To be more precise, the client does not take any decision about the group where it registers to.
At installation time, the sylink.xml contains a preferred group (not compulsory group), the SEPM then checks if the new client is not already pre-registered in the DB, if yes, the pre-registration has the priority.
The same in your case, if clients are already registered in group1 and you say to clients "go to group2", the SEPM will ignore their request, they already exist in the DB.
Why? The product is designed to be managed remotely i.e. to move clients through the console, not locally on the clients for obvious administrative convenience. To accomplish this design the product cannot work in another way because, look:
- SEP client X has group1 set as preferred and it is registered there
- in normal situation an administrator would like to move X from group1 to group2 easily from the console
- he then move it, it means that, into the DB, X now is assigned to group2
- client X communicates with SEPM with its preferred group but SEPM has to ignore it to keep it in group2 as requested by an admin, in other words, the product has to accomplish to more authoritative requests
So, since it is expected that what is in the DB is always handled by an admin which has access to the console, it must have higher priority than client-side actions.
Of course, these kind of logic also increase the reliability of the product (i.e. no easy tampering).
That's why it is not easy to move clients from a group to another without access to the console or permissions to do it.
Regards,