Lab 12: Performance Monitoring and Event Logs

The goals of this lab are 1) to create a baseline for your server in terms of Memory and CPU usage and 2) to setup a simple audit policy to catch failed logon attempts.

Part 1: Performance Monitor

Using the lecture notes:

  1. Start up Performance Monitor
  2. Make sure that the following two counters are added.
    1. Processor: Total % Processor Time
    2. Memory: % Committed Bytes in Use
    3. Memory: Available MBytes
      1. You will need to scale this - I believe 0.001 will do the trick.
      2. You may need to change the scale of the graph too. On my home computer, I had to change it to go from 0 to 200 on the vertical axis as I have 128 GB of Memory.
  3. Once you have this you will need to demo it in the video, so just leave it running.

Part 2: Event Logs and Audit Policies

Using the lecture notes:

  1. Set up the default group domain policy to audit failed logons.
  2. Do a couple of failed attempts to logon as a user.
  3. Ensure that these failed attempts are logged by creating a Custom view for failed logons (I did this in class, so you can follow my notes).

Documentation

Document the Audit Policy that you created in the Security Page of your documentation. Include:

  1. The name of the Custom View that you created
  2. A recommendation on how often it should be checked.

Video Grade Guide

Topics

Points

Video shows the Performance Monitor running with all three counters appropriately formatted

30

Video shows the Event Viewer and Custom View

20

Video shows the custom view with (or without) failed logon attempts

10

Video shows a failed logon attempt where you show the time

10

Video shows the custom view with the new failed attempt logged

30

WindowsAdministration/Lab12PerformanceAndLogs (last edited 2024-11-14 18:26:15 by scot)