![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 20%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hyper-V
A Windows technology providing a hypervisor-based virtualization solution enabling customers to consolidate workloads onto a single server.
2,536 questions
Hello Aleksein
This error occurs when an account has been locked out and the logon is unsuccessfull: https://learn.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4625
About the logon type:
Logon type 3: Network. A user or computer logged on to this computer from the network.
The description of this logon type clearly states that the event logged when somebody accesses a computer from the network. Commonly it appears when connecting to shared resources (shared folders, printers etc.). As we learned in the previous post, the connection with logon type = 3 could be established even from a local computer.
From the looks of it, you may have an account that is locked out, but at the same time is configured to connect to some network resources. To find the locked accounts (and audit them) you can follow the next article that explains how to achieve it through Powershell:
https://devblogs.microsoft.com/scripting/use-powershell-to-find-locked-out-user-accounts/
-----------------------------------------------------------------------------------------------------------------------------------
--If the reply is helpful, please Upvote and Accept as answer--