Or here's another challenge. Give a cracker a statistically meaningful sampling of 1,000 Windows boxes (latest version, fully patched) across the world and one of 1,000 modern *NIX boxes. He has a generous six months and several high-speed PCs (say nice, fat quad Opterons) to complete the cracking. How many Windows boxes do you think he'll get the passwords from? How many *NIX boxes?
My guess: he'll get maybe a couple *NIX passwords, and most the passwords from all but a few of the Windows boxes.
Of course, my challenge actually makes it more probable that a *NIX password can be broken. Since it involves possibly tens of thousands of passwords, he can improve his odds by picking the one salt that repeats most throughout the collection (a couple repeats if you're really lucky) and building a table for that salt. Then he can run the table against just those few passwords. Otherwise, he'll be spending his computing resources breaking them one at a time.
But your challenge does sound interesting. I say use Advanced EFS Data Recovery from Elcomsoft (they same guys who broke PDF protection) to get around the EFS, then use Rainbow Crack on the passwords.