For each successful connection to a remote computer, an RDP client in Windows (mstsc.exe) saves its name (or an IP address) and the name of the user that has logged in. Later this information is used by the rdp client that offers the user to select one of the connections that he has used previously, allowing to select the name of the remote rdp server, and substitutes the user name to log in.
This is convenient to the end-user perspective, but unsafe from the security point of view, especially when the rdp connection is initiated from a public or untrusted computer.
Information about terminal sessions is stored individually for each user of the computer, i.e. a user (assuming an ordinary user, not an administrator) can’t view the connection history of another user.
In this article we will explain where Windows stores the history of Remote Desktop connections, and how to clear it.
How to Delete the History of RDP Connections in Windows
It’s impossible to remove a computer (or computers) from the list of rdp connections using conventional Windows features, so you have to make changes to the system registry.
- Open the registry editor regedit.exe and navigate to the HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client
- We need two registry keys – Default (keeps the history of the last 10 rdp connections) and Servers (contains the list of all rdp servers and user names previously used for logging in)
- Expand HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default which contains the list of 10 rdp servers that have been used recently (MRU means Most Recently Used). The name (or the IP address) of the terminal server is kept in the value of the key MRU*. To clear the history of the most recent rdp connections, select all keys with the names of MRU0-MRU9, right-click on them and press Delete.
- Then expand HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Servers. It contains the list of all RDC (remote desktop client) connections that have ever been established from this computer. If you expand the node with the name (or ip address) of any server, the UsernameHint key (hints the user name) shows the name of the user connected by rdp.
- To clear the history of all rdp connections and stored user names, you need to clear the contents of Servers key. Since it’s impossible to select all the branches, it’s easier to delete the entire Servers branch and then to recreate it.
- In addition to the keys in the registry, you need to delete the default rdp connection (which contains information about the latest rdp connection) stored in Default.rdp (this file is a hidden file located in Documents).
How to Clear the RDP Connection History (Logs) Using a Script
Above we have discussed how to clear the connection history manually. However, doing it manually (especially on multiple computers) is time consuming. Therefore, we offer a small script (BAT file) that allows to automatically clean up the history of connections.
To automate the rdp history cleanup, you can put this script in the startup or to extend to clients by using a group policy.
1 2 3 4 5 6 7
@echo off reg delete "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default" /va /f reg delete "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Servers" /f reg add "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Servers" cd %userprofile%\documents\ attrib Default.rdp -s -h del Default.rdp
Let’s consider all the steps of the script:
- Disable the output of the information to the console
- Delete all the values in HKCU\Software\Microsoft\Terminal Server Client\Default (clear the list of recent connections)
- Remove the entire contents from HKCU\Software\Microsoft\Terminal Server Client\Servers (clears the rdp connection history and the stored user names)
- Recreate the previously deleted branch
- Go to the directory with the Default.rdp file.
- Change the Default.rdp file attributes, by default it is Hidden and System
- Delete the file Default.rdp file
Note. By the way, the function of the RDC history cleanup is built into many system and registry “cleaners”, such as, CCCleaner, etc.
In case if you want to completely disable the history of remote desktop, you can try to disable writing into this branch of the registry as described in the article about the disabling (but you should understand that this is an unsupported configuration.).