In our daily work, it is not uncommon for us to use Windows Remote Desktop Protocol (RDP) to connect to various servers and computers. However, for security and privacy reasons, we occasionally need to delete the history of these connections and the associated login credentials. In this article, I'll present you with a complete PowerShell script that will help you accomplish this goal.
For example, if you work for a company that deals with confidential information, it is important to clean up the history and credentials of your remote desktop connections to avoid the risk of possible information leakage. For example, if you are an individual user, it is necessary to protect your privacy and prevent others from accessing your connection history.
Why do I need to delete Remote Desktop Records?
Remote desktop connection logs and credentials may expose your frequently used server IP address and login information, thus increasing security risks. When you remove these records, you can protect your privacy and network security more effectively.
For example, if these records were to be accessed by an unscrupulous person, they could use the information to hack into your servers or computers and cause serious damage. Or, if your competitors get this information, it may adversely affect your work or business. Therefore, it is very important to delete remote desktop records in time.
PowerShell Script: Deleting RDP History and Credentials
The following is a PowerShell script that deletes both the remote desktop connection history and login credentials:
# Get all remote desktop connection history
$rdpHistoryPath = "HKCU:\Software\Microsoft\Terminal Server Client\Default"
$rdpHistory = Get-ItemProperty -Path $rdpHistoryPath
# Create an array for storing history records
$entries = @()
# Iterate through the registry entries and extract the name and value of each one
foreach ($property in $) {
if ($ -like "MRU*") {
$entries += [PSCustomObject]@{
Name = $
Value = $
}
}
}
# Show all records
Write-Host "Current remote desktop connection records:" -ForegroundColor Cyan
for ($i = 0; $i -lt $; $i++) {
Write-Host "$($i): $($entries[$i].Value)"
}
# Prompt the user for the record number or IP address/computer name to be deleted
$selection = Read-Host "Please enter the record number or IP address/computer name to be deleted"
# Define a function to remove credentials
function Remove-RdpCredentials($computerName) {
$targetName = "TERMSRV/$computerName"
# Get all the Windows credentials in the credential manager
$credentialList = Get-StoredCredential -Type Generic
# Find credentials that match the target name
$credential = $credentialList | Where-Object { $_.TargetName -eq $targetName }
if ($credential) {
# Remove found credentials
$credential | Remove-StoredCredential
Write-Host "Deleted credentials: $($)" -ForegroundColor Green
} else {
Write-Host "No credentials associated with $computerName were found." -ForegroundColor Yellow
}
}
# Check if the input is a number or a name/IP
if ($selection -match '^\d+$') {
# If it's a number, delete
$index = [int]$selection
if ($index -ge 0 -and $index -lt $) {
$keyToDelete = $entries[$index].Name
$valueToDelete = $entries[$index].Value
# Remove registry entries
Remove-ItemProperty -Path $rdpHistoryPath -Name $keyToDelete
Write-Host "Record deleted: $valueToDelete" -ForegroundColor Green
# Remove the corresponding credentials
Remove-RdpCredentials -computerName $valueToDelete
} else {
Write-Host "Invalid number entered." -ForegroundColor Red
}
} else {
# If it's a name/IP, match and delete
$entryToDelete = $entries | Where-Object { $_.Value -eq $selection }
if ($entryToDelete) {
# Remove the registry entry
Remove-ItemProperty -Path $rdpHistoryPath -Name $
Write-Host "Deleted record: $($)" -ForegroundColor Green
# Remove the corresponding credentials
Remove-RdpCredentials -computerName $
} else {
Write-Host "No matching records found." -ForegroundColor Red
}
}
Instructions for use
1. Run PowerShell
Ensure that you run PowerShell as an administrator in order to have sufficient privileges to modify the registry and credentials.
2. Install the CredentialManager module
Before running the script for the first time, you need to install theCredentialManager module to manage credentials:
Install-Module -Name CredentialManager -Force -Scope CurrentUser
3. Implementation scripts
Save the above code as.ps1 files, such asRemoveRDPHistoryWithCredentials.ps1. Navigate in PowerShell to the directory where the script is located and run it:
.\RemoveRDPHistoryWithCredentials.ps1
4. Input selection
Follow the script prompts and enter the number or IP address/computer name of the record to be deleted.
caveat
-
Credential Manager: The script uses the
CredentialManagermodule to access and remove Windows credentials. - scope of one's jurisdiction: Make sure to run the script as administrator.
- backing up: It is recommended to back up relevant data before deletion to prevent accidental deletion.
With this script, you can effectively manage and clean up the connection records and credentials of Remote Desktop to protect your privacy and security.