Bleeping Computer

New PsExec spinoff lets hackers bypass network security defenses

Security researchers have developed an implementation of the Sysinternals PsExec utility that allows moving laterally in a network using a single, less monitored port, Windows TCP port 135. PsExec is ...
Ars Technica

PSExec - can it run something that requires local admin on a remote PC

You could create a scheduled task, set it up to run under the system account, and allow the user to spawn it off (I think).