I don't think there is a security hole. I think it is just about the way the system is (ab)used by users and administrators.
Well if it were Windows 3.1 days maybe but in the days of Networking and NT and MS spent tons of time and money to get C2 security approved (only when disconnected from a network) then I find it very unacceptable that 2 different machines sitting in different work groups can connect to each other as an Administrator by sharing any name and password. It's not a wimpy Website, it's supposed to be a secure workstation or server (they both allow it) that's why they have so many features designed for security to keep others out.
In a Login script the Ingroup is going to use the Domain by default it you don't preface it with a local workstation name.
Please provide with greater detail what it is you want to accomplish and show your current script and we can probably assist you better.
