To be fair, SNAC is included in all SEP clients. Enabling it's functionality is just a matter of adding the SNAC license onto the SEPM and assigning a HI policy.
That said, here's the method I think would allow you to push a script out. Bear in mind that I've not tested this myself, it just popped into my head while I was pondering your request.
Essentially, SEPprep has functionality to run scripts, and the auto-upgrade functionality in SEP can be fudged to run sepprep, so I reckon you can run scripts on clients by combining the two.
Soooooooo:
- Have a play with SEPprep to see if you can get it to run your script:
http://www.symantec.com/docs/TECH148513
- Then load/mount/host your renamed sepprep on a web server and point your clients at it using the auto-upgrade function in the SEPM:
http://www.symantec.com/docs/TECH97406
Like I said, I've not tried this myself so test like crazy . And again, I still recommend going down the SNAC route.