How can one detect that users have cracked a password?
To detect this, you would either have to review the security logs regularly or use a network sniffer to monitor users accessing shares in real time. A combination of the two would be the most prudent. Security logging can be switched on from the event viewer.
A network sniffer can be used to log IP's & Users accessing particular servers or shares. In real time an administrator would be able to see which users are accessing which shares. An example of such a sniffer is LANguard:
http://www.languard.com or Sessionwall: http://www.sessionwall.com
Windows Privacy Tools - http//www.privacywindows.com