Is there any way for me to check whether the user have change the password but not the configure?
i try usingiamt_scan_v0.3.1.1 but there arent any status stating that...
There are a couple of different passwords that I can think of that you may be interested in. There is the MEBx password (initially the same as the admin password) and there are Access Control List (ACL)users/passwords. The admin account is part of the ACL.
You can determine when an ACL entry has been added, removed, or modified using the Access Monitor feature. Please refer to the SDK documentation section: Intel AMT Features > Access Monitor > Detailed Description > Event Groups and Event IDs > Security Admin Events
You can also use the Access Monitor to see when attempts were made to access AMT using an ACL account or access MEBx with invalid passwords.
what about in case where the machine is notprovision but the user go into MEBx to change the password? can we still use access monitor to see that?