Ready to learn?

RDP Restricted Admin Mode

๐Ÿ”’ Secure Bits ๐Ÿ’ก
๐——๐—ผ ๐—ฌ๐—ผ๐˜‚ ๐—จ๐˜€๐—ฒ ๐—ฅ๐—ฒ๐˜€๐˜๐—ฟ๐—ถ๐—ฐ๐˜๐—ฒ๐—ฑ ๐—”๐—ฑ๐—บ๐—ถ๐—ป ๐— ๐—ผ๐—ฑ๐—ฒ ๐—ณ๐—ผ๐—ฟ ๐—ฅ๐——๐—ฃ?

If not, you shouldโ€”it ๐—ฝ๐—ฟ๐—ฒ๐˜ƒ๐—ฒ๐—ป๐˜๐˜€ ๐—ฐ๐—ฟ๐—ฒ๐—ฑ๐—ฒ๐—ป๐˜๐—ถ๐—ฎ๐—น ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ.

๐—ช๐—ต๐˜† ๐—œ๐˜ ๐—˜๐˜…๐—ถ๐˜€๐˜๐˜€:
Restricted Admin Mode was designed to let administrators connect to a potentially compromised device without passing their credentials to it.

You must already be an administrator on the target machine, but your credentials never leave the source system, preventing theft and lateral movement attacks.

๐—ช๐—ต๐˜† ๐—œ๐˜ ๐— ๐—ฎ๐˜๐˜๐—ฒ๐—ฟ๐˜€:
โœ… ๐—ฆ๐˜๐—ผ๐—ฝ๐˜€ ๐—–๐—ฟ๐—ฒ๐—ฑ๐—ฒ๐—ป๐˜๐—ถ๐—ฎ๐—น ๐—ง๐—ต๐—ฒ๐—ณ๐˜ โ€“ Protects privileged accounts during RDP sessions.
โœ… ๐—œ๐—ฑ๐—ฒ๐—ฎ๐—น ๐—ณ๐—ผ๐—ฟ ๐—๐˜‚๐—บ๐—ฝ ๐—›๐—ผ๐˜€๐˜๐˜€ & ๐—ฃ๐—”๐—ช๐˜€ โ€“ Securely connect to your devices without risk.
โœ… ๐—™๐—ฒ๐—ฒ๐—น๐˜€ ๐—Ÿ๐—ถ๐—ธ๐—ฒ ๐—ฆ๐—ฆ๐—ข โ€“ No password entry neededโ€”your local admin credentials are used, but never sent to the target.

๐—›๐—ผ๐˜„ ๐˜๐—ผ ๐—˜๐—ป๐—ฎ๐—ฏ๐—น๐—ฒ ๐—œ๐˜:
๐Ÿ”น๐—ข๐—ป ๐˜๐—ต๐—ฒ ๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜ ๐——๐—ฒ๐˜ƒ๐—ถ๐—ฐ๐—ฒ:
Add this registry key:
HKLM\SYSTEM\CurrentControlSet\Control\LSA
REG_DWORD – DisableRestrictedAdmin – 0

๐Ÿ”น๐—ข๐—ป ๐˜๐—ต๐—ฒ ๐—ฆ๐—ผ๐˜‚๐—ฟ๐—ฐ๐—ฒ (๐—๐˜‚๐—บ๐—ฝ๐—›๐—ผ๐˜€๐˜/๐—ฃ๐—”๐—ช):
Administrative Templates\System\Credentials Delegation\Restrict delegation of credentials to remote servers – Require Restricted Admin

โš ๏ธ ๐—Ÿ๐—ถ๐—บ๐—ถ๐˜๐—ฎ๐˜๐—ถ๐—ผ๐—ป: Since no credentials are stored on the target, SSO wonโ€™t work from that machine.

I explain more about this feature in my Cybersecurity Courses ๐Ÿ‘‡
https://academy.horizon-secured.com/p/courses

๐Ÿ‘‰ Do you use this feature in your environment?

buy a course