More than that matters. There's also the
strength of the password to consider.
If Windows is storing a legacy LM hash (old LANManager crap, it's really bad), and you can do it that way, brute-forcing is hilariously simple.
There are definitely tools to recover a Windows admin password, but I'm honestly not sure what's out there that's decent and legitimate.
So half that to a quarter.
500 million years or one billion. Have fun.
That's not how math works. A 10-character passwords takes EXPONENTIALLY shorter time to crack than a 20-character password. Same with case-sensitive vs. all-lowercase.
Let me put it to you this way.
Say you have a 10-character password, and you want to consider all uppercase and lowercase letters.
Numbers of possibilities = (26*2)^10 = 52^10 =144,555,105,949,057,024
But what if you know they're all lowercase?
Number of possibilities = 26^10 = 141,167,095,653,376
So it's not 1/2 the possibilities, it's 1/1024 the possibilities. There's a big difference between 2 and 1024.
Now let's compare the difference between a 20-char long, case-sensitive password and a 10-char long, only-lowercase password.
(52)^20 = 20,896,178,655,943,101,411,324,274,803,736,576
(26)^10 = 141,167,095,653,376
One is 148,024,428,491,834,392,576 greater than the other.
For a 10-character-long password, only lowercase, brute-forcing still takes a hideously long time.
Probability of any given password being wrong: ((26^10) - 1)/(26^10)
Probability of you never getting it right within N tries: [((26^10) - 1)/(26^10)]^N
So for a 50% chance to have gotten it right:
[((26^10) - 1)/(26^10)]^N = 0.50
N ~= 100,000,000,000,000
At 50 tries per second, that's about 63,419 years. Still a damn long time, but certainly not 500,000,000,000.
Now, if you do 50 tries per second on 50 computers, just as an exercise... that's (50*50) = 2500 tries per second. At this rate, it's only a little over a millenium! (about 1268 years).
Of course, my numbers could be off. 50 computers trying 10000 times per second might do it in your lifetime. If you're lucky.
Again, this is just straight brute-forcing. Rainbow tables are something completely different, and one may exist, and if the computer is storing an LM hash of the password, and you can use that, then all bets are off, because those
suck beyond belief.