To deploy the client using Active Directory:

1 In Active Directory, open the Group Policy Management container and expand the entire container hierarchy to reveal the Group Policy Objects container.
2 Right-click Group Policy Objects and select New.
3 In the New GPO window, type the name of the new group policy in the Group Policy Object field and click OK.
4 Right-click the new policy and choose Edit.
5 In the Group Policy Object Editor, select Computer Configuration > Software Settings > Software installation.
6 Right-click Software Installation > New > Package and then click My Network Places.
7 Locate the shared folder you specified for the client installation files. This folder must contain both of the following files:
a) SymantecEndpointEncryptionDeviceControlClient.msi
b) ClientConfig.scc

8 Select SymantecEndpointEncryptionDeviceControlClient.msi, and click Open, and then click OK to accept the default value of Assigned for that package.
9 Select Administrative Templates > System > Logon.
10 Right-click Always wait for the network at computer startup and logon, and select Properties.
11 To ensure that the target computers have access to the shared network drive after restarting, in the Always wait for the network at computer startup and logon dialog box, select Enabled.
12 Close the Group Policy Object Editor.
13 In the Group Policy Management Console, select the group policy you created, then drag the group policy and drop it into the organizational unit (OU) or other object containing the computers to which you are deploying the client installer packages.
14 Click OK to confirm linking the policy to the specified location.