Bypass UAC flag issues with winrm shell

[antonioCoco]

There are some issues when running the --bypass-uac flag while running from a WinRM shell. It's not clear if the issue is related to winrm itself or 3rd party tools like evil-winrm, but at least on evil-winrm is easily reproducible.

The bug triggers when you run from a non-privileged user and attempt to call the seclogon service with explicit credentials for another non-privileged user, it fails with an access denied error:

If you escape from the winrm shell by sending another interactive shell from RunasCs, the bypass uac feature works as expected.