Class AMT_AuthorizationService
Used in features: Security
Administration , General Info
Compatible with the following Intel AMT
Releases: 3.0, 3.2, 4.0, 5.0, 5.1, 6.0, 6.1, 6.2, 7.0, 8.0, 8.1, 9.0, 9.5,
10.0, 11.0
CIM_ManagedElement
CIM_ManagedSystemElement
CIM_LogicalElement
CIM_EnabledLogicalElement
CIM_Service
AMT_AuthorizationService
class AMT_AuthorizationService
- extends CIM_Service
General Information:
Describes the Authorization Service, which is
responsible for Access Control management in the Intel(R) AMT
subsystem.
Product Specific Usage:
Additional Notes:
1)
Realms 'AuditLogRealm' (20) and 'ACLRealm' (21) are supported only in Intel AMT
Release 4.0 and later releases.
2) Realm 'DTRealm' (23) is supported only in
'ME 5.1' and Intel AMT Release 5.1 and later releases.
3) All the methods of
'AMT_AuthorizationService' except for 'Get' are not supported in Remote
Connectivity Service provisioning
mode
Qualifiers:
-------------
Version=6.0.0
Supported Fields
Summary |
string
|
Name The Name property uniquely identifies the
Service and provides an indication of the functionality that is managed .
. .
|
string
|
CreationClassName CreationClassName indicates the name
of the class or the subclass that is used in the creation of an instance .
. .
|
string
|
SystemName The Name of the scoping System.
|
string
|
SystemCreationClassName The CreationClassName of the scoping
System.
|
string
|
ElementName A
user-friendly name for the object . . .
|
uint16
|
EnabledState
EnabledState is an integer enumeration that indicates the
enabled and disabled states of an element . . .
|
uint16
|
RequestedState
RequestedState is an integer enumeration that indicates the
last requested or desired state for the element, irrespective of the
mechanism through which it was requested . .
.
|
uint16
|
AllowHttpQopAuthOnly
Indicates whether using the http "quality of protection" (qop) directive with value auth is allowed
|
Methods Summary |
uint32 |
AddUserAclEntryEx(DigestUsername,
DigestPassword, KerberosUserSid, AccessPermission, Realms, Handle)
Adds a user entry to the Intel(R) AMT device.
|
uint32 |
EnumerateUserAclEntries(StartIndex,
TotalCount, HandlesCount, Handles) Enumerates entries in the
User Access Control List (ACL).
|
uint32 |
GetUserAclEntryEx(Handle,
DigestUsername, DigestPassword, KerberosUserSid, AccessPermission,
Realms) Reads a user entry from the Intel(R) AMT device . .
.
|
uint32 |
UpdateUserAclEntryEx(Handle,
DigestUsername, DigestPassword, KerberosUserSid, AccessPermission,
Realms) Updates a user entry in the Intel(R) AMT device.
|
uint32 |
RemoveUserAclEntry(Handle)
Removes an entry from the User Access Control List (ACL), given a
handle.
|
uint32 |
SetAdminAclEntryEx(Username,
DigestPassword) Updates an Admin entry in the Intel(R) AMT
device.
|
uint32 |
GetAdminAclEntry(Username)
Returns the username attribute of the Admin ACL.
|
uint32 |
GetAdminAclEntryStatus(IsDefault)
Reads the Admin ACL Entry status from Intel(R) AMT . . .
|
uint32 |
GetAdminNetAclEntryStatus(IsDefault)
Reads the remote Admin ACL Entry status from Intel(R) AMT . . .
|
uint32 |
SetAclEnabledState(Handle,
Enabled) Enables or disables a user ACL entry.Disabling ACL
entries is useful when accounts that cannot be removed (system accounts -
starting with $$) are required to be disabled.
|
uint32 |
GetAclEnabledState(Handle,
Enabled) Gets the state of a user ACL entry
(enabled/disabled)
|
|
Get(Instance) Gets the
representation of the instance
|
|
Pull(EnumerationContext,
MaxElements) Pulls instances of this class, following an
Enumerate operation
|
|
Enumerate()
Enumerates the instances of this class
|
|
Release(EnumerationContext)
Releases an enumeration context
|
Name
public string Name
- General Information:
The Name property uniquely identifies the
Service and provides an indication of the functionality that is managed. This
functionality is described in more detail in the Description property of the
object.
