Hi,
You can manage all the settings through the Symantec Endpoint Protection Manager (SEPM) console. In very few cases you will have to actually visit the end user machine.
You can either put the password to access SEP features from end users machines.
OR
Create a group and assign the default policy where it won't block any SEP feature.
Securing the Symantec Endpoint Protection (SEP) client user interface and settings.
http://www.symantec.com/docs/TECH185903
If it's a unmanaged client then make the registry changes.