moeminthar ၏

စိတ္ကူးတည့္ရာေရးထားေသာ ဘေလာ့ခ္

default.rdp was created as a hidden file

Posted by Zwe on March 2, 2010

In case you have ever used the executable file mstsc.exe, it will have created the default.rdp file having the hidden attribute.

Next time you find the file default.rdp, in case it should re-appear, do not delete it. Instead use Notepad to open it. It is just a kind of INI-file in disguise. It holds the name or IP of the last target machine and the account which was used to connect to that target machine. Also the timestamp of the file may be helpful.

Perhaps these details will help determine who used mstsc and for which purpose. In case it happens again.

Actually, you could have a little fun with this.

Right click the default.rdp file and open with a notepad. You should see something like this.

screen mode id:i:1
desktopwidth:i:800
desktopheight:i:600
session bpp:i:16
auto connect:i:1
full address:s:192.168.1.12
compression:i:1
keyboardhook:i:2
audiomode:i:2
redirectdrives:i:0
redirectprinters:i:0
redirectcomports:i:0
redirectsmartcards:i:0
displayconnectionbar:i:1
username:s:Administrator
domain:s:AKA
alternate shell:s:
shell working directory:s:
disable wallpaper:i:1
disable full window drag:i:1
disable menu anims:i:1
disable themes:i:1
bitmapcachepersistenable:i:1

You can check the connecting username in the file and you can check the values that have been set through this link here:

http://dev.remotenetworktechnology.com/ts/rdpfile.htm

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: