I come from deployment Enterprise and do Client Security. (A guy can do both ;-)?)
* If you want it in deployment AND you don't want to WAIT for the EPO Intervall to find the CLIENT IN LDAP >
Here what we done in the past:
* Install the Mcafee Agent (Framework)
* Force Agent connection via Commandline as soon as it up to Report and Collect Data and JOBS (Client Task) from EPO
* You will have to script or detect that somehow. It will install 1-3 seperate MSI and they all have to end.
* When the 2-3 MSI from ENS are on the client you have to make 100% sure THEY PULL the Policy from EPO asap (Report with commandline Agent again so he pulls it asap) Otherwise some packages want work installing. etc.
* IF you CAN stop until a certain file appears and THEN Do a reboot BEFORE you pull more Deployment packages a good idea.
The Timing and complexity HAS NOW even been more complicated with ENS 10.5 (Then on VSE 8.8) because HIPS comes into place than.
Other customers from us how we do it: We have Client DURING Installing in a seperatre OU in Active Directory and they will get the ENS/VSE when they are moved to another finall OU placement (Country, department etc.)
Hope this helps