I don't understand why you don't use the new feature included on SEPM 12.1 RU2.
You have now the possibility to deploy only the communication settings and it's very easy and useful as long as you have a SEP 12.1.671.4971 (RTM) client installed minimum as on the previous version SylinkDrop.exe are not installed on the client.
The nea feature runs in fact a remote action on the SylinkDrop.exe present on client side to update their Sylink.xml.
Advantage of that is simply that you don't need anymore manual actions on client side and you get straight away confirmation from your SEPM if the communication settings have been correctly updated or not.
You don't need to deactivate Tamper Protection as the native process involved for this feature is already trusted by design.
If you get an error message when the update of communication settings fails, feel free to let us know as there are already some of them very known and solutions can be provided.
In order to ensure that it works, pre-requisites of Deployment and Migration Client Wizard should be respect as usual.
TCP 137, 138, 139 and 445 on both side should be opened.
I know that it may sounds annoying to open Netbios ports for many customers for security reasons but if you perform some research, you could find alternative solution for deployment (Altiris, etc ...)
Kind Regards,
A. Wesker