Remote Desktop Client enables you to log on to any remote devices and access as though you were connected to the console of the remote computer. When you use Remote Desktop Protocol (RDP) Connection, it always saves the connection information. This includes the IP Address and User name. The next time you want to connect, you don’t have to enter the information again and can easily connect to the PC. In this article, I will show you how to Prevent Windows from Saving RDP Connection History. Please see how to Get lists of installed Microsoft Windows Updates, How to remove saved RDP connections in Windows, and how to view and remove Remote Desktop connection history.
It’s important to note that preventing Windows from saving RDP connection history is just one aspect of overall security. It should be complemented by other security measures, Such as network segmentation, firewall rules, regular security updates etc to maintain secure remote access.
It’s also worth noting that the specific steps to disable RDP connection history may vary depending on the Windows version you are using. Please see Check if Windows Updates were installed on your device via the Registry Editor. How to fix Azure AD Connect Permission issue: Error 8344 insufficient access rights to perform the operation, and how to fix Can’t connect via RDP upon installing Norton 360. Also, see how to change the default RDP port in Windows, and how to administer Cisco ASA using Command Line Interface.
Reasons to Prevent Windows from Saving Remote Desktop Connection History?
Preventing Windows from saving RDP connection history can result in a security measure. It will help to protect sensitive information and enhance privacy within your organisation. Below are some reasons why you would disable the saving of RDP connection history.
- Confidentiality: RDP connection history may contain sensitive information such as IP addresses, usernames, or server names. By preventing Windows from saving this history, you reduce the risk of unauthorized access or exposure to this information.
- Privacy: Clearing RDP connection history helps maintain privacy by removing any trace of previously established remote connections. This is useful if different users access the same system. Also, it can also help prevent others from knowing which systems you have connected to.
- Compliance and Regulations: There could be regulatory requirements or security policies that mandate the prevention of storing connection history. Compliance measures ensure that sensitive information is not retained, reducing potential risks, and attack surface.
- Preventing Unauthorized Access: If an unauthorized user gains access to your Windows system. They may be able to view the RDP connection history to identify previously accessed systems. By disabling the RDP Connection History, you will be hardening the system and making it more difficult (challenging) for an attacker to perform reconnaissance. That is, gather information for potential exploitation.
Please see how to allow saved credentials for RDP connection, and How to Resolve Microsoft RDP Connection Black Screen. Also, see how to fix RDP Users are unable to change Passwords, and how to connect Watchguard XTM via Web UI. Please see How to fix this computer is a domain controller: The snap-in cannot be used on a domain controller.
RDP Connection on Windows
To further reinterate, in workstations and domains environments, every successful connection to a remote computer using the RDP (Remote Desktop) client in Windows (mstsc.exe) the system will save the remote computer name (or an IP address) and the username used to log on by default. Upon launching the RDP client, it offers the user the opportunity to select one of the connections that were used previously. The user can select the name or IP of the remote RDP server from the list.
This is convenient from the end-user perspective, but unsafe from the security point of view, especially when the RDP connection is initiated from a public or untrusted computer.
Note: All RDP sessions is stored individually in the registry hive of each user, i.e. a non-admin won’t be able to view the RDP connection history of another user.
Please see How to protect Remote Desktop credentials with Windows Defender Remote Credential Guard or Restricted Admin Mode, How to add and modify the Windows Registry from the Command Prompt, How to add Registry keys via DISM in Windows, and How to Get, Edit, Create and Delete Registry Keys via PowerShell in Windows.
Prevent Saving RDP Connection on Windows
To achieve this goal, you must deny writing to the registry key
HKCU\Software\Microsoft\Terminal Server Client for all user accounts. When this is configured, mstsc.exe wouldn’t be able to write RDP connection info to the registry.
Launch the Windows Registry Editor via the Windows Search or via the Run dialogbox. Type “RegEdit” and run it.
Navigate to the following path below. Then right Click on the Terminal Server Client, and select Permission
HKCU\Software\Microsoft\Terminal Server Client
Deny writing to the Registry
If you do NOT want Windows to save the RDP connection history. You must deny writing to the registry for all user accounts. As you can see from the image, this is currently enabled for all users. This will be denied very shortly for the following users.
Disable the permission inheritance
Proceed to disable the permission inheritance on the specified reg key (Permissions|Advanced|Disable inheritance). Please see this related costs: How to create and access a hidden share folder on Windows devices.
Click on disable inheritance as shown below, and click on OK.
Deny All User Accounts
Now deny writing to the registry key HKCU\Software\Microsoft\Terminal Server Client for all user accounts. It is worth mentioning that is a tweak and unsupported configuration.
When this is done. The Remote Desktop Connection Client will not be able to save the Remote Desktop Connection history going forward. Here is an exciting article on how to View RDP Configuration Settings: Connect automatically on an RDP session.
I hope you found this blog post helpful on how to Prevent Windows from Saving RDP Connection History. Please let me know in the comment section if you have any questions.