MSTSC/RDP – How To Clean Up Your History

Update 2012.11.20 – I have posted another article “MSTSC/RDP for the Paranoid – Never Save History The Easy Way!” in this I explain how to prevent mstsc.exe from writing to the registry and never saving your data. SO after you use this post to clean up your history you can use the other method to prevent it from ever being saved again!

If you use Microsoft Terminal Service Connect (MSTSC.exe) to access machines in your network, you will find that after time your history will be saved and gets populate in the drop down list of the program. I personally don’t like leaving a trail showing where I have been! I know people think I am over secure but I don’t want server information sitting around on virtual scraps of paper personally. After some digging I found that this information is being pulled from the registry key “HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\”. I also found out there is all kinds of info under this registry key like printers you used, server names, what user you last connected with, all the kinds of stuff that I just don’t want out there! This is half the battle for a bad guy if they wanted access to my servers. For most people this is just a handy feature to remember servers that you have connected to, for me I don’t need bread crumbs to find my way home I already know how to get there, so why leave them for someone else to follow? To satisfy my security paranoia I found 2 quick and easy ways to solve this problem.

 

  1. Stop the problem before it starts: MSTSC.exe support a public switch “mstsc.exe /public”.  The public switch should be used when you are using a public computer or you do not want any information from this connection stored in the registry of the machine. This is the best way I found to stop this information from being stored on the computer. If you are on someone elses machine just remember to add the /public switch when running the program from the run dialog. This will take care of everything going forward what about everything before you started to do this? Solution 2 will help.
  2. Remove Registry entries: From testing on my Windows 7 x64 machine, I have found that all the information is stored under the registry key “HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\” The best part is that this registry key is created if it is not there already, MSTSC.exe builds this registry key the first time it runs. So because it does this we can delete the entire key and everything under it to wipe our history and it will recreate anything it needs the first run again. Some people might want to use a registry file instead of manually editing the registry so below is the code to do it:

 

If you save the following to a .reg file and run it it will remove the key for you, The – in front of the key path tells it to remove the key.

PLEASE MAKE A BACKUP OF YOUR REGISTRY FIRST!!!

So by wiping out my history and the continual use of the /public switch has kept my history clean!

 

Signature

© Caspan 2011

 

  • Andrew T

    This registry key [HKEY_CURRENT_USERSoftwareMicrosoftTerminal Server ClientServers] contains only part of RDP client history

    I’m using great free tool Remote Desktop History AutoCleaner v1.0.
    It monitors and cleans all the Remote Desktop RDP history automatically everytime.
    http://infopage.eu/remote-desktop-history-cleaner.html
    I scan it with antivirus software, no viruses, malware, adware.

    • http://caspan.com Caspan

      Thanks for the tip. So where is other information stored. I was doing testing buy connecting to a server 123abc then searching the registry for it. This was the only location I could find it. So can you explain where these other locations are that stores your history? I just want to make sure this is not a promotion of a tool that does the same as I have explained.

      Please note to everyone else use this software at your own risk.

      • sysadmin

        This is promotion of a tool that may or may not carry out a task that you can accomplish with a (less than) 1 KB reg file. I wouldn’t even install that software on my VM if you paid me. Simple.

        We could even write a batch file for a simple double click jobby… Please do not download Andrew T’s software, for the sake of your cyber security.

        Caspan, this is an interesting article I will certainly put to good use on my admin workstation as I am also interested in removing any bread crumbs for my sysadmin tasks in the interest of protecting our IT infrastructure. So thank you. :-)

        • Andrew T

          No. Not the all history! You can easily proof that.

          1. Just make several Remote Desktop connections on newly installed system, and do not save any *.rdp file.
          2. After that erase [HKEY_CURRENT_USERSoftwareMicrosoftTerminal Server ClientServers] key.
          3. Then start %windir%system32mstsc.exe and You’ll see in the mstsc.exe input box IP or Host name of the last connection.
          4. If your client Windows 7 or Windows 8 (and probably 10), then in the Jump List of mstsc.exe (here is the picture as example) http://infopage.eu/wp-content/uploads/2014/01/remote-desktop-history-cleaner-Win7-1.png You’ll see history of mstsc.exe connections.

          • http://caspan.com Caspan

            You can make a post with a picture I believe. The picture you updated does not show. so I removed the link. Can you upload a better link? And i believe the jump list is saved but and an encrypted state of some kind else where. I am just doing a bit of research as my Windows 10 is doing exactly like you said the last connection is still there.

          • http://caspan.com Caspan

            Actually after a little more investigation I learned the following. the key is designed like this

            Terminal Server Client
            — Default (holds the MRU)
            — Servers (Holds information on servers)

            I have updated the post. If you remove the whole ‘Terminal Server Client’ Key then it removes all history, but if you are really wanting to prevent all history from being saved, manually remove the two keys Default, and Servers under the ‘Terminal Server Client’ key then remove all inherited permissions on the ‘Terminal Server Client’ key and don’t copy the permissions. This will make the key have no permissions on it. Now your computer does not have access to write to the key and it will never be able to save your history again till an OS upgraded reverts the permissions on the Key! If you ever want to write to it again you just turn on inheritance for the permissions. I have just done some simple testing here with success. Let me know if that cleans out that list you have in your screen shot.

          • http://caspan.com Caspan

            And the more I look at your screen shot this is not MRU history that your screen shot is showing, that is recent item information that is controlled by the OS. Because you are opening a file the OS remembers the file you opened. I am understanding now sorry for my confusion. if you want to get rid of this do the following:

            Windows 7 and before:
            Right click you task bar in a blank spot and select properties, then click the ‘Start Menu’ tab, there should be a check box that asks about recently accessed files, just uncheck that

            Windows 8 and newer OS
            Go to settings, penalization and go to the start option and turn it off there.

            Remember when you think about it having files with the names of your computers saved in them is just as bad as having them in the MRU list… they are sitting there waiting to be read as they are just text files.. so you should not be storing server information in them, but if you must this is a way of turning that off!

            You can also use the registry to turn the option off
            [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced]
            “Start_TrackDocs”=dword:00000000

    • Sysadmin

      This registry key actually contains all RDP history unless you decide to create a .rdp file. Caspan was correct in the first instance. Thank you for your input.