Hey Brian,
You get around. Second one of mine you responded to. Attached two screen shots that I hope can clarify.
Basically, I went into clients, then Policies tab and then Password settings on my manager. I checked all the boxes. The 506pm.jpg shows what I did.
When a client tries to launch SEP, the get the 503pm.jpg that prompts for a password. They can not see the interface/gui at all.
If I remove the first checkbox, the can get into SEP and run a scan as you noted but it also allows them to add exceptions for scans and change other parameters that my bosses don't want them to do.
Aware they can right click a file and scan it but my users are looking to do a quick scan or full scan of the entire workstation.
I think it is not possible without giving them the other functionality. Just want to confirm it is true.
Thx,
Douglas