It is if the security used to store the password hashes isn't enough. I can use Rainbow Crack and get all the passwords on my W2K3 system in a matter of minutes with a success rate of 99.9%, and we have long, hard password requirements here.
Interesting, so Rainbow Crack is able to defeat strong password of a windows hash? Not the cheap lanman hash, but the windows2000 hash? If I get time later today is it okay if I freepmail you a windows 2000 hash to see how easy it is to crack. Then I'll email you the password so you can see that it wasn't some super crazy password with like alt key codes in it?
Also I believe you can turn off caching of your hash. If it's that easy to crack, I suggest you turn of caching.