Client Deployment Using Multiple Groups

This is a basic but helpful approach to environments with one SEPM and many locations with small numbers of clients.

We have deployed SEP to our retail locations (approx. 160) where each store is it's own group of clients and each store falls into one of eight retail regions.  The way to get SEP clients to report to a specific group after install is to export the install package from the SEPM and associate it with a particular group.  We have had much success with creating a "Deployment" group within the console and exporting an install package from this group.  This way we install all of our retail locations to this group, and we can manually assign clients to their appropriate group via the Symantec Console.  Each store uses all the same policies (shared) except for their LiveUpdate policy, which is a non-shared policy used to identify a GUP for each store.  So far this has gone very well, and rollout went from being a "nightmare" to "no big deal".  One big recommendation would still be to set your clients communication settings to Pull mode.  We have our heartbeat interval set to 3 hours, which gives us more than enough information about our clients.  If we have any issues where we need to contact the client we utilize the integration component with Altiris (SEPIC).