There is more information that we also need to know to assist you with this:
Are the clients standalone, or managed by a Symantec Encryption Management Server? If it is not a managed environment, silent enrollment will not work. It is based on Active Directory Sync through the encryption management server and your AD structure for authentication.
Is there a requirement that the laptops be encrypted and protected by preboot authentication during the 'storage' period? It may be possible to create a passphrase-only user to encrypt the drive to, then create a single-use Bootguard Authenticated Bypass user per the instructions here:
http://www.symantec.com/docs/TECH149026
There is no official method for deploying pre-encrypted systems from Symantec, but if you are using a management server, and don't require preboot authentication until a system is delivered to an end user, I would do the following:
1. Create two groups using AD Sync, and two policies on the server. One should force users to use single sign on for authentication, and the other should Allow, but not force it. The second group should have permissions to encrypt the drive.
2. Download a package that is set to auto-detect policy.
3. Install following the directions for invisible silent enrollment from http://www.symantec.com/docs/HOWTO77014
4. After the initial reboot after installation, log onto the system with a member of the second group (Allow SSO, has encryption permissions).
5. Encrypt the drive to a passphrase only user. This should also add any WDE Administrator user as set in the policy.
6. After encryption completes, add a single use bypass per http://www.symantec.com/docs/TECH149026
7. Shut down the system, and store it.
When it is given to an end user, it should start up once without asking for a Bootguard authentication. When they log into Windows, it should detect that they are in the first group, and force them to be added to the drive as a user for authentication. They should then be able to use Single Sign On without getting any prompts, etc.
It definitely is not the most elegant solution, but I think it will accomplish what you are after. The product was designed to be implemented with the desired end user, not encrypted before distribution. Since the product is designed to encrypt per user, a user must be created before encryption can begin.