Remote Desktop Protocol (RDP)
Overview
RDP (Remote Desktop Protocol) is a network communications protocol developed by Microsoft, which allows users to connect to another computer from a remote location.
Using mstsc
To connect to a session in full-screen mode, type:
Using /admin and /restrictedAdmin
Connecting to a workstation with Remote Desktop will disconnect any existing session. The /admin flag allows us to connect to the admin session, which does not disconnect the current user if we perform the login with the same user.
Connects you to a session for administering the server.
Connecting to a workstation with /restrictedAdmin won't send your credentials to the remote PC. This mode won't send your credentials to the remote PC, which can protect you if you connect to a compromised device. Connections made from the remote PC might not be authenticated by other PCs, which impact application functionality and compatibility. The /admin parameter is implied. Microsoft introduced RDP with restricted admin mode, which allows system administrators to perform a network login with RDP.
When we supply this argument, the current login session is used to authenticate the session.
Restricted admin mode is disabled by default.
We can enable this through the DisableRestrictedAdmin registries at the following path:
Command examples
RDP manament through WMI
Checking if RDP is allowed.
AllowTSConnections(0 – disable, 1 – enable)
Enabling AllowTSConnections (RDP) through WMI
Disabling AllowTSConnections (RDP) through WMI
Restricted admin
Using restricted admin to perform pass the hash.
Disabling restricted admin through registries.
Enabling restricted admin through registries
Base64 encoded:
References
Last updated