I just came into work this morning, and first thing I see is an e-mail from the boss asking me why Photoshop was installed on our newest terminal server.

Here's the odd thing -- Only he and I, as administrators, have install permission on our terminal servers. So if he didn't do it, and I didn't do it, who could have done it?

None of our employees are anywhere near having the knowledge to hack their accounts to add permissions. But, the only thing I can figure is that somehow, somebody managed to get it installed on there. And if they can do that, then we have a security issue.

SonicWALL logs look clean (other than the one port scan I mentioned in my other thread yesterday), so it doesn't look like anything of concern's going on from the outside.

So, where do I start looking for clues?