We have a tool named loginw.exe that can be used to map drives to the remote Image location so that the username and password are not in clear text.

Username and password are shown in clear text while mapping drives in Automation.

Boot a system into WinPE, and then run this command:

loginw.exe -g YourUserName(withoutDomain):YourPassword -f YourCustomPWLFileName.pwl
NOTE: Loginw is on the root of X:\ while in WinPE.

That will generate the .pwl file.  Copy that .pwl file to your NS and then you can add it to your WinPE Environment located at the following location for 8.x:

C:\Program Files\Altiris\Deployment\BDC\bootwiz\oem\DS\winpe\x86\Base

Then rebuild the PXE or Preboot Environment.  

NS Console: Manage > Deployment > Manage Preboot Configurations.  Select the preboot option desired, and click the "Recreate Preboot Environment" button.

Then map a drive during the image process by running:

x:\loginw.exe -f x:\adminst.pwl -c %TASKSERVER% -d YourDomain -t 30
net use w: \\%TASKSERVER%\deployment

%TASKSERVER% and %NOTIFICATIONSERVER% are valid tokens here.

The full instructions were written up by a member of the Community and are found here: Link

Another good KB: Best Security Practices for PXE and Pre-boot OS while imaging

Best Practice: Use a Local user account, not a Domain account.  Give that Local account access to only the NTFS shares needed where the Images reside.

These are the Command Line switches that are available for Loginw.exe: