Carsten, I have to disagree based on the description of System Lockdown in the documentation. Deepfreeze, restores your system to a previous known state. You can allow users to intact with windows as full Administrators which allows usefull things such as installing applications and testing out viruses. Lockdown appears to just restrict users abilities, not actually reset the computer to a known state. For my computers, on SAV 10 (will work on a solution to 11 after MR1 or 2), I simply have a batch file in startup that will copy over the latest definitions (and other stuff) from the server.:
CLS
@ECHO OFF
ECHO "Deleting Symantec Antivirus GUID"
regedit /s \\server\certs$\GUIDRemove.reg
ECHO.
ECHO "Copying Server Certificates"
Copy \\server\vphome\pki\roots\*.cer "%SYSTEMDRIVE%\Program Files\Symantec AntiVirus\pki\roots" >nul
ECHO.
ECHO "Copying GRC.dat file"
Copy \\server\vphome\grc.dat "%ALLUSERSPROFILE%\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5" >nul
ECHO.
ECHO "Copying Latest Virus Definitions"
Copy \\server\certs$\*.xdb "%ALLUSERSPROFILE%\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5" >nul
ECHO.
ECHO "Restarting Symantec Antivirus Service"
Net Stop "symantec antivirus"
Net Start "symantec antivirus"
CLS
if Exist "C:\Documents and Settings\Administrator\Desktop\Shortcut to SAVSync.bat.lnk" del "C:\Documents and Settings\Administrator\Desktop\Shortcut to SAVSync.bat.lnk"
ECHO Process Complete.
ECHO Note: It may take up to a minute for the client to refresh.
ECHO Please verify the server name in Symantec Antivirus Console and
ECHO run LiveUpdate to test the connection to the server.