I've just taken over support on a small Windows server from a prior sysadmin who the Director no longer trusted. I've looked at the network setup, and notice that the Director's User account is the ONLY account on the network set with "Reversible Encryption". She does nothing beyond ordinary Office applications, and sometimes uses Remote Web Workspace to connect from home.
Why might he have set this, and what might he have been up to? If he was snooping, he would have wanted to do it from home, but I'm not sure what benefit there would have been to this setting, when he could already remote in with Admin rights. The only thing he might have wanted to do which isn't as easy just logging in as admin was to follow her email... so perhaps he wanted to log on as her to snoop that way? if so, could this have helped?
He was definitely antagonistic towards her - I knew him!