Why can't I directly read the RDP connection history for users who are not logged into the Windows system?

The registry information for a user is only loaded into `HKEY_USERS` when that user logs on. For users who are not currently logged in, their settings reside in their `NTUSER.DAT` file on disk and are not synced to the registry. To access that data, you must manually load the hive file as described in the article. This is a common challenge in forensic and penetration testing contexts, much like retrieving PowerShell command history which also requires accessing user-specific artifacts.