An interesting case of Win11 healing

My neighbors bought a Lenovo's "gaming laptop" for their teenage son, on which I helped them install Win11, activating it in a well-known way (search: massgrave).
Passed 2 or 3 months, they asked me if I can reinstall Win11 as the boy damaged it in some way during his gaming activities.
I took the laptop to review its state (and possibly to avoid throwing out the whole system and reinstalling it anew).
The symptoms I observed were :

• Login takes too long after entering PIN or password, waiting for Desktop and Task Bar to appear
• Inability to run any executable as Administrator using Windows File Explorer
• Other mysterious effects, like invisible Windows Defender log items, among many others

I tried to run Autoruns or MBAM Antimalware on it but "Run as Adminnistrator" did not have any effect.
I searched Google on how to run administrative process from the unprivileged command line and found a recipe at https://learn.microsoft.com/en-us/answers/questions/1338912/how-to-run-powershell-as-administrator , namely,
Start-Process powershell -Verb RunAs .
But trying this on the broken system only gave me a long pause followed by "Permission denied" error.
So I booted Linux from a USB stick, mounted nvme0n1p3 and moved the existing Windows folders aside, that is: cd into the mounted folder, make a subfolder named like save0, and moved Program*, Users and Windows folders from root level down into this folder.
This I did in the hope of being able to reinstall a fresh Win11 into the same filesystem without removing or reforrmatting it, and then to exchange the original Windows folders back (that is, by saving newly-installed Windows folders under save1/ and moving save0/* contents back into the root.
This approach often helped me restore Windows functionality in the past, starting probably from as long as WinXP.
So I booted from Win11 installation USB in the hope of a successful reinstall, and it showed me the 3rd NVMe partition as having 0 bytes available (free) and not having NTFS file system on it.
"Windows must be installed to a partition formatted as NTFS", you know ...
What the 'ell, thought I, then how Linux was able to see the same NTFS ???
After some fruitless Google search (where I found recipes to convert the GPT drive into MBR and/or back, or to fix up a protective MBR partition size), and by looking at the behavior of Windows recovery tools (which also refused to show C:\ contents), I came upon an idea that something could be wrong with root NTFS folder permissions.
Indeed, I found a really useful article at https://superuser.com/questions/1754797 which advised to save ACLs from a "good" system using icacls . /save file and restore them onto the "bad" system using icacls . /restore file .
This approach really helped me: I copied the "bad" NTFS partition to an external USB drive using gparted+ntfsclone, reformatted and reinstalled a new Win11 into the same space on the laptop's NVMe, then compared icacls printout from "good" newly-installed C:\ and from its "bad" USB copy visible in the same host as D:\ .
What I found was, that BUILTIN\Users and BUILTIN\Administrators ACLs present on C:\ were in some unknown way removed from D:\ (4 entries in total).
So I copied them using icacls /save, /restore and a text file , and oh wonder, this resolved the situation !
I only had to copy D:\ back into C:\ using Linux USB/gparted/ntfsclone, then ran a Win11 reinstall from its corresponding USB, then from Linux did the mv trick with save1&save0 , and oh wonder, the original Win11 booted intact within its entirety !
Run as Administrator worked perfectly for every executable downloaded before, WIndows defender log items have become visible again.
Happy, I returned the laptop back to my neighbors and received a small monetary reward from them for that :>