SUMMARY: NESTED | FIELD | | METHOD
DETAIL: FIELD | METHOD

Class AMT_AuthorizationService

Used in features: Security Administration , General Info
Compatible with the following Intel AMT Releases: 3.0, 3.2, 4.0, 5.0, 5.1, 6.0, 6.1, 6.2, 7.0, 8.0, 8.1, 9.0, 9.5, 10.0, 11.0 
CIM_ManagedElement
   extended by CIM_ManagedSystemElement
      extended by CIM_LogicalElement
         extended by CIM_EnabledLogicalElement
            extended by CIM_Service
               extended by AMT_AuthorizationService


class AMT_AuthorizationService
 extends CIM_Service


General Information:
Describes the Authorization Service, which is 
responsible for Access Control management in the Intel(R) AMT 
subsystem.

Product Specific Usage:
Additional Notes: 
1) 
Realms 'AuditLogRealm' (20) and 'ACLRealm' (21) are supported only in Intel AMT 
Release 4.0 and later releases. 
2) Realm 'DTRealm' (23) is supported only in 
'ME 5.1' and Intel AMT Release 5.1 and later releases. 
3) All the methods of 
'AMT_AuthorizationService' except for 'Get' are not supported in Remote 
Connectivity Service provisioning 
mode

Qualifiers:
-------------
Version=6.0.0









  
  

    Supported Fields 
      Summary

  

     string 
      
    Name Key  
The Name property uniquely identifies the 
      Service and provides an indication of the functionality that is managed . 
      . .

  

     string 
      
    CreationClassName Key  
CreationClassName indicates the name 
      of the class or the subclass that is used in the creation of an instance . 
      . .

  

     string 
      
    SystemName Key  
The Name of the scoping System.

  

     string 
      
    SystemCreationClassName Key  
The CreationClassName of the scoping 
      System.

  

     string 
      
    ElementName 
A 
      user-friendly name for the object . . .

  

     uint16 
      
    EnabledState 
      
EnabledState is an integer enumeration that indicates the 
      enabled and disabled states of an element . . .

  

     uint16 
      
    RequestedState 
      
RequestedState is an integer enumeration that indicates the 
      last requested or desired state for the element, irrespective of the 
      mechanism through which it was requested . . 
.






     uint16 
      
    AllowHttpQopAuthOnly 
      
Indicates whether using the http "quality of protection" (qop) directive with value auth is allowed









  
  

    Methods Summary

  

     uint32
    AddUserAclEntryEx(DigestUsername, 
      DigestPassword, KerberosUserSid, AccessPermission, Realms, Handle) 
      
Adds a user entry to the Intel(R) AMT device.

  

     uint32
    EnumerateUserAclEntries(StartIndex, 
      TotalCount, HandlesCount, Handles) 
Enumerates entries in the 
      User Access Control List (ACL).

  

     uint32
    GetUserAclEntryEx(Handle, 
      DigestUsername, DigestPassword, KerberosUserSid, AccessPermission, 
      Realms) 
Reads a user entry from the Intel(R) AMT device . . 
      .

  

     uint32
    UpdateUserAclEntryEx(Handle, 
      DigestUsername, DigestPassword, KerberosUserSid, AccessPermission, 
      Realms) 
Updates a user entry in the Intel(R) AMT device.

  

     uint32
    RemoveUserAclEntry(Handle) 
      
Removes an entry from the User Access Control List (ACL), given a 
      handle.

  

     uint32
    SetAdminAclEntryEx(Username, 
      DigestPassword) 
Updates an Admin entry in the Intel(R) AMT 
      device.

  

     uint32
    GetAdminAclEntry(Username) 
      
Returns the username attribute of the Admin ACL.

  

     uint32
    GetAdminAclEntryStatus(IsDefault) 
      
Reads the Admin ACL Entry status from Intel(R) AMT . . .

  

     uint32
    GetAdminNetAclEntryStatus(IsDefault) 
      
Reads the remote Admin ACL Entry status from Intel(R) AMT . . .

