Intel Active Management Technology v7.0Administrator's GuideOverviewProduct OverviewOut of Box ExperienceOperational ModesSetup and Configuration
ME General SettingsTo reach the Intel Management Engine (ME) Platform Configuration page, follow these steps:1. Under the Management Engine BIOS Exte
System DeploymentOnce you are ready to deploy a computer to a user, plug the computer into a power source and connect it to the network.Use the integr
Operating System DriversWithin the operating system, AMT Unified driver must be installed to remove unknown devices in the Device Manager. Unlikeprevi
Intel AMT Web GUIThe Intel AMT WebUI is a Web browser-based interface for limited remote computer management. The WebUI is often usedas a test to dete
AMT Redirection OverviewIntel AMT makes it possible to redirect serial and IDE communications from a managed client to a management consoleregardless
Intel Management and Security Status ApplicationIntel Management and Security Status (IMSS) is an application that displays information about a platfo
NOTE: When the user logs on to Windows the Intel Management and Security Status application may startautomatically. The icon will be loaded to the not
TroubleshootingThis page describes a few basic troubleshooting steps to follow if problems are experienced with the Intel AMT configuration.Check DSN
Set PRTCUnder the Intel ME Platform Configuration menu select Set PRC and press <Enter>.Valid date range: 1/1/2004 to 1/4/2021. Setting the PRTC
Power ControlUnder the Intel ME Platform Configuration menu select Power Control and press <Enter>.The Intel Power Control page appears.To compl
The end user administrator can select the desired power package to use depending on the system usage. With Intel ME WoL, after the time-out timer expi
This setting is used to set time out value as to define the Intel ME idle timeout in M3 state. The value should be entered inminutes. The value indica
AMT ConfigurationAfter you configure the Intel Management Engine (ME) feature, you must reboot before configuring the Intel AMT for a cleansystem boot
RCFGStart ConfigurationPrevious MenuProvisioning Server IPv4/IPv6Provisioning Server FQDNTLS PSKSet PID and PPSDelete PID and PPSPrevious MenuTLS PKIR
Username and PasswordUnder the SOL/IDER page select Username and Password and press <Enter>.This option provides the user authentication for SOL
SOL allows the console input/output of an Intel AMT managed client to be redirected to a management server console (if theclient system supports SOL).
IDER allows an Intel AMT managed client to be booted by a management console from a remote disk image. If the clientsystem does not support IDER, this
Product OverviewIntel Active Management Technology (Intel AMT) allows companies to manage their networked computers easily.Discover computing assets o
Legacy Redirection Mode controls how the redirection works. If set to disabled, the console needs to open the redirectionports before each session. Th
EnabledThe port is left open at all times when redirection is enabled in the Intel MEBx. SMBconsoles before Intel AMT 6.0 require this mode enabled fo
The following options can be selected:Option DescriptionNoneLocal User Consent is not required for a remote computer to establish KVM RemoteControl se
Option DescriptionDisable Remote Control ofKVM Opt-in PolicyDisables the remote user's ability to select User OPT-IN Policy. In this case onlyth
The options are:Option DescriptionDefaultPasswordOnlyThe Intel MEBx password can be changed through the network interface if the default password hasn
1. Host NameUnder the Intel ME Network Name Settings select Host Name and press <Enter>.A host name can be assigned to the Intel AMT machine. Th
Under the Intel ME Network Name Settings select Domain Name and press <Enter>.A domain name can be assigned to the Intel AMT machine.3. Shared/D
Option DescriptionDedicated The FQDN domain name is dedicated to MEShared The FQDN domain name is shared with the Host4. Dynamic DNS UpdateUnder the I
NOTE: Periodic Update Interval option is only available when Dynamic DNS Update is enabled.Defines the interval at which the firmware DDNS Update clie
NOTE: The TTL option is only available when Dynamic DNS Update is enabled.This setting allows configuring the TTL time in seconds. This number should
ME answers LAN ARP request (IPV4) & Neighbor Discovery packets (IPV6) by not waking and instead notifying the consolesystem in Sx.New Win7 LAN req
1. DHCP ModeUnder Wired LAN IPv4 Configuration select DHCP Mode and press <Enter>.The Wired LAN IPv4 Configuration page appears.Option Descripti
DHCP mode disabled.2. IPv4 AddressSelect IPv4 Address and press <Enter>.Type the IPv4 Address in the address column and press <Enter>.