Product Specific Usage:
In Intel AMT Release 6.0 and
later releases value is 'Intel(r) AMT Authorization
Service'
Qualifiers:
-------------
Key
Override=Name
MaxLen=35
CreationClassName
public string CreationClassName
- General Information:
CreationClassName indicates the name of the
class or the subclass that is used in the creation of an instance. When used
with the other key properties of this class, this property allows all
instances of this class and its subclasses to be uniquely
identified.
Product Specific Usage:
In Intel AMT Release 6.0
and later releases value is
'AMT_AuthorizationService'
Qualifiers:
-------------
Key
MaxLen=25
SystemName
public string SystemName
- General Information:
The Name of the scoping
System.
Product Specific Usage:
In Intel AMT Release 6.0 and
later releases value is 'Intel(r)
AMT'
Qualifiers:
-------------
Key
MaxLen=256
Propagated=CIM_System.Name
SystemCreationClassName
public string SystemCreationClassName
- General Information:
The CreationClassName of the scoping
System.
Product Specific Usage:
In Intel AMT Release 6.0 and
later releases value is
'CIM_ComputerSystem'
Qualifiers:
-------------
Key
MaxLen=20
Propagated=CIM_System.CreationClassName
ElementName
public string ElementName
- General Information:
A user-friendly name for the object. This
property allows each instance to define a user-friendly name in addition to
its key properties, identity data, and description information.
Note that
the Name property of ManagedSystemElement is also defined as a user-friendly
name. But, it is often subclassed to be a Key. It is not reasonable that the
same property can convey both identity and a user-friendly name, without
inconsistencies. Where Name exists and is not a Key (such as for instances of
LogicalDevice), the same information can be present in both the Name and
ElementName properties. Note that if there is an associated instance of
CIM_EnabledLogicalElementCapabilities, restrictions on this properties may
exist as defined in ElementNameMask and MaxElementNameLen properties defined
in that class.
Product Specific Usage:
In Intel AMT Release
6.0 and later releases value is 'Intel(r) AMT Authorization
Service'
Qualifiers:
-------------
MaxLen=35
EnabledState
public uint16 EnabledState
- General Information:
EnabledState is an integer enumeration that
indicates the enabled and disabled states of an element. It can also indicate
the transitions between these requested states. For example, shutting down
(value=4) and starting (value=10) are transient states between enabled and
disabled. The following text briefly summarizes the various enabled and
disabled states:
Enabled (2) indicates that the element is or could be
executing commands, will process any queued commands, and queues new requests.
Disabled (3) indicates that the element will not execute commands and will
drop any new requests.
Shutting Down (4) indicates that the element is in
the process of going to a Disabled state.
Not Applicable (5) indicates the
element does not support being enabled or disabled.
Enabled but Offline
(6) indicates that the element might be completing commands, and will drop any
new requests.
Test (7) indicates that the element is in a test state.
Deferred (8) indicates that the element might be completing commands, but
will queue any new requests.
Quiesce (9) indicates that the element is
enabled but in a restricted mode.
Starting (10) indicates that the element
is in the process of going to an Enabled state. New requests are
queued.
Qualifiers:
-------------
ValueMap={0, 1, 2, 3, 4,
5, 6, 7, 8, 9, 10, 11..32767, 32768..65535}
Values={Unknown, Other,
Enabled, Disabled, Shutting Down, Not Applicable, Enabled but Offline, In
Test, Deferred, Quiesce, Starting, DMTF Reserved, Vendor
Reserved}
ModelCorrespondence={CIM_EnabledLogicalElement.OtherEnabledState}
RequestedState
public uint16 RequestedState
- General Information:
RequestedState is an integer enumeration
that indicates the last requested or desired state for the element,
irrespective of the mechanism through which it was requested. The actual state
of the element is represented by EnabledState. This property is provided to
compare the last requested and current enabled or disabled states. Note that
when EnabledState is set to 5 ("Not Applicable"), then this property has no
meaning. Refer to the EnabledState property description for explanations of
the values in the RequestedState enumeration.
"Unknown" (0) indicates the
last requested state for the element is unknown.
