Procedure itself is fairly simple. You first need to boot your linux on your victim,
then mount partition containing Windows operating system. (many linux distros do it for you)
On said partition you have to navigate to Windows/System32 directory,
then delete file Narrator.exe and copy cmd.exe renaming it to Narrator.exe [1]
Now poweroff your victim and open narrator on login screen [2] it should pop up a brand new cmd with admin privilieges.
You're the admin now! Enjoy!
For my actual knowledge this is caused by fact that winlogon.exe
(program that manages the login screen) must run with administrative privilieges to function properly
and programs spawned by it have parent process privilieges.
M$ seems unwilling (unable?) to fix it, as this was known in Windows 7 era and at time of writing (08.01.2023) it still works.
We all know nothing is ideal. Here are problems i know about: