That's all very nice for remote security. However if you're using windows and you're worried about local security (people with physical access to the box) then you have some serious issues to contend with.
You can easily boot off a USB key that contains security tools which can reset the admin password (or any password for that matter) on the windows install, as well as reading the file system directly etc. Once a hacker has admin access it's game over.
Protecting against that is hard, the only truly decent solution is full disk encryption possible with programs like TrueCrypt, encrypt the entire OS disk and have a very strong password.
This stops people from dicking with the files locally, stops resetting of account passwords, in fact stops people from even booting the OS without the encryption password.
When it comes to windows passwords, make sure to disable LM passwords on the box, they're completely beatable at any complexity. The newer NTLM can be brute forced to a high complexity now, Passwords using the full US95 character set up to length 8 can be brute forced in a couple of hours on a decent PC, make sure to aim for passwords length 12+ using a random mix of upper/lower/numeric/special.