We are currently running couple hundres of virtual machines. The current system assessment scan policy task is killing the hosts everytime it kicks in because its executing the assessment scan at the same time on every vm. Weird that there is no randomization schedule available...
Anyway, I know we could create individual policy for vm's and schedule scan to happen at the night when half of vm's are not being used. But we want to be able do the scanning every 6 hours or so.
I know system assessment scan can be executed via command line with AeXPatchUtil.exe" /I /q which invokes the AexPatchAssessment.exe.So I was planning to outline all vm's from default system assessment scan policy and create managed software delivery policy for them. The policy would contain a script which basically goes to sleep random amount of time and then this system assessment scan command. This would result randomized scanning to all clients inside the policy and not killing the hosts.
But when im looking the default system assessment scan policy i see that its actually deploying the "tools" and configurations for this. So I cant outline targets from default system assessment scan policy because othervise those clients wont get the tools and up to date configurations for the scan... right?
Ideas? anything is welcome
-AG