Local Exploits
Reboot: either set BIOS password, of if connected to Domain require domain login, to avoid the “escape” login.
Screen-saver password, good but limited (CD-ROM autorun.inf is executed even when screen saver is running). How about BO in a CD-ROM? Disable autorun.
Revealing passwords: more for recovery that hack (you need to be logged in the machine).
PWL cracking: copy password files to diskette (copy c:\windows\*.pwl a:) and crack them later. Also more recovery than hack -- you need to be logged in.
countermeasures: secure physical access to computer (lock key), in addition to above.