  

     uint32
    SetAclEnabledState(Handle, 
      Enabled) 
Enables or disables a user ACL entry.Disabling ACL 
      entries is useful when accounts that cannot be removed (system accounts - 
      starting with $$) are required to be disabled.

  

     uint32
    GetAclEnabledState(Handle, 
      Enabled) 
Gets the state of a user ACL entry 
      (enabled/disabled)

  

     
    Get(Instance) 
Gets the 
      representation of the instance

  

     
    Pull(EnumerationContext, 
      MaxElements) 
Pulls instances of this class, following an 
      Enumerate operation

  

     
    Enumerate() 
      
Enumerates the instances of this class

  

     
    Release(EnumerationContext) 
      
Releases an enumeration context

	  
	  
	  
	  




  
  

    Field 
Detail


Name Key 
public string Name



  
General Information:
The Name property uniquely identifies the 
  Service and provides an indication of the functionality that is managed. This 
  functionality is described in more detail in the Description property of the 
  object.

Product Specific Usage:
In Intel AMT Release 6.0 and 
  later releases value is 'Intel(r) AMT Authorization 
  Service'

Qualifiers:
-------------
Key
Override=Name
MaxLen=35


  

  





CreationClassName Key 
public string CreationClassName



  
General Information:
CreationClassName indicates the name of the 
  class or the subclass that is used in the creation of an instance. When used 
  with the other key properties of this class, this property allows all 
  instances of this class and its subclasses to be uniquely 
  identified.

Product Specific Usage:
In Intel AMT Release 6.0 
  and later releases value is 
  'AMT_AuthorizationService'

Qualifiers:
-------------
Key
MaxLen=25


  

  





SystemName Key 
public string SystemName



  
General Information:
The Name of the scoping 
  System.

Product Specific Usage:
In Intel AMT Release 6.0 and 
  later releases value is 'Intel(r) 
  AMT'

Qualifiers:
-------------
Key
MaxLen=256
Propagated=CIM_System.Name


  

  





SystemCreationClassName Key 
public string SystemCreationClassName



  
General Information:
The CreationClassName of the scoping 
  System.

Product Specific Usage:
In Intel AMT Release 6.0 and 
  later releases value is 
  'CIM_ComputerSystem'

Qualifiers:
-------------
Key
MaxLen=20
Propagated=CIM_System.CreationClassName


  

  





ElementName 
public string ElementName



  
General Information:
A user-friendly name for the object. This 
  property allows each instance to define a user-friendly name in addition to 
  its key properties, identity data, and description information. 
Note that 
  the Name property of ManagedSystemElement is also defined as a user-friendly 
  name. But, it is often subclassed to be a Key. It is not reasonable that the 
  same property can convey both identity and a user-friendly name, without 
  inconsistencies. Where Name exists and is not a Key (such as for instances of 
  LogicalDevice), the same information can be present in both the Name and 
  ElementName properties. Note that if there is an associated instance of 
  CIM_EnabledLogicalElementCapabilities, restrictions on this properties may 
  exist as defined in ElementNameMask and MaxElementNameLen properties defined 
  in that class.

Product Specific Usage:
In Intel AMT Release 
  6.0 and later releases value is 'Intel(r) AMT Authorization 
  Service'

Qualifiers:
-------------
MaxLen=35


  

  





EnabledState 
public uint16 EnabledState



  
General Information:
EnabledState is an integer enumeration that 
  indicates the enabled and disabled states of an element. It can also indicate 
  the transitions between these requested states. For example, shutting down 
  (value=4) and starting (value=10) are transient states between enabled and 
  disabled. The following text briefly summarizes the various enabled and 
  disabled states: 
Enabled (2) indicates that the element is or could be 
  executing commands, will process any queued commands, and queues new requests. 
  
Disabled (3) indicates that the element will not execute commands and will 
  drop any new requests. 
Shutting Down (4) indicates that the element is in 
  the process of going to a Disabled state. 
Not Applicable (5) indicates the 
  element does not support being enabled or disabled. 
Enabled but Offline 
  (6) indicates that the element might be completing commands, and will drop any 
  new requests. 
Test (7) indicates that the element is in a test state. 
  
