I don't think so ..

In NT we must have ora_dba group . Programs/admin tools/user manger under that you can see ora_dba group . If he had logged to nT using any account under ora_dba group,he can be connected to oracle without any password or connect string ..Usually I won't use any password or connect string .. Just connect internal ,if prompted for password just return . Now on 9i release just connect sys as sysdba ..