Note that the value "No
Change" (5) has been deprecated in lieu of indicating the last requested state
is "Unknown" (0). If the last requested or desired state is unknown,
RequestedState should have the value "Unknown" (0), but may have the value "No
Change" (5).Offline (6) indicates that the element has been requested to
transition to the Enabled but Offline EnabledState.
It should be noted
that there are two new values in RequestedState that build on the statuses of
EnabledState. These are "Reboot" (10) and "Reset" (11). Reboot refers to doing
a "Shut Down" and then moving to an "Enabled" state. Reset indicates that the
element is first "Disabled" and then "Enabled". The distinction between
requesting "Shut Down" and "Disabled" should also be noted. Shut Down requests
an orderly transition to the Disabled state, and might involve removing power,
to completely erase any existing state. The Disabled state requests an
immediate disabling of the element, such that it will not execute or accept
any commands or processing requests.
This property is set as the
result of a method invocation (such as Start or StopService on CIM_Service),
or can be overridden and defined as WRITEable in a subclass. The method
approach is considered superior to a WRITEable property, because it allows an
explicit invocation of the operation and the return of a result code.
If knowledge of the last RequestedState is not supported for the
EnabledLogicalElement, the property shall be NULL or have the value 12 "Not
Applicable".
Qualifiers:
-------------
ValueMap={0, 2, 3,
4, 5, 6, 7, 8, 9, 10, 11, 12, .., 32768..65535}
Values={Unknown, Enabled,
Disabled, Shut Down, No Change, Offline, Test, Deferred, Quiesce, Reboot,
Reset, Not Applicable, DMTF Reserved, Vendor
Reserved}
ModelCorrespondence={CIM_EnabledLogicalElement.EnabledState}
AllowHttpQopAuthOnly
public uint16 AllowHttpQopAuthOnly
- General Information:
Indicates whether using the http "quality of protection" (qop) directive with value auth
is allowed
AddUserAclEntryEx
public uint32 AddUserAclEntryEx([IN]string DigestUsername, [IN]uint8 DigestPassword[], [IN]uint8 KerberosUserSid[28], [IN]uint32 AccessPermission, [IN]uint32 Realms[32], [OUT]uint32 Handle)
- Permission Information:
Permitted realms:
ADMIN_SECURITY_ADMINISTRATION_REALM
General Information:
Adds
a user entry to the Intel(R) AMT device.
Product Specific
Usage:
There are more limitations on the username format as appear in
the documentation
Qualifiers:
-------------
ValueMap={0,
1, 12, 16, 23, 38, 2054, 2055, 2058, 2065, 2075}
Values={PT_STATUS_SUCCESS,
PT_STATUS_INTERNAL_ERROR, PT_STATUS_INVALID_NAME, PT_STATUS_NOT_PERMITTED,
PT_STATUS_MAX_LIMIT_REACHED, PT_STATUS_FLASH_WRITE_LIMIT_EXCEEDED,
PT_STATUS_INVALID_PASSWORD, PT_STATUS_INVALID_REALM, AMT_STATUS_DUPLICATE,
PT_STATUS_MAX_KERB_DOMAIN_REACHED,
PT_STATUS_AUDIT_FAIL}
Parameters:
--------------
- DigestUsername
- General Information:
Username for access control. Contains
7-bit ASCII characters. String length is limited to 16 characters. Username
cannot be an empty
string.
Qualifiers:
-------------
IN
MaxLen=16
- DigestPassword
- General Information:
An MD5 Hash of these parameters
concatenated together (Username + ":" + DigestRealm + ":" + Password). The
DigestRealm is a field in
AMT_GeneralSettings
Qualifiers:
-------------
IN
OctetString
- KerberosUserSid
- General Information:
Descriptor for user (SID) which is
authenticated using the Kerberos Authentication. Byte array, specifying the
Security Identifier (SID) according to the Kerberos specification. Current
requirements imply that SID should be not smaller than 1 byte length and no
longer than 28 bytes. SID length should also be a multiplicand of
4.
Qualifiers:
-------------
IN
OctetString
- AccessPermission
- General Information:
Indicates whether the User is allowed to
access Intel(R) AMT from the Network or Local Interfaces. Note: this
definition is restricted by the Default Interface Access Permissions of each
Realm.
