NPM is locking a local user account on all windows servers.
I determined it is the npm module doing this as the events continued when app monitors were removed. I unmanaged one impacted node and noticed the events stopped, once managed it gets locked out every 30 minutes from its polling engine. The local user account is disabled and has nothing to do polling as a service account is specifically used for polling.
Why does NPM polling attempt to access local server accounts? I have opened a ticket with SolarWinds but so far nothing.