Windows 10 - weaknesses of domain policy

For this project I'm looking for a VERY competent consultant on Windows systems and (maybe) on ethical hacking. Standard approach is not useful! My customer has outsourced the management of his network and now there are relationship difficulties. Security client management (in my opinion) was handled very-very-very well but now my customer has no grant to do nothing. The customer client is Windows 10 Enterprise 21H2 - Experience Pack 120.2212 Actual landscape: - His windows user is not local machine Administrator. - The local disk is encrypted via BitLocker (booting from the outside therefore does not allow reading the data) - BIOS has a password, not known by my customer. - no boot his laptop via USB - You cannot install unauthorized applications, not inserted into "Software Center". - Many PowerShell commands are disabled. - If you try to run CMD with administrator rights you get the message: "This app has been blocked by your system administrator" (see attachment picture) - It is not possible to create administrator users nor insert the local user in the administrators group - Command “netplwiz” is locked by Administrator. - Access to the registry has been disabled (every time you edit you get the error "Cannot edit....") - Local Administator user is disable. - Resource sharing via local network is disabled. - USB ports are disable: no external media can be read - Bluetooth connections are not enabled - He can't change "User Account Control Setting", getting the error "Your system administrator has blocked this program" - He can't change "Group Policy", getting the error "You don't have permission to perform this operation - Access denied" - He can't change "Local Group Policy", getting the error "You don't have permission to perform this operation - Access denied" - The contents of the path C:\Windows\System32\GroupPolicy cannot be changed Who can help us to extract data from that computer or modify existing policy to allow user to access to its data?