Register

Forgot Password

Site FAQ

Home > IT Answers > Microsoft Windows > Desktop user appears to have logged in after hours but has no remote access

Cjm13

5 pts.

Desktop user appears to have logged in after hours but has no remote access

Event Viewer, Spyware

A user (xx) came in to work to find their logon screen displaying another user name (yy) which would indicate that yy had successfully logged on using that desktop. However, neither xx nor yy were present at 11:00pm when the logon took place (as listed in the event viewer log), as the office is closed. The log shows that msinstaller had successfully installed 'webfldrs xp' and the user was yy at that time. All other normal events on that desktop were shown to be either the system, n/a or the correct user for that desktop, xx. Are there other explanations for the windows logon screen to display a different user than the last one to logon successfully? Both users are on the same network. Neither user knows how to use remote access. Can someone else log on remotely as a different user and leave the telltale sign of their user name in the logon window? Should I be looking for spyware or a virus? Thanks for any input.

Software/Hardware used:

ASKED: February 21, 2008 6:48 PM

UPDATED: October 30, 2011 7:58 AM

RELATED QUESTIONS

Answer Wiki:

It is possible for someone to have set the registry key which controls which user is displayed as the last one to login, but it's not likely. One of a few things has happened. 1. User yy is lying and did go into the office, or use remote access to access the other users desktop. 2. Someone who was in the office at 11pm has user yy's password. 3. Someone has gotten user yy's password and broke into the network and used this other users machine to access company resources. I would start by having user yy change there password asap. If they aren't in the office change it for them and have them change it again when the get in. Run a virus and spy ware scan on all machines which user yy uses.

Last Wiki Answer Submitted: February 21, 2008 8:00 pm by Denny Cherry

64,520 pts.

All Answer Wiki Contributors: Denny Cherry

64,520 pts.

To see all answers submitted to the Answer Wiki: View Answer History.

RSS - Discussions Help

Discuss This Question:

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

POSTED: Feb 21, 2008 11:52 PM (GMT)

I would not wait for the user to change the password. change his password for him and mark it to change when he logs in. I would also do it to the account of the first person too. If this is a domain then check the server security logs. it will show who logged in and when. the user can easily change the registry to show who the last logged in user was.

Buddyfarr

6,850 pts.

POSTED: Feb 22, 2008 9:13 PM (GMT)

There could also be the possibility of running a script without interactively logging into the computer that could have done the installation using that user’s credentials if they have the rights to perform the installation. Just a thought.

Labnuke99

32,645 pts.

POSTED: Oct 30, 2011 7:58 AM (GMT)

I think that there might be a problem with your Operating System. This usually happens when there is a corrupted file which is related to the function of logging in another user account.

Markempee

2,130 pts.

Ask a Question

Browse IT Answers by Topic

>>VIEW ALL TAGS

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.
All Rights Reserved, Copyright 1999-2013, TechTarget | Read our Privacy Policy
Questions and Answers Index 1 | Questions and Answers Index 2 | IT Topics Index 1 | IT Topics Index 2 | Blogs Index | Blogs Tags