KeePass Exploit Unveiled: Retrieving Master Passwords in Clear Text

Redirect Printers on RDS and RemoteApp Servers (2008 and 2012 R2)

Printer Redirection is a feature that allows a local printer to be mapped to a remote machine, and allows printing across a network. Invalid, unusable redirected printers may appear in a Remote Desktop Services session causing slowness.


Over time, Terminal Servers and RemoteApp servers can build a long list of redirected printers. This list can contain copies of itself with different Redirect Numbers that are stored in the Registry. If you open this in Regedit the list can take a long time to fully populate and will display a perpetually loading icon until the editor is closed. Applications that access this list directly and populate their programs with the contents will likely see the same slowness.

The issue here is common in Server 2008 and 2012 (first edition and R2). Microsoft has released hot fixes for the 2008 R2 version but not for the 2012 R2 version as of yet.

The Registry key in question is: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Devices 


This behavior does not occur if you use the Remote Desktop Easy Print feature.


  • HP LaserJet 4250 (redirected 1238)
  • HP LaserJet 4250 (redirected 1239)
  • HP LaserJet 4250 (redirected 1240)
  • HP LaserJet 4250 (redirected 1241)
  • HP LaserJet 4250 (redirected 1242)
  • HP LaserJet 4250 (redirected 1243)


This issue occurs because the Print Spooler adds a registry entry for each redirected printer under the registry subkey (above) for the user, and for all users logged onto the RD Session.


Server 2008 and 2008 R2
Hot Fix information:

Server 2012 and 2012 R2
There is currently no hot fix available for 2012 R2. I found that if i deleted the contents of this key, all of the current printers values were recreated after logging off and then back on. This successfully removed all of the “artifact” printers from the key.

There are multiple ways to target machines or groups of machines. I created a GPO with a WMI filter to explicitly target the RDS server. The GPO contained a logoff script with the following command:

Reg delete “HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Devices” /va /f

This command will run as each user logs off of the system. When they log back in, only the currently installed printers will be re-added. I logged all users off that night and when they all logged back in the next day the registry key was much smaller and the application slowness was resolved. The app I had issues with performed a prefetch of all printers on load and it caused slowness across the board within the program.

Beringer Technology Group is always here to provide expert knowledge in topics like these. Contact us today with any questions you may have.

Beringer Technology Group, a leading Microsoft Gold Certified Partner specializing in Microsoft Dynamics 365 and CRM for Distribution. We also provide expert Managed IT ServicesBackup and Disaster RecoveryCloud Based Computing and Unified Communication Systems.