connection history with the following PowerShell script:

Get-ChildItem "HKCU:\Software\Microsoft\Terminal Server Client" -Recurse | Remove-ItemProperty -Name UsernameHint -Ea 0
Remove-Item -Path 'HKCU:\Software\Microsoft\Terminal Server Client\servers' -Recurse  2>&1 | Out-Null
Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Terminal Server Client\Default' 'MR*'  2>&1 | Out-Null
$docsfoldes = [environment]::getfolderpath("mydocuments") + '\Default.rdp'
remove-item  $docsfoldes  -Force  2>&1 | Out-Null

Note . By the way, the RDC log cleaning function is built into many system and registry cleaners, such as CCCleaner, etc.

Post a Comment

* Please Don't Spam Here. All the Comments are Reviewed by Admin.