Intel® Business Client Community Frequently Asked Questions

Getting Started
Remote Encryption Management

Getting Started

This section contains answers for those new to the Intel® Business Client Community and Intel® Active Management Technology[1].

What is the Intel Business Client Community?
This is an online site created to increase the expertise for developers of Intel® Active Management technology and security features in Intel® vPro™ technology[2]-based solutions. It contains articles, blogs, videos, downloads, a forum, and other items to help developers reduce the time required to create manageability and security solutions for business client systems.
What is Intel® Active Management Technology (Intel® AMT)?
Intel® architecture-based notebooks and desktops with Intel AMT combine high-end performance with security and manageability integrated within the chip. Optimized for business, Intel vPro technology allows IT to reduce desk-side visits by remotely monitoring and diagnosing PCs and notebooks even when the OS is off or unresponsive.
  • Discover. With built-in manageability, IT can discover assets even while PCs are powered off.
  • Diagnose. Providing out-of-band management capabilities, IT can remotely diagnose and recover systems reducing downtime.
  • Verify. Hardware-based agent presence checking proactively detects the software agents that are running while missing agents are automatically detected and alerts are sent to the management console.
  • Isolate. Proactively block incoming threats, and isolate infected systems while containing infected clients before network impact and alerting IT to the critical software agents removed.
  • Update. Help keep patches and virus protection software up-to-date. Intel AMT provides the capability to store version numbers or policy data in non-volatile memory for off-hours retrieval.
What is Intel vPro technology?
Intel vPro technology is “IT” embedded into the HW platform. Intel vPro technology is a platform brand that enables business-class PCs with capabilities to help address the needs and requirements faced by business today. Intel vPro technology comprises a processor, chipset, networking, Intel AMT, and other components working together to enable enhanced remote management capabilities for PCs. With Intel AMT a feature of Intel vPro technology, IT personnel can use a third-party manageability and/or security software controller to collect inventory information, remotely diagnose problems, and provide remote services even to PCs that are turned off or have an inoperable OS. Administrators can also better protect individual PCs and the network from threats.
What are the following Intel AMT tools for: SDK, Open Manageability DTK, SCS, WS-ManTranslator, JavaLib ?

These are all tools that can be used when experimenting with or writing applications for Intel AMT. Here are some brief descriptions and when to use them:

Intel AMT SDK: Software Development Kit - Provides sample code and all the APIs needed for implementing Intel AMT. The Open Manageability DTK uses the APIs provided in the SDK. Be sure to use the most recent release of the SDK to integrate Intel AMT into your application.

Open Manageability DTK: Developer Tool Kit - This is a solution written in C# using the Intel AMT SDK. Use this to get an idea of how Intel AMT works. Many engineers use the DTK to verify if a certain feature is working. The source code is also available.

Intel® SCS: Intel® Setup and Configuration Software – allows you to discover, set up and configure, and maintain a secure connection to every managed device on your network. Using Intel SCS is an easy process for unlocking the features and the value of systems with Intel® processors with Intel vPro technology.

Intel® WS-Man Translator: WS-Management Translator - makes it possible for WS-Management-based software to be used in conjunction with Intel AMT platforms older than version 3.0.

JavaLib: Intel® WS-Management Java Client Library – is a lightweight WS-Management protocol library designed for software developers who want to quickly and easily support WS-Man but want to avoid the complexity of writing their own Java*-based WS-Man client library.

