Window's password security is 'ok'. It's very possible to crack it.
You have 2 choices:
1. Just reset the administrative password. This is very simple and can be done from many 'livecd'.
Hell, If you just delete the file it'll get what you want. If you delete or move the SAM file you can then log into the machine with no password. Then after your finished you can copy the file back to it's original location to restore the original passwords.
2. Also you can just get a SAM file editor and change the passwords that way.
The downside for that, I beleive, is that if your trying to access a encrypted file system it's not going to help you. In fact you can possibly lock yourself out forever. Also for a cracker it will instantly alert the administator to their precense.
3. Brute force the password.
What the article is trying to say about the 'LM' hash (lanmanager) is that if you use passwords over 15 characters it disables it. aad3b435b51404eeaad3b435b51404ee probably equals the 'null' character in encrypted form which equals "Don't Use". That A cracker then can't use the LM stuff to get a easy password.
LM is paticularly weak. Passwords are stored in 7 character hunks. They are stored with case insensitivity and they are stored with no salt.
So the worst case you'd have to find 7 characters and case doesn't matter. You can probably obtain a 'ranbow table', which is a list of every single possible password combinations for a paticular password encryption system. If you have a decent computer then it won't take long to extract working passwords.
LM hashes are actually stored in the SAM file. The other hash that is used is the NT hash. These are much more difficult to crack, but it's still very possible. I don't think it uses salt either so you can probably find a ranbow table for that also.
If you want more details about how the hashes works and how to defeat them then you can check out Episode 43 of Twat radio.
http://www.twatech.org/index.php It'll go into details about it.
The same guy that did that radio has information on auditing Active Directory passwords from cache
http://www.irongeek.com/i.php?page=security/cachecrack
And how to defend yourself from this sort of thing.
http://www.irongeek.com/i.php?page=security/campussec05
Facebook
Twitter