That's strange...
keep deleting them...
In simple words, it works in this way:
- if the account (computer or user) already exists into the DB, use it (regarless preferences on the client)
- if the account does not exist, use the last used group/mode (if enabled)
- if the "use last used group/mode" feature is disabled, use the preferred ones.
So, the possible reasons of having those clients back in user mode are:
a) not all user accounts have been deleted
b) the "use last used mode" is enabled for the preferred group
c) the preferred mode (set at installation time) is the user one
How to know it:
have a look at this registry key of some of those clients
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink
you will recognize values like preferredgroup, etc... some scenarios could be:
1) preferred mode is computer and last/current mode is user:
reason a) or b)
2) no last/current mode or set to computer and preferred mode is computer:
reason a)
3) no last/current mode and preferred mode is user:
reason c)