Hi, we have some admins at our school who are trying to migrate clients from SAV/SCS to SEP and we're having some trouble with tamper protection. Many of these clients are not managed, and they are running different versions of SAV/SCS, though they are all 10.x or 3.x. They would like to use Active DIrectory GPOs to install SEP, however when the policy is applied to a system with SAV and tamper protection enabled, the result is a broken uninstall of SAV that needs to be CleanWiped before SEP can be installed manually. So we don't want to apply this GPO until we're sure all the clients have SAV removed at least have tamper protection disabled.
So is there any scriptable way to do this? Even the managed clients are a problem because they report to different servers with different groups and we don't want to disable tamper protection for everyone (though we'll do this if absolutely necessary). But the unmanaged clients are more of a problem, and we would like to create some sort of script that we can push out with GPOs to ensure tamper protection is OFF before the SEP installer runs. Any thoughts or suggestions? Thanks for the help!
-Allison