Pretty cool video doing a local physical attack against a Vista Box.
McGrew Security Blog pointed me to it:
"he demonstrates a quick and easy way of obtaining SYSTEM privileges on a Vista system, given physical access to the machine. In the video, he uses BackTrack to replace Utilman.exe with a copy of cmd.exe . The nice thing about replacing Utilman.exe is that you can make it run before you’re even logged-in by pressing Windows-U."
Its short and worth a look.