Qualifiers:
-------------
Required
IN
ValueMap={0,
1, 2}
Values={LocalAccessPermission, NetworkAccessPermission,
AnyAccessPermission}
- Realms
- General Information:
Array of interface names the ACL entry is
allowed to
access.
Qualifiers:
-------------
IN
ValueMap={0, 1,
2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22,
23, 24, ..}
Values={InvalidRealm, ReservedRealm0, RedirectionRealm,
PTAdministrationRealm, HardwareAssetRealm, RemoteControlRealm, StorageRealm,
EventManagerRealm, StorageAdminRealm, AgentPresenceLocalRealm,
AgentPresenceRemoteRealm, CircuitBreakerRealm, NetworkTimeRealm,
GeneralInfoRealm, FirmwareUpdateRealm, EITRealm, LocalUN,
EndpointAccessControlRealm, EndpointAccessControlAdminRealm,
EventLogReaderRealm, AuditLogRealm, ACLRealm, ReservedRealm1,
ReservedRealm2, LocalSystemRealm, Reserved}
- Handle
- General Information:
Contains a creation
handle.
Qualifiers:
-------------
OUT
EnumerateUserAclEntries
public uint32 EnumerateUserAclEntries([IN]uint32 StartIndex, [OUT]uint32 TotalCount, [OUT]uint32 HandlesCount, [OUT]uint32 Handles[50])
- Permission Information:
Permitted realms:
ADMIN_SECURITY_ADMINISTRATION_REALM, ADMIN_SECURITY_USER_ACCESS_CONTROL_REALM,
ADMIN_SECURITY_GENERAL_INFO_REALM
General
Information:
Enumerates entries in the User Access Control List
(ACL).
Product Specific Usage:
Additional Notes:
1)
'EnumerateUserAclEntries' in Intel AMT Release 3.2 is permitted only to
'ADMIN_SECURITY_ADMINISTRATION_REALM'.
2) Only 50 handles can be returned,
so in order to get others StartIndex should be bigger than
1.
Qualifiers:
-------------
ValueMap={0, 1,
35}
Values={PT_STATUS_SUCCESS, PT_STATUS_INTERNAL_ERROR,
PT_STATUS_INVALID_INDEX}
Parameters:
--------------
- StartIndex
- General Information:
Indicates the first ACL entry to
retrieve. To enumerate the entire list, an application sends this message
with StartIndex set to
1.
Qualifiers:
-------------
Required
IN
- TotalCount
- General Information:
Contains the total number of entries in
the User ACL.
Qualifiers:
-------------
OUT
- HandlesCount
- General Information:
Contains the number of entries in the
returned list.
Qualifiers:
-------------
OUT
- Handles
- General Information:
Contains a list of HandleCount entry
handles.
Qualifiers:
-------------
OUT
GetUserAclEntryEx
public uint32 GetUserAclEntryEx([IN]uint32 Handle, [OUT]string DigestUsername, [OUT]uint8 DigestPassword[], [OUT]uint8 KerberosUserSid[28], [OUT]uint32 AccessPermission, [OUT]uint32 Realms[32])
- Permission Information:
Permitted realms:
ADMIN_SECURITY_ADMINISTRATION_REALM, ADMIN_SECURITY_USER_ACCESS_CONTROL_REALM,
ADMIN_SECURITY_GENERAL_INFO_REALM
General Information:
Reads
a user entry from the Intel(R) AMT device. Note: confidential information,
such as password (hash) is omitted or zeroed in the
response.
Product Specific Usage:
Additional Notes:
1)
'GetUserAclEntries' in Intel AMT Release 3.2 is permitted only to
'ADMIN_SECURITY_ADMINISTRATION_REALM'.
Qualifiers:
-------------
ValueMap={0,
1, 2053}
Values={PT_STATUS_SUCCESS, PT_STATUS_INTERNAL_ERROR,
PT_STATUS_INVALID_HANDLE}
Parameters:
--------------
- Handle
- General Information:
Specifies the ACL entry to
fetch.
Qualifiers:
-------------
Required
IN
- DigestUsername
- General Information:
Username for access
control.
Qualifiers:
-------------
OUT
MaxLen=16
- DigestPassword
- General Information:
Confidential information, such as
password (hash) is omitted from the
response.
