Well, as long as someone has physical access to a machine they can break in. If I was trying to get in, I'd probably use a Linux Live-CD to boot up the machine, and then use that to tweak the registry, ie create another account with Administrator privileges, or add that privilege to an existing account.
If you want to limit the ability to do that, go into the BIOS and disable booting from the CD-ROM (or anything else which isn't the internal hard disc), and password protect access to the BIOS. That will limit the ability to boot into another OS with a CD or USB Drive.
If you can lock the case in some fashion (even a Kensington lock) that would be a good idea, since with most machines you can pop the case open and reset the BIOS.