within a week or so i will be setting up an network of 1 win2000 server machine and 4 win2000 professional clients and 8 NT service pack 6 clients. the server will be used primarily for network storage (share drives) and as PDC (primary domain controler) basically what i am trying to prevent is someone booting one of the clients into NTFSDOS or linux, copy SAM and crack it thus getting all my our passwords incuding administrator. so here's a few questions i have:

1. i know that 2000 uses a crypto while NT uses hash function of some sort (if you know the names or can clarify the whole thing, please post here) how can i make NT use the same crypto as 2000 or do i have to make my 2000 machines back-compatible w/ NT

2. is the 2000 passwod storage truly uncrackable and what is the name of it

3. what is the NT hash system name (is it lanman or is that something else)

4. if i theorize correctly, i think that the NT machines are gonna be the most vulnerable to sam/copy & crack strategy. so my question is what passwords are accually stored localy in NT and 2000 hash. is it just the local admin or every person ever logged in at the machine, or something between.

5. i would like everything to be authenticated at the PDC remotely not localy to prevent their storage on local machine ... how can i do that ?

i know a lot of you will say i have no bussiness seting up this network but it's not like i'm doing it alone and it's not like i'm getting paid

you could even point me to a good txt file about the subject