Oh .. and sorry for multiple posting.. it may be in my case a good idea insert some code into a file an admin would access on login, which would be able to copy the sam to a unsecure part of the OS /email to GMail, whenever the admin logs in so i dont have to keep accessing the PC via boot disk when the admin routinly changes PWD.. that would put me 1 step ahead.
Also I believe the domain admin password is diff to the local PWD in terms of storage of HASH..
Is the domain PWD stored on the local machine in XP / 2k. how easy is the stored domain PWD to the local pwd in terms of HASH?. can these PWDS be broken with normal LM rainbow tables?