we have started PC scanning our Windows 2008 R2 estate against the CIS benchmarks. The initial scan results showed around 30 controls required the dissolvable agent enabled in order to evaluate the audit policy settings. We have enabled the dissolvable agent but have not selected any additional options, the scan now passes and all the audit policy settings are confirmed. If the agent is only used for this purpose is any code actually deployed to the server, if so is there another way to evaluate these audit policy settings without using the agent? The fact that code is deployed causes issues with change control, testing etc.