If you've ever looked through a memory dump and noticed the following registry key getting modified, here's my take on what it's doing.
Software\Microsoft\Terminal Server Client\Servers
It appears each time a user used Remote Desktop to connect to another computer a registry entry is created in Terminal Server Client folder. For example, I opened the following registry key
HKEY_USERS\C__Users_USERNAME_ntuser.dat\Software\Microsoft\Terminal Server Client\Servers\SERVERXYZ\UsernameHint
And was able to read the following values
DOMAIN1\USER1
Which would seem to me to indicate that USER1 attempted to connect to SERVERXYZ thru domain DOMAIN1
Copyright © 2015, this post cannot be reproduced or retransmitted in any form without reference to the original post.
Showing posts with label Terminal Server Client. Show all posts
Showing posts with label Terminal Server Client. Show all posts
Tuesday, October 27, 2015
Subscribe to:
Posts (Atom)