I have spent months pulling my hair out trying to resolve an issue where my account was being locked out regularly.

The issue was related to Site24x7, I was convinced but couldnt find where is was happening.....

I spent a day watching my account lockout very frustrating. The requests were coming from 5 servers. The event logs showed the calling host and then on the calling host the destination server.

I ended up using a process to find the task running.

Using lockout.exe on the domain controller i found the server locking me out.

From the source server, i ran the below powershell script:

"Get-WinEvent -ListLog * | % {Get-WinEvent -FilterHashTable @{LogName=$_.LogName;StartTime="06-09-2024 15:11";EndTime="06-09-2024 15:15"} -ea 0} | Sort-Object timecreated -Descending | Out-File C:\@it\Event_Logs1512_060924.txt"

This brought me to look at the DSC (Desired State Configuration) 

This was tricky, the output related to Site24x7.

"Get-DscConfiguration", returned:

Navigating to the event in Eventviewer:

What is Desired State Configuration (DSC) in short "is a feature in PowerShell 4.0 and above that helps administrators to automate the configuration of Windows"

So it appears there is a task, which isnt visible in task manager, which was setup when I initiated a Bulk Deployment using the Site24x7 InstallAgent.ps1

How to clear the a pending desired state configuration. 

in %system32%\Configuration (a restricted folder) there was the following pending.mof

I thought about clearing it by renaming the "pending.mof" file but not being sure of the outcome I looked further. I then cleared the pending state by launching an elevated Powershell prompt and using:

"Remove-DscConfigurationDocument -Stage pending -Verbose"

Removed the pending.mof configuration and cleared the status, this finally cleared my constant account lockouts and now my hair can grow back.