Another common Raymond Chen reminder: "Local Administrator != Domain Administrator". If a user gains administrative privileges on their own machine as part of a corporate network, that just means they can bork their own machine and IT will have to come and take it for repair (and they'll likely be disciplined for doing stupid things against IT policy.) If becoming a local administrator on your own machine allows you more privileges on the network, there's something wrong with the network's security architecture. (After all, in a regular, healthy corporate network, Bring-Your-Own-Machine scenarios—where everyone is their own local administrator—are common without posing any threat.)

Assuming all machines on the network do not have the same local admin password.

This is a privilege escalation bug that lets you reset the admin password, but it doesn't give you the old password.

You might be able to get the hash via mimikatz.

I want to block my young teen-aged son from hacking into his time-locked win 7 (soon win 10). He already searched the web and found some kind of system restore scheme to reset his password. Next step was to encrypt the hard drive to block rebooting without password.

This was the case in my high school. The domain administrator account had the same password as well. Good times.