Had to join and comment on this one...definitely a creative way of getting access :) Never would've thought to use an HTA application. Of course, the absolute incompetenece of the school's IT made that possible (not even bothering to use restricted user accounts for students? WTF). The TrueCrypt idea was interesting. A security application used to beat...unwanted security.
I had a creative way of doing it at my high school, but since they got the security (mostly) right, my solution ended up involving modded network gear, linux, and BartPE:
The challenge faced: No admin access, Deep Freeze on most systems, and all the typical restrictions (no regedit, no cmd, no task manager, no browsing C:, no control panel, etc). Physical security was tight (locked boxes, so no USB devices or CDs), but the power and network cables were exposed at the wall jacks.
Solution? I had seen IT use PXE for reimaging so I knew it was enabled, and I could get to the network cable. Nothing was stopping me from providing my own boot server. Since all I needed were DHCP and TFTP, I put custom firmware on a Linksys WRT54G...I had one already, and it fit in my backpack, had a network adapter, and ran linux. I removed the antennas and added a battery to eliminate the wall wart.
The router served a small linux image to the PC, which contained just enough to download a BartPE ISO over the internet and chainload it. The PE had software (written in AutoIt, VBScript, and batch) to create a new account, grant rights, thaw Deep Freeze, and unlock the UI on the AV/HIPS software they used. Another script let me undo it all. After it ran, I'd log in using a new account "aty" that had full access and a password I knew.
It took me a month to get this together (someone else had to do the Linux stuff, I did the PE work), and it worked for 1.5 years until a friend found a far better solution (another story entirely, if anyone's interested, I'll share). The router is still around, but its now sitting next to my PC doing...routing.