If a Server or Client is unreachable via RDP the following Trick might help. (Only works if the default $Admin share is enabled in this network)

Download PS Tools and start an administrative CMD.

![image](images/2.png)

Navigate to the pstools directory. Using psexec you can start a shell on a remote host.

psexec \\HOSTNAME cmd

If the device is not domjoined or not in the same domain use this syntax to add username and password.

psexec \\HOSTNAME -u DOMAIN\USER -p PASSWORD cmd

Now that we have CMD with systemrights on the target system we can open up the RDP ports.

netsh firewall set service remoteadmin enable netsh firewall set service remotedesktop enable

Then change the registry key that handles weather or not the target machine accepts RDP

reg add "hklm\system\currentcontrolset\control\terminal server" /f /v fDenyTSConnections /t REG_DWORD /d 0

Then you can rdp to the machine/server.

 

Cheers, Ori