Qualifiers:
-------------
OUT
Octetstring
- KerberosUserSid
- General Information:
Descriptor for user (SID) which is
authenticated using the Kerberos Authentication. Byte array, specifying the
Security Identifier (SID) according to the Kerberos
specification.
Qualifiers:
-------------
OUT
OctetString
- AccessPermission
- General Information:
Indicates whether the User is allowed to
access Intel(R) AMT from the Network or Local Interfaces. Note: this
definition is restricted by the Default Interface Access Permissions of each
Realm.
Qualifiers:
-------------
OUT
ValueMap={0, 1,
2}
Values={LocalAccessPermission, NetworkAccessPermission,
AnyAccessPermission}
- Realms
- General Information:
Array of interface names the ACL entry is
allowed to
access.
Qualifiers:
-------------
OUT
ValueMap={0, 1,
2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22,
23, 24, ..}
Values={InvalidRealm, ReservedRealm0, RedirectionRealm,
PTAdministrationRealm, HardwareAssetRealm, RemoteControlRealm, StorageRealm,
EventManagerRealm, StorageAdminRealm, AgentPresenceLocalRealm,
AgentPresenceRemoteRealm, CircuitBreakerRealm, NetworkTimeRealm,
GeneralInfoRealm, FirmwareUpdateRealm, EITRealm, LocalUN,
EndpointAccessControlRealm, EndpointAccessControlAdminRealm,
EventLogReaderRealm, AuditLogRealm, ACLRealm, ReservedRealm1,
ReservedRealm2, LocalSystemRealm, Reserved}
UpdateUserAclEntryEx
public uint32 UpdateUserAclEntryEx([IN]uint32 Handle, [IN]string DigestUsername, [IN]uint8 DigestPassword[], [IN]uint8 KerberosUserSid[28], [IN]uint32 AccessPermission, [IN]uint32 Realms[32])
- Permission Information:
Permitted realms:
ADMIN_SECURITY_ADMINISTRATION_REALM,
ADMIN_SECURITY_USER_ACCESS_CONTROL_REALM
General
Information:
Updates a user entry in the Intel(R) AMT
device.
Product Specific Usage:
Additional Notes:
1)
'UpdateUserAclEntries' in Intel AMT Release 3.2 is permitted only to
'ADMIN_SECURITY_ADMINISTRATION_REALM'.
2) There are more limitations on
the username format as appear in the documentation
Qualifiers:
-------------
ValueMap={0, 1, 12, 16, 38,
2053, 2054, 2055, 2065, 2075}
Values={PT_STATUS_SUCCESS,
PT_STATUS_INTERNAL_ERROR, PT_STATUS_INVALID_NAME, PT_STATUS_NOT_PERMITTED,
PT_STATUS_FLASH_WRITE_LIMIT_EXCEEDED, PT_STATUS_INVALID_HANDLE,
PT_STATUS_INVALID_PASSWORD, PT_STATUS_INVALID_REALM,
PT_STATUS_MAX_KERB_DOMAIN_REACHED,
PT_STATUS_AUDIT_FAIL}
Parameters:
--------------
- Handle
- General Information:
Creation handle to a User ACL
entry.
Qualifiers:
-------------
Required
IN
- DigestUsername
- General Information:
Username for access control. Contains
7-bit ASCII characters. String length is limited to 16 characters. Username
cannot be an empty
string.
Qualifiers:
-------------
IN
MaxLen=16
- DigestPassword
- General Information:
An MD5 Hash of these parameters
concatenated together (Username + ":" + DigestRealm + ":" + Password). The
DigestRealm is a field in
AMT_GeneralSettings
Qualifiers:
-------------
IN
OctetString
- KerberosUserSid
- General Information:
Descriptor for user (SID) which is
authenticated using the Kerberos Authentication. Byte array, specifying the
Security Identifier (SID) according to the Kerberos specification. Current
requirements imply that SID should be not smaller than 1 byte length and no
longer than 28 bytes. SID length should also be a multiplicand of
4.
Qualifiers:
-------------
IN
OctetString
- AccessPermission
- General Information:
Indicates whether the User is allowed to
access Intel(R) AMT from the Network or Local Interfaces. Note: this
definition is restricted by the Default Interface Access Permissions of each
Realm.
