...the argument is over computer security - he claims Windows XP security policies is not secure enough to prevent users (not Administrators) hacking the Administrator settings. I beleive it is, but this is where my expertise ends, hence my request.
With respect, I don't fancy your chances of winning that argument again if he brings along a credible expert.
Give me your secure XP machine for 5 minutes and I'll give you or change the administrator's documents/settings or change the local admin password and do whatever I like.*
*Slightly more difficult if the BIOS is protected and/or there's no CD drive - I might need 7 minutes: 2 to go and grab a CD-reader
XP security is a deterrent; logs might show what's been done; but it isn't "preventive" per se.
There must be (a lot) more to this than you've let on so far...
Good luck!