If a Server or Client is unreachable via RDP the following Trick might help. (Only works if the default $Admin share is enabled in this network)
Download PS Tools and start an administrative CMD.
![image](images/2.png)
Navigate to the pstools directory. Using psexec you can start a shell on a remote host.
psexec \\HOSTNAME cmd
If the device is not domjoined or not in the same domain use this syntax to add username and password.
psexec \\HOSTNAME -u DOMAIN\USER -p PASSWORD cmd
Now that we have CMD with systemrights on the target system we can open up the RDP ports.
netsh firewall set service remoteadmin enable
netsh firewall set service remotedesktop enable
Then change the registry key that handles weather or not the target machine accepts RDP
reg add "hklm\system\currentcontrolset\control\terminal server" /f /v fDenyTSConnections /t REG_DWORD /d 0
Then you can rdp to the machine/server.
Cheers, Ori