How often should we have our scan tool run? Currently it is running daily at 5am. Our Sync Tool Runs Weekly and our ITMU program runs weekly.

Isn't it enough to run it weekly since new builds, and rebuilds that are comming on network will run the program since it was advertised in the past (ie earlier in the week).

We have implemented Wake on Lan so every day @ 5am all the computers on the network turn on.

Thanks in advance
0 Comments   [ - ] Hide Comments


Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.
Answer this question or Comment on this question for clarity


I'd go with weekly.

Keep in mind to that the collection of scan data actually occurs during the hardware inventory as the information is stored in WMI. So unless you running a hardware inventory daily as well, there's no reason to go with that frequency. Plus, if you're only syncing weekly, then your daily scans between syncs are scanning each time for the exact same thing. Overkill.

Really even monthly would be fine. Most SMS implementations I've seen simply run the sync the Wednesday after patch Tuesday each month, run their scan shortly after, and run the hardware inventory shortly after that.
Answered 11/02/2006 by: Bladerun
Green Belt

Please log in to comment
Monthly after patch Tuesday is not a good solution in my opinion. The reason for running the same scan tool definitions on a more frequent basis is to catch systems that have had thier patch status compromised. This will normally happen if a new piece of software is installed on a client machine. This is more critical if you have a large number of users that have admin rights over their pcs. A good example of this can be seen with Office. Let say you have office up to the latest service pack and someone installs another office product such as Front Page. Any patches that are not contained in the original installation media most likely will have to be reapplied. Adding some of the optional components of Windows after the fact will also require additional security patches.

The reliability of the scan tools can also be an occassional issue depending on the size and complexity of your environment. If you are only using advanced clients it doesn't really add that much overhead to run the scan tools if the clients have the most current package source in the local cache since SMS 2003 use delta changes.
Answered 12/21/2006 by: rmcghee
Senior Yellow Belt

Please log in to comment