时不时有人问怎么清理远程桌面记录。就找claude 写了一下:
https://claude.ai/share/371f977f-4b87-44ba-80e4-c8931daf1a93
被控端(服务器端)清理
1. Windows 事件日志
powershell
# 清理 RDP 相关事件日志
wevtutil cl "Microsoft-Windows-TerminalServices-LocalSessionManager/Operational"
wevtutil cl "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational"
wevtutil cl "Microsoft-Windows-TerminalServices-RDPClient/Operational"
wevtutil cl "Security"
wevtutil cl "System"
2. RDP 连接历史(注册表)
powershell
# 删除 RDP 登录相关注册表记录
Remove-Item "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration" -Recurse -ErrorAction SilentlyContinue
# 清理用户 profile 中的 RDP 缓存
Remove-Item "$env:LOCALAPPDATA\Microsoft\Terminal Server Client\Cache\*" -Force -ErrorAction SilentlyContinue
3. 登录记录 / 用户配置文件痕迹
powershell
# 清理最近登录的用户名记录(SAM 相关不可直接删,但可清理日志)
wevtutil cl "Microsoft-Windows-User Profile Service/Operational"
4. 预取文件 Prefetch
powershell
Remove-Item "C:\Windows\Prefetch\MSTSC*" -Force -ErrorAction SilentlyContinue
5. Windows Defender / 系统日志
powershell
wevtutil cl "Application"
# 清理 Defender 扫描日志
Remove-Item "C:\ProgramData\Microsoft\Windows Defender\Scans\History\*" -Recurse -Force -ErrorAction SilentlyContinue
💻 主控端(客户端)清理
1. RDP 连接历史(最重要)
powershell
# 删除已连接的远程计算机列表
Remove-Item "HKCU:\Software\Microsoft\Terminal Server Client\Default" -Recurse -ErrorAction SilentlyContinue
Remove-Item "HKCU:\Software\Microsoft\Terminal Server Client\Servers" -Recurse -ErrorAction SilentlyContinue
2. RDP 缓存文件(位图缓存)
powershell
# 删除 RDP 屏幕位图缓存
Remove-Item "$env:LOCALAPPDATA\Microsoft\Terminal Server Client\Cache\*" -Force -ErrorAction SilentlyContinue
3. .RDP 配置文件
powershell
# 删除保存的 .rdp 文件(默认保存在桌面或文档)
Remove-Item "$env:USERPROFILE\Desktop\*.rdp" -Force -ErrorAction SilentlyContinue
Remove-Item "$env:USERPROFILE\Documents\*.rdp" -Force -ErrorAction SilentlyContinue
4. 凭据管理器中保存的 RDP 密码
powershell
# 列出并删除 RDP 相关凭据
cmdkey /list | Select-String "TERMSRV" | ForEach-Object {
$target = ($_ -split "目标:|Target:")[1].Trim()
cmdkey /delete:$target
}
5. 事件日志(客户端)
powershell
wevtutil cl "Microsoft-Windows-TerminalServices-RDPClient/Operational"
🔁 一键清理脚本(整合版)
powershell
# ========== RDP 痕迹清理脚本 ==========
# 建议以管理员身份运行
Write-Host "开始清理 RDP 痕迹..." -ForegroundColor Cyan
# 事件日志
$logs = @(
"Microsoft-Windows-TerminalServices-LocalSessionManager/Operational",
"Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational",
"Microsoft-Windows-TerminalServices-RDPClient/Operational",
"Security", "System", "Application"
)
foreach ($log in $logs) {
wevtutil cl "$log" 2>$null
Write-Host "已清理日志: $log"
}
# 注册表
$regPaths = @(
"HKCU:\Software\Microsoft\Terminal Server Client\Default",
"HKCU:\Software\Microsoft\Terminal Server Client\Servers"
)
foreach ($path in $regPaths) {
Remove-Item $path -Recurse -ErrorAction SilentlyContinue
Write-Host "已清理注册表: $path"
}
# 缓存文件
Remove-Item "$env:LOCALAPPDATA\Microsoft\Terminal Server Client\Cache\*" -Force -ErrorAction SilentlyContinue
Remove-Item "C:\Windows\Prefetch\MSTSC*" -Force -ErrorAction SilentlyContinue
# 凭据
cmdkey /list | Select-String "TERMSRV" | ForEach-Object {
$target = ($_ -split "目标:|Target:")[1].Trim()
cmdkey /delete:$target
}
Write-Host "清理完成!" -ForegroundColor Green
上一篇:
#ai 一个 gpt-image2 生图,提示词网站下一篇:没了
