WS-Management > WS-Management Class Reference > AMT Classes > AMT_EndpointAccessControlService
SUMMARY: NESTED | FIELD | | METHOD
DETAIL: FIELD | METHOD

Class AMT_EndpointAccessControlService

Used in features: Endpoint Access Control
Compatible with the following Intel AMT Releases: 3.0, 3.2, 4.0, 5.0, 5.1, 6.0, 6.1, 6.2, 7.0, 8.0, 8.1, 9.0, 9.5, 10.0, 11.0 
CIM_ManagedElement
   extended by CIM_ManagedSystemElement
      extended by CIM_LogicalElement
         extended by CIM_EnabledLogicalElement
            extended by CIM_Service
               extended by AMT_EndpointAccessControlService
Also see:
AMT_EACCredentialContext
class AMT_EndpointAccessControlService
 extends CIM_Service


General Information:
A AMT_EndpointAccessControlService is a 
Logical Element that contains the information necessary to represent and manage 
the functionality provided by a the Endpoint Access Control manager of Intel(R) 
AMT.

Product Specific Usage:
In order to activate this service 
a posture signer must be set, by creating AMT_EACCredentialContext 
instance.

Qualifiers:
-------------
Version=6.0.0



Deprecation Notice:
---------------------------
This class is deprecated. No longer supported by Intel CSME firmware starting with release 18.0.










  
  

    Supported Fields 
      Summary

  

     string 
      
    Name Key  
The Name property uniquely identifies the 
      Service and provides an indication of the functionality that is managed . 
      . .

  

     string 
      
    CreationClassName Key  
CreationClassName indicates the name 
      of the class or the subclass that is used in the creation of an instance . 
      . .

  

     string 
      
    SystemName Key  
The Name of the scoping System.

  

     string 
      
    SystemCreationClassName Key  
The CreationClassName of the scoping 
      System.

  

     string 
      
    ElementName 
A 
      user-friendly name for the object . . .

  

     uint16 
      
    EnabledState 
      
EnabledState is an integer enumeration that indicates the 
      enabled and disabled states of an element . . .

  

     uint16 
      
    RequestedState 
      
RequestedState is an integer enumeration that indicates the 
      last requested or desired state for the element, irrespective of the 
      mechanism through which it was requested . . 
.




  
  

    Methods Summary

  

     uint32
    RequestStateChange(RequestedState, REF 
      Job, TimeoutPeriod) 
Requests that the state of the element be 
      changed to the value specified in the RequestedState parameter . . 
.

  

     uint32
    GetPosture(PostureType, 
      SignedPosture, PostureChangeHash) 
This method returns (and 
      optionally updates) the EAC posture for the Intel(R) AMT device.

  

     uint32
    GetPostureHash(PostureType, 
      PostureChangeHash) 
This method returns an hash of the currently 
      available posture for the Intel(R) AMT device, which can be compared to 
      hash values from previous results to detect differences.

  

     uint32
    UpdatePostureState(UpdateType) 
      
This command tells the Intel AMT device to reset its boot counters and 
      Agent Presence state counters.

  

     uint32
    GetEacOptions(EacVendors, 
      PostureHashAlgorithm) 
This method returns EAC options for the 
      Intel(R) AMT device.

  

     uint32
    SetEacOptions(EacVendors, 
      PostureHashAlgorithm) 
This method configures EAC options for 
      the Intel(R) AMT device.

  

     
    Get(Instance) 
Gets the 
      representation of the instance

  

     
    Pull(EnumerationContext, 
      MaxElements) 
Pulls instances of this class, following an 
      Enumerate operation

  

     
    Enumerate() 
      
Enumerates the instances of this class

  

     
    Release(EnumerationContext) 
      
Releases an enumeration context




  
  

    Field 
Detail


Name Key 
public string Name



  
General Information:
The Name property uniquely identifies the 
  Service and provides an indication of the functionality that is managed. This 
  functionality is described in more detail in the Description property of the 
  object.