Deferred (8) indicates that the element might be completing commands, but 
  will queue any new requests. 
Quiesce (9) indicates that the element is 
  enabled but in a restricted mode.
Starting (10) indicates that the element 
  is in the process of going to an Enabled state. New requests are 
  queued.

Qualifiers:
-------------
ValueMap={0, 1, 2, 3, 4, 
  5, 6, 7, 8, 9, 10, 11..32767, 32768..65535}
Values={Unknown, Other, 
  Enabled, Disabled, Shutting Down, Not Applicable, Enabled but Offline, In 
  Test, Deferred, Quiesce, Starting, DMTF Reserved, Vendor 
  Reserved}
ModelCorrespondence={CIM_EnabledLogicalElement.OtherEnabledState}


  

  





RequestedState 
public uint16 RequestedState



  
General Information:
RequestedState is an integer enumeration 
  that indicates the last requested or desired state for the element, 
  irrespective of the mechanism through which it was requested. The actual state 
  of the element is represented by EnabledState. This property is provided to 
  compare the last requested and current enabled or disabled states. Note that 
  when EnabledState is set to 5 ("Not Applicable"), then this property has no 
  meaning. Refer to the EnabledState property description for explanations of 
  the values in the RequestedState enumeration. 
"Unknown" (0) indicates the 
  last requested state for the element is unknown.
Note that the value "No 
  Change" (5) has been deprecated in lieu of indicating the last requested state 
  is "Unknown" (0). If the last requested or desired state is unknown, 
  RequestedState should have the value "Unknown" (0), but may have the value "No 
  Change" (5).Offline (6) indicates that the element has been requested to 
  transition to the Enabled but Offline EnabledState. 
It should be noted 
  that there are two new values in RequestedState that build on the statuses of 
  EnabledState. These are "Reboot" (10) and "Reset" (11). Reboot refers to doing 
  a "Shut Down" and then moving to an "Enabled" state. Reset indicates that the 
  element is first "Disabled" and then "Enabled". The distinction between 
  requesting "Shut Down" and "Disabled" should also be noted. Shut Down requests 
  an orderly transition to the Disabled state, and might involve removing power, 
  to completely erase any existing state. The Disabled state requests an 
  immediate disabling of the element, such that it will not execute or accept 
  any commands or processing requests. 

This property is set as the 
  result of a method invocation (such as Start or StopService on CIM_Service), 
  or can be overridden and defined as WRITEable in a subclass. The method 
  approach is considered superior to a WRITEable property, because it allows an 
  explicit invocation of the operation and the return of a result code. 
  

If knowledge of the last RequestedState is not supported for the 
  EnabledLogicalElement, the property shall be NULL or have the value 12 "Not 
  Applicable".

Qualifiers:
-------------
ValueMap={0, 2, 3, 
  4, 5, 6, 7, 8, 9, 10, 11, 12, .., 32768..65535}
Values={Unknown, Enabled, 
  Disabled, Shut Down, No Change, Offline, Test, Deferred, Quiesce, Reboot, 
  Reset, Not Applicable, DMTF Reserved, Vendor 
  Reserved}
ModelCorrespondence={CIM_EnabledLogicalElement.EnabledState}


  

  






AllowHttpQopAuthOnly 
public uint16 AllowHttpQopAuthOnly



  
General Information:
Indicates whether using the http "quality of protection" (qop) directive with value auth is allowed
  

  







  
  

    Method 
Detail


AddUserAclEntryEx
public uint32 AddUserAclEntryEx([IN]string DigestUsername, [IN]uint8 DigestPassword[], [IN]uint8 KerberosUserSid[28], [IN]uint32 AccessPermission, [IN]uint32 Realms[32], [OUT]uint32 Handle)



  
Permission Information:
Permitted realms: 
  ADMIN_SECURITY_ADMINISTRATION_REALM

General Information:
Adds 
  a user entry to the Intel(R) AMT device.

Product Specific 
  Usage:
There are more limitations on the username format as appear in 
  the documentation

Qualifiers:
-------------
ValueMap={0, 
  1, 12, 16, 23, 38, 2054, 2055, 2058, 2065, 2075}
Values={PT_STATUS_SUCCESS, 
  PT_STATUS_INTERNAL_ERROR, PT_STATUS_INVALID_NAME, PT_STATUS_NOT_PERMITTED, 
  PT_STATUS_MAX_LIMIT_REACHED, PT_STATUS_FLASH_WRITE_LIMIT_EXCEEDED, 
  PT_STATUS_INVALID_PASSWORD, PT_STATUS_INVALID_REALM, AMT_STATUS_DUPLICATE,
  PT_STATUS_MAX_KERB_DOMAIN_REACHED, 
  PT_STATUS_AUDIT_FAIL}


Parameters:
--------------

  

    
DigestUsername 
    
General Information:
Username for access control. Contains 
    7-bit ASCII characters. String length is limited to 16 characters. Username 
    cannot be an empty 
    string.

Qualifiers:
-------------
IN
MaxLen=16


    
DigestPassword 
    
General Information:
An MD5 Hash of these parameters 
    concatenated together (Username + ":" + DigestRealm + ":" + Password). The 
    DigestRealm is a field in 
    AMT_GeneralSettings

Qualifiers:
-------------
IN
OctetString


    
KerberosUserSid 
    
General Information:
Descriptor for user (SID) which is 
    authenticated using the Kerberos Authentication. Byte array, specifying the 
    Security Identifier (SID) according to the Kerberos specification. Current 
    requirements imply that SID should be not smaller than 1 byte length and no 
    longer than 28 bytes. SID length should also be a multiplicand of 
    4.

Qualifiers:
-------------
IN
OctetString


    
AccessPermission 
    
General Information:
Indicates whether the User is allowed to 
    access Intel(R) AMT from the Network or Local Interfaces. Note: this 
    definition is restricted by the Default Interface Access Permissions of each 
    Realm.

Qualifiers:
-------------
Required
IN
ValueMap={0, 
    1, 2}
Values={LocalAccessPermission, NetworkAccessPermission, 
    AnyAccessPermission}


    
Realms 
    
General Information:
Array of interface names the ACL entry is 
    allowed to 
    access.

Qualifiers:
-------------
IN
ValueMap={0, 1, 
    2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 
    23, 24, ..}
Values={InvalidRealm, ReservedRealm0, RedirectionRealm, 
    PTAdministrationRealm, HardwareAssetRealm, RemoteControlRealm, StorageRealm, 
    EventManagerRealm, StorageAdminRealm, AgentPresenceLocalRealm, 
    AgentPresenceRemoteRealm, CircuitBreakerRealm, NetworkTimeRealm, 
    GeneralInfoRealm, FirmwareUpdateRealm, EITRealm, LocalUN, 
    EndpointAccessControlRealm, EndpointAccessControlAdminRealm, 
    EventLogReaderRealm, AuditLogRealm, ACLRealm, ReservedRealm1, 
    ReservedRealm2, LocalSystemRealm, Reserved}


    
Handle 
    
General Information:
Contains a creation 
    handle.

Qualifiers:
-------------
OUT







EnumerateUserAclEntries
public uint32 EnumerateUserAclEntries([IN]uint32 StartIndex, [OUT]uint32 TotalCount, [OUT]uint32 HandlesCount, [OUT]uint32 Handles[50])



  
Permission Information:
Permitted realms: 
  ADMIN_SECURITY_ADMINISTRATION_REALM, ADMIN_SECURITY_USER_ACCESS_CONTROL_REALM, 
  ADMIN_SECURITY_GENERAL_INFO_REALM

General 
  Information:
Enumerates entries in the User Access Control List 
  (ACL).

Product Specific Usage:
Additional Notes: 
1) 
  'EnumerateUserAclEntries' in Intel AMT Release 3.2 is permitted only to 
  'ADMIN_SECURITY_ADMINISTRATION_REALM'. 
2) Only 50 handles can be returned, 
  so in order to get others StartIndex should be bigger than 
  1.

