A high-profile user was unable to access network resources this morning. Sounds like he was already logged on to the network for some time. But he stopped being able to access network resources. At this point he rebooted his PC. After reboot, attempts to logon returned the following message:
The referenced account is currently locked out and may not be logged on to
Issue was quickly addressed by re-enabling this account. However this is not a user who is likely to mistype his credentials multiple times. I'm concerned about a potential attempt to login with his account. Where can I check in Event Viewer or other tool to gather any information that may be of help to gather some detail?
Thanks in advance.