Once high privileges are established and an account for future use is established, the next need is to ensure there is a pathway for future access.
Use a penetration agent/rootkit – both Core Impact and Canvas offer tools with rootkit like abilities to establish connections back out of the system. In some cases, they can be hidden and offer a variety of connection techniques, including outbound HTTP to avoid firewalls.
Remote access service – create an account, activate the service: telnet, SSH, remote desktop…
Install a backdoor program