Restricted Admin Mode was implemented in Windows 8.1 to prevent credentials from being exposed over RDP. While well-intended, this brought the ability to pass-the-hash to RDP.
This TTP uses RestricedAdmin to disable DisableRestrictedAdmin
View Command
To view this TTPs command, you must be logged in with a professional or enterprise license.