Use powershell to list the RDP Connections History of logged-in users or all users
Switch branches/tags
Nothing to show
Clone or download
Latest commit 1e842ce Mar 16, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
LICENSE Initial commit Mar 15, 2018
ListAllUsers.ps1 Update ListAllUsers.ps1 Mar 16, 2018
ListLogged-inUsers.ps1 Update ListLogged-inUsers.ps1 Mar 16, 2018
README.md Update README.md Mar 16, 2018

README.md

List-RDP-Connections-History

Use powershell to list the RDP Connections History of logged-in users or all users

List Logged-in Users' RDP Connections History

Enumerating the registry key values of HKEY_USERS"+$User.SID+"\Software\Microsoft\Terminal Server Client\Servers\

List All Users' RDP Connections History

Realization ideas:

  • First use "reg load" to load hive.
  • Then read the RDP Connections History from HKEY_USERS.
  • Last you need to use "reg unload" to unload hive.

Note:

The script automatically implements the above operation,there is no need for a GUI. :)

More Details:

渗透技巧——获得Windows系统的远程桌面连接历史记录