NT users can gain debug-level access on a system process using the Sechole exploit.
microsoft windows nt 3.5.1
microsoft windows nt 4.0