The following is not an exact answer; just the steps for thos of you out there who are interested in this sort of thing.

While I don't know the exact details a friend told me once he hacked an NT password when his client had forgotten it. It is possible to boot up the NT server with a bootup diskette that supports NTFS (again don't ask me where to get this). From here it is possible to copy the SAM file (this is not normally possible when booted up in WEindows as Windows protects the file). You can then dump the SAM file into a password cracking program (these are available out there on the net). My friend said he got the password in a matter of minutes using this method.