Qualifiers:
-------------
Key
Override=Name
MaxLen=45


  

  





CreationClassName Key 
public string CreationClassName



  
General Information:
CreationClassName indicates the name of the 
  class or the subclass that is used in the creation of an instance. When used 
  with the other key properties of this class, this property allows all 
  instances of this class and its subclasses to be uniquely 
  identified.

Qualifiers:
-------------
Key
MaxLen=35


  

  





SystemName Key 
public string SystemName



  
General Information:
The Name of the scoping 
  System.

Qualifiers:
-------------
Key
MaxLen=15
Propagated=CIM_System.Name


  

  





SystemCreationClassName Key 
public string SystemCreationClassName



  
General Information:
The CreationClassName of the scoping 
  System.

Qualifiers:
-------------
Key
MaxLen=20
Propagated=CIM_System.CreationClassName


  

  





ElementName 
public string ElementName



  
General Information:
A user-friendly name for the object. This 
  property allows each instance to define a user-friendly name in addition to 
  its key properties, identity data, and description information. 
Note that 
  the Name property of ManagedSystemElement is also defined as a user-friendly 
  name. But, it is often subclassed to be a Key. It is not reasonable that the 
  same property can convey both identity and a user-friendly name, without 
  inconsistencies. Where Name exists and is not a Key (such as for instances of 
  LogicalDevice), the same information can be present in both the Name and 
  ElementName properties. Note that if there is an associated instance of 
  CIM_EnabledLogicalElementCapabilities, restrictions on this properties may 
  exist as defined in ElementNameMask and MaxElementNameLen properties defined 
  in that class.

Qualifiers:
-------------
MaxLen=45


  

  





EnabledState 
public uint16 EnabledState



  
General Information:
EnabledState is an integer enumeration that 
  indicates the enabled and disabled states of an element. It can also indicate 
  the transitions between these requested states. For example, shutting down 
  (value=4) and starting (value=10) are transient states between enabled and 
  disabled. The following text briefly summarizes the various enabled and 
  disabled states: 
Enabled (2) indicates that the element is or could be 
  executing commands, will process any queued commands, and queues new requests. 
  
Disabled (3) indicates that the element will not execute commands and will 
  drop any new requests. 
Shutting Down (4) indicates that the element is in 
  the process of going to a Disabled state. 
Not Applicable (5) indicates the 
  element does not support being enabled or disabled. 
Enabled but Offline 
  (6) indicates that the element might be completing commands, and will drop any 
  new requests. 
Test (7) indicates that the element is in a test state. 
  
Deferred (8) indicates that the element might be completing commands, but 
  will queue any new requests. 
Quiesce (9) indicates that the element is 
  enabled but in a restricted mode.
Starting (10) indicates that the element 
  is in the process of going to an Enabled state. New requests are 
  queued.

Qualifiers:
-------------
ValueMap={0, 1, 2, 3, 4, 
  5, 6, 7, 8, 9, 10, 11..32767, 32768..65535}
Values={Unknown, Other, 
  Enabled, Disabled, Shutting Down, Not Applicable, Enabled but Offline, In 
  Test, Deferred, Quiesce, Starting, DMTF Reserved, Vendor 
  Reserved}
ModelCorrespondence={CIM_EnabledLogicalElement.OtherEnabledState}


  

  





RequestedState 
public uint16 RequestedState



  
General Information:
RequestedState is an integer enumeration 
  that indicates the last requested or desired state for the element, 
  irrespective of the mechanism through which it was requested. The actual state 
  of the element is represented by EnabledState. This property is provided to 
  compare the last requested and current enabled or disabled states. Note that 
  when EnabledState is set to 5 ("Not Applicable"), then this property has no 
  meaning. Refer to the EnabledState property description for explanations of 
  the values in the RequestedState enumeration. 
"Unknown" (0) indicates the 
  last requested state for the element is unknown.
Note that the value "No 
  Change" (5) has been deprecated in lieu of indicating the last requested state 
  is "Unknown" (0). If the last requested or desired state is unknown, 
  RequestedState should have the value "Unknown" (0), but may have the value "No 
  Change" (5).Offline (6) indicates that the element has been requested to 
  transition to the Enabled but Offline EnabledState. 
It should be noted 
  that there are two new values in RequestedState that build on the statuses of 
  EnabledState. These are "Reboot" (10) and "Reset" (11). Reboot refers to doing 
  a "Shut Down" and then moving to an "Enabled" state. Reset indicates that the 
  element is first "Disabled" and then "Enabled". The distinction between 
  requesting "Shut Down" and "Disabled" should also be noted. Shut Down requests 
  an orderly transition to the Disabled state, and might involve removing power, 
  to completely erase any existing state. The Disabled state requests an 
  immediate disabling of the element, such that it will not execute or accept 
  any commands or processing requests. 