Qualifiers:
-------------
ValueMap={0, 1, 
  35}
Values={PT_STATUS_SUCCESS, PT_STATUS_INTERNAL_ERROR, 
  PT_STATUS_INVALID_INDEX}


Parameters:
--------------

  

    
StartIndex 
    
General Information:
Indicates the first ACL entry to 
    retrieve. To enumerate the entire list, an application sends this message 
    with StartIndex set to 
    1.

Qualifiers:
-------------
Required
IN


    
TotalCount 
    
General Information:
Contains the total number of entries in 
    the User ACL.

Qualifiers:
-------------
OUT


    
HandlesCount 
    
General Information:
Contains the number of entries in the 
    returned list.

Qualifiers:
-------------
OUT


    
Handles 
    
General Information:
Contains a list of HandleCount entry 
    handles.

Qualifiers:
-------------
OUT







GetUserAclEntryEx
public uint32 GetUserAclEntryEx([IN]uint32 Handle, [OUT]string DigestUsername, [OUT]uint8 DigestPassword[], [OUT]uint8 KerberosUserSid[28], [OUT]uint32 AccessPermission, [OUT]uint32 Realms[32])



  
Permission Information:
Permitted realms: 
  ADMIN_SECURITY_ADMINISTRATION_REALM, ADMIN_SECURITY_USER_ACCESS_CONTROL_REALM, 
  ADMIN_SECURITY_GENERAL_INFO_REALM

General Information:
Reads 
  a user entry from the Intel(R) AMT device. Note: confidential information, 
  such as password (hash) is omitted or zeroed in the 
  response.

Product Specific Usage:
Additional Notes: 
1) 
  'GetUserAclEntries' in Intel AMT Release 3.2 is permitted only to 
  'ADMIN_SECURITY_ADMINISTRATION_REALM'.

Qualifiers:
-------------
ValueMap={0, 
  1, 2053}
Values={PT_STATUS_SUCCESS, PT_STATUS_INTERNAL_ERROR, 
  PT_STATUS_INVALID_HANDLE}


Parameters:
--------------

  

    
Handle 
    
General Information:
Specifies the ACL entry to 
    fetch.

Qualifiers:
-------------
Required
IN


    
DigestUsername 
    
General Information:
Username for access 
    control.

Qualifiers:
-------------
OUT
MaxLen=16


    
DigestPassword 
    
General Information:
Confidential information, such as 
    password (hash) is omitted from the 
    response.

Qualifiers:
-------------
OUT
Octetstring


    
KerberosUserSid 
    
General Information:
Descriptor for user (SID) which is 
    authenticated using the Kerberos Authentication. Byte array, specifying the 
    Security Identifier (SID) according to the Kerberos 
    specification.

Qualifiers:
-------------
OUT
OctetString


    
AccessPermission 
    
General Information:
Indicates whether the User is allowed to 
    access Intel(R) AMT from the Network or Local Interfaces. Note: this 
    definition is restricted by the Default Interface Access Permissions of each 
    Realm.

Qualifiers:
-------------
OUT
ValueMap={0, 1, 
    2}
Values={LocalAccessPermission, NetworkAccessPermission, 
    AnyAccessPermission}


    
Realms 
    
General Information:
Array of interface names the ACL entry is 
    allowed to 
    access.

Qualifiers:
-------------
OUT
ValueMap={0, 1, 
    2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 
    23, 24, ..}
Values={InvalidRealm, ReservedRealm0, RedirectionRealm, 
    PTAdministrationRealm, HardwareAssetRealm, RemoteControlRealm, StorageRealm, 
    EventManagerRealm, StorageAdminRealm, AgentPresenceLocalRealm, 
    AgentPresenceRemoteRealm, CircuitBreakerRealm, NetworkTimeRealm, 
    GeneralInfoRealm, FirmwareUpdateRealm, EITRealm, LocalUN, 
    EndpointAccessControlRealm, EndpointAccessControlAdminRealm, 
    EventLogReaderRealm, AuditLogRealm, ACLRealm, ReservedRealm1, 
    ReservedRealm2, LocalSystemRealm, Reserved}







