Well if you have a version of ntfdos that will write, thenn you can write yourself a new admin password into the sam file and then you don't have to crack the hash. As well, you wouldn't need that to get at an autoexec.bat unless it had the permissions set all weird. And really, windows doesn't even use that anymore, it's more for show.

Search for hardware keyloggers on ebay.

And l0pht said something like 76 days to crack that pass I mentioned above. It got it after 3 days.