How do I get started writing Intel AMT software using WS-Management?
Download the latest Intel® AMT SDK and look at the documentation. Starting with version 6.0, WS-Management is the only interface that supports new features.
What are the guidelines for Intel® AMT Management Engine (ME) passwords?
You have to change the default ME password (admin) to a strong password the first time you log in to the Management Engine BIOS Extensions (MEBx). Follow these guidelines. The ME password should contain:
  • 7-bit ASCII characters, in the range of 32-126, excluding ':', ',' and '"' characters.
  • No more than 32 characters.
  • At least one number ('0', '1', .... '9')
  • At least one 7-bit ASCII non alpha-numeric character, above 0x20, (e.g., '!', '$', ';'...). Note that '_' is considered alpha-numeric.
  • At least one lower-case letter ('a', 'b',...,'z') and one upper case letter ('A', 'B', ...'Z')
Is there some type of software I can install on my computer or server to remotely manage computers with Intel vPro technology?
This detailed document, Intel® AMT SDK Start Here Guide, will help you get started.
Will my management console be helpful when deployed without any systems with Intel vPro Technology?
To take advantage of the usage models supported by Intel AMT, you need the support from PCs with Intel vPro Technology and a Management console.
Why can’t I connect to the Intel AMT system locally through WebUI?
Intel AMT versions prior to 7.0 cannot serve web pages locally. The Intel AMT system was not accessible locally through the WebUI or ping, even if it has a static IP.
Is there a utility to check if my system supports Intel vPro technology?
The Intel® Setup and Configuration Service version 7.0 and later has a discovery module called the SCS Discovery Tool. Here is a blog on How to Run the SCS Discovery Tool.
Which systems support Intel vPro technology?
Refer to this blog: Intel® vPro Technology™ Release 9.0: Platform Requirements for information on what processors and SKUs are Intel AMT 9+ capable.
What hardware components make up an Intel AMT 4.0 system?
The main hardware ingredients that are present in an Intel AMT 4.0 system include:
  • Intel® Wireless Wi-Fi* Link 5000 Series AGN adapters
  • Processor: Intel® Centrino® 2 with vPro™ Technology
  • Chipset: Intel® M45 series chipset with Intel® ICH09DO
  • CPUs: Intel® Core™ 2 Duo mobile processor T9600, T9400, P9500, P8600, and P8400 series
Note: Intel AMT 4.0 systems are no longer being supported. The oldest version of Intel AMT being supported is AMT 7.0 and newer.
What hardware components make up an Intel AMT 5.0 system?
The main hardware ingredients that are present in an Intel AMT 5.0 system include:
  • Intel Wireless Wi-Fi Link 5100 or 5300 AG
  • Processor: Intel® Core™ 2 processor with vPro™ Technology
  • Chipset: Intel® Q45 Express Chipset with Intel® ICH10DO
  • CPUs: Intel® Core™ 2 Quad Q9xxx and Duo E8xxx series CPUs.
Note: Intel AMT 5.0 systems are no longer being supported.
What hardware components make up an Intel AMT 6.0 System?
The main hardware ingredients that are present in an Intel AMT 6.0 system include:
  • Networking:
    • Intel® 82577LM Gigabit network connection
    • Notebooks: Intel® Centrino® Ultimate-N 6300 (3x3) 802.11a/b/g/n
    • Notebooks: Intel® Centrino® Advanced-N 6200 (2x2) 802.11a/b/g/n
    • Chipsets:
      • Mobile: QM57
      • Desktop: Q57
      • Small Form Factor (SFF) QS57
    • Intel® Core™ i7/i5 processors
      • Desktop: i5-650, i5-660, i5-670
      • Laptop: i7-620M, i7-640LM, i7-620LM , i7-640UM, i7- 620UM, i5-540M, i5-520M, i5-520UM
What hardware components make up an Intel AMT 7.0 system?
The main hardware ingredients that are present in an Intel AMT 7.0 system include:
  • Networking
    • Intel® 82579LM Gigabit Ethernet PHY
    • Intel Wi-Fi Adapters supporting vPro technology:
      • Intel Centrino Ultimate-N 6300
      • Intel Centrino Advanced-N 6230
      • Intel Centrino Advanced-N 6205
    • Chipsets supporting Intel vPro/ Intel AMT technologies 7.0