This property is set as the 
  result of a method invocation (such as Start or StopService on CIM_Service), 
  or can be overridden and defined as WRITEable in a subclass. The method 
  approach is considered superior to a WRITEable property, because it allows an 
  explicit invocation of the operation and the return of a result code. 
  

If knowledge of the last RequestedState is not supported for the 
  EnabledLogicalElement, the property shall be NULL or have the value 12 "Not 
  Applicable".

Qualifiers:
-------------
ValueMap={0, 2, 3, 
  4, 5, 6, 7, 8, 9, 10, 11, 12, .., 32768..65535}
Values={Unknown, Enabled, 
  Disabled, Shut Down, No Change, Offline, Test, Deferred, Quiesce, Reboot, 
  Reset, Not Applicable, DMTF Reserved, Vendor 
  Reserved}
ModelCorrespondence={CIM_EnabledLogicalElement.EnabledState}


  

  






  
  

    Method 
Detail


RequestStateChange
public uint32 RequestStateChange([IN]uint16 RequestedState, [OUT]REF CIM_ConcreteJob Job, [IN]datetime TimeoutPeriod)



  
Permission Information:
Permitted realms: 
  ADMIN_SECURITY_EAC_ADMIN_REALM

General Information:
Requests 
  that the state of the element be changed to the value specified in the 
  RequestedState parameter. When the requested state change takes place, the 
  EnabledState and RequestedState of the element will be the same. Invoking the 
  RequestStateChange method multiple times could result in earlier requests 
  being overwritten or lost. 
A return code of 0 shall indicate the state 
  change was successfully initiated. 
A return code of 3 shall indicate that 
  the state transition cannot complete within the interval specified by the 
  TimeoutPeriod parameter. 
A return code of 4096 (0x1000) shall indicate the 
  state change was successfully initiated, a ConcreteJob has been created, and 
  its reference returned in the output parameter Job. Any other return code 
  indicates an error 
  condition.

Qualifiers:
-------------
ValueMap={0, 1, 2, 3, 
  4, 5, 6, .., 4096, 4097, 4098, 4099, 4100..32767, 
  32768..65535}
Values={Completed with No Error, Not Supported, Unknown or 
  Unspecified Error, Cannot complete within Timeout Period, Failed, Invalid 
  Parameter, In Use, DMTF Reserved, Method Parameters Checked - Job Started, 
  Invalid State Transition, Use of Timeout Parameter Not Supported, Busy, Method 
  Reserved, Vendor 
  Specific}
ModelCorrespondence={CIM_EnabledLogicalElement.RequestedState}


Parameters:
--------------

  

    
RequestedState 
    
General Information:
The state requested for the element. This 
    information will be placed into the RequestedState property of the instance 
    if the return code of the RequestStateChange method is 0 ('Completed with No 
    Error'), or 4096 (0x1000) ('Job Started'). Refer to the description of the 
    EnabledState and RequestedState properties for the detailed explanations of 
    the RequestedState 
    values.

Qualifiers:
-------------
IN
ValueMap={2, 3, 
    4, 6, 7, 8, 9, 10, 11, .., 32768..65535}
Values={Enabled, Disabled, Shut 
    Down, Offline, Test, Defer, Quiesce, Reboot, Reset, DMTF Reserved, Vendor 
    Reserved}
ModelCorrespondence={CIM_EnabledLogicalElement.RequestedState}


    
Job 
    
General Information:
May contain a reference to the 
    ConcreteJob created to track the state transition initiated by the method 
    invocation.

