Table of Contents
The built-in Windows Remote Desktop Connection client (mstsc.exe) saves the remote computer name (or IP address) and the username that is used to log in after each successful connection to the remote RDP host.
The next time the RDP client starts, the user can select one of the saved connections and the previous username is automatically inserted. If you are using a public computer or a computer you don’t trust, you may want to clear your RDP connection history for security reasons.
This article describes where Windows stores Remote Desktop connection history and credentials, and how to clear RDP history and logs.
Delete RDP Connection History from Registry
Windows stores the history of Remote Desktop client connections in several different places, and to completely clear the RDP history you will need to delete the data from all of these places.
1. Open the Registry Editor (regedit.exe) and go to the below reg key.
HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client2. The Default subkey contains history entries for the last 10 RDP connections. The names of the parameters are MRU0-MRU9 (MRU – Most Recently Used). Their values contain IP addresses/RDP host names. Select all the registry parameters in the key and delete them.
3. Expand the Servers subkey. A list of all previously used RDP hosts and user accounts is stored here.
- The username is contained in the UsernameHint parameter. This username is automatically inserted into the mstsc.exe client window when you connect to this RDP host.
- The CertHash parameter contains the thumbprint of the server’s RDP certificate.
4. Clear all entries in the Servers registry key. The easiest way to do this is to simply delete the entire Servers reg key, and then re-create it manually.
Delete the Default.RDP File
The next step is to delete the hidden Default.rdp file from the %userprofile%\Documents folder in the user profile. This file stores information about the last RDP connection.
%userprofile%\Documents
Delete Recent RDP History from the Start Menu and Taskbar
Windows also stores recent remote desktop connections in Jump Lists. If you type mstsc in the Windows search box or right-click on the client in the taskbar, you will see the history of previous RDP connections in the Recent list.
To clear the RDP history in the Start Menu and Jump Lists, clear the Recent Items list by deleting the files in the below folder.
%AppData%\Microsoft\Windows\Recent\AutomaticDestinations
If you don’t want to do it manually, let’s simply open PowerShell and then execute the following commands. It’ll delete all files in that folder automatically.
# Delete Recent RDP History Entries from the Start Menu and Taskbar
$filePath = "$env:APPDATA\Microsoft\Windows\Recent\AutomaticDestinations"
Remove-Item $filePath\*.automaticDestinations-ms -ForceClear RDP Event Viewer Logs in Windows
The RDP client also logs each outbound connection to the Event Viewer log (Applications and Services Logs -> Microsoft -> Windows -> TerminalServices-ClientActiveXCore -> Microsoft-Windows-TerminalServices-RDPClient/Operational).
To list the log for outbound RDP client connections, use the Get-WinEvent PowerShell cmdlet to select and filter the events in the Event Viewer:
$properties = @(
@{n='TimeStamp';e={$_.TimeCreated}}
@{n='LocalUser';e={$_.UserID}}
@{n='Target RDP host';e={$_.Properties[1].Value}}
)
$logName = 'Microsoft-Windows-TerminalServices-RDPClient/Operational'
Get-WinEvent -FilterHashTable @{LogName=$LogName;ID='1102'} | Select-Object $properties# Output
TimeStamp LocalUser Target RDP host
--------- --------- ---------------
2/15/2024 10:23:02 PM S-1-5-21-2408781006-1476909924-2351602277-1000 20.205.174.224
2/15/2024 10:22:53 PM S-1-5-21-2408781006-1476909924-2351602277-1000 20.6.96.132
2/15/2024 10:22:42 PM S-1-5-21-2408781006-1476909924-2351602277-1000 20.6.96.48
2/15/2024 10:08:30 PM S-1-5-21-2408781006-1476909924-2351602277-1000 20.6.96.48
2/15/2024 10:07:08 PM S-1-5-21-2408781006-1476909924-2351602277-1000 20.6.96.48
2/15/2024 10:06:10 PM S-1-5-21-2408781006-1476909924-2351602277-1000 20.6.96.132
2/15/2024 10:05:04 PM S-1-5-21-2408781006-1476909924-2351602277-1000 20.6.96.132
2/15/2024 9:40:55 PM S-1-5-21-2408781006-1476909924-2351602277-1000 20.6.96.132
2/15/2024 9:27:14 PM S-1-5-21-2408781006-1476909924-2351602277-1000 20.6.96.48
2/15/2024 9:27:10 PM S-1-5-21-2408781006-1476909924-2351602277-1000 20.205.174.224
2/15/2024 9:27:01 PM S-1-5-21-2408781006-1476909924-2351602277-1000 20.6.96.132
2/15/2024 9:18:22 PM S-1-5-21-2408781006-1476909924-2351602277-1000 20.6.96.48
2/15/2024 9:18:12 PM S-1-5-21-2408781006-1476909924-2351602277-1000 20.205.174.224
2/15/2024 9:18:02 PM S-1-5-21-2408781006-1476909924-2351602277-1000 20.6.96.48
2/15/2024 9:17:32 PM S-1-5-21-2408781006-1476909924-2351602277-1000 20.6.96.48
2/15/2024 6:47:51 PM S-1-5-21-2408781006-1476909924-2351602277-1000 20.6.96.132
2/15/2024 6:47:05 PM S-1-5-21-2408781006-1476909924-2351602277-1000 20.205.174.224
2/15/2024 6:45:59 PM S-1-5-21-2408781006-1476909924-2351602277-1000 20.6.96.48We can clear this event log from the Event Viewer console or by using the command:
WevtUtil cl Microsoft-Windows-TerminalServices-RDPClient/OperationalWhen running the script to list the log for outbound RDP client connections again, make sure you get the error No events were found. It means all logs have been deleted.
