Although an interesting writeup, the failure here is that several machines had the same local admin password.<p>In most responsible corporate deployments, the local admin account name and the password are randomised during the machine build process, to prevent this sort of attack. Doing this has been common practice for Active Directory machine deployments for several years now.<p>(I've spent a large chunk of my career designing and deploying Windows infrastructure.)