      • Q67 for Desktop Systems; QM67 and QS67 for Mobile chipsets
    • Intel® Core™ i7/i5 processors
      • Desktop: i7-870, i7-860, i7-860s, i5-650, i5-660, i5-670, i5-680
      • Laptop: i7-840, i7-820, i7-740, i7-720, i7-660, i7-640, i7- 620, i5-580, i5-560, i5-540, i5-520
Refer to this blog post for additional information like support for KVM Remote Control.
What hardware components make up an Intel AMT 8.0 system?
The main hardware ingredients that are present in an Intel AMT 8.0 system include:
  • Networking
    • Intel® 82579LM Gigabit Ethernet PHY
    • Intel Wi-Fi adapters supporting Intel vPro technology:
      • Intel Centrino Ultimate-N 6300
      • Intel Centrino Advanced-N 6230
      • Intel Centrino Advanced-N 6205
      • Intel Centrino Advanced-N 6200
      • Intel Centrino Advanced-N + WiMAX 6250
    • Chipsets supporting Intel vPro/AMT technologies 8.0
      • Q77 for Desktop Systems; QM77 and QS77 for Mobile chipsets
    • Intel® Core™ i7/i5 processors
      • Desktop: i7-3770, i7-3770T, i7-3770S, i5-3550, i5-3550S, i5-3570T
      • Laptop: i7-3920XM, i7-3820QM
What hardware components make up an Intel AMT 9.0 system?
Refer to this blog: Intel® vPro Technology™ Release 9.0: Platform Requirements for information on what processors and SKUs are Intel AMT 9+ capable.
What are the allowed network setup modes?
Intel AMT supports DHCP and static IP. It is advised that the Intel AMT network settings coincide with the system network settings.
  • When using DHCP – Intel AMT hostname should be set to the same hostname as the host.
  • When using static IP – Intel AMT host name AND IP address should differ from the host IP and hostname.
Does Intel AMT support Windows Vista*?
Intel AMT is generally OS independent. Intel AMT supports drivers for Windows Vista starting with AMT 2.1 for features that use local drivers.
What features do the various versions of AMT support?
Refer to the AMT SDK Start Here Guide to see a list of versions and features
Does Intel AMT support Linux*?
Intel AMT is generally OS independent. Please refer to this post on Intel AMT with Linux.
Can I control Intel AMT clients from a Management Console running on a non-Intel AMT computer with Windows* or Linux?
The computer that runs the Intel AMT Management console does not have to have AMT installed.
Will Intel AMT technology be coming to Apple Macintosh* computers?
Intel® Centrino® Pro processor technology on the Macintosh would be Apple's version of their mobile platforms with Intel Core 2 Duo processors. There are currently no plans to have Intel AMT on Apple systems.
Do I need a server (such as Windows Server 2003) to manage and control AMT PC clients?
No. If you use the Intel Manageability Commander, any Microsoft Windows computer is ok.
Are there any software applications available to perform hardware inventory on Intel AMT systems?
You can do it in two ways:
  1. Log on to your Intel AMT system through web URL http://<ipaddress>:16992. On the left side, you will see hardware Information and under that are system, processor, memory, and disk. You can click on each of them and see the details.
  2. Through Intel Manageability Commander, which comes with the Intel AMT Manageability DTK. You can download the latest version from
Which versions of Intel AMT can be configured using the Intel SCS?
Please refer to the latest release of the Intel SCS for information on supported Intel AMT versions and configuration methods.
What is the “Hello” message?
This is a message that an Intel AMT device sends once it has been loaded with a PID/PPS key pair and had its default password changed. This indicates the start of the setup and configuration process. Note that “Hello” messages start once a PID/PPS is entered though the MEBx or USB key. They can start even if the Setup and Configuration Service is not installed.
What is Host Based Configuration?
Host Based Configuration (HBC) is a feature introduced with Intel AMT 7.0 that allows configuration of Intel AMT systems locally through the host operating system. More info is available in this video.


