Victim of a wallpaper prank

OK. A little history. I'm in a corporate environment with XP workstations. I came back to my desk yesterday after lunch to find my desktop wallpaper had been changed to the Internet Explorer Wallpaper, which was a male underwear model. I'm a guy. I'm straight. This is obviously a prank being played. I'm a good sport. I know when I've been got. I thought it mildly funny. I figured I must have forgotten to lock my workstation before I left for lunch and somebody decided to have a little fun. No big deal.

So today after I get back from lunch I find the same thing. Different picture but the same theme. I'm less amused this time. The first day it was funny. The second time begins to become irritating. And I KNOW I didn't leave my workstation unlocked when I left for lunch today. So now I'm hell-bent to figure out how it was done and who did it. I have an idea of who did it but I'm not positive. A team member. But I'd rather figure out how he did it as opposed to just throwing my hands up and saying "OK, who's been messing with my workstation?"

Here are the facts:
1. My workstation was locked.
2. I wasn't forcibly logged off, had somebody log on a different account, make the change, then logout and log me back on. I had about 8 IE windows open when I locked it before lunch and they were all there when I came back and unlocked it. My password has not been compromised.
3. My normal background is a JPG on my hard drive. The 'changed' background was the 'Internet Explorer Wallpaper'
4. It's possible that the person who did this has access to domain level administrator rights. I do not.
5. I am the local administrator to my workstation.
6. I did find the website the pictures were gotten from when I looked into my IE history.
7. My 'My Documents' folder is redirected to a network server.
8. I checked my security log. With the exception of SYSTEM and NETWORK SERVICES nobody accessed my workstation between the time I left for lunch and came back.

That's the pertinent facts as I can see them. I'm hoping sonebody can tell me how this was accomplished and how I can trace the userID that was used to do it.

And ideas?
Who is Participating?
b0lsc0ttConnect With a Mentor IT ManagerCommented:

How was your workstation locked?  If you found the website and the picture in your IE history then it was most likely done from your machine and that user account.  If the lock uses your Windows login then I recommend changing your password.  From the information you provided it seems like the prankster has the password and is using your machine and account.

morinakAuthor Commented:
Yes. I've just done some more traditional investigating. I'm the idiot. I was sure I had locked my workstation but apparently I had not.

weee ... office fun. My next step is to set a trap for the prankster to verify who it is. Then revenge shall be mine!  :)
b0lsc0ttIT ManagerCommented:
Good luck! :D  I'm glad that I could help.  Thanks for the grade, the points and the fun question.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.