Is it possible for someone to copy the SAM file (i know that is possible), then to insert a username and hashed password into the file then to copy it back? I'm sure it can be done if syskey is not used, but how about if it is being used? I would think that it would be possible becuase if they can decrypt it, why couldnt someone encrypt it. Is there a program out that will do this?

I know i havent posted much, but this is for educational purposes only.