Yes indeed you can. Configure everything and then when you create your installation set choose offline mode. Every user and setting will then be available in that package with no need for the client to connect to the server.
Haven't tried this much myself, but that's the point with the offline function. (one of them anyways)
If your clients never connect to your server, you may lose out on things like Safe Harbor and the ability to not disclose a loss since you cannot prove the drive is fully encrypted. This may not apply to your organization or where you do business out of, just food for thought.
Couldn't you get the network/firewall guys to create a route and/or firewall rule to allow for clients to synch? If they don't synch, you can't perform recovery for them either. There would also not be password synchronization between each of the machines. Offline installs are also difficult to upgrade, so I would really try to find a way to get the clients a method to synch... NAT, open port in firewall, dial-up, etc.