Qualifiers:
-------------
Required
IN
ValueMap={0,
1, 2}
Values={LocalAccessPermission, NetworkAccessPermission,
AnyAccessPermission}
- Realms
- General Information:
Array of interface names the ACL entry is
allowed to
access.
Qualifiers:
-------------
IN
ValueMap={0, 1,
2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22,
23, 24, ..}
Values={InvalidRealm, ReservedRealm0, RedirectionRealm,
PTAdministrationRealm, HardwareAssetRealm, RemoteControlRealm, StorageRealm,
EventManagerRealm, StorageAdminRealm, AgentPresenceLocalRealm,
AgentPresenceRemoteRealm, CircuitBreakerRealm, NetworkTimeRealm,
GeneralInfoRealm, FirmwareUpdateRealm, EITRealm, LocalUN,
EndpointAccessControlRealm, EndpointAccessControlAdminRealm,
EventLogReaderRealm, AuditLogRealm, ACLRealm, ReservedRealm1,
ReservedRealm2, LocalSystemRealm, Reserved}
RemoveUserAclEntry
public uint32 RemoveUserAclEntry([IN]uint32 Handle)
- Permission Information:
Permitted realms:
ADMIN_SECURITY_ADMINISTRATION_REALM
General
Information:
Removes an entry from the User Access Control List (ACL),
given a handle.
Qualifiers:
-------------
ValueMap={0, 1,
16, 2053, 2075}
Values={PT_STATUS_SUCCESS, PT_STATUS_INTERNAL_ERROR,
PT_STATUS_NOT_PERMITTED, PT_STATUS_INVALID_HANDLE,
PT_STATUS_AUDIT_FAIL}
Parameters:
--------------
- Handle
- General Information:
Specifies the ACL entry to be
removed.
Qualifiers:
-------------
Required
IN
SetAdminAclEntryEx
public uint32 SetAdminAclEntryEx([IN]string Username, [IN]uint8 DigestPassword[])
- Permission Information:
Permitted realms:
ADMIN_SECURITY_ADMINISTRATION_REALM
General
Information:
Updates an Admin entry in the Intel(R) AMT
device.
Qualifiers:
-------------
ValueMap={0, 1, 12, 38,
2054, 2075}
Values={PT_STATUS_SUCCESS, PT_STATUS_INTERNAL_ERROR,
PT_STATUS_INVALID_NAME, PT_STATUS_FLASH_WRITE_LIMIT_EXCEEDED,
PT_STATUS_INVALID_PASSWORD,
PT_STATUS_AUDIT_FAIL}
Parameters:
--------------
- Username
- General Information:
Username for access control. Contains
7-bit ASCII characters. String length is limited to 16 characters. Username
cannot be an empty
string.
Qualifiers:
-------------
Required
IN
MaxLen=16
- DigestPassword
- General Information:
An MD5 Hash of these parameters
concatenated together (Username + ":" + DigestRealm + ":" + Password). The
DigestRealm is a field in
AMT_GeneralSettings
Qualifiers:
-------------
Required
IN
OctetString
GetAdminAclEntry
public uint32 GetAdminAclEntry([OUT]string Username)
- Permission Information:
Permitted realms:
ADMIN_SECURITY_ADMINISTRATION_REALM
General
Information:
Returns the username attribute of the Admin
ACL.
Qualifiers:
-------------
ValueMap={0,
1}
Values={PT_STATUS_SUCCESS,
PT_STATUS_INTERNAL_ERROR}
Parameters:
--------------
- Username
- General Information:
Contains the username of the Admin
ACL.
Qualifiers:
-------------
OUT
MaxLen=16
GetAdminAclEntryStatus
public uint32 GetAdminAclEntryStatus([OUT]boolean IsDefault)
- Permission Information:
Permitted realms:
ADMIN_SECURITY_GENERAL_INFO_REALM,
ADMIN_SECURITY_ADMINISTRATION_REALM
General
Information:
Reads the Admin ACL Entry status from Intel(R) AMT. The
return state changes as a function of the admin
password.
