After some experimentations I found, that I only need to import to the registry
these values:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Builtin\Aliases\0000022B]
"C"=hex:2b,02,00,00,00,00,00,00,b0,00,00,00,02,00,01,00,b0,00,00,00,28,00,00,\
00,00,00,00,00,d8,00,00,00,7a,00,00,00,00,00,00,00,54,01,00,00,00,00,00,00,\
00,00,00,00,01,00,14,80,90,00,00,00,a0,00,00,00,14,00,00,00,44,00,00,00,02,\
00,30,00,02,00,00,00,02,c0,14,00,13,00,05,01,01,01,00,00,00,00,00,01,00,00,\
00,00,02,c0,14,00,ff,ff,1f,00,01,01,00,00,00,00,00,05,07,00,00,00,02,00,4c,\
00,03,00,00,00,00,00,14,00,0c,00,02,00,01,01,00,00,00,00,00,01,00,00,00,00,\
00,00,18,00,1f,00,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,\
00,18,00,1f,00,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,24,02,00,00,01,02,\
00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,20,00,00,\
00,20,02,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,20,00,44,00,65,00,73,00,\
6b,00,74,00,6f,00,70,00,20,00,55,00,73,00,65,00,72,00,73,00,4d,00,65,00,6d,\
00,62,00,65,00,72,00,73,00,20,00,69,00,6e,00,20,00,74,00,68,00,69,00,73,00,\
20,00,67,00,72,00,6f,00,75,00,70,00,20,00,61,00,72,00,65,00,20,00,67,00,72,\
00,61,00,6e,00,74,00,65,00,64,00,20,00,74,00,68,00,65,00,20,00,72,00,69,00,\
67,00,68,00,74,00,20,00,74,00,6f,00,20,00,6c,00,6f,00,67,00,6f,00,6e,00,20,\
00,72,00,65,00,6d,00,6f,00,74,00,65,00,6c,00,79,00,00,00
[HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Builtin\Aliases\Names\Remote Desktop Users]
@=hex(22b):
That makes RDP connection work, so I can log in to my Win7 Home Premium as a regular user. I think the less we change the registry, the less are the chances that something goes wrong.
I also think, this is the minimal impact we have to make on the registry, as any of the 2 keys are omitted, RDP won't work as non-admin.
And for those who think this hack violates licence agreement: http://download.microsoft.com/Documents/UseTerms/Windows%207_Home%20Premium_English_a0cdb148-2381-47cd-bfc9-9b9102e0cb28.pdf
f. Remote Access Technologies. You may remotely access and use the software installed on the licensed computer from another computer to share a session using Remote Assistance or similar technologies. A “session” means the experience of interacting with the software, directly or indirectly, through any combination of input, output and display peripherals.
I may be wrong here, but in my understanding it's definitely allowed to access the machine remotely.
Best Answer
You can follow the answer https://superuser.com/a/719819/750636, it works also for Windows 10 (I have Win 10 Home).
It's basically about adding a builtin group Remote Desktop Users (which is different from if you add group manually with
net localgroup
add command, even if it has same name). Then you can add your common non-admin users to that group usingnet localgroup
command.Also don't forget, that you need temporarily to elevate your permissions to merge new values into registry. You can do it in regedit on key
HKEY_LOCAL_MACHINE\SAM\SAM
(right-click on key node -> Permissions -> select Administrators -> check Full Control -> OK). After merging the .reg file into registry, you better remove Full Control permissions of Adminitrators group from that key node.Also there is a good guide summary on RdpWrap github. They use PsExec to start regedit as System user, which is also good, because you don't need change any permission in regedit.