What are the prerequisites for using Juicy Potato on a target system?

The target user must have the SeImpersonate or SeAssignPrimaryToken privilege enabled, which is common for service accounts like IIS or SQL Server. Additionally, DCOM must be enabled, and RPC (typically on port 135) must be accessible either locally or via a remote server reachable with the current user's credentials. An available COM object (CLSID) matching the Windows version is also required. Other privilege escalation methods, such as AlwaysInstallElevated, may apply when these conditions are not met.