Now there’s another way to bypass UAC that already comes in Kali without Metasploit. Do a locate to find ‘bypassuac’, you’ll see both bypassuac-x86.exe and bypassuac-x64.exe Use the correct one depending on your arch. There’s a good explanation here how this exe works and it has same limitations as the one above; requires user to already be a local admin and doesn’t work when UAC is set to ‘Always notify’. Still it’s good to know more than 1 way to do the same thing because you could be foiled.
Side note, the blog notes, interestingly that UAC is much harder to bypass on Win Vista.