We need to cold boot (WOL) some protected computers for patching and other compliance. Advance reconfiguration to skip PBA if WOL is active is not always an option.

Solution:
Computer checks a given location (could be tftp server) for a signed authorization file to unlock itself and commence booting.

How to achive:
Computer with WOL boots to PXE Image. Tools from boot image retrieve signed remote authorization file. Tools (to be written) from SEE can be called with this authorization file. SEE tool modifies security kernel so next boot is safe and then warm boots machine.

Even further:
A computer booted like this should come up with a very special firewall policy (if also symantec) e.g. only accept RDP from management station etc.