Scenario: The system needs to be hacked because the administrator password is not available, or if the system needs to be penetrated from a covert standpoint.
Exploitation Phase: Get physical access to the target system, reboot the target to a: using third party software like partition magic; alter the partition if needed, giving up 1GB free space at the end of the drive. Reboot the target and install a fresh Win2k Pro or server, keeping the target intact.
This allows access to the target system as administrator of the OS that you just created. The existing target OS assumes that if you have admin status of one partitioned system, then you are an inherited admin of the target OS. From the attack OS, you have access to c:, totally without password authentication.
Continuation Phase: You can know copy c: or send c: to another system, install back door access, etc...giving you Trust Relationship Exploitation.
Finalizing Metastasis: Minimize your foot print. Rerun partition magic, removing your created OS and all existence that you were there.
Summary: The question that has to be asked is: Who has access to all sensitive systems, even remotely? In under an hour, could a disgruntled employee or even an underpaid security type get access?
Prevention: On all vital computers, set the BIOS to boot ONLY from the hard drive, password protect the BIOS, and physically lock the case from being opened. Remove any method that gives access to install any new OS installations.