Nowadays the keyword is exploits, exploits, exploits for any such tasks
Its considered way too time-consuming to try to actually attempt a login by knowing the actual passwords, especially on networked machines.
That too on WINDOWS networked machines
So in other words, the short answer to your question is YES, they can basically "logon" to the machines but not necessarily by using the password and other usual logon credentials...