So we’ve been messing around with Check Point for awhile. But we never actually had to mass deploy it until recently. After messing around for awhile, we decided that we actually kinda’ like how they do things. There are various strategies you can take with how you choose to deploy the software, but they all boil down to building an *.ips file and either publishing it through a network mount as part of the installation package for Check Point FDE. The software automatically begins to encrypt the drive when you push it out, so you don’t need to push out an image with a pre-encrypted drive, although you will need to have it reboot once you’ve pushed out the package in order to start encrypting.