This section contains answers to common questions for those developing management solutions based on Intel® Active Management Technology(Intel® AMT).

Are there any commercial Intel AMT tools available for modifying the BIOS settings on an Intel AMT system?
Use the “Open” Intel AMT Manageability Commander included in the Open Manageability DTK for this. Under the Remote Control tab, you can start an SOL session and boot into the BIOS options of your Intel AMT client. You can also use IMRGUI in the Redirection sample included in the Intel® AMT SDK. Also try the Intel® vPro Platform Solution Manager.
Can multiple administrators through various tools connect to Intel AMT on one machine at the same time?
The SOAP and WS-Man protocols used by Intel AMT are request/response protocols, so it will seem like everybody is getting connected at the same time. But really what's happening underneath is that Intel AMT is responding to the requests one by one. You cannot perform multiple instances of Serial over LAN or IDE Redirection at the same time.
How do you detect computers with Intel AMT Technology without SCS or similar tools?
Assuming the Intel AMT-enabled systems are provisioned, you can send a SOAP command for GetCoreVersion API that can be found in the SDK. Intel AMT-enabled systems will provide a response containing the Intel AMT firmware version. Systems without Intel AMT will not respond to the SOAP request.
How can I find the Intel AMT MAC address of my client system?
If the Intel AMT device is configured to work in DHCP mode, check to see that its MAC address is exactly the same as the host LAN. Another way is to use the MEInfo tool on the Intel AMT local machine. The MEInfo tool comes with the utilities for upgrading the firmware (contact your OEM for this). If you use this tool, just make sure you are using the right version for your firmware. MEInfo exists in both Windows and DOS versions.
Can I force my system to boot to a local CD using IDE-R?
Booting to a local CD-ROM is not supported by Intel AMT. You can use ASF for doing that.
Will the flash update utility work remotely?
The flash update utility only works remotely. This is a security feature of Intel AMT.
Can an Intel AMT application be developed for an older version of Intel AMT using a newer version of the Intel AMT SDK?
Yes, as long as the application is aware of the IntelAMT version and does not try to perform operations only available on newer IntelAMT systems. Differences between the versions are generally called out in the SDK documentation. Additionally, many older APIs have been deprecated.
Can an application compiled with an older version of the Intel AMT SDK manage newer Intel AMT Firmware versions?
Yes, most all interfaces are forward compatible. But you need to be wary of items that are deprecated. Refer to the documentation in the Intel AMT SDK.
Q37 What are the limitations of using Intel AMT in a wireless environment?
A37 Here is a high-level list detailing wireless usage in IntelAMT. For more information please take a look at
  • Setup and Configuration is not supported over a wireless interface.
  • There is no host wireless connection in link-sensitive flows (i.e., SOL/IDE-R redirection use-cases); local agents will not be able to connect unless there is a LAN connection.
  • System Defense filters are software based, not hardware based as in the wired interface.
  • Static IP is not supported on the wireless management interface.
  • The wireless management interface may not be enabled by default depending on which setup and configuration tool is being used (even if valid wireless profiles are configured in the Management Engine and Intel AMT is enabled).
  • Wired and wireless management interfaces cannot be on the same subnet concurrently.
  • 802.1x profiles are applied independently on wired and wireless.
What is the difference between IDE-R and PXE?
IDE-Redirect (IDE-R) is a feature of Intel AMT that allows the management console to remotely mount CDROM and floppy disk drives on an Intel AMT computer and cause a remote boot on the remote drives. PXE (pre-boot execution Eenvironment) is a form of remote boot that has been used for a long time before IDE-R. Here are the main differences between the two:
  • PXE is a BIOS technology and has access to the entire system RAM and loads the entire disk image from a remote TFTP server before booting. IDE-R, being part of Intel AMT, does not have access to the entire system RAM and can’t pre-load the entire disk image, so it forwards each disk request to the console. The console must then answer back to each disk request. Due to this, PXE may be slower at first, but faster later and does not need a permanent connection to the server.
  • IDE-R is console initiated; PXE is client initiated. PXE is generally used for diskless workstations, and IDE-R is used by administrators to remotely fix problems.
  • IDE-R is routable, PXE is not. Because PXE gets it’s instructions from DHCP, each DHCP server on each subnet must support PXE. No particular DHCP infrastructure is required for IDE-R.
  • When Intel AMT is set up in TLS mode, IDE-R is more secure than PXE.
Is the Intel AMT terminal compatible with telnet?
We do not recommend using Telnet or Hyperterm as terminals for Intel AMT. You may use IAmtTerm.exe from the Open Manageability DTK.
How much memory is available in the 3rd Party Data Store?
Intel AMT 1.0 systems have 96k of NVRAM. All computers with Intel AMT 2.0 and beyond have 192k of NVRAM. This said, vendors can probably change this, and it's generally accepted that any single application should not use more than 48k of it so that several applications can share this space. You could also try to use some type of compression when placing data into the 3rd Party Data Store (3PDS) so that this space can be used most efficiently.
Does Intel AMT provide an API for ISVs to modify the PRTC timer remotely?
You can find it in Intel AMT SDK documentation in the AMT_TimeSynchronizationService. To learn more about this clock refer to this post.
How can one discover an Intel AMT machine before a user goes into the Intel AMT configuration screen at boot-time and sets a new username/password from the default password?
The Intel® Setup and Configuration Software version 7.0 and later has a discovery module.
Can one get the host UUID to run before registration?
Yes, the ISVS_GetHostUUID API call can be used after library initialization and before registration. It's one of a very few calls that can be used prior to registration.
Can I access my 3rd Party Data Store block by name later as a named block?
Yes, please refer to the Storage feature in the latest Intel AMT SDK documentation.
Can 3rd Party Data Store blocks smaller than 4K be allocated? What about the scratchpad?
No, please refer to the Storage feature in the latest Intel AMT SDK documentation.
Does one need to lock while reading from 3rd Party Data Store? What happens if one does not lock?
To ensure the data is consistent, lock before performing reads. If a lock is not done before reading you may get inconsistencies in data, partially from before and partially from after a write that has taken place.
Will Intel be supplying a library or code to translate the PCI Vendor and Device ID values to human friendly strings?
No, there are no plans to add this functionality to the library. In the meantime, ISVs can go to standard sources to get PCI string tables, e.g.,*.
When an event filter is created, the FW returns a handle. When the handle is lost (system failure, etc.), how can a console recover the handle? Does the firmware clean up?
Event handles live forever, but they can be recovered. An application can use the SDK CircuitBreakerService interface to enumerate the filters and determine which filters belong to it. To do this, use the EnumerateEventFilters method to return an EventFilterHandleArrayType that lists the filter handles. A loop that applies GetEventFilter SOAP function to each handle can then be created to get the properties of each filter, which allows the application to determine which filters are of interest.
Is there a license restriction that would not allow redistribution of the IMRSDK.DLL allowed with our product?
The IMRSDK.dll can be distributed with your product.
What is the maximum size of the Intel AMT event log?
The maximum number of event log entries is 390.
How does one set up authentication?
To establish a SOAP over HTTPS connection (i.e., TLS authentication), all that needs to be done is specify the proper endpoint. https://<hostname>:16993. Windows security mechanisms will be employed to perform the proper certificate checking to establish the encrypted session. Once the encrypted session is established, the credentials are then passed to perform the userid authentication. This means there will be no change to any code except to when a specification of the new endpoint is needed.
When accessing the local storage on an Intel AMT machine, an URL (e.g. http://localhost:16992/StorageService) is specified. If the machine is in TLS mode, is it necessary to have the certificate on the local machine that's normally on the core server only?
Yes, please specify the URL as https://localhost:16993/StorageService. Remember that TLS mode is defined on an interface level. This means that one can configure the Intel AMT device to utilize TLS communications on the network (remote) interface and utilize non-TLS communications on the local interface.
Is there a specific API that will indicate which version(s) of Intel AMT that a device supports?
