A researcher has published a method by which a local admin can hijack any other Windows sessions without the need for credentials. Attackers with local admin privileges could use native command-line Windows tools to hijack other users sessions without credentials. Microsoft says the issue is not a security vulnerability as it requires local administrator rights on the machine. An attacker could access domain admin sessions, read documents, and access systems, cloud domains or applications (email, Notepad, others) that the user has previously logged in to.
Source: https://threatpost.com/local-windows-admins-can-hijack-sessions-without-credentials/124427/