I know that this question has been asked here before, but here goes.
I am working on a Windows 2003 domain where we have a domain controller that has thousands of event IDs 538, 576, and 540 filling up the security log. The username is always the servername followed by a $
The events stream into the log at a rate of about 30-40 a second.
We are required to audit successful logon and logoffs. We cannot turn off auditing to solve this problem.
What causes all of these events and what can I do to stop them at the source?