Am i right about this?: if you allow caching of remote profiles then account details and hashed passwords of the recently logged in accounts are available on machines around the site, including laptops taken off site. So anyone with a boot disk and a copy of Ophcrack could potentially obtain those passwords which might well include an admin password?