How to Clear Remote Desktop Bitmap Cache?
By default, the mstsc.exe client caches rarely modified areas of the remote desktop as bitmaps (persistent bitmap caching). The RDP client cache can significantly reduce network traffic.
The RDP client cache is stored in *.bmc and *.bin files in the following location.
%LOCALAPPDATA%\Microsoft\Terminal Server Client\CacheFor security reasons, it is recommended that you clear the RDP cache folder and prevent the RDP client from saving the screen image to the cache. Go to that folder and delete all files.
You can disable the Persistent bitmap caching option on the Advanced tab of the Remote Desktop Connection client.
Script to Clear RDP Connection History
To quickly clear the history of RDP connections in Windows, you can use a batch script. This script will automatically perform the manual actions described above to clear the connection history and the RDP logs.
@echo off
::Remove the history from Registry
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default" /va /f
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Servers" /f
reg add "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Servers"
::Clear information about the last RDP connection
attrib -s -h %userprofile%\documents\Default.rdp
del %userprofile%\documents\Default.rdp
::Delete Recent RDP History Entries from the Start Menu and Taskbar
del /f /s /q /a %AppData%\Microsoft\Windows\Recent\AutomaticDestinations
::Clear the log for outbound RDP client connections
WevtUtil cl Microsoft-Windows-TerminalServices-RDPClient/Operational
::Clear Remote Desktop bitmap cache
del "%LOCALAPPDATA%\Microsoft\Terminal Server Client\Cache\*.bin"
del "%LOCALAPPDATA%\Microsoft\Terminal Server Client\Cache\*.bmc"
::Restart File Explorer
taskkill /im explorer.exe /f & explorer.exeA similar PowerShell script to clear all entries in the Remote Desktop Connection history:
# Remove the history from Registry
$regPath = "HKCU:\Software\Microsoft\Terminal Server Client"
Get-ChildItem $regPath -Recurse | Remove-ItemProperty -Name UsernameHint -Ea 0
Remove-Item -Path "$regPath\servers" -Recurse 2>&1 | Out-Null
# Clear information about the last RDP connection
Remove-ItemProperty -Path "$regPath\Default" 'MR*' 2>&1 | Out-Null
$docs = [environment]::getfolderpath("mydocuments") + '\Default.rdp'
Remove-Item $docs -Force 2>&1 | Out-Null
# Delete Recent RDP History Entries from the Start Menu and Taskbar
$filePath = "$env:APPDATA\Microsoft\Windows\Recent\AutomaticDestinations"
Remove-Item $filePath\*.automaticDestinations-ms -Force
# Clear the log for outbound RDP client connections
WevtUtil cl Microsoft-Windows-TerminalServices-RDPClient/Operational
# Clear Remote Desktop bitmap cache
$cachePath = "$env:LOCALAPPDATA\Microsoft\Terminal Server Client\Cache"
Remove-Item $cachePath\*.bmc -Force
Remove-Item $cachePath\*.bin -Force
# Restart File Explorer
Stop-Process -Name "explorer" -ForceRemove Saved RDP Credentials on Windows
The RDP client allows you to store the user’s password in the built-in Windows Credential Manager and automatically connect to a remote host without entering a password.
You can delete saved RDP passwords from the Credential Manager window. Run the command below then remove all entries prefixed TERMSRV\.
rundll32.exe keymgr.dll,KRShowKeyMgr
Or you can clear the stored credentials for RDP with the command:
For /F "tokens=1,2 delims= " %G in ('cmdkey /list ^| findstr "target=TERMSRV"') do cmdkey /delete %HConclusion
The above steps will help you to remove the Remote Desktop Connection History on Windows systems.
Not a reader? Watch this related video tutorial:
