In defense of Bearflag70, I think he makes a good point. The simplest way to avoid invasions of privacy on company equipment is not to put any personal/private data on those machines. Comparing your boss to a peeping tom (yme’s words, not the OP’s) is like complaining about people eavesdropping on your phone calls when talking on a mobile phone in the middle of a shopping mall.
To more specifically address the OP, there are a lot of different ways the company may be monitoring your daughter’s use of her computer. Many have been covered above, so forgive any recaps, and understand that this is a partial list:
They could be browsing her files remotely. She can restrict this by not sharing directories, changing local account passwords, etc. However, there are a lot of legit reasons why the company would want to access her drives, and a user who constantly turns off shares is the kind of thing that drives IT staff batty.
They could be browsing locally when she’s not there. To restrict this, she has to change the password on every account with local access. It’s unlikely she can even do this if the computer is part of a network that does centralized authentication (like an MS domain). Even if she could, this is another thing which would attract both the attention and the ire of other people who need access.
They could be monitoring network traffic. This could take the form of packet filters on the firewall or simply network monitors that look for certain types of traffic within the LAN. In either case, there is very little you could do to detect that this is happening, aside from just asking. Most companies make their filtering and monitoring a part of the openly-available acceptable use policies.
They could be using a screenshot logger or other utility to snapshot the computer’s monitor periodically. These types of utilities take a screenshot every so often and log them somewhere so a computer’s use can be reviewed after the fact. This in effect provides a stop-motion animation of the work done. In this case, there will be a logging application installed and running locally.
They could be using a keystroke monitor to log her activity. Like the screenshot logger, this will log activity to some other location, and will be evident as a local utility running.
I’m a huge privacy advocate, but I’m also a company owner and believe that my gear is my gear. My crew is free to install anything they want on their workstations and we don’t typically do any monitoring because it’s more trouble than it’s worth. But there are a growing number of precedents that hold a company responsible if they should have monitored something. For example, if one employee is offended by the sight of porn on another employee’s computer, they might hold the employer responsible because they should have prevented it and had the technical means to do so, even if there was no previous pattern of abuse. IANAL so I don’t know if these suits would stick, but I’ve heard the fears from other companies. There are also a lot of legitimate reasons why the boss or IT guys would need access to the machine, and an employee who repeatedly blocked that access would probably be sanctioned because they’re interfering with work. I know the OP says the monitoring is unnecessary, etc. but it’s difficult to restrict illegitimate access or monitoring while still allowing legitimate use. This is why I suggest just keeping your private life elsewhere.
Ethilrist makes a good point about checking file access times to see if someone is accessing files or apps. However, if the boss has any bit of technical sophistication, he could easily cover these tracks. In addition, if you suspect he’s doing things on this computer in order to make her look bad or avoid looking bad himself (e.g. browsing porn from someone else’s machine) then that’s a completely different threat than keeping your own data private and you need completely different countermeasures. In that case, you might want screenshot or keystroke monitors to determine what’s being done when she’s not there.