Qualifiers:
-------------
IN=false
OUT


    
TimeoutPeriod 
    
General Information:
A timeout period that specifies the 
    maximum amount of time that the client expects the transition to the new 
    state to take. The interval format must be used to specify the 
    TimeoutPeriod. A value of 0 or a null parameter indicates that the client 
    has no time requirements for the transition. 
If this property does not 
    contain 0 or null and the implementation does not support this parameter, a 
    return code of 'Use Of Timeout Parameter Not Supported' shall be 
    returned.

Qualifiers:
-------------
IN







GetPosture
public uint32 GetPosture([IN]uint16 PostureType, [OUT]uint8 SignedPosture[2500], [OUT]uint8 PostureChangeHash[48])



  
Permission Information:
Permitted realms: 
  ADMIN_SECURITY_LOCAL_SYSTEM_REALM

General Information:
This 
  method returns (and optionally updates) the EAC posture for the Intel(R) AMT 
  device.

Qualifiers:
-------------
ValueMap={0, 1, 36, 
  2072}
Values={PT_STATUS_SUCCESS, PT_STATUS_INTERNAL_ERROR, 
  PT_STATUS_INVALID_PARAMETER, 
  PT_STATUS_NO_ASSOCIATION}


Parameters:
--------------

  

    
PostureType 
    
General Information:
The posture type to be 
    generated.

Qualifiers:
-------------
Required
IN
ValueMap={0}
Values={Attribute-Value 
    pair (AVP) type}


    
SignedPosture 
    
General Information:
BLOB representation of a Signed NAC 
    Posture data 
    block.

Qualifiers:
-------------
OUT
OctetString


    
PostureChangeHash 
    
General Information:
A computed hash value over the posture 
    data (fields like current time is omitted). This hash can be used to check 
    if the posture was changed, comparing to the last computed hash 
    value.

Qualifiers:
-------------
OUT
OctetString







GetPostureHash
public uint32 GetPostureHash([IN]uint16 PostureType, [OUT]uint8 PostureChangeHash[48])



  
Permission Information:
Permitted realms: 
  ADMIN_SECURITY_EAC_REALM

General Information:
This method 
  returns an hash of the currently available posture for the Intel(R) AMT 
  device, which can be compared to hash values from previous results to detect 
  differences.

Qualifiers:
-------------
ValueMap={0, 1, 36, 
  2072}
Values={PT_STATUS_SUCCESS, PT_STATUS_INTERNAL_ERROR, 
  PT_STATUS_INVALID_PARAMETER, 
  PT_STATUS_NO_ASSOCIATION}


Parameters:
--------------

  

    
PostureType 
    
General Information:
The posture type to be 
    generated.

Qualifiers:
-------------
Required
IN
ValueMap={0}
Values={Attribute-Value 
    pair (AVP) type}


    
PostureChangeHash 
    
General Information:
A computed hash value over the posture 
    data (fields like current time is omitted). This hash can be used to check 
    if the posture was changed, comparing to the last computed hash 
    value.

Qualifiers:
-------------
OUT
OctetString







UpdatePostureState
public uint32 UpdatePostureState([IN]uint16 UpdateType)



  
Permission Information:
Permitted realms: 
  ADMIN_SECURITY_EAC_ADMIN_REALM

General Information:
This 
  command tells the Intel AMT device to reset its boot counters and Agent 
  Presence state 
  counters.

Qualifiers:
-------------
ValueMap={0, 1, 36, 
  2075}
Values={PT_STATUS_SUCCESS, PT_STATUS_INTERNAL_ERROR, 
  PT_STATUS_INVALID_PARAMETER, 
  PT_STATUS_AUDIT_FAIL}


Parameters:
--------------

  

    
UpdateType 
    
General Information:
The posture element to be 
    updated.