UpdateUserAclEntryEx
public uint32 UpdateUserAclEntryEx([IN]uint32 Handle, [IN]string DigestUsername, [IN]uint8 DigestPassword[], [IN]uint8 KerberosUserSid[28], [IN]uint32 AccessPermission, [IN]uint32 Realms[32])



  
Permission Information:
Permitted realms: 
  ADMIN_SECURITY_ADMINISTRATION_REALM, 
  ADMIN_SECURITY_USER_ACCESS_CONTROL_REALM

General 
  Information:
Updates a user entry in the Intel(R) AMT 
  device.

Product Specific Usage:
Additional Notes: 
1) 
  'UpdateUserAclEntries' in Intel AMT Release 3.2 is permitted only to 
  'ADMIN_SECURITY_ADMINISTRATION_REALM'. 
2) There are more limitations on 
  the username format as appear in the documentation 
  


Qualifiers:
-------------
ValueMap={0, 1, 12, 16, 38, 
  2053, 2054, 2055, 2065, 2075}
Values={PT_STATUS_SUCCESS, 
  PT_STATUS_INTERNAL_ERROR, PT_STATUS_INVALID_NAME, PT_STATUS_NOT_PERMITTED, 
  PT_STATUS_FLASH_WRITE_LIMIT_EXCEEDED, PT_STATUS_INVALID_HANDLE, 
  PT_STATUS_INVALID_PASSWORD, PT_STATUS_INVALID_REALM, 
  PT_STATUS_MAX_KERB_DOMAIN_REACHED, 
  PT_STATUS_AUDIT_FAIL}


Parameters:
--------------

  

    
Handle 
    
General Information:
Creation handle to a User ACL 
    entry.

Qualifiers:
-------------
Required
IN


    
DigestUsername 
    
General Information:
Username for access control. Contains 
    7-bit ASCII characters. String length is limited to 16 characters. Username 
    cannot be an empty 
    string.

Qualifiers:
-------------
IN
MaxLen=16


    
DigestPassword 
    
General Information:
An MD5 Hash of these parameters 
    concatenated together (Username + ":" + DigestRealm + ":" + Password). The 
    DigestRealm is a field in 
    AMT_GeneralSettings

Qualifiers:
-------------
IN
OctetString


    
KerberosUserSid 
    
General Information:
Descriptor for user (SID) which is 
    authenticated using the Kerberos Authentication. Byte array, specifying the 
    Security Identifier (SID) according to the Kerberos specification. Current 
    requirements imply that SID should be not smaller than 1 byte length and no 
    longer than 28 bytes. SID length should also be a multiplicand of 
    4.

Qualifiers:
-------------
IN
OctetString


    
AccessPermission 
    
General Information:
Indicates whether the User is allowed to 
    access Intel(R) AMT from the Network or Local Interfaces. Note: this 
    definition is restricted by the Default Interface Access Permissions of each 
    Realm.

Qualifiers:
-------------
Required
IN
ValueMap={0, 
    1, 2}
Values={LocalAccessPermission, NetworkAccessPermission, 
    AnyAccessPermission}


    
Realms 
    
General Information:
Array of interface names the ACL entry is 
    allowed to 
    access.

Qualifiers:
-------------
IN
ValueMap={0, 1, 
    2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 
    23, 24, ..}
Values={InvalidRealm, ReservedRealm0, RedirectionRealm, 
    PTAdministrationRealm, HardwareAssetRealm, RemoteControlRealm, StorageRealm, 
    EventManagerRealm, StorageAdminRealm, AgentPresenceLocalRealm, 
    AgentPresenceRemoteRealm, CircuitBreakerRealm, NetworkTimeRealm, 
    GeneralInfoRealm, FirmwareUpdateRealm, EITRealm, LocalUN, 
    EndpointAccessControlRealm, EndpointAccessControlAdminRealm, 
    EventLogReaderRealm, AuditLogRealm, ACLRealm, ReservedRealm1, 
    ReservedRealm2, LocalSystemRealm, Reserved}







RemoveUserAclEntry
public uint32 RemoveUserAclEntry([IN]uint32 Handle)



  
Permission Information:
Permitted realms: 
  ADMIN_SECURITY_ADMINISTRATION_REALM

General 
  Information:
Removes an entry from the User Access Control List (ACL), 
  given a handle.

