Microsoft Step-By-Step: Enabling Restricted Admin Mode for Remote Desktop Connections
Introduced in Windows Server 2012 R2, Restricted Admin mode addresses the ability for a hacker to access plain-text or any other re-usable form of credentials to the remote PC or Server. The solution will also not allow access to any other network resources from that pc or server through restricted admin mode connection with out re-authenticating. An example of this can be see in the video below just before the 59th minute:
First we must enable a target on said server before enabling Restricted Admin mode. To do that we need to add a registry entry.
1) Log in to server or pc as administrator
2) Start > Run > regedit
Read the entire article here, Step-By-Step: Enabling Restricted Admin Mode for Remote Desktop Connections
via the fine folks at Microsoft.