I have an account logon time restriction violation in my security event log. I have in place a group policy that will log the user off if they are logged in within the time resriction. The event ID is 530 under security as the source. I have read that if the user is logged into outlook when they are forced log off then this may cause the event in the security log. It happens multiple time a minute per user that has the failure audit. Im not sure if that is what's causing my failure audits, but let me know what you all think.