What I did was created a query in AD Users and Computers of all computer accounts, then took that file and imported it into the Migration and Deployment wizard.  On the screen where you select the computers to deploy to, select "Add or Import Computer"  then select file containing host names and IP addresses.  Then select your exported AD computer list.  Worked like a charm for me.

Use this batch file (save this single line as a BAT file and run it):

cscript is-it-installed.vbs>SEP-install-check.txt

to run this script (save the below as a VBS file):

' Script gets list of workstations from the domain.
' Then pings workstation to see if it is alive.
' If it is alive, it attempts to search the registry under the Uninstall list for
' an application name you can specify at the top of the script.
' !!!!!!!! Use cscript to run from a cmd prompt otherwise you will get a bunch of popup dialogs for the output.
' For larger networks, pipe the output to a csv file and open with Excel so you can sort.
' Script by Matthew Jenkins (mattjenkins@mljenkins.com)
' Written on September 20, 2004
'
' Set what application name you want to find here - name matches display name in add/remove programs list
sApplication = "Symantec Endpoint Protection"

'
' Ignore errors (we get these if permissions is denied while querying a computer)
On Error Resume Next

' Get computers from network
Set objWMIService = GetObject("winmgmts:root\directory\ldap")
Set colItems = objWMIService.ExecQuery("Select ds_cn, ds_location From ds_computer")

' Enumerate computers in network
For Each oComputer in colItems
sComputer = oComputer.ds_cn

' See if computer is available (returns ping) and if so then query for the application, otherwise return DISCONNECTED
If(bIsAlive(sComputer) = true) Then
iResult = iFindApp(sComputer, sApplication)
If(iResult = 1) Then
sInstalled = "INSTALLED"
ElseIf(iResult = 2) Then
sInstalled = "not installed"
ElseIf(iResult = 3) Then
sInstalled = "unable to query"
End If

Else
sInstalled = "disconnected"
End If

WScript.Echo sComputer & vbTab & vbTab & sInstalled
Next

' *******************************************************************
' Pass in a computername and application to search for
' Returns 1 on installed, 2 if not installed, 3 if the client cannot be searched (permissions errors, ...)
Function iFindApp(sTargetHost, sApplication)
On Error Resume Next

' Initialize some variables first
iFindApp = 2
sProgramName = ""
sProgramVersion = ""
sKeyPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\" ' key containing uninstall info

' Attempt to connect to client's registry
Const HKLM = &H80000002 'HKEY_LOCAL_MACHINE
Set oReg = GetObject("winmgmts:\\" & sTargetHost & "\root\default:StdRegProv")

' Ensure we connected ok to the client, if not just return false, it's probably not a valid Windows box
If Err.Number <> 0 Then
iFindApp = 3
Exit Function
End If

' Enumerate client registry looking for application
oReg.EnumKey HKLM, sKeyPath, arrSubKeys ' get installed programs' subkeys
For Each subKey In arrSubKeys ' get info from each installed program subkey
' attempt to get DisplayName
If(oReg.GetStringValue(HKLM, sKeyPath & subKey, "DisplayName", sProgramName) <> 0) Then
' if no DisplayName try for QuietDisplayName
oReg.GetStringValue HKLM, sKeyPath & subKey, "QuietDisplayName", sProgramName
End If

' attempt to get DisplayVersion
If(oReg.GetStringValue(HKLM, sKeyPath & subKey, "DisplayVersion", sProgramVersion) <> 0) Then
' if no DisplayName try for QuietDisplayName
oReg.GetDWORDValue HKLM, sKeyPath & subKey, "VersionMajor", sProgramVersion
End If

' If the name exists, return true
If sProgramName = sApplication Then
iFindApp = 1
Exit Function
End If
Next
End Function

' *******************************************************************
' Pass in host to ping
' Returns true if ping successful, false if ping unsuccessful
Function bIsAlive(sTargetHost)
sSourceHost = "." ' computer that will send ping requests, normally the local computer
bIsAlive = False ' normally we will return false, unless ping is successful

Set objWMIService = GetObject("winmgmts:\\" & sSourceHost & "\root\cimv2")
Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_PingStatus WHERE Address = '" + sTargetHost + "'")

For Each oRow In colItems
If oRow.StatusCode = 0 Then
bIsAlive = True
End If
Next
End Function

No, its on my wishlist too.  Passed it along to sales and local SE for feature enhancement.

If you want the sales approach :) , all you need to do is buy Altiris and use the Altiris->SEP Connector.  It gives you these reports, plus who is still on older versions of SAV, defs, etc to fully plan your migration.

For small/medium business with no SMS, BigFix, Altiris, etc, somthing like what the two responses above gave is still the best way.

I forgot to add that if anyone copies and pastes the above script - watch for word-wrap as the forum has a narrow field for text and I see a couple of lines have wrapped text, but if you know VBS at all, you'll see them fairly easily.

I have an SMS 2003 query that shows me computers that do not have SEP installed.  If you're interested PM me and I'll send it over to you.

Since rwessen asked for it, I'll make it publicly available.  Note that it checks 32 and 64 bit operating systems:

Create a new query, edit the query statement, click on "show query language", delete the existing code and paste the following code:

select SMS_G_System_SYSTEM.Name, SMS_G_System_COMPUTER_SYSTEM.Model, SMS_G_System_COMPUTER_SYSTEM.UserName from SMS_R_System inner join SMS_G_System_SYSTEM on SMS_G_System_SYSTEM.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_R_System.ResourceId not in (select SMS_R_System.ResourceId from SMS_R_System inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceID = SMS_R_System.ResourceId where SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName = "Symantec Endpoint Protection") and SMS_R_System.ResourceId not in (select SMS_R_System.ResourceId from SMS_R_System inner join SMS_G_System_ADD_REMOVE_PROGRAMS_64 on SMS_G_System_ADD_REMOVE_PROGRAMS_64.ResourceID = SMS_R_System.ResourceId where SMS_G_System_ADD_REMOVE_PROGRAMS_64.DisplayName = "Symantec Endpoint Protection")

Great script with lots of uses beyond SEP...thanks!

BTW, for the word-wrap issue, drop-down the Format list and click "Formatted". It displays the code like this:

' See if computer is available (returns ping) and if so then query for the application, otherwise return DISCONNECTED

Thanks for the script, I've run it and it works great...unformatly some of our remote sms servers aren't reporting like they should :(.

I downloaded the .vbs script as well, but a little leery of the bandwidth that might tie up crawling around the globe checking peoples registry.

It just irks me that this information isn't redily available from within endpoint...even if they made it a new view...there is one to see everything and several to see information about clients that have it installed.....but nothing for the uninstalled. :(