3. Subnet Mask AddressSelect Subnet Mask Address and press <Enter>.Type the Subnet Mask Address in the address column and press <Enter>.4.
Select Default Gateway Address and press <Enter>.Type the Default Gateway Address in the address column and press <Enter>.5. Preferred DNS
6. Alternate DNS AddressSelect Alternate DNS Address and press <Enter>.Type the Alternate DNS Address in the address column and press <Enter&
NOTE: The Intel ME network stack supports a multi-homed IPv6 interface. Each network interface can be configuredwith the following IPv6 addresses:1.
ENABLED, select 'Enabled' and press <Enter>.IPv6 Feature Selection enabled as more configuration allowed.2. IPv6 Interface ID TypeUnde
Random IDThe IPv6 Interface ID is automatically generated using a random number as described in RFC3041. This is the default option.Intel ID The IPv6
3. IPv6 AddressUnder the Wired LAN IPv6 Configuration select IPv6 Address and press <Enter>.Type the IPv6 Address and press <Enter>.4. IPv
Type the IPv6 Default Router and press <Enter>.5. Preferred DNS IPv6 AddressUnder the Wired LAN IPv6 Configuration select Preferred DNS IPv6 Add
Out of Box ExperienceThe following materials are available with an Intel Active Management Technology (Intel AMT) computer:Factory installationIntel A
7. Previous MenuUnder the Wired LAN IPv6 Configuration select Previous Menu and press <Enter>.The TCP/IP Settings menu appears.Wireless LAN IPv6
1. IPv6 Feature SelectionUnder the Wireless LAN IPv6 Configuration select IPv6 Feature Selection and press <Enter>.2. IPv6 Interface ID TypeUnde
To select Manual ID:1. Select Manual ID.2. Press <Enter>. A new option of IPV6 Interface ID will be displayed below IPV6 Interface ID Type.3.
Under the Wireless LAN IPv6 Configuration select Previous Menu and press <Enter>.The TCP/IP Settings menu appears.Previous MenuUnder the TCP/IP
Select Y to unconfigure.Select Full Unprovisioning and press <Enter>.Option DescriptionFull UnprovisionThe IPv6 Interface ID is automatically ge
information or any new certificate information populated.Partial UnprovisionThe IPv6 Interface ID is automatically generated using the MAC address.Par
Current Provisioning ModeUnder the Automated Setup and Configuration select Current Provisioning Mode and press <Enter>.Current Provisioning Mod
Under the Automated Setup and Configuration select Provisioning Record and press <Enter>.Provisioning Record – Displays the system's provis
Under the Intel Automated Remote Setup and Configuration menu select RCFG and press <Enter>.The Intel Remote Configuration page appears.Start Co
Previous MenuUnder the Intel Remote Configuration menu select Previous Menu and press <Enter>.The Intel Automated Setup and Configuration page a
Operational ModesIn Intel AMT 5.0 and earlier versions, there were two operational modes – SMB and Enterprise. In Intel AMT 6.0 and AMT 7.0,their func
Provisioning Server FQDNUnder the Intel Automated Remote Setup and Configuration menu select Provisioning Server FQDN and press <Enter>.Type th
TLS PSKUnder the Intel Automated Setup and Configuration menu select TLS PSK and press <Enter>.The Intel TLS PSK Configuration page appears.This
Setting the PID/PPS will cause a partial unprovision if the setup and configuration is "In-process". The PID and PPS should beentered in the
Under the Intel TLS PSK Configuration menu select Delete PID and PPS and press <Enter>.This option deletes the current PID and PPS stored in Int
PKI DNS SuffixUnder the Intel Remote Configuration menu select PKI DNS Suffix and press <Enter>.Type the PKI DNS Suffix and press <Enter>.
