What are the main constraints and limitations of Juicy Potato exploitation?

The tool fails if the current user lacks SeImpersonate or SeAssignPrimaryToken privileges, DCOM is disabled, RPC is inaccessible both locally and remotely, or no compatible COM object exists for the OS version. Additionally, certain Windows configurations or security updates may block NTLM relay or restrict DCOM. Defenders can mitigate this by limiting service account privileges or disabling DCOM. Similar privilege escalation vectors like bypassing AppLocker or SILENTTRINITY may still be exploitable, so layered defenses are recommended.