Event ID 576 Security LogLocked
I understand what this event is and would not question it under normal circumstances. However, my question is, if I have my network unplugged from the outside world (to rule out hackers) and no one is in the building to be able to logon or logoff why would this appear in the event viewer? Could it be a process or application is utilizing the account credentials to do something? If it is then is there a way to track down what process is doing this?