The laptop I use has a fingerprint reader so I rarely (if ever) write a password to enter my windows account. Today the fingerprint reader didn’t work (probably something to do with my KVM switch being connected or some other strange mixture of variables) and when I wrote my password… it told me it was wrong! I tried a number of passwords, but nothing happened. I read some blog entries on how to reset the password but nothing worked… And then I thought… Hey, I am an administrator. If I can log-in with my regular username, I can create another admin user, log-in with that user and then change the password of my original user. So after disconnecting my laptop from all external things (KVM, printer, etc) the fingerprint reader worked, I logged-in, and did just that. And it worked!
Two morals to the story. First, it is good to have two kinds of authorization mechanisms just in case one fails (I am sure I didn’t change my password, so who knows what happened). Second, I am not sure that it is good security that any administrator can change passwords of other administrators… and I hope that real networked windows systems have a more fine-grained security policy.