When installing SGE 4.20 with On Command CCM, iCommand or LiveState Delivery you will have to modify the sgeasy.msi to work.
Use Orca or InstallShield to open the MSI. In the Registry table locate the HKLM\Software\Microsoft\Windows\CurrentVersion\Run Keys with the names EdWizard and SgeEcView and change the Root value from 2 to 0.
Why? Because at runtime the Windows Agent moves the Run keys into a temporary location SMERun to prevent them from being executed. With an unmodified msi this would immediately trigger the repair function of the sgeasy.msi, rendering your Software Distribution system useless. The above change prevents this.
I have deployed Safe Guard Easy 18.104.22.168 for about 70 laptops in our domain.
We are an IBM thinkpad shop and some of the R5x machines have bluescreened and windows installer tries to reload the encryption software after the logon process. Utimaco techsupport is useless and I gave up on them. After hours and hours of throubleshooting we found out that IBM / Lenovo had its own software installed, which is called Safe Gurad Private Disk a part of IBM's Client Security Solution tree. What happened is that instead to have SGE installed to C:\Program Files\Utimaco it somehow loaded the SW to C:\Program Files\Lenovo directory. Also there are 2 registry entires (EdWizard and SgeEcView) and those paths were redirected to Lenovo directory on the C: drive as well.
After MSI tried to reinstall the encryption SW over and over, it totaly corrupted the OS on those machines. The next time we loaded SGE we made sure that the IBM's version of SGE is not there so the conflict wont happen again.