WDigest

For the last decade Microsoft has disabled storing reversible passwords in memory by disabling the authentication provider that was leaking these credentials: WDigest.

We can easily enable it again by creating the UseLogonCredential registry key and assigning it the value of 1.

reg add HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest /v UseLogonCredential /t REG_DWORD /d 1

With WDigest enabled, the next time an account connects to the server, its password will be stored in a reversible format that Mimikatz can easily decrypt.