Kai,
You can do all of that through Policy Management. If you're not using that function already, I'd recommend you look into it as it allows you to manage all of the machine-specific configurations (patch schedules, agent procedures, software deployment, credentials, audit scheduling, log settings, etc.) from one place and apply based on a series of membership rights defined at the org, machine group, and/or machine level.