Differences between revisions 2 and 3
Revision 2 as of 2024-06-11 00:16:10
Size: 1873
Editor: scot
Comment:
Revision 3 as of 2024-11-14 18:26:15
Size: 1874
Editor: scot
Comment:
Deletions are marked like this. Additions are marked like this.
Line 11: Line 11:
    a. Processor: Total % Proccessor Time
    a. Memory: % Commited Bytes in Use		     a. Processor: Total % Processor Time
    a. Memory: % Committed Bytes in Use
Line 37: Line 37:
|| Video shows the Performance Monitor running with all three counters appropriately formated || 30 || || Video shows the Performance Monitor running with all three counters appropriately formatted || 30 ||

Lab 12: Performance Monitoring and Event Logs

The goals of this lab are 1) to create a baseline for your server in terms of Memory and CPU usage and 2) to setup a simple audit policy to catch failed logon attempts.

Part 1: Performance Monitor

Using the lecture notes:

  1. Start up Performance Monitor
  2. Make sure that the following two counters are added.
    1. Processor: Total % Processor Time
    2. Memory: % Committed Bytes in Use
    3. Memory: Available MBytes
      1. You will need to scale this - I believe 0.001 will do the trick.
      2. You may need to change the scale of the graph too. On my home computer, I had to change it to go from 0 to 200 on the vertical axis as I have 128 GB of Memory.
  3. Once you have this you will need to demo it in the video, so just leave it running.

Part 2: Event Logs and Audit Policies

Using the lecture notes:

  1. Set up the default group domain policy to audit failed logons.
  2. Do a couple of failed attempts to logon as a user.
  3. Ensure that these failed attempts are logged by creating a Custom view for failed logons (I did this in class, so you can follow my notes).

Documentation

Document the Audit Policy that you created in the Security Page of your documentation. Include:

  1. The name of the Custom View that you created
  2. A recommendation on how often it should be checked.

Video Grade Guide

Topics

Points

Video shows the Performance Monitor running with all three counters appropriately formatted

30

Video shows the Event Viewer and Custom View

20

Video shows the custom view with (or without) failed logon attempts

10

Video shows a failed logon attempt where you show the time

10

Video shows the custom view with the new failed attempt logged

30

WindowsAdministration/Lab12PerformanceAndLogs (last edited 2024-11-14 18:26:15 by scot)