Safeguard Enterprise in Image

Thanks for the tips, we have management system in place, even Sophos packaged up for distribution - that's not the problem. We don't have full imaging process automated as it's actually being done in the distribution center that doesn't have domain access and the only ability the DC has is to lay down the image that is refreshed every 3 months. That image then travels to the end user and the layering process continues mostly done via GPO. Here is the issue, I don't want to put Sophos in GPO as it doesn't apply to everybody (only the NEW IMAGES). Thus we use LANDesk to push it out as a package but here is the challenge, it sometimes gets forgotten. I'm not gonna get into politics now, the best solution for me is to have the client in the image, this question is not about how to layer it.

Thanks for the tips, we have management system in place, even Sophos packaged up for distribution - that's not the problem. We don't have full imaging process automated as it's actually being done in the distribution center that doesn't have domain access and the only ability the DC has is to lay down the image that is refreshed every 3 months. That image then travels to the end user and the layering process continues mostly done via GPO. Here is the issue, I don't want to put Sophos in GPO as it doesn't apply to everybody (only the NEW IMAGES). Thus we use LANDesk to push it out as a package but here is the challenge, it sometimes gets forgotten. I'm not gonna get into politics now, the best solution for me is to have the client in the image, this question is not about how to layer it.