If you haven't encrypted your hard drive (running Vista), think again. Here's how a Windows Vista got hacked with physical access to the machine.
First, reboot the Windows Vista machine with Backtrack 3 CD. Then move utilman.exe to utilman.old, and copy cmd.exe to utilman.exe.
Boot into Windows Vista after it is done. And when it comes to the login screen, hit Win-U (or Ctrl-U) to invoke the utility manager. (Verify with the command whoami).
Done.
(This is from Offensive-Security.com)