Escrow....I'm not sure, but I think to take ownership (trough ERAS) of a TPM or a SED, it's necessary to turn on the TPM in the BIOS and/or initialise the Trusted drive via ETDM. You have to touch the devices for these initial actions.
There are several different mechanisms to remotely kill the machines. (Via Intel Danbury, via Phoenix BIOS, IFX suite and so on....)
It would be interesting to know, for how long the machines have to be brought in the IT. If it is for several hours, it's a SW based solution, otherwise it's WAve and STX ;-)
BR
ISPRO