Persistent enrollment of a computing device using a BIOS

What is claimed is: 1. A method for enrolling a computing device with a management server on first boot of the computing device, comprising: accessing, on first boot of the computing device, a Windows Platform Binary Table (WPBT) that resides in firmware of the computing device; executing a bootstrap loader that resides in the WPBT, the bootstrap loader initiating an enroller; locating a management agent based on the enroller contacting a specified address; and installing the management agent prior to an operating system allowing a user to log in, the management agent implementing policies defined at the management server. 2. The method of claim 1 , further comprising: establishing communication over a network between the enroller and a first server at the address, wherein the first server provides a second address for the management server; and receiving the management agent from the management server. 3. The method of claim 1 , wherein the bootstrap loader is executed based on the operating system running an SMPexecuteCommand that identifies the bootstrap loader. 4. The method of claim 1 , wherein the firmware of the computing device includes a Unified Extensible Firmware Interface (UEFI). 5. The method of claim 1 , wherein the firmware includes a BIOS. 6. The method of claim 1 , wherein the bootstrap loader is a kernel driver and the enroller executes outside the kernel and waits for a Win32 process to activate a network interface. 7. The method of claim 1 , wherein the bootstrap loader accesses an application programming interface (API) of the operating system to inject the management agent. 8. The method of claim 1 , wherein the enroller blocks login to the operating system until after the computing device has enrolled with the management server. 9. The method of claim 1 , wherein the enroller updates itself by downloading an updated enroller from the management server. 10. A computing device that enrolls at a management server upon first boot, comprising: a processor; an operating system; and firmware comprising: a Windows Platform Binary Table (WPBT); and an executable bootstrap loader in the WPBT; wherein the processor performs stages including: accessing the WPBT on first boot and executing the bootstrap loader, the bootstrap loader installing an enroller; and installing a management agent located by the enroller prior to an operating system completing boot up, the management agent implementing policies defined at the management server. 11. The computing device of claim 10 , wherein locating the management agent includes identifying a server address in the firmware that the firmware contacts after a network interface is active. 12. The computing device of claim 11 , wherein the processor performs further stages including: communicating over the network with the management server; and downloading the management agent from the management server. 13. The computing device of claim 10 , wherein the processor performs further stages including blocking the operating system from allowing user login until after the computing device has enrolled with the management server. 14. The computing device of claim 10 , wherein the processor performs further stages including: waiting for a network interface to activate; and updating the enroller by communicating with the management server through the network interface. 15. The computing device of claim 10 , wherein the processor is an auxiliary processor that is separate from a central processing unit of the computing device. 16. A non-transitory, computer-readable medium comprising instructions that, when executed by a processor of a computing device, cause the processor to perform stages for enrolling the computing device with a management server, the stages comprising: executing, on first boot, a bootstrap loader located in a Windows Platform Binary Table (WPBT) in firmware of the computing device; installing an enroller based on the execution of the bootstrap loader; executing the enroller to perform stages including: identifying a management agent; and injecting the management agent into an operating system prior to allowing a user to log into the operating system. 17. The non-transitory, computer-readable medium of claim 16 , wherein the bootstrap loader is part of a UEFI or BIOS. 18. The non-transitory, computer-readable medium of claim 16 , wherein identifying the management agent includes: contacting a server identified in the firmware to receive a location of the management server; and downloading the management agent from the management server. 19. The non-transitory, computer-readable medium of claim 16 , wherein the bootstrap loader is a kernel driver. 20. The non-transitory, computer-readable medium of claim 16 , wherein the stages further include updating the enroller prior to enrolling the computing device with the management server.