from the documentation that i've read on the Provisioning cert, with your situation, you have 2 choices:
1. touch every machine. Thawte is not a factory default third party CA. you would have to log into the MEBx of each machine and manually enter the root hash for the cert you bought.
2. have the pc manufacturer put the root hash in the MEBx for you. so when you get the PC, you dont have to enter it your self. but i'm sure they'll charge you for that.
If you log into the MEBx of an unprovisioned PC you are working with you will be able to see what thrid party root hashes are already there. if you go the route of having the PC manufacturer put another root hash in the MEBx for you, you might as well get your own enterprise root CA going.