Hello Dee. Did I work with your previously about a computer security and CAC issue?
OK yes I remember. Did they fix that for you? As far as Tumbleweed, any other user who has ever logged into your computer would have their certificates in there. It could be the person who repaired the computer (I would hope they did fix it??), or if they used an older image, it could be a somewhat sloppy image where they did not clear all the previous information off before imaging the disk and replicating it for you.
OK he probably logged into the computer before. Just from logging in or maybe even inserting the card, it will retain information in tumbleweed. I am not sure if he has to log in completely or if it would be there just from putting the card in. I can look at how to remove the certificate, but it likely needs an administrator password. Also, if he ever logs back in, it will be there again. It is not abnormal to have several certificates on there.
When you say you know he is on your computer, what other references are there besides tumbleweed? Did the IT department re image your machine after you told them you saw writing coming up and someone was clicking files?
He may have been on the computer and that is why the certificate is there, but he should not be able to actively use your computer without your permission. If you say he is not good at computers, and not an admin or part of IT support there, it is very unlikely he can get on your computer remotely. Even if he tries to log into your computer while you're away, as long as everything is stored in your profile, he shouldn't have access to your profile.
I am not sure how exactly your workplace is set up, but often in a DoD environment they will have computers that anyone can use. The settings are usually stored on a server, so no matter what computer you use, you can get to your files. Sometimes it's on a shared drive that you see when you go to My Computer. This is why it is usually set to allow more than one person the ability to log into the computer. So even if he did log into it, for whatever reason, he should not have access to your documents saved under your profile. Also, if he did log in, the fact that it has his CAC certificate means he would have to log in locally, using his card. If he was not "allowed" access to that computer, you can let someone know it seemed he was using your computer because you see his CAC certificate in Tumbleweed.
You're very welcome. Feel free to ask any other questions if you have any. We really want that machine reimaged, so please use a way we discussed previously to coerce the IT department into assisting you properly.