http://blogs.technet.com/keithcombs/archive/2006/07/14/441723.aspxI was surfing around and stumbled into Chris Henley's blog. In his post at http://blogs.technet.com/chenley/archive/2006/07/13/441642.aspx the question is posted asking how to disable ALL of the local admin accounts on the various machines throughouten-USCommunityServer 2.1 SP1 (Build: 61025.2)http://blogs.technet.com/keithcombs/archive/2006/07/14/441723.aspx#441757Fri, 14 Jul 2006 13:21:04 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:441757DennisWhen you disable the local admin account it's still accessible when you boot in safe mode.http://blogs.technet.com/keithcombs/archive/2006/07/14/441723.aspx#441857Fri, 14 Jul 2006 21:30:54 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:441857robAlso, the default for a Windows domain (and correct me if I'm wrong) is to cache the last 10(?) logins and store the hashes in the registry. &nbsp;If the network is not available you can still login to the domain with the cashed credentials.http://blogs.technet.com/keithcombs/archive/2006/07/14/441723.aspx#441923Sat, 15 Jul 2006 06:13:52 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:441923Jason Haleyhttp://blogs.technet.com/keithcombs/archive/2006/07/14/441723.aspx#441930Sat, 15 Jul 2006 08:34:40 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:441930DennisRob, <br> <br>Sometimes a computer account gets corrupt. When this happens the cached credentials also won't work. <br> <br>But like i said. Reboot in safe mode and the local admin account is enabled.http://blogs.technet.com/keithcombs/archive/2006/07/14/441723.aspx#441973Sat, 15 Jul 2006 23:00:24 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:441973Keith CombsYea, you have to be careful about cached creds. Depending on your factory staging process and the imaging used, cached creds may not be present. <br> <br>Regarding safe mode, if you are an enterprise admin and have physical access (sitting in front of the machine), hopefully you'll know what the local admin password is if it's a standard build from your corporate desktop standard. <br> <br>Lots of ifs... <br> <br>If you give the user the admin password because they are far away, you let the genie out of the bottle. &nbsp;http://blogs.technet.com/keithcombs/archive/2006/07/14/441723.aspx#442318Tue, 18 Jul 2006 15:40:18 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:442318robI didn't mention it but cached creds is actually a security risk. &nbsp;I've been told that you're supposed to set password caching to 0 on office PCs and 1 on Laptops. &nbsp;Makes sense. &nbsp;What happens when there's a problem? &nbsp;The tech nerd shows up and logs in with the Domain Admin password and now that's sitting on their pc where it can be easily extracted and attacked. &nbsp;(I've done this before on my network while doing a security sweep). <br>Thankfully, there's always safe mode, which really underscores the old saying &quot;without physical security there is no system security&quot;.