Enable Restricted Admin mode using RestrictedAdmin

Restricted Admin Mode was implemented in Windows 8.1 to prevent credentials from being exposed over RDP. While well-intended, this brought the ability to pass-the-hash to RDP. This TTP uses RestricedAdmin to disable DisableRestrictedAdmin
View Command

To view this TTPs command, you must be logged in with a professional or enterprise license.


Test this TTP

Download Operator (1.7.1)
Test this TTP using one of our Operator chains
Is my host protected against RestrictedAdmin?


Deploy RestrictedAdmin and disable Restricted Admin mode