Yes, call: GeneralInfoService::GetCodeVersions.
Is it possible to recover the Intel AMT ID/Password without re-programming the device?
No - the password is not recoverable (this is a security feature).
How can I tell whether an API can be executed locally (on the Intel AMT Client) or remotely (from the management console via network access?)
Please refer to the Functionality on the Realm Mapping page in the latest Intel AMT SDK documentation.
Where can we get a Linux driver for LMS/SOL and HECI?
You can get Linux drivers here:
We want to upgrade our Intel AMT firmware. Where we can get new firmware?
Your OEM should be able to tell you if firmware upgrades are available for your system and provide them for you.
What is the BIOS update process for Intel® Desktop Boards DQ965CO, DQ965GF, and DQ965WC ?
Please refer to the documentation at:
What are the different options available to setup PID/PPS in Intel AMT?
  • At manufacturing time: Some vendors could probably push firmware on a computer with some settings pre-loaded.
  • Manually: Going into the BIOS or MEBx and entering these values yourself. This is time consuming.
  • Using USB Flash: You put these settings into a "setup.bin" file on a USB flash drive (512M or less, will not work on larger sticks).
What happens if a local application tries to bind to port 16992 or 16993?
This is not recommended. Intel has registered these ports at IANA and they should not be used.
How do you disable the Intel AMT privacy notification popup?
There are registry settings to do this. Disable.reg has [HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun] “atchk”=””
This will prevent the privacy icon application from ever running again.
If you want to keep the app running, but minimized to get rid of the “popup,” then
[HKLMSOFTWAREIntelNetwork_Servicesatchk] “MinimizePrivacyIconAtStart”=dword:00000001
This can also be done by altering the oementry.reg file that contains this entry. The atchk (privacy icon) app gets installed when you install the SOL/LMS driver software.
The disable.reg and oementry.reg files should be shipped on the OEM driver CDs. You can refer to this blog:
What is a UUID to FQDN mapping?
A UUID is a Universally Unique Identifier assigned to each machine. This identifier is a part of the machines BIOS and can be used to identify the machine independent of its host OS or host name. Before provisioning can be completed, you must provide a mapping of the machines UUID to its host name. This can be done using the SCS UI and setting the Intel AMT properties.
Does the alarm clock support multiple alarms?
Starting with Intel AMT 8.0, the PC alarm clock will support an additional 5 alarms with unique identifiers.
What happens when an alarm clock is scheduled to wake a mobile system that is in an inappropriate location (e.g., a briefcase in airplane overhead bin)?
Intel AMT does not operate on mobile systems that are not plugged into AC power. So the alarm clock feature would not wake the system.
How can someone determine if a system was booted up due to the alarm clock?
An event is created in the event log that states the alarm clock feature powered up the system. The event also indicates what the previous power state was. Starting with Intel AMT 8.0 the IPS_HostBootReason call can be used to determine the reason for last boot.
Does the Intel AMT alarm clock feature put the system back to sleep?
No, the intention is to allow local agents to perform tasks on the system at the specified time. When the local agent is finished with its tasks, it should put the system back into the previous state it was in before the alarm.
What’s different regarding power policies in Intel AMT 6.0 vs. previous generations?
In version 6.0 there are only two power polices supported (Desktop/Mobile on in S0, Desktop/Mobile on in S0 with Wake On ME in S3-S5). The default power policy is Desktop/Mobile on in S0 with Wake on ME in S3-S5. The Idle wake timeout is set to ~45 days. This means the Manageability Engine should always be awake and ready to respond to manageability requests unless ISV software explicitly configures Intel AMT to enter lower power states by reducing the Idle Wake timeout.
Will the Manageability Engine accept multiple KVM Remote Control connections?
Can unattended KVM Remote Control sessions (no user consent) be enabled without touching the machine?
Yes, if the OEM enables this option. This may have privacy issues in some countries or user environments. In most cases, the user will have to select this option in the MEBx or the IT administrator will have to set it with a USB key during pre-provisioning.
Is the KVM Remote Control proxy required to connect to a system with Intel® vPro™ technology?
No. The ME will listen on port 5900 for a standard VNC viewer (RFB 3.8 and above). In this model, extensions such as TLS and Kerberos authentication are not supported even if configured for Intel AMT.
How does the user give consent for a KVM Remote Control connection when consent is required for each session?
Upon a connection attempt, sprite is used to display a key that the user must read to the remote operator. The user may opt to disable the per-session consent requirement in MEBx.
What is a "sprite"?
The term "sprite" in the context of a platform with Intel vPro technology enabled refers to a graphic that is drawn directly to the local display by the integrated hardware. Sprites are independent of any host software or operating system.
Is the Intel® Management and Security Status (IMSS) service required to use KVM Remote Control?
No. IMSS provides additional notifications to the user, the ability for the user to terminate a KVM Remote Control session and control over the sprite behavior (e.g., language selection).
What Remote Frame Buffer (RFB) protocol version is supported?
RFB 3.8 and 4.0 are both supported. RFB 4.0 offers some performance, usability, and extensibility enhancements. What is the "RFB (or VNC) Password"? The RFB password is part of the RFB protocol's "VNC Authentication." The KVM viewer is required to provide the RFB password when it establishes a session. By default, the RFB password is set to the MEBx password. Anyone with access to the Intel AMT Redirection Realm can change the RFB password.
Can the KVM Remote Control feature be enabled / disabled remotely?
Yes, unless the feature is explicitly disabled in MEBx.
Can the local keyboard and mouse be blocked during a KVM Remote Control session?
Can you disable the standard VNC port 5900?
A78 Yes. During configuration, you must enable either the Intel AMT redirection ports (16994/16995) or the standard VNC port (5900).
What RFB versions does the proxy support?
The proxy will support both RFB 3.8 and RFB 4.0 with equal functionality. The protocols themselves may have differences independent of the proxy.
Does the proxy use GPL?
What WS-Events are created by KVM Remote Control?
Local KVM Remote Control events are generated when a session starts or stops.
How complex is the user consent password?
The user consent password is a 6-digit number.
What resolutions are supported by the AMT 6.0 hardware?
  • 640x480 (4:3 aspect ratio)
  • 800x600
  • 1024x768 (4:3 aspect ratio)
  • 1280x1024 (5:4 aspect ratio)
  • 1280x800 (16:10 aspect ratio)
  • 1366x768 (16:9 aspect ratio)
  • 1440x900 (16:10 aspect ratio)
  • 1600x1200
What resolutions are added by the AMT 7.0 hardware?
Release 7.0 also supports screens with a resolution of 1920x1200 with 16 bits of color depth.
What do I need to do to use the Intel ME WMI provider?
It will come pre-loaded on a system with Intel AMT version 6.0 or later (it should also be part of driver installation kit that comes from OEMs). For some of the discovery information (like Intel AMT and firmware versions), Intel AMT doesn’t even need to be provisioned to make calls to the provided WMI provider. There are some example scripts in the SDK that call the WMI provider, but in general if you already know how to use WMI, you’ll understand how to call the provider.
What is the Intel ME WMI Provider?
The WMI provider gives access to several pieces of functionality that were previously only accessible with separately downloaded tools such as the Activator or the Intel AMT Scan Tool, or where the data could be read locally from the IMSS, but not obtained programmatically locally.
What advantages are there to using the WMI provider over existing tools?
The Intel ME WMI provider will be part of the installation that goes to OEMs, so the WMI provider should be present on all Intel AMT 6 systems (in the same way that the Intel Management and Security Status program is part of all the previous generation of AMT systems that launched in 2008). Primarily it was created to give developers more flexibility in how they develop their apps (and hopefully make it easier to develop).
What is the Intel Manageability Firmware Recovery Agent?
The Intel Manageability Firmware Recovery Agent is part of the Intel AMT driver stack provided to OEMs. Starting in 2011, it is relevant for any platform that has a Manageability Engine (ME). For more information, refer to the following blog:
Does Intel AMT 9 still support the SOAP (EOI) interface?
No. From Release 3.2, Intel AMT added WS-Management as a management layer over SOAP. From Release 6.0, SOAP was deprecated and no longer supports new Intel AMT features. With Intel AMT 9, no SOAP APIs are supported and as a result, older management consoles developed under older versions of Intel AMT will no longer work (for the features implemented with the SOAP interface.) Refer to the following blog:


This section contains answers to some common issues encountered when developing and implementing solutions that use Intel® Active Management Technology (Intel® AMT).

Intel AMT/ME is setup correctly, but my password is always rejected when trying to connect through the WebUI or the Manageability DTK tools. What is wrong?
The problem could be with your keyboard mapping. MEBx thinks that you are typing on a QWERTY keyboard and if you are using an operating system that has a different keyboard mapping, the password will not match.
How do I submit a bug on the Manageability DTK (a.k.a. AMT Commander?)
Send an email to and ask for a bug report.
Is there something in Intel AMT that blocks remote desktop traffic? After installing the chipset drivers (Intel® AMT HECI, Intel® AMT SOL, and Intel® Chipset Software) I am no longer able to remote desktop to or from this system. I have a Dell Optiplex* 755 system.
There aren’t any settings in Intel AMT that could block the remote desktop traffic. The problem could be due to the wrong video driver. The Dell driver CD comes with RADEON HD 2400 PRO* and RADEON HD 2400 XT. You have to make sure that you install the correct one. The Device Manager does not show any issues with the wrong driver. So, go to your Event Viewer and see if you have any errors with RDPDD.dll. If so, try installing the correct driver from the CD or
Is it possible to have a null or invalid GUID on an Intel AMT system?
The GUIDs are initialized, stored, and handled by the BIOS. So it is possible that an Intel AMT device gets a null or invalid GUID, but Intel AMT will detect it as invalid and won't use it.
Can malware detection in Intel AMT replace antivirus applications?
No, you want to have both at the same time. When you put policies in Intel AMT for malware detection, they cannot be circumvented in any way from the host. The drawback is that Intel AMT is located underneath the host operating system and doesn't have all the information that a host application would have. So really a combination of the two is ideal.
Is there a way to install an operating system on 20 computers at the same time with Intel AMT?
Yes. Intel AMT provides the ability to boot a disk remotely on the computer. The first step is to mount a CD-ROM drive onto the remote computer and then boot off of the remote CD-ROM drive. The rest of it is up to the administrator to build an ISO image that performs all the operations the administrator wants to perform.
What if the DHCP server is not working? There is no way to connect to the machine, right?
When Intel AMT is configured for DHCP mode, if the DHCP server is not working, Intel AMT will never be able to obtain a valid IP address and you will not be able to connect to it remotely. If Intel AMT is configured in static IP mode, you can connect to it using the static IP address.
I am getting an error message about communication to the Intel Manageability Engine. I have an Intel DQ35MP motherboard and an Intel® Core™ 2 Quad. I had previously updated to the latest BIOS and it was working fine. I have re-flashed the BIOS but the problem persists?
You should do a CMOS reset. For this, disconnect the power cord and LAN cable. Remove the CMOS battery for 15 seconds and insert it back in. When you power on, the Manageability Engine settings will revert to their factory defaults. The default user name and password is admin/admin. Please remember to change it to a strong password before configuring the ME further.
The system is unresponsive and won't boot. How can this be resolved?
  • Unplug the power cord, wait 20 seconds, and boot the system again.
  • DIMM 0 must be populated with memory for AMT to work. AMT firmware is uncompressed and run in DIMM 0.
I am having difficulties with building the Sample Code in the AMT SDK.
Please refer to the “Using the Intel AMT SDK” section in the Intel AMT SDK documentation. Also, review this video:
The Intel AMT system will not boot on USB key.
  • The USB boot partition needs to be 256MB or smaller.
  • Format the USB key to be DOS bootable.
After a few successful writes to Intel AMT storage, write errors occurred for all subsequent writes. Re-flashing the AMT memory did not help, but leaving the system on overnight did help. Why is this?
Flash write limits may have been exceeded. Optimize writes to see if this resolves the problem. Flash wear out protection is enforced by Intel AMT to avoid permanent damage to flash by malware. Once the limit is exceeded, there is a time limit (40 minutes) that must be satisfied in order to write again.
Hello packets are sent only when OS is on.
This is probably because the Intel AMT has been configured to only be active in S0 state. Try changing the Intel AMT communicate when the system is in Sx state (when the OS is not up). Look for Power Policy configuration settings in the MEBx.
When working in DHCP and setting a block-all policy in System Defense, after a certain amount of time Intel AMT will be inaccessible.
When in DHCP mode, the Intel AMT system relies on the host operating system (OS) to respond to IP network traffic requests (ARP requests). These requests are cached, so the OS will continue to respond to the ones from the cache even after the filter has started to block new ones coming in.
Workaround: When defining a block-all policy, make sure to define 2 extra filters.
  1. Pass Tx filter on Ethernet header for 0x806 (