Point-and-Click Elevation of Privilege

Let's see if I have this right.
[Update: No, I don't. See edit below.]

Power Users can start the scheduler.
The scheduler can start the Task Manager: at 10:30 /interactive taskmgr.exe
The Task Manager runs as System.
The Task Manager can start anything (File>New Task (Run...))

So: log on as Power User, schedule Task Manager for 1 minute's time, when it appears kill explorer and run a new explorer from taskman. You now have an admin-level GUI. Or have I missed something?

Time to go off and test this out...
[Some time later: Nope. Wrong. Power Users can't start the scheduler, at least not on XPSP2 and Server 2003. But they can install software of their own, and try to persuade an admin/system service to run it. Meantime, there are other point-and-click tools to try.]