Qualifiers:
-------------
ValueMap={0, 1, 
  16, 2053, 2075}
Values={PT_STATUS_SUCCESS, PT_STATUS_INTERNAL_ERROR, 
  PT_STATUS_NOT_PERMITTED, PT_STATUS_INVALID_HANDLE, 
  PT_STATUS_AUDIT_FAIL}


Parameters:
--------------

  

    
Handle 
    
General Information:
Specifies the ACL entry to be 
    removed.

Qualifiers:
-------------
Required
IN







SetAdminAclEntryEx
public uint32 SetAdminAclEntryEx([IN]string Username, [IN]uint8 DigestPassword[])



  
Permission Information:
Permitted realms: 
  ADMIN_SECURITY_ADMINISTRATION_REALM

General 
  Information:
Updates an Admin entry in the Intel(R) AMT 
  device.

Qualifiers:
-------------
ValueMap={0, 1, 12, 38, 
  2054, 2075}
Values={PT_STATUS_SUCCESS, PT_STATUS_INTERNAL_ERROR, 
  PT_STATUS_INVALID_NAME, PT_STATUS_FLASH_WRITE_LIMIT_EXCEEDED, 
  PT_STATUS_INVALID_PASSWORD, 
  PT_STATUS_AUDIT_FAIL}


Parameters:
--------------

  

    
Username 
    
General Information:
Username for access control. Contains 
    7-bit ASCII characters. String length is limited to 16 characters. Username 
    cannot be an empty 
    string.

Qualifiers:
-------------
Required
IN
MaxLen=16


    
DigestPassword 
    
General Information:
An MD5 Hash of these parameters 
    concatenated together (Username + ":" + DigestRealm + ":" + Password). The 
    DigestRealm is a field in 
    AMT_GeneralSettings

Qualifiers:
-------------
Required
IN
OctetString







GetAdminAclEntry
public uint32 GetAdminAclEntry([OUT]string Username)



  
Permission Information:
Permitted realms: 
  ADMIN_SECURITY_ADMINISTRATION_REALM

General 
  Information:
Returns the username attribute of the Admin 
  ACL.

Qualifiers:
-------------
ValueMap={0, 
  1}
Values={PT_STATUS_SUCCESS, 
  PT_STATUS_INTERNAL_ERROR}


Parameters:
--------------

  

    
Username 
    
General Information:
Contains the username of the Admin 
    ACL.

Qualifiers:
-------------
OUT
MaxLen=16







GetAdminAclEntryStatus
public uint32 GetAdminAclEntryStatus([OUT]boolean IsDefault)



  
Permission Information:
Permitted realms: 
  ADMIN_SECURITY_GENERAL_INFO_REALM, 
  ADMIN_SECURITY_ADMINISTRATION_REALM

General 
  Information:
Reads the Admin ACL Entry status from Intel(R) AMT. The 
  return state changes as a function of the admin 
  password.

Qualifiers:
-------------
ValueMap={0, 
  1}
Values={PT_STATUS_SUCCESS, 
  PT_STATUS_INTERNAL_ERROR}


Parameters:
--------------

  

    
IsDefault 
    
General Information:
TRUE if the admin ACL entry (admin 
    password) was never changed by the user. Otherwise, the parameter is 
    FALSE.

Qualifiers:
-------------
OUT







GetAdminNetAclEntryStatus
public uint32 GetAdminNetAclEntryStatus([OUT]boolean IsDefault)



  
Permission Information:
Permitted realms: 
  ADMIN_SECURITY_GENERAL_INFO_REALM, 
  ADMIN_SECURITY_ADMINISTRATION_REALM

General 
  Information:
Reads the remote Admin ACL Entry status from Intel(R) AMT. 
  The return state changes as a function of the remote admin 
  password.