Qualifiers:
-------------
ValueMap={0,
1}
Values={PT_STATUS_SUCCESS,
PT_STATUS_INTERNAL_ERROR}
Parameters:
--------------
- IsDefault
- General Information:
TRUE if the admin ACL entry (admin
password) was never changed by the user. Otherwise, the parameter is
FALSE.
Qualifiers:
-------------
OUT
GetAdminNetAclEntryStatus
public uint32 GetAdminNetAclEntryStatus([OUT]boolean IsDefault)
- Permission Information:
Permitted realms:
ADMIN_SECURITY_GENERAL_INFO_REALM,
ADMIN_SECURITY_ADMINISTRATION_REALM
General
Information:
Reads the remote Admin ACL Entry status from Intel(R) AMT.
The return state changes as a function of the remote admin
password.
Qualifiers:
-------------
ValueMap={0,
1}
Values={PT_STATUS_SUCCESS,
PT_STATUS_INTERNAL_ERROR}
Parameters:
--------------
- IsDefault
- General Information:
TRUE if the remote admin ACL entry
(remote admin password) was never changed by the user. Otherwise, the
parameter is
FALSE.
Qualifiers:
-------------
OUT
SetAclEnabledState
public uint32 SetAclEnabledState([IN]uint32 Handle, [IN]boolean Enabled)
- Permission Information:
Permitted realms:
ADMIN_SECURITY_ADMINISTRATION_REALM
General
Information:
Enables or disables a user ACL entry.Disabling ACL entries
is useful when accounts that cannot be removed (system accounts - starting
with $$) are required to be
disabled.
Qualifiers:
-------------
ValueMap={0, 1, 16,
38, 2053, 2075}
Values={PT_STATUS_SUCCESS, PT_STATUS_INTERNAL_ERROR,
PT_STATUS_NOT_PERMITTED, PT_STATUS_FLASH_WRITE_LIMIT_EXCEEDED,
PT_STATUS_INVALID_HANDLE,
PT_STATUS_AUDIT_FAIL}
Parameters:
--------------
- Handle
- General Information:
Specifies the ACL entry to
update
Qualifiers:
-------------
Required
IN
- Enabled
- General Information:
Specifies the state of the ACL
entry
Qualifiers:
-------------
Required
IN
GetAclEnabledState
public uint32 GetAclEnabledState([IN]uint32 Handle, [OUT]boolean Enabled)
- Permission Information:
Permitted realms:
ADMIN_SECURITY_ADMINISTRATION_REALM,
ADMIN_SECURITY_GENERAL_INFO_REALM
General Information:
Gets
the state of a user ACL entry
(enabled/disabled)
Qualifiers:
-------------
ValueMap={0,
1, 2053}
Values={PT_STATUS_SUCCESS, PT_STATUS_INTERNAL_ERROR,
PT_STATUS_INVALID_HANDLE}
Parameters:
--------------
- Handle
- General Information:
Specifies the ACL
entry
Qualifiers:
-------------
Required
IN
- Enabled
- General Information:
Specifies the state of the ACL
entry
Qualifiers:
-------------
Required
OUT
Get
public Get([OUT]AMT_AuthorizationService Instance)
- Permission Information:
Permitted realms:
ADMIN_SECURITY_ADMINISTRATION_REALM, ADMIN_SECURITY_USER_ACCESS_CONTROL_REALM,
ADMIN_SECURITY_GENERAL_INFO_REALM
General Information:
Gets
the representation of the instance
Product Specific
Usage:
Additional Notes:
1) In Intel AMT Release 5.0 and later
releases 'Get' is permitted to 'ADMIN SECURITY ADMINISTRATION REALM' only.
2) Starting in Release 7.0, 'Get' is permitted also to
'ADMIN_SECURITY_GENERAL_INFO_REALM' and
'ADMIN_SECURITY_USER_ACCESS_CONTROL_REALM'.
Pull
public Pull([IN]String EnumerationContext, [IN]String MaxElements)
- Permission Information:
All users permitted to use method, only
instances to whom the user has permissions will be returned
General
Information:
Pulls instances of this class, following an Enumerate
operation
Enumerate
public Enumerate()
- Permission Information:
All users permitted to use
method
General Information:
Enumerates the instances of this
class
Release
public Release([IN]String EnumerationContext)
- Permission Information:
All users permitted to use
method
General Information:
Releases an enumeration
context