Assuming that the client (computer running the client) is managed (connects to a SEPM server for control), as someone mentioned you can use policies to turn off auto protect right from a policy. As Brian pointed out, after you update the policy to turn off AP, you can go to the server client and right-click on the icon and select "Update Policy" (or just wait...).
I think I'm misreading what your original post was (kindly excuse me). Are you trying to turn off auto protect (checks for viruses every time a file is accessed or modified or are you trying to turn off the periodic full scan (scheduled scans)? You can do both from a policy if the clients are managed. If clicking on the system tray icons are grayed-out, that means the little lock icons are "closed" in your policy so you can't change the settings from the client. My suggestion would be to have these few machinges in a SEPM group by themselves and disable inheritance for the Anti-Virus Policy and create a new one. Also, I believe there is a setting to turn back on Auto-Protect after a certain time if it gets turned off so you may want to look out for that. The policy should be the best way to make sure things don't get changed after rebooting if you made a local change.
Hope some of this helps.