Qualifiers:
-------------
ValueMap={0, 
  1}
Values={PT_STATUS_SUCCESS, 
  PT_STATUS_INTERNAL_ERROR}


Parameters:
--------------

  

    
IsDefault 
    
General Information:
TRUE if the remote admin ACL entry 
    (remote admin password) was never changed by the user. Otherwise, the 
    parameter is 
    FALSE.

Qualifiers:
-------------
OUT







SetAclEnabledState
public uint32 SetAclEnabledState([IN]uint32 Handle, [IN]boolean Enabled)



  
Permission Information:
Permitted realms: 
  ADMIN_SECURITY_ADMINISTRATION_REALM

General 
  Information:
Enables or disables a user ACL entry.Disabling ACL entries 
  is useful when accounts that cannot be removed (system accounts - starting 
  with $$) are required to be 
  disabled.

Qualifiers:
-------------
ValueMap={0, 1, 16, 
  38, 2053, 2075}
Values={PT_STATUS_SUCCESS, PT_STATUS_INTERNAL_ERROR, 
  PT_STATUS_NOT_PERMITTED, PT_STATUS_FLASH_WRITE_LIMIT_EXCEEDED, 
  PT_STATUS_INVALID_HANDLE, 
  PT_STATUS_AUDIT_FAIL}


Parameters:
--------------

  

    
Handle 
    
General Information:
Specifies the ACL entry to 
    update

Qualifiers:
-------------
Required
IN


    
Enabled 
    
General Information:
Specifies the state of the ACL 
    entry

Qualifiers:
-------------
Required
IN







GetAclEnabledState
public uint32 GetAclEnabledState([IN]uint32 Handle, [OUT]boolean Enabled)



  
Permission Information:
Permitted realms: 
  ADMIN_SECURITY_ADMINISTRATION_REALM, 
  ADMIN_SECURITY_GENERAL_INFO_REALM

General Information:
Gets 
  the state of a user ACL entry 
  (enabled/disabled)

Qualifiers:
-------------
ValueMap={0, 
  1, 2053}
Values={PT_STATUS_SUCCESS, PT_STATUS_INTERNAL_ERROR, 
  PT_STATUS_INVALID_HANDLE}


Parameters:
--------------

  

    
Handle 
    
General Information:
Specifies the ACL 
    entry

Qualifiers:
-------------
Required
IN


    
Enabled 
    
General Information:
Specifies the state of the ACL 
    entry

Qualifiers:
-------------
Required
OUT







Get
public  Get([OUT]AMT_AuthorizationService Instance)



  
Permission Information:
Permitted realms: 
  ADMIN_SECURITY_ADMINISTRATION_REALM, ADMIN_SECURITY_USER_ACCESS_CONTROL_REALM, 
  ADMIN_SECURITY_GENERAL_INFO_REALM

General Information:
Gets 
  the representation of the instance

Product Specific 
  Usage:
Additional Notes: 
1) In Intel AMT Release 5.0 and later 
  releases 'Get' is permitted to 'ADMIN SECURITY ADMINISTRATION REALM' only. 
  
2) Starting in Release 7.0, 'Get' is permitted also to 
  'ADMIN_SECURITY_GENERAL_INFO_REALM' and 
  'ADMIN_SECURITY_USER_ACCESS_CONTROL_REALM'.





Pull
public  Pull([IN]String EnumerationContext, [IN]String MaxElements)



  
Permission Information:
All users permitted to use method, only 
  instances to whom the user has permissions will be returned

General 
  Information:
Pulls instances of this class, following an Enumerate 
  operation





Enumerate
public  Enumerate()



  
Permission Information:
All users permitted to use 
  method

General Information:
Enumerates the instances of this 
  class





Release
public  Release([IN]String EnumerationContext)



  
Permission Information:
All users permitted to use 
  method

General Information:
Releases an enumeration 
  context






  
  

    SUMMARY: NESTED | FIELD | METHOD
  

  

    DETAIL: FIELD | METHOD



  
  

    
      
Copyright © 2006-2022, Intel 
      Corporation. All rights 
reserved.