Scan Tool Freqency
How often should we have our scan tool run? Currently it is running daily at 5am. Our Sync Tool Runs Weekly and our ITMU program runs weekly.
Isn't it enough to run it weekly since new builds, and rebuilds that are comming on network will run the program since it was advertised in the past (ie earlier in the week).
We have implemented Wake on Lan so every day @ 5am all the computers on the network turn on.
Thanks in advance
Isn't it enough to run it weekly since new builds, and rebuilds that are comming on network will run the program since it was advertised in the past (ie earlier in the week).
We have implemented Wake on Lan so every day @ 5am all the computers on the network turn on.
Thanks in advance
0 Comments
[ + ] Show comments
Answers (2)
Please log in to answer
Posted by:
Bladerun
18 years ago
I'd go with weekly.
Keep in mind to that the collection of scan data actually occurs during the hardware inventory as the information is stored in WMI. So unless you running a hardware inventory daily as well, there's no reason to go with that frequency. Plus, if you're only syncing weekly, then your daily scans between syncs are scanning each time for the exact same thing. Overkill.
Really even monthly would be fine. Most SMS implementations I've seen simply run the sync the Wednesday after patch Tuesday each month, run their scan shortly after, and run the hardware inventory shortly after that.
Keep in mind to that the collection of scan data actually occurs during the hardware inventory as the information is stored in WMI. So unless you running a hardware inventory daily as well, there's no reason to go with that frequency. Plus, if you're only syncing weekly, then your daily scans between syncs are scanning each time for the exact same thing. Overkill.
Really even monthly would be fine. Most SMS implementations I've seen simply run the sync the Wednesday after patch Tuesday each month, run their scan shortly after, and run the hardware inventory shortly after that.
Posted by:
rmcghee
18 years ago
Monthly after patch Tuesday is not a good solution in my opinion. The reason for running the same scan tool definitions on a more frequent basis is to catch systems that have had thier patch status compromised. This will normally happen if a new piece of software is installed on a client machine. This is more critical if you have a large number of users that have admin rights over their pcs. A good example of this can be seen with Office. Let say you have office up to the latest service pack and someone installs another office product such as Front Page. Any patches that are not contained in the original installation media most likely will have to be reapplied. Adding some of the optional components of Windows after the fact will also require additional security patches.
The reliability of the scan tools can also be an occassional issue depending on the size and complexity of your environment. If you are only using advanced clients it doesn't really add that much overhead to run the scan tools if the clients have the most current package source in the local cache since SMS 2003 use delta changes.
The reliability of the scan tools can also be an occassional issue depending on the size and complexity of your environment. If you are only using advanced clients it doesn't really add that much overhead to run the scan tools if the clients have the most current package source in the local cache since SMS 2003 use delta changes.
Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.
so that the conversation will remain readable.