Setting: A large network, educational or corporate, on a domain.
Domain: Windows Server 2003
Client OS: Windows XP Professional SP2

Upon locking a client PC, I can unplug the network cable, and still be able to unlock the system. This means that the client is not validating my password against the server. Where on a WinXP system is a domain user's password stored?

There has to be a way to exploit this...assuming it hasn't been done already.

If anyone has any info on the subject, enlighten me.

Thanks
A_T