RATE THIS ANSWER
+1
Click to Vote:
- 1
0
Last Answered:
Feb 21 2008 8:00 PM GMT
by Mrdenny
It is possible for someone to have set the registry key which controls which user is displayed as the last one to login, but it's not likely.
One of a few things has happened.
1. User yy is lying and did go into the office, or use remote access to access the other users desktop.
2. Someone who was in the office at 11pm has user yy's password.
3. Someone has gotten user yy's password and broke into the network and used this other users machine to access company resources.
I would start by having user yy change there password asap. If they aren't in the office change it for them and have them change it again when the get in. Run a virus and spy ware scan on all machines which user yy uses.
Spyware, Event Viewer
A user (xx) came in to work to find their logon screen displaying another user name (yy) which would indicate that yy had successfully logged on using that desktop. However, neither xx nor yy were present at 11:00pm when the logon took place (as listed in the event viewer log), as the office is closed. The log shows that msinstaller had successfully installed 'webfldrs xp' and the user was yy at that time. All other normal events on that desktop were shown to be either the system, n/a or the correct user for that desktop, xx. Are there other explanations for the windows logon screen to display a different user than the last one to logon successfully? Both users are on the same network. Neither user knows how to use remote access. Can someone else log on remotely as a different user and leave the telltale sign of their user name in the logon window? Should I be looking for spyware or a virus? Thanks for any input. 
