RE: Endpoint Encryption and MS Windows Deployment Services (WDS)
Unless I'm missing something here, if you build an image of an encrypted disk/partition... it will create a duplicate of each sector. The partitions would likely need to match size and would effectively be encrypted with the same key, which will create a key/object ID sharing conflict. It has probably been noted several times on the forum, but build your images from an unregistered SB/MEEPC install (or no SB/MEEPC at all).
I would also avoid creating machine images that are born with a particular version installed, as it can make upgrades harder. Do you have a software deployment solution you can utilize to force the install of this software after the OS is loaded?