This guide shows how to delete Remote Desktop Protocol (RDP) connection history and saved passwords in Windows. This is essential for maintaining privacy and security, especially on public or untrusted computers.
Removing RDP Connection History in Windows
Windows stores RDP connection history in multiple locations, so clearing it requires addressing each of these areas.
Clearing RDP History via User Registry
1. Open the Registry Editor (regedit.exe) and navigate to HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client.
2. In the Default subkey, find entries for the last 10 RDP connections, labeled MRU0-MRU9 (Most Recently Used). These contain IP addresses or names of RDP hosts. Select and delete these parameters.
3. Navigate to the Servers subkey, which stores information about all RDP servers and user accounts previously used. The username is stored in the UsernameHint parameter, and the server certificate thumbprint is in CertHash.
To clear the history, delete the entire Servers subkey and recreate it manually.
Deleting the Default.rdp File
Delete the hidden Default.rdp file located in the user profile at %userprofile%\Documents. This file stores information about the last connection.
Viewing and Clearing RDP Connection Logs
When connecting via RDP, Windows logs events in the Event Viewer under Applications and Services Logs → Microsoft → Windows → TerminalServices-ClientActiveXCore → Microsoft-Windows-TerminalServices-RDPClient/Operational.
To view all outgoing connections, use the following PowerShell cmdlet:
$properties = @(
@{n='TimeStamp';e={$_.TimeCreated}}
@{n='LocalUser';e={$_.UserID}}
@{n='Target RDP host';e={$_.Properties[1].Value}}
)
Get-WinEvent -FilterHashTable @{LogName='Microsoft-Windows-TerminalServices-RDPClient/Operational';ID='1102'} | Select-Object $properties
Clear these logs via Event Viewer or with the command:
WevtUtil cl Microsoft-Windows-TerminalServices-RDPClient/Operational
Clearing RDP History in Start Menu and Taskbar
Typing mstsc in the Windows search bar or right-clicking the RDP client on the taskbar displays a Recent list of recent connections. To clear this history, remove the Recent Items by deleting files in the %AppData%\Microsoft\Windows\Recent\AutomaticDestinations folder.
RDP History Cleanup Script
For quick cleanup of RDP connection history, use the following BAT script:
@echo off
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default" /va /f
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Servers" /f
reg add "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Servers"
attrib -s -h %userprofile%\documents\Default.rdp
del %userprofile%\documents\Default.rdp
del /f /s /q /a %AppData%\Microsoft\Windows\Recent\AutomaticDestinations
Alternatively, use this PowerShell script to remove all RDP connection history entries:
Get-ChildItem "HKCU:\Software\Microsoft\Terminal Server Client" -Recurse | Remove-ItemProperty -Name UsernameHint -Ea 0
Remove-Item -Path 'HKCU:\Software\Microsoft\Terminal Server Client\servers' -Recurse 2>&1 | Out-Null
Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Terminal Server Client\Default' 'MR*' 2>&1 | Out-Null
$docsfoldes = [environment]::getfolderpath("mydocuments") + '\Default.rdp'
remove-item $docsfoldes -Force 2>&1 | Out-Null
Clearing RDP Client Bitmap Cache
The RDP client stores a cache of infrequently changing desktop areas as bitmap images to reduce data transfer. This cache is stored in *.bmc and *.bin files in the %LOCALAPPDATA%\Microsoft\Terminal Server Client\Cache directory.
For security, clear this folder and disable the Persistent bitmap caching option in the Experience tab of the RDP client.
Preventing Windows from Saving RDP Connection History
To prevent Windows from saving RDP connection history, modify the HKCU\Software\Microsoft\Terminal Server Client registry key. Disable permission inheritance (Permissions → Advanced → Disable inheritance) and set an ACL to deny access for all users, administrators, and SYSTEM. Note that this is an unsupported configuration.
Removing Saved RDP Passwords
The RDP client allows saving user passwords in the Windows Credential Manager for passwordless connections to remote hosts.
To remove saved passwords, open Credential Manager with the command:
rundll32.exe keymgr.dll,KRShowKeyMgr
and delete all entries starting with TERMSRV\.
Alternatively, delete saved credentials with the command:
For /F "tokens=1,2 delims= " %G in ('cmdkey /list ^| findstr "target=TERMSRV"') do cmdkey /delete %H
To prevent users from saving RDP passwords, enable the Do not allow passwords to be saved policy in Computer Configuration → Administrative Templates → Windows Components → Remote Desktop Services → Remote Desktop Connection Client.
