Two or three times a day essentially all of my users are getting their account locked out. I suspect someone on my network has a virus that is trying to brute force passwords on my users. The trouble I am having is identifying the machine(s) that are involved in this. They are somehow spoofing the machine name so the security event shows a NetBIOS name that does not exist in my network.
I am running primarily Windows 7 workstations and laptops; and Windows 2008 R2 servers and domain controllers.
Any guidance on how to locate the source of this chaos will be much appreciated!