I'm a sysadmin at a school in switzerland.
Now, my problem is: one of the students has probably got Administrator-rights on the system. We are running NT 4.0 with SP 5 installed.

The student has been excluded from the PC-room. I'm only wondering how could he get my password? He probably got a copy of the SAM._ database, but how?

I need this info to avoid further penetrations.
Could you help me please?