Lab 12: Performance Monitoring and Event Logs
The goals of this lab are 1) to create a baseline for your server in terms of Memory and CPU usage and 2) to setup a simple audit policy to catch failed logon attempts.
Part 1: Performance Monitor
Using the lecture notes:
- Start up Performance Monitor
- Make sure that the following two counters are added.
- Processor: Total % Processor Time
- Memory: % Committed Bytes in Use
- Memory: Available MBytes
- You will need to scale this - I believe 0.001 will do the trick.
- You may need to change the scale of the graph too. On my home computer, I had to change it to go from 0 to 200 on the vertical axis as I have 128 GB of Memory.
- Once you have this you will need to demo it in the video, so just leave it running.
Part 2: Event Logs and Audit Policies
Using the lecture notes:
- Set up the default group domain policy to audit failed logons.
- Do a couple of failed attempts to logon as a user.
- Ensure that these failed attempts are logged by creating a Custom view for failed logons (I did this in class, so you can follow my notes).
Documentation
Document the Audit Policy that you created in the Security Page of your documentation. Include:
- The name of the Custom View that you created
- A recommendation on how often it should be checked.
Video Grade Guide
Topics |
Points |
Video shows the Performance Monitor running with all three counters appropriately formatted |
30 |
Video shows the Event Viewer and Custom View |
20 |
Video shows the custom view with (or without) failed logon attempts |
10 |
Video shows a failed logon attempt where you show the time |
10 |
Video shows the custom view with the new failed attempt logged |
30 |