Under the Intel Remote Configuration menu select Manage Hashes and press <Enter>.Selecting this option will enumerate the hashes in the system a
When the Insert key is pressed in the Manage Certificate Hash screen, the following screen is displayed. To add a customized certificate hash: Type th
3. SHA2-384If SHA1 is not chosen, in the next screen you are prompted to select the option of supported SHA2 algorithm. Type Y ifSHA256 is being used
After selecting desired Hash Algorithm, you are prompted to type the certificate hash value.The Certificate hash value is a hexadecimal number (for SH
Your response sets the active state of the customized hash as follows:Yes – The customized hash will be marked as active.No (Default) – The customized
Setup and Configuration OverviewThe following is a list of important terms related to the Intel AMT setup and configuration.Setup and configuration —
This option allows deleting of the selected certificate hash.Yes – Intel MEBx sends the firmware a message to delete the selected hash.No – Intel MEBx
The details of the selected certificate hash are displayed to the user and include the following:Hash NameCertificate Hash DataActive and Default Stat
Intel Fast Call for HelpIntel Fast Call for help is available for VPro SKUs. An Intel Fast Call for help connection allows the end user to requestassi
ME General SettingsThe table below lists the default settings for the Intel Management Engine BIOS Extension (MEBx) on general settings page.PasswordP
AMT ConfigurationThe table below lists the default settings for the Intel Management Engine BIOS Extension (MEBx) on AMT configuration page.Manageabil
IPv4 Address 0.0.0.0Subnet Mask Address 0.0.0.0Default Gateway Address 0.0.0.0Preferred DNS Address 0.0.0.0Alternate DNS Address 0.0.0.0 Wired LAN
Methods OverviewAs discussed in the Setup and Configuration Overview section, the computer has to be configured before the Intel AMTcapabilities are r
Using a USB DeviceThis section discusses Intel AMT setup and configuration using a USB storage device. You can set up and locally configurepassword, p
USB Device ProcedureDell Client Management (DCM) application is the default console package provided. This section provides the procedure to setup and
4. Click the <+> to expand the Intel AMT Getting Started section.
computer with a desk-side visit in one of two ways:The key can be manually typed into the MEBx.The SCS can create a list of custom keys, and put them
5. Click the <+> to expand the Section 1. Provisioning section.
6. Click the <+> to expand the Basic Provisioning (without TLS) section.
7. Select Step 1. Configure DNS.8. The notification server with an out-of-band management solution installed must be registered in DNS as"Provi
9. Click Test on the DNS Configuration screen to verify that DNS has the ProvisionServer entry and that it resolves tothe correct Intel Setup and Con
10. The IP address for the ProvisionServer and Intel SCS are now visible.
11. Select Step 2. Discovery Capabilities.
12. Verify that the setting is Enabled. If Disabled, select the check box next to Disabled and click Apply.
13. Select Step 3. View Intel AMT Capable Computers.
14. Any Intel AMT capable computers on the network are visible in this list.
15. Select Step 4. Create Profile.
MEBx Settings OverviewThe Intel Management Engine BIOS Extension (MEBx) provides platform-level configuration options for you to configure thebehavior
16. Click the plus symbol to add a new profile.
17. On the General tab the administrator can modify the profile name and description along with the password. Theadministrator sets a standard passwo
18. The Network tab provides the option to enable ping responses, VLAN, WebUI, Serial over LAN, and IDE Redirection. Ifyou are configuring Intel AMT
20. The ACL (access control list) tab is used to review users already associated with this profile and to add new users anddefine their access privil
22. Select Step 5. Generate Security Keys.
23. Select the icon with the arrow pointing out to Export Security Keys to USB Key.
24. Select the Generate keys before export radio button.
25. Type the number of keys to generate (depends on the number of computers that need to be provisioned). The defaultis 50.26. The Intel ME default
27. Click Generate. Once the keys have been created, a link appears to the left of the Generate button.28. Insert the previously formatted USB devic
29. Click the Download USB key file link to download setup.bin file to the USB device. The USB device is recognized bydefault; save the file to the U
When an IT administrator first enters the Intel MEBx configuration menu with the default password, he or she must changethe default password before an
c. Click Close in the Download complete dialog box.30. The setup.bin file is now visible in the drive explorer window.
31. Close the Export Security Keys to USB Key and drive explorer windows to return to the Altiris Console.32. Insert the USB device and turn on the
34. Once complete, turn off the computer and move back to the management server.35. Select Step 6. Configure Automatic Profile Assignments.
36. Verify that the setting is enabled. In the Intel AMT 2.0+ dropdown, select the profile created previously. Configure theother settings for the en
37. Select Step 7. Monitor Provisioning Process.
38. The computers for which the keys were applied are updated in the system list. At first the status is Unprovisioned,then the system status changes
39. Select Step 8. Monitor Profile Assignments.
40. The computers for which profiles were assigned appear in the list. Each computer is identified by the FQDN, UUID,and Profile Name columns.
41. Once the computers are provisioned, they are visible under the Collections folder in All configured Intel AMTcomputers.
Comments to this Manuals