Hi Jhun,
Pls enable tamper protection from SEPM and deploy accross all the machines in your netwrok.
Select the option Block & Log.
User will be able ot run the smc.exe -stop command but the SMC service always run in kernel mode. It will show the user as stop, but it is still running in the background.
Also You can put password protection in SEPM to stop the SMC services.
Rgrds,
SAM