NTDOC and MCA are correct when they say the "stolen" password would pass as clear text. Also, on Wintendo, the screen saver password is not that secure, meaning that it could be ripped.

I strongly feel that knowledge of users' passwords nullifies users' legal responsibility and that seems to be MCA's opinion as well.

There are other security concerns with Wintendo as well. FAT32 has no security, meaning anyone that can get access to the drive can rip temp file remnants. Also, if shares exist, they too are easily breached.

Real security cannot be achieved by technology alone. I have demonstrated to my HR manager and others with what ease confidential documents may be compromised simply by ripping temp files. Most people will use the same password on multiple systems, oblivious to the fact that some systems pass them as clear text. I have sniffer traces to prove it. We have demonstrated 'brute force' attacks against our SAM database and managed to crack 80% of the passwords in minutes. They were 'dictionary word' passwords. Security needs to be a mix of technology and education. It is your responsibility to bring this message to management.

All I can say is that if security is that important, then the resources must be sought to take the PCs up to Win2k and the time taken to educate the users.

You are simply trying to make a silk purse from a sow's ear. I'm sorry for the hellfire and brimstone sermon, by this is one topic I feel stongly about.