When a locked user account is attempting to login, the following event is generated.
Tag |
Value |
Severity |
4 |
Event Name |
LockedUser |
Resource |
UserAuthentication |
SubResource |
Authentication |
Message |
Attempt to login using locked account <acct> |