This Metasploit module will bypass Windows UAC by hijacking a
special key in the Registry under the current user hive, and
inserting a custom command that will get invoked when Windows
backup and restore is launched. It will spawn a second shell that
has the UAC flag turned off. This module modifies a registry key,
but cleans up the key once the payload has been invoked.
Read more https://packetstormsecurity.com/files/155387/bypassuac_sdclt.rb.txt