I have a good friend that is focused on data security within networks, and he is constantly telling me: "Physical access is data access."
And I never believed it. We have encryption, firewalls, many of our servers are virtualized, etc. - I thought we were reasonably secure.
But today I got the opportunity to eat my own words -- I got the opportunity to break into a fully patched Windows 2008R2 server which was acting as a primary domain controller, ftp server, file-server, etc. for a small, very private network segment.
The scenario is this: I inherited a server set up for some very secure data. The local administrator password was lost, but it never mattered much -- until someone really needed some private data off of it.
In the course of 45 minutes -- 15 minutes of research and 30 minutes of hacking (if you could even call it that), I was able to gain complete administrative access to this (very private) windows server.
I followed instructions here: https://www.youtube.com/watch?v=Ar-VoO9ogHc
Check it out for yourself -- but I would certainly recommend using a non-production machine, unlike this SysAdmin.