"Was this mass update caused by the upgrade or me adding install packages to to the client groups. "

From you adding the installation packages to the client groups. Whatever package you assign to that group will be automatically updated by the client. It's a proactive, but sometimes not recommended, way of distributing upgrades to your clients. You can enforce restrictions and particular configuration options for this in SEP.

The agent should not automatically upgrade unless an upgrade package was assigned to one of the groups. Under the ADMIN tab, you will notice a "Upgrade Groups Wizard" that allows you to select a group for upgrades. The Upgrade Schedule allows you to set the time that the client  will upgrade and then you can distribute the upgrades over several days if necessary. If you select HELP, you will notice that under the "Upgrade Schedule" , you can specify a range of time over which to install packages. Notice that if the FROM and TO times match, the upgrades start immediately. Also, depending on how the hearbeat rate is set to and whether it is a PULL or a PUSH will also have an impact. For example, if all of the agents have their heartbeats set to PUSH every 5 minutes, then this could inundate the Policy Manager.

I did apply the new client version to my groups under Admin > install Packages, but thought this was where I set available packages for the group, not to force installs to all clients in the group.  So now our server is offline and we are wondering if we power it back on, if clients will try to download like crazy again or if there is anything we can do to stop it.

thanks

remove the package from the policy ( client -- select the group -- installation package tab)

cheers
Pete

I have already removed all packages from all groups, the clients were originally manually deployed, so I guess it was me applying the new client package to the groups that caused this.  However we were told by Symantec sales that the throttling engine was built into the endpoint client, like in IS2009 where it won't saturate a link with updates or anything.  Also I don't see any real throttling options aside from telling the package to deploy over X number of days, which isn't very good control at all.   So now that the packages have been removed from all groups, will it be safe to bring our server back online?  Or will we see clients start downloading the pages again and saturating our links?

i believe the throttling is done through IIS settings.
However the instalation upgrade can go through X number of days( this can be configured in SEPM).
You can bring back the SEPM online, as client will not find the package and there is no policy to push the package.

Cheers
Pete

Yes if you have removed the package, you can bring the SEPM online & assign the client package one by one on each group so that you are upgrading 15 - 20 clients at a time not 300 clients at a time. :)

Thanks for all the info, I think that pretty much explains it.