To remove cached credentials (from Windows XP machines anyway).

Run regedit.  Then navigate to HKEY_LOCAL_MACHINE\SECURITY\CACHE\

From there delete NL$1 through NL$10 as these are the hashes of the cached credentials.

The problem:

You try to run regedit and you get the following response:

Error "Registry Editing has been disabled by your administrator"

The answer is to use the REG.EXE CLI utility:

 

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

In theory this solution is only for stand alone Windows XP machine, though I have personally seen this be effective on an XP machine managed by Active Directory (we did have local admin privledges).

You can also use the old "at" command from the Windows command line to launch a shell with SYSTEM privs.

at 21:01 /interactive “cmd.exe”

There is nothing here that cannot be found on the internet, specifically http://windowsxp.mvps.org/tweakuirest.htm and http://www.askstudent.com/hacking/demonstration-of-windows-xp-privilege-escalation-exploit/