Is that software the same as the one at http://home.eunet.no/~pnordahl/ntpasswd/ ?

If yes, then remove all your floppy disk drives and also your optical disc drives. And also disable your USB ports too.

What kind of machine do you have anyway?

If that locksmith software is the same as the one in the URL, physical security is important.

If your computer can boot from USB drives, then yes that ntpasswd can be used to reset admin account.

You can reduce the risk by making sure:-

1. People can't access BIOS so that they can't boot from floppy, CD-ROM or USB ports.
2. Make sure that each and every single computer in the network to have their Adminsitrator account to have unique passwords. And change them regularly. Like everyday for example. With random passwords.
3. Make it hard for people to install software like Norton Ghost or Acronis TruImage so that they can't make an image of a workstation to their USB HDD drives that can be taken to their home so that they can crack the admin password.
4. Make it hard for people to open the case of the workstation without authorization. Suggest to your manager/superior that harsh actions be done to people who does.
5. Make sure that things like scheduled tasks, services and other doesn't use domain administrator accounts. If needed to be, use local administrator priviledge first.
6. Go scream at Microsoft for leaving a hole that big. And upgrade to Vista ASAP, hoping that Microsoft doesn't screw up again. Or maybe Linux.