This process uses a PowerShell script to import and start the Performance Monitor Log Enablement Package
(Templates) via GPOs. The script runs on Logon/Logoff or Startup/Shutdown via GPO deployment and is
intelligent enough to run on all servers or specific servers to which the GPO is applied. It contains a ServerList
file which is made up of two sections. The first section is called [All_Servers], which is a list of Log Enablement Package that
will be imported on all servers. The second section is called [Specific _Servers] and it lists the Log Enablement Package to
be applied to defined servers. This script will work on all Windows machines running Windows 2008 and
Log Enablement Package (LEP) you would like import.
2 For the purpose of this doc the following Log Enablement Package(LEP) will be used:
WSR_Processor_Alerts, WSR_Memory_Alerts, WSR_Disk_Alerts, AD_AddressBook_Alerts, and AD_AsychronousThreadQueue_Alerts.
3 Add Log Enablement Package (LEP) that needs to be installed on all servers to the [All_Servers]
section, and Log Enablement Package (LEP) for specific servers to the [Specific_Servers] section.
Server1 = AD_AddressBook_Alerts; AD_AsychronousThreadQueue_Alerts
Server2 = AD_AddressBook_Alerts; AD_AsychronousThreadQueue_Alerts
Server3 = SQLServer_Workload_Alerts; SQLServer_DataAccess_Alerts
Here is an example of the ServerList.txt file. [All_Servers] is a list of just Log Enablement Package (LEP) while
[Specific_Servers] is a list of servers and the Log Enablement Package (LEP). For the [Specific_Servers] list the
servers are separated from the Log Enablement Package (LEP) by an equal sign (=) and the list of Log Enablement Package
(Templates) are separated by a semicolon (;). The server name can either be the host name or IP Address.
4. Copy the ImportLEP.PS1, ServerList.txt and all the Log Enablement Package (LEP) to a network path
accessible by all servers.
5. Now configure GPO to deploy and execute the script.
6. Go to Run and type gpmc.msc.
7. In the left panel click on the plus sign next to Group Policy Objects.
8. Right click on Group Policy Objects and select New. The default Group Policy Object name is
New Group Policy Object rename to whatever is most appropriate. Import Monitoring Log Enablement Package works for me.
9. Link the location you would like the GPO to run against. In this example the KD.com domain
is selected. Right click the domain branch and select Link an Existing GPO….
10. Then Select Import Monitoring Log Enablement Package from the Select GPO dialog.
The linked domain shows up in the Links window.
11 Right click on the newly created GPO Policy Object and select Edit.
12. In the left panel click on the plus sign (+) next to User Configuration, then the
plus sign(+) next to Policies, and the plus sign(+) next to Windows Settings and highlight
Scripts (Logon/Logoff). In the right panel right click on Logon or Logoff, which ever you
prefer the script to run on, and select Properties.
13. In the scripts tab click the Add button. The Add a Script dialog is displayed. Type
powershell.exe below in the Script Name field and type the following string in the Script Parameters
-noninteractive -executionpolicy bypass \\10.9.35.208\sysvol\KD.com\scripts\ImportLEP.PS1
Update this Script Parameter field to reflect the location of the ImportLEP.PS1
14. Click Ok on all Group Policy Open windows.
15. To import the Log Enablement Package (LEP) on Startup or Shutdown open the Group Policy
Management Editor. In the left panel click on the plus sign (+) next to Computer Configuration, then
the plus sign(+) next to Policies, and the plus sign(+) next to Windows Settings and highlight Scripts
(Startup/Shutdown). In the right panel right click on Startup or Shutdown, which ever you prefer the
script to run on, and select Properties.
16. Repeat step 12 to configure the Add a Script dialog then click Ok to close all Windows.
17. Logon to a server listed in your Server List file and the Log Enablement Package (LEP) will be imported and started.
18. Once the Performance Alert thresholds are triggered they will be sent to the Event Viewer, were
they will be collected and displayed by K1. Applications and Services Logs->Microsoft->Windows->Diagnosis-PLA->Operational.