Actually, going through the WinPEAS detailed report is pretty exhausting!
Fortunately, I started with a smaller automatic tool which helps enumerating things:
SharpUp.exe audit
and I got all it needs to find 2 first answers at once…
The most impactful to me was that these 2 discoveries just rely on one contextual fact about the pentest itself: we are actually auditing a Gold Image, which means there probably are administrative shortcuts in order to do things faster… tehy forgot to get rid of!
First one is the ‘Unattend.xml’ file which contains sensitive info (a basic search with the pattern ‘iamtheadministrator’ yields teh same results: it’s teh only readable file with mention of this ppowerful user! ).
Second, some registry keys useful to install things in some “high privs” way!