Irongeek nice link, but i have one question i was wornding if any one could answer. In the article he says
Credentials are stored in HKLM\SECURITY\
CACHE\NL$n with n ranging between 1 and 10. The default ACL does not allow
Administrators to read these registry values, which can only be accessed
with SYSTEM privileges.
and then he goes on on how to get the information stored in HKLM\SECURITY\CACHE\NL$n using CacheDump but wouldnt it also be possible to get the same information from HKLM\SECURITY\CACHE\NL$n with out tools if you had system pivileges.