the password will give you a hint xD
Actually, going through the WinPEAS detailed report is pretty exhausting! 
Fortunately, I started with a smaller automatic tool which helps enumerating things:
SharpUp.exe audit and I got all it needs to find 2 first answers at once…
The most impactful to me was that these 2 discoveries just rely on one contextual fact about the pentest itself: we are actually auditing a Gold Image, which means there probably are administrative shortcuts in order to do things faster… tehy forgot to get rid of! 
First one is the ‘Unattend.xml’ file which contains sensitive info (a basic search with the pattern ‘iamtheadministrator’ yields teh same results: it’s teh only readable file with mention of this ppowerful user! 
).
Second, some registry keys useful to install things in some “high privs” way! 
1 Like
unattend.xml
If anyone is intrested - CVE-2020-0787 can also be used to elevate privileges.