1. If I also select the option of requiring this password to stop the client service, what effect will it have?
-This will require a password to run the "smc -stop" command as well as right clicking the icon and selecting disable.
2.Will it let them turn off only NTP or all SEP components?
-This will allow disabling of all SEP components. You are currently unable to set an option to only turn off certain features with a password.
3. Will they be able to turn it off indefinitely or will it be susceptible to the 3 minute rule?
-It will disable it until they run "smc -start", right click the shield and enable, or reboot the machine.
4. Do all these options use the same password or can a different password be set for each?
-They all use the same password.