Hey, I went through and verified that the GPO settings have been applied correctly. I spun up a new test environment in which the policies are identical to our production system. I reapplied the settings in this document and as you had said, nobody was locked out.
When this problem was originally discovered, the built in Administrator's group only had the "Splunk Accounts" group as members, all other default groups had been removed, nobody manually modified this group. Do you know what type of change or misconfiguration could do something like this?
... View more