This Metasploit module will bypass Windows UAC by hijacking a special key in the Registry under the current user hive, and inserting a custom command that will get invoked when Windows backup and restore is launched. It will spawn a second shell that has the UAC flag turned off. This module modifies a registry key, but cleans up the key once the payload has been invoked.
de0a15ebe9d1aa72ab9db25c4772fd3f14a7a703cd5073c7a99bb9586f47fa3f