Re: "assuming a machine in the group is already pwned"
"cracking a windows admin-level user password across a LAN - how long does that take these days?"
The same as it always has - billions of years for a complex password - and pretty much impossible if the default lockout settings are enabled.
If you have local access to the hashes then they can be cracked with rainbow tables up to about 8 characters. Above that it needs brute force.