I know you are not doing this over a WAN, but it is the same concept as I assume that you have the security zones in their own subnets. The only difference in this situation is that you don't have routers in between, just layer 2/3 switches and/or a firewall.
You indicated in a previous post that there were no limitations currently, however, you are jumping back to security being the issue. What I would do is disable all security on that particular segment (or zone) and see if you can get it to work. Then, start re-enabling the security.
Also, when it comes to PXE, because I am running multiple PXE servers, I've found a little more success in not doing redirection, but doing what I posted above and allowing the single PXE boot image to map according to subnet. This is easier to maintain and to ensure that all the pxe servers are using the same things.
Also, I would suggest for trouble-shooting, you take a script that you are having an issue with and insert pauses between each line. Then watch the script run on the client computer. This might tell you if it is a specific command that is causing the issue or if there is a more detailed error message that Altiris isn't telling you.
Also, when you've tested that script with pauses, and still get the errors, see if you can run the commands by hand line by line. If you get different results (which I've seen before and can be a result of the path being too long for altiris to handle, but WinPE or Linux seem to be able to handle it if you do it by hand), then start considering how things are laid out on your server. If the path is too long, consider mapping a second drive further down the structure to alleviate this issue.
i.e. f: is mapped to \\ds-server\express
Your script calls for f:\dir1\dir2\dir3\dir4\dir5\dir6\dir7\executable /a;sldkfjkj
You might consider mapping a second drive to a common directory further down the structure.
i.e. g: is mapped to \\ds-server\express\dir1\dir2\dir3\dir4
Your script would then call for g:\dir5\dir6\dir7\executable /a;sldkfjkj