Hi, and thanks for your reply.
To answer your question; Policies- Under "Consumer Policy", there are the "Default" and "Excluded" built-in policies. Then we have two which we've named "Front Desk Systems" and "IT Policy". All are set under the heading "Encryption BootGuard Customization" to "Display Detailed Authentication Fields", with Remember Domain checked and Default Domain set.
Then we have Groups- The standard "Everyone" (128) and "Excluded" (0). Then we have "Domain Users" (114), "IT"(3), "CompanyB Users" (0) and "Front Desk Systems" (0).
As I mentioned in my original post, it (the Simple BG screen) happens on a handful of machines (all laptops). The test machine I'm working on was freshly imaged, and windows up to date, prior to installing Symantec Encryption Desktop.
The only user that had logged into the test machine was myself. After ending up with the simple screen, I had another employee log in and register her password as well. But that did not change anything. Running the command line you suggeted confirms this.
Out of curiosity, I did try changing the OU that the computer name was in. Did gpupdate /force, then updated the SED policy from the tray icon. Rebooted-No change.