When I was in school, the IT department had the capability of seeing everything you were doing as if they were sitting there with you. The only way this was possible was by having software installed on each individual machine to make this possible or by having each machine configured to allow them unrestricted access. In your case, as temp02 said, they would be able to see the URLs of the sites you are visiting. They would not be able to access your programs or files, as that would involve allowing them, from your machine, to do so. The only other means of doing this would be to break the law and use software (such as BackTrack) or other means to access your stuff. The same is true for passwords; groups like Hak5 have demonstrated successful MITM (Man-in-the-middle) attacks to steal users' passwords. This is all written as I have come to understand it.