Hi,
We just upgraded Windows 8 to Windows 10. Now what i can see that "user is able to disable to sepm client from system tray in Windows 10" . Earlier they can't on Windows 8/7 . No Policy has been changed (Same Policy was working on Windows 8) . We are using Windows Server 2012 R2 with SEPM 12.1 RU6 MP3 . Anybody has idea regarding this.
One strange thing i see that it worked on some Windows 10 mcahines and for some Windows 10 it is not working
When it's disabled and you open the GUI, what component shows as disabled? Please post a screenshot if you can.
I have set the password for open the GUI, even user can't open the settings but after opening the GUI its showing as per snapshot attached.
You need to close two additional locks.
Go into your Intrusion Prevention policy and on the 'Intrusion Prevention' tab close both locks for 'Enable Network Intrusion Prevention' and 'Enable Browser Intrusion Prevention for Windows'
If only few machines are affected i think it's due to definitions corruption during an upgrade.
Try to run intelligent updater on 2-3 machine to verify whether it fixes issue or not.
Using Intelligent Updater files to update content on Windows computers
http://www.symantec.com/docs/HOWTO80903