Funny enough, I did the exact same thing when I was in high school, only we were running Novell on NT4 and I did it in basic and started it from autorun.bat which loaded before the network login screen.
It would let you try one time, tell you you entered the wrong password (saving it to file) and exit, at which point windows would load the novell login screen that looked exactly the same.
Hah! Exact same thing, I used... Borland Basic, IIRC, to build the executable that I called from autorun.
I collected many passwords - I never used them or intended to, I just wanted to see if I could do it.
I made the classic mistake though - I told someone about it. A few days later word got around. I was suspended for a week and was banned from computers for the rest of my time there.
Edit: Now that I think about it (I haven't in years): What kind of response is that? Someone shows some creative thinking and does so in a way that is obviously[1] quite naive/without ill intent. While I understand that you want to discourage the specific behavior, perhaps steering the culprit to use talents with more foresight would have been a better answer.
[1] Looking back, I was something of an asshat in the personal skills department so it's entirely possible that they simply didn't believe my lack of nefarious intent.
Actually, I doubt it had anything to do with your personality (and if it did, shame on the authority figures - and the same is true if they were reacting to being made look foolish). No, instead I imagine this was a pure security play: you had a bunch of passwords, and you hadn't done anything with them yet. But they would have had to believe that (and chances are they had no way to independently verify this) and in addition that you would never do anything with them in the future. The second claim is rather tougher to believe than the first.
So in the simplest possible manner you became a "known threat", and they dealt with you in the simplest possible manner, digital ostracism.
Now we can all tell the alternative story, about the wise teacher who sees something special about us in the misdeed, and who takes the time and the risk to cultivate that positive seed rather than throw the baby out with the bathwater, so to speak. Our very own Mr. Miyagi to safe us from a misspent youth, and who understands our behavior as an expression of exploration ignoring limits, outsmarting the system, rather than your basic mean-spirited destruction for no reason. (Although tagging and hacking do share many qualities, and both are driven, I think, by a young man's desire to prove himself, and yes, even aggrandize himself as someone special - bold, clever, crafty, and someone who can't be "kept down by the man". Rebellious, but also desperately needing to prove himself.)
(Of course in this story the Mr. Miyagi would have hacked onto your personal systems, encrypted the passwords you'd stored, and then left a personal message notifying you that if you wish to understand what he did and how he did it, he'll meet you after school in room 10 for a primer on real hacking.)
I too did something similar in high school. We were running Novel on either Windows 98 or 95 (Can't recall now the specific version). I started the Visual Basic program using the autorun.bat like you, except instead of presenting a fake login dialog, my program would listen for the OK button click event in the real dialog (using the Windows API) and would get the contents of the username and password textboxes and then POST them to a web server a fellow classmate had setup. This had the advantage that it was completely invisible to the end user. The program was also hidden from Task Manager (also using the Windows API).
We did end up getting the admin password and getting access to the server. I had written another program (also in VB) that would run hidden in the background and randomly open and close the CD-ROM drive. I uploaded this program to the server and attempted to get it to push to all of the computers in the school, but I don't believe I was successful as I didn't really know anything about Novell and never saw it working on any machines.
One of my fellow classmates also found the schools SOCKS proxy so we were able to run AIM and ICQ on the school machines. Our teacher pretty much let us do whatever we wanted in that class. It was my third year taking a programming class with her and she allowed the advanced students to work on their own projects. In that class I also wrote a Group/IM chat client in VB with a Perl server. As GrinningFool said, responding to teens who are obviously interested in computers with bans or expulsion or worse is just stupid. If I hadn't had the freedoms that my teacher gave us in those classes, I wouldn't have learned anywhere near as much as I did.
It would let you try one time, tell you you entered the wrong password (saving it to file) and exit, at which point windows would load the novell login screen that looked exactly the same.
Good times.