The user has not been granted the requested logon type at this computer

I am trying to push out the Sophos Anti-virus to our workstations through the Enterprise console and I come across the following error in the computer details page. "Could not start installation program on the computer: Logon failure: the user has not been granted the requested logon type at this computer".

I am using Enterprise Console 4.7 and am trying to deploy to Windows 7 32bit workstations.

The machines are imported into EC through Active Directory, and I am trying to push out the application using the credentials of one of our Domain Admin accounts. Using the Protect Computers wizard with these credentials gives this error. At first it looks like its trying, as it gives a green down arrow on the computer icon then fails with the error.

It is important to note that I can deploy the application without any errors to the machines when the endpoints are physically logged on with the same Domain Admin account that I am trying to deploy with. It is only when the machines are not logged in at the CTRL-ALT-DEL screen or whether another generic user is logged in that the deployment fails.

So in short to deploy Anti-Virus to the endpoints, I first have to log them all on with the domain admins account that I will enter into the Protect Computers wizard and cannot deploy if they are not logged in or someone else is.

This must be a permission setting or something somewhere, any help would be most appreciated in pointing me in the right direction though.