What is the best way, to install a persistent metasploit (or any) payload, on a PC, that you only have access to its hard drive. For example you have physical access to the PC, but you don't have the username and password, and you do not want to remove the password, however, you can boot in using a live cd, and access to the hard drive.
What I have done so, is put a payload (bat) under windows directory or System32, add an entry in the registry: "HKEYLOCALMACHINE\Software\Microsoft\Windows\CurrentVersion\Run"
So each time any user logs in, the bat is executed.
However, the payload requires admin rights, so you'll get that UAC prompt each time.
I know you can wait for the victim to log in, get in the PC then install a persistent exploit with meterpreter(persistence.rb), but is there any other more efficient and better way?
(PS: target testing on is windows 10 x64)