GITBOOK-625: change request with no subject merged in GitBook

SUMMARY.md

@@ -80,6 +80,7 @@
 * [Introduction](windows-privesc/active-directory/README.md)
 * [Checklist](active-directory/checklist.md)
 * [Enumeration](windows-privesc/active-directory/enumeration.md)
+* [Page](active-directory/page.md)
 * [Kerberos](active-directory/kerberos.md)
 * [Rubeus](active-directory/rubeus.md)
 * [Credentials harvesting](windows-privesc/active-directory/local-credentials.md)

active-directory/page.md

@@ -0,0 +1,43 @@
+# Page
+
+## Enable RDP
+
+Check the status of the deny connection flags
+
+```
+reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections
+```
+
+If not present or set to 1 use the following command to change the key value to 0. This will also open the default RDP port (3389) and start the service.
+
+```
+reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
+```
+
+Disable restricted admin mode
+
+```
+reg add HKLM\System\CurrentControlSet\Control\Lsa /t REG_DWORD /v DisableRestrictedAdmin /d 0x0 /f
+```
+
+Configure firewall
+
+```
+netsh firewall add portopening TCP 3389 "Remote Desktop"
+```
+
+## Enable RDP for users <a href="#enable-rdp-for-users" id="enable-rdp-for-users"></a>
+
+**CMD**
+
+```
+net localgroup "Remote Desktop Users" <user> /add
+net localgroup "Administrators" "<user>" /add #not necessary
+```
+
+**PS**
+
+```
+Add-LocalGroupMember -Group "Remote Desktop Users" -Member "<user>"
+Add-LocalGroupMember -Group "Administrators" -Member "<user>" #not necessary
+```