We use the Kace System Deployment Appliance (K2000) to run scripted installations on our systems.  We are migrating to Dell laptops and desktops which come with TPM 2.0 and UEFI.  We run Windows Bitlocker to encrypt the hard drives (manually) post deployement, but initially we were switching the systems back to Legacy mode to get them to PXE boot and Image successfully.  We recently purchased a series of Dell Latitude 3480 and 5480 laptops.  These come with UEFI enabled.  We had to work through multiple issues to get them to PXE boot with UEFI and then to get our scripted installation to install the OS.

In addition to setting your DHCP server to support UEFI PXE boot, which is well documented here, it appears that there several BIOS settings that need to be changed on the client system.

  1. System Configuration ---> Integrated NIC:  Check "Enable UEFI Network Stack".  "Enabled w/PXE" should be selected by default.
  2. System Configuration ---> SATA Operation:  Select "AHCI" (This is only necessary if you plan to use Bitlocker, in which case not changing this will force you to enter the recovery key after each boot.)
  3. Secure Boot ---> Disable
  4. POST Behavior ---> Fastboot:  Select "Thorough."  This gives UEFI PXE time to connect.

After Windows has successfully installed you can re-enable Secure Boot.  If anyone experiences something different let me know and I will update the notes after verifying.