Qualifiers:
-------------
Required
IN
ValueMap={0, 
    1}
Values={PostureUpdateBootCounters, 
    PostureUpdateAgentPresenceState}







GetEacOptions
public uint32 GetEacOptions([OUT]uint32 EacVendors, [OUT]uint32 PostureHashAlgorithm)



  
Permission Information:
Permitted realms: 
  ADMIN_SECURITY_EAC_ADMIN_REALM, 
  ADMIN_SECURITY_GENERAL_INFO_REALM

General Information:
This 
  method returns EAC options for the Intel(R) AMT device.

Product 
  Specific Usage:
Additional Notes: 
1) 'GetEacOptions' method is 
  supported in Intel AMT Release 4.0 and later 
  releases.

Qualifiers:
-------------
ValueMap={0, 
  1}
Values={PT_STATUS_SUCCESS, 
  PT_STATUS_INTERNAL_ERROR}


Parameters:
--------------

  

    
EacVendors 
    
General Information:
Enabled EAC 
    Vendors

Qualifiers:
-------------
OUT
ValueMap={1, 2, 
    3, 4..65535}
values={EAC NAC, EAC NAP, EAC NAC and NAP, Reserved}


    
PostureHashAlgorithm 
    
General Information:
Posture Hash 
    Type

Qualifiers:
-------------
OUT
ValueMap={1, 2, 3, 
    4..65535}
values={SHA-1-160, SHA-2-256, SHA-2-384, 
  Reserved}







SetEacOptions
public uint32 SetEacOptions([IN]uint32 EacVendors, [IN]uint32 PostureHashAlgorithm)



  
Permission Information:
Permitted realms: 
  ADMIN_SECURITY_EAC_ADMIN_REALM

General Information:
This 
  method configures EAC options for the Intel(R) AMT device.

Product 
  Specific Usage:
Additional Notes: 
1) 'SetEacOptions' method is 
  supported in Intel AMT Release 4.0 and later 
  releases.

Qualifiers:
-------------
ValueMap={0, 1, 36, 
  38, 2066, 2075}
Values={PT_STATUS_SUCCESS, PT_STATUS_INTERNAL_ERROR, 
  PT_STATUS_INVALID_PARAMETER, PT_STATUS_FLASH_WRITE_LIMIT_EXCEEDED, 
  PT_STATUS_UNSUPPORTED, 
  PT_STATUS_AUDIT_FAIL}


Parameters:
--------------

  

    
EacVendors 
    
General Information:
Enabled EAC 
    Vendors

Qualifiers:
-------------
Required
IN
ValueMap={1, 
    2, 3, 4..65535}
values={EAC NAC, EAC NAP, EAC NAC and NAP, 
    Reserved}


    
PostureHashAlgorithm 
    
General Information:
Posture Hash 
    Method

Qualifiers:
-------------
Required
IN
ValueMap={1, 
    2, 3, 4..65535}
values={SHA-1-160, SHA-2-256, SHA-2-384, 
    Reserved}







Get
public  Get([OUT]AMT_EndpointAccessControlService Instance)



  
Permission Information:
Permitted realms: 
  ADMIN_SECURITY_EAC_REALM, ADMIN_SECURITY_EAC_ADMIN_REALM, 
  ADMIN_SECURITY_GENERAL_INFO_REALM

General Information:
Gets 
  the representation of the instance





Pull
public  Pull([IN]String EnumerationContext, [IN]String MaxElements)



  
Permission Information:
All users permitted to use method, only 
  instances to whom the user has permissions will be returned

General 
  Information:
Pulls instances of this class, following an Enumerate 
  operation





Enumerate
public  Enumerate()



  
Permission Information:
All users permitted to use 
  method

General Information:
Enumerates the instances of this 
  class





Release
public  Release([IN]String EnumerationContext)



  
Permission Information:
All users permitted to use 
  method

General Information:
Releases an enumeration 
  context






  
  

    SUMMARY: NESTED | FIELD | METHOD
  

  

    DETAIL: FIELD | METHOD



  
  

    
      
Copyright © 2006-2022, Intel 
      Corporation. All rights 
reserved.