MSTSC/RDP for the Paranoid – Never Save Your History…. The Easy Way!

You my have read my article “MSTSC/RDP – How To Clean Up Your History” in this article I described how it was possible to remove all traces of any machine that you connected to with MSTSC/RDP using a simple command line switch to prevent any history from being saved and a registry edit that would remove any prior history that already¬†existed.¬† For people like me that run around with a tinfoil hat on (not really but¬†that’s¬†what people say because of my security paranoia) there is a better solution that is more permanent fix to never save any information about what machine you connect to and once done you never have to think about it again. This method is more¬†for your own¬†machine¬†then it would be for a friends laptop or a library machine that you are¬†temporarily¬†using. For¬†machines¬†that are not yours keep using the /public switch to keep your information from being saved. I personally never want any information saved for MSTSC so I found the following method that will stop MSTSC from writing to the registry even if I forget to use the /public switch.

  1. You will need to open regedit.exe
  2. Navigate¬†to the following registry key: “HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client”
  3. Under that you should see 3 keys: Default, LocalDevices, Servers
  • Default: This Key hold a list of MRU (most recently used) addresses that you have connected to.
  • LocalDevices: List of trusted machines
  • Servers: This hold a list of keys for machines and information like the last user that was used when connecting to that machine

If you look around you can see all these keys hold a lot of information about where you have been and who you logged in with. I have found 2 different ways to prevent this data from being written to this key:

  1. Remove the entire “Terminal Server Client” key or
  2. Removing all permissions from the key making it un-writable.

 

No matter what method you use below please make a backup copy of the “Terminal Server Client” Key before you modify it! Right click on¬†the¬†“Terminal Server Client” key in the left tree and chose export, save it in a location of your¬†choosing.

Method 1 – Remove the Entire Key
  1. Remove the “Terminal Server Client” key¬†by right clicking on it and selecting delete, confirm that you want to delete it.
Method 1 – Reverse
  1. Import the registry file you exported earlier and all the keys are created again.
Method 2 – Remove All Permissions (Preferred)
  1. Before removing any permissions make sure you remove any information you want to first because after you remove all your permissions you will no longer have permission to modify anything below this key.
  2. Right click on the “Terminal Server Client” key and click “Permissions…”
  3. Click¬†the “Advanced” button at¬†the¬†bottom of the dialog.
  4. From here you can “disable inheritance”.
  5. You should be asked if you want to copy all current permissions to this object or remove all inheritance, you want to remove all inherited objects.
  6. This will leave you with a ACL (Access Control List) with no users listed, meaning that no user has permissions to read or write to this registry key or anything below it.
Method 2 – Reverse
  1. Right click on the “Terminal Server Client” key and chose “Permissions…”.
  2. Click the “Advanced” button at¬†the¬†bottom of the window.
  3. Click on the “Enable inheritance” button.
  4. Click okay all the way back out and the default permissions have been inherited again.

This should prevent MSTSC.exe from writing anything to the registry and keeping all your supper secret machine safe!

You must also make the default.rdp file read only in your user directory or else it will always remember the last server you connected to as it writes to that file every time you connect. What I do is make sure all my settings are correct and saved in MSTC and then I make the file read only and this solves the problem.

UPDATE August 14th, 2015
We found out that if you open RDP connections from an RDP file that the OS will save that file in the recently accessed files list. You can turn this OS feature off by modifying the Start_TrackDocs value in the following key:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
“Start_TrackDocs”=dword:00000000

If the last number is 0 it will turn it off, if you set it to 1 it will turn it on, this will prevent the OS from saving things like servername.rdp as recently accessed by this program. Just a word of advice though that I strongly encourage, if you are this paranoid that you went to this length to prevent people from finding out the names of servers you have accessed through RDP, don’t store server information in RDF files which are basic text files that can be read by anyone!!

 

 

Signature

© Caspan 2012