= Lab 12: Performance Monitoring and Event Logs =

The goals of this lab are 1) to create a baseline for your server in terms of Memory and CPU usage and 2) to setup a simple audit policy to catch failed logon attempts. 

== Part 1: Performance Monitor ==

Using the lecture notes: 

 1. Start up Performance Monitor
 1. Make sure that the following two counters are added.
    a. Processor: Total % Proccessor Time
    a. Memory: % Commited Bytes in Use
    a. Memory: Available MBytes
       i. You will need to scale this - I believe 0.001 will do the trick. 
       i. You may need to change the scale of the graph too. On my home computer, I had to change it to go from 0 to 200 on the vertical axis as I have 128 GB of Memory. 
 1. Once you have this you will need to demo it in the video, so just leave it running. 


== Part 2: Event Logs and Audit Policies ==

Using the lecture notes:

 1. Set up the default group domain policy to audit failed logons. 
 1. Do a couple of failed attempts to logon as a user.
 1. Ensure that these failed attempts are logged by creating a Custom view for failed logons (I did this in class, so you can follow my notes). 

= Documentation =

Document the Audit Policy that you created in the Security Page of your documentation. Include:

 1. The name of the Custom View that you created
 1. A recommendation on how often it should be checked. 

= Video Grade Guide =

|| '''Topics''' || '''Points''' ||
|| Video shows the Performance Monitor running with all three counters appropriately formated || 30 ||
|| Video shows the Event Viewer and Custom View || 20 ||
|| Video shows the custom view with (or without) failed logon attempts || 10 ||
|| Video shows a failed logon attempt where you show the time || 10 ||
|| Video shows the custom view with the new failed attempt logged || 30 ||