Whether non of the settings are working or some of them. Also assure that clients got latest policy.This you can find with the help of policy sl. no. 

"Disable SEPM is not grey out" do you mean "Disable Symantec Endpoint Protection not grayed-out".
Try by restarting the client. 

you need to close the lock symbol as per this document
follow these steps top to bottom,

Step 2: Remove the right to disable Threat detection:

1. Open the Symantec Endpoint Protection Manager.
2. Click Clients.
3. Select the group that contains the clients you want to be affected.
4. Click Policies.
5. Expand Location-specific Policies
6. Click Antivirus and Antispyware policy.
7. Click File System Auto-Protect, then lock this feature by clicking the lock symbol next to Enable File System Auto-Protect.
8. Click Internet Email Auto-Protect, then lock this feature by clicking the lock symbol next to Enable Internet Email Auto-Protect.
9. Click Microsoft Outlook Auto-Protect, then lock this feature by clicking the lock symbol next to Enable Microsoft Outlook Auto-Protect.
10. Click Lotus Notes Auto-Protect, then lock this feature by clicking the lock symbol next to Enable Lotus Notes Auto-Protect.
11. Click TruScan Proactive Threat Scans, then lock this feature by clicking the lock symbol next to Scan for trojans and worms and Scan for keyloggers.
12. Click OK.

Keep the Client User Interface Control Settings as Server control and try.

check the policy use count of your antivirus and antispyware, make sure you have applied to all the groups, and you are indeed checking on the system which has the policy applied :)) 

Hi Rafeeq i think what user want to know is how can he prevent the user not to disable the symantec endpoint protection. Hi if  you have a (AD) active directory in your location just remove the domain admin and administrator rights of the user just leave the domain user and it will automatically grey out the disable symantec endpoint protection. But if your client or organization needs the domain admin and administrator rights there still a work around left same as my current settings open your symantec endpoint protection manager open clients policies location specific settings edit client user interface click on server control in general uncheck the display the client then applied ok.  Then after that if you want to take effect immediately run the command on group. The endpoint protection in the taskbar will not be visible. Hope this will help.

In SEPM go to  Clients -------> <the group which the client resides> ----->policies (right side)--->General settings----->Security settings Here you put some password for opening the client GUI and see whether it is getting effective..

Probably the policy might have not being recieved by the clients, because i face the same issue at a Customer's end but when i dployed the settings it didn't work but the very next morning it was applied.
Might be a delay in policy inheritance

Click on the image of the podlock to lock and unlock it not the words itself.

Go to Antivirus and Antispyware policy and select truscan proactive threat scans and in scan details, LOCK scan for keyloggers. Now it will disable user to disable SEP. In case of emergency, if administrator wants to disable protection, he needs to run command smc -stop. Make sure you start it back smc -start. ALONG WITH THESE STEPS, YOU NEED TO FOLLOW SYMANTEC STEPS IN THE LINK BELOW.

http://service1.symantec.com/support/ent-security.nsf/docid/2007110514540148?Open&seg=ent

Hi,

I'm am usingSymantec Endpoint Protection version 11.0.6005.562 , like other Administrators above I'd like to disable users ability to disable the symantec clients. So I tried the Instruction mentioned in http://service1.symantec.com/support/ent-security.nsf/docid/2007110514540148?Open&seg=ent but the problem is there is no lock option next to enable client .

its not on the client; its on the policy in the SEPM; where you will see a small lock option...

can you post the screen shot please.

We the same issue as you Shajee! I wonder if there is an available update to this current version?

post the screen shot...

screenshot

find in attachment

I had this issue as well.  I did some poking around in the settings.  In SEP Manager go to Clients and select  your client group.  Click the Policies tab.  Toward the bottom of the Location-specific Policies and Settings you should see Location-specific Settings.  Expand that and click the link for Server Control.  Click the Customize button that appears next to Server Control.  Uncheck "Allow users to enable and disable Network Threat Protection".  You should be good to go.