Deployment Splunk Universal Forwarder

Hello, I would like to deploy the Splunk Universal Forwarder to a batch of servers (150). I will use SCCM, What is the best practice to do so: 1. by a command line through the deployment of application: ---------- ::splunk installer reg query "HKLM\System\CurrentControlSet\Control\Session Manager\Environment" /v PROCESSOR_ARCHITECTURE | find /i "x86" > NUL && set OS=32BIT || set OS=64BIT if %OS%==32BIT GOTO Run32 if %OS%==64BIT GOTO Run64 :Run64 msiexec /i "%~dp0splunkforwarder-7.0.3-fa31da744b51-x64-release.msi" LOGON_USERNAME=AD\yyyyyyyy LOGON_PASSWORD=xxxxxxx WINEVENTLOG_APP_ENABLE=1 WINEVENTLOG_SEC_ENABLE=1 WINEVENTLOG_SYS_ENABLE=1 WINEVENTLOG_FWD_ENABLE=1 WINEVENTLOG_SET_ENABLE=1 AGREETOLICENSE=Yes DEPLOYMENT_SERVER=" lopsplkap02:8089 " /quiet Set MSIError=%Errorlevel% GOTO End :Run32 msiexec /i "%~dp0splunkforwarder-7.0.3-fa31da744b51-x64-release.msi" AGREETOLICENSE=Yes DEPLOYMENT_SERVER=" lopsplkap02:8089 " /quiet Set MSIError=%Errorlevel% :End exit /B %MSIError% ---------- then adding the switches in the command line: :: ::PERFMON=,,... or using a limited command line : ---------- ::splunk installer reg query "HKLM\System\CurrentControlSet\Control\Session Manager\Environment" /v PROCESSOR_ARCHITECTURE | find /i "x86" > NUL && set OS=32BIT || set OS=64BIT if %OS%==32BIT GOTO Run32 if %OS%==64BIT GOTO Run64 :Run64 msiexec /i "%~dp0splunkforwarder-7.0.3-fa31da744b51-x64-release.msi" AGREETOLICENSE=Yes DEPLOYMENT_SERVER=" lopsplkap02:8089 " /quiet Set MSIError=%Errorlevel% GOTO End :Run32 msiexec /i "%~dp0splunkforwarder-7.0.3-fa31da744b51-x64-release.msi" AGREETOLICENSE=Yes DEPLOYMENT_SERVER=" lopsplkap02:8089 " /quiet Set MSIError=%Errorlevel% :End exit /B %MSIError% ---------- and then copying file like inputs.conf: [WinEventLog://Application] disabled = 0 index = wineventlog [WinEventLog://Security] disabled = 0 index = wineventlog [WinEventLog://System] disabled = 0 index = wineventlog [WinEventLog://Setup] checkpointInterval = 60 current_only = 0 disabled = 0 start_from = oldest index = wineventlog -- Memory [perfmon://Memory] counters = Committed Bytes; Available MBytes; Available Bytes disabled = 0 interval = 300 object = Memory useEnglishOnly=true index = perfmon -- Network [perfmon://Network] counters = Bytes Total/sec; Current Bandwidth; Bytes Received/sec; Bytes Sent/sec disabled = 0 instances = * interval = 300 object = Network Interface useEnglishOnly=true index = perfmon -- Process [perfmon://Process] counters = % Processor Time; Working Set; Working Set - Private disabled = 0 instances = * interval = 300 object = Process useEnglishOnly=true index = perfmon -- Logical Disk [perfmon://LogicalDisk] counters = % Free Space; % Disk Time; Current Disk Queue Length; Avg. Disk sec/Transfer; Free Megabytes disabled = 0 instances = * interval = 300 object = LogicalDisk useEnglishOnly=true index = perfmon -- CPU [perfmon://CPU] counters = % Processor Time; % User Time disabled = 0 instances = * interval = 300 object = Processor useEnglishOnly=true index = perfmon -- [perfmon://PhysicalDisk] counters = Free Megabytes;% Free Space instances = _Total interval = 3600 object = LogicalDisk disabled = 0 ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ and also w wmi.conf ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ -- Lists all services registered on the system,if they are running,and the status [WMI:Service] disabled = 0 interval = 3600 wql = SELECT Name, Caption, State, Status, StartMode, StartName, PathName, Description FROM Win32_Service index = main ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- What is the best path to do it? if it is the second solution how to "link" the files to the command line...? Thanks, Dom