Or, boot from a cd with NTFSdos Pro, mount local hard drive, copy the SAM file from the WINNT dir onto a disk. This stores all the local passwords in an encrypted form. Transfer the SAM file to another machine and use SAMinside to extract password hashes. Then use Lophtcrack to perform a brute force password crack on the hashes. presto... local admin password.

Oli.