You got to the BIOS first, so you can set a password before he does and therefore secure access to the BIOS
Change boot sequence so that CD drive is first, pop in a live cd of whatever linux distribution, get the NTLM hash of his password and use any cracker (I wrote one myself here: http://github.com/jasonwupilly/Hoplite, but it's a little slow and experimental, I don't recommend you use this if you need it to crack it immediately), log into his account and change his password and do hilarious stuff like that.
Or, you can burn KonBoot to a disc, boot from that, and have fun with his Windows account (the free version is only 32 bit though)
Alternatively, you can also boot into a linux disc and wipe out his hard drive :3
yeah you can do all that then get expelled for missuse of the schools property.
or you can point out the guys flaws and ask to run the netowrk and become a white hat.
seriously do you want to put all your grades at risk for the sake of a laugh at some prat that cant do the job. better to point out the flaws and then earn a position of trust that will give you more access than just a bios.
lol that's nothing the school i went too was an IT college, some kid got our head of years password and he sent really disturbing messages of a sexual nature to other teachers on school intranet email as a bit of a prank and yeah he got exepelled. but not arrested on the otherhand this is the uk where it happened. so minors dont get arrested for that sort of thing. but still proceed at your own risk, and at least have some kind of back up plan if it all goes shit tits up.
Also the guy's giving OP chip with the "your no better" style comments, give it a rest with the moral high ground crap. save it for where it actually counts.
Am i the only one who finds school It people to not be all that smart? I mean really every computer at the schools I have been to but one has had a unlocked BIOS and kinda home made PC and man are those fun to mess with lol sometimes with unlocked CPUS if your lucky but if you want to mess with them just have like a 32GB Flash drive with Linux on it and do everything threw that.
An average school will have average IT employees, and there are usually only 1 or 2 of them. I work at a school with 11 IT staff. Most of them know their stuff, and then some. Something like forgetting to lock the BIOS is just pathetic.
I personally wouldn't do anything but secure myself a way to boot into something of preference for some(what) secure computer work like checking private stuff etc (yeah you could proxy but I'd prefer a clean OS)... to each his/her own, choose your destiny lol.
Perhaps I'm a little more cut-throat, or maybe I just like to cause chaos, but I would set the computer to an impossible overclock and password the bios if possible. There's always a pretty easy fix for this, which would be pressing the reset cmos button or activating the jumper, but it would at least be entertaining to watch him struggle. Either way, it sounds like neither of you are very good with computers considering you somehow think you can reset his username and password within the bios, rather than within Windows or the school's server network.
Hell, if you really wanted to be malicious you could always set CPU, RAM, and North Bridge voltages to settings way higher than they should be which would cause some pretty significant damage to the hardware over time. Just make sure there aren't any cameras in the room the computer is in...