A few points on this:
1. Which ever account you're leveraging for the application service will be, by default, the account used to authenticate and install a client agent during agent push. With that being said, you'll want to ensure:
A. The account has local administrator rights on the client you're pushing to.
B. The account has file level access to the folder repositories where your agents download from.
2. If I want to use a different account to push the agents, (in cases where we don't have Active Directory, or our servers have multi-tenant security scopes which grant different specific accounts local admin access on the client) you can specify a different account in the Agent Push screen.
3. If you're watching the Altiris log viewer during agent installation, and you notice a warning message about not being able to validate a computers DNS entry prior to agent delivery, don't worry about that message.. it will deliver under IP enumeration just fine.