While browsing I stumbled upon a nice video explaining the trick the get a command prompt during the loginscreen of a user.. and that command prompt is in the system security context.
They say physical access is full access and without bitlocker they are right.. take a look at the short video below..
http://www.offensive-security.com/movies/vistahack/vistahack.html