Also check out tools for offline password reset / blanking. Sorry for not providing links for the lookup, but haven't used 'em in a while, so I won't recommend anything particular.
The method relies on the fact that the password hashes are stored in the SAM store of Windows registry. If you have phys access, you can modify the reg with any registry offline editor (admin tools, freely available) and blank out the entry or set your own hash.
If the default local admin acc is used, it always has the same SID, so it's easy to recognize.
If you blank out a local entry for a Domain Admins login (cached/offline login has to be enabled, is by default), the computer will revert to a local (user) login only.
NOTE: although this is the same method used by chntpw, the tool itself didn't always work for me, that's why I'm posting about the general method.