= Lab 12: Performance Monitoring and Event Logs = The goals of this lab are 1) to create a baseline for your server in terms of Memory and CPU usage and 2) to setup a simple audit policy to catch failed logon attempts. == Part 1: Performance Monitor == Using the lecture notes: 1. Start up Performance Monitor 1. Make sure that the following two counters are added. a. Processor: Total % Processor Time a. Memory: % Committed Bytes in Use a. Memory: Available MBytes i. You will need to scale this - I believe 0.001 will do the trick. i. You may need to change the scale of the graph too. On my home computer, I had to change it to go from 0 to 200 on the vertical axis as I have 128 GB of Memory. 1. Once you have this you will need to demo it in the video, so just leave it running. == Part 2: Event Logs and Audit Policies == Using the lecture notes: 1. Set up the default group domain policy to audit failed logons. 1. Do a couple of failed attempts to logon as a user. 1. Ensure that these failed attempts are logged by creating a Custom view for failed logons (I did this in class, so you can follow my notes). = Documentation = Document the Audit Policy that you created in the Security Page of your documentation. Include: 1. The name of the Custom View that you created 1. A recommendation on how often it should be checked. = Video Grade Guide = || '''Topics''' || '''Points''' || || Video shows the Performance Monitor running with all three counters appropriately formatted || 30 || || Video shows the Event Viewer and Custom View || 20 || || Video shows the custom view with (or without) failed logon attempts || 10 || || Video shows a failed logon attempt where you show the time || 10 || || Video shows the custom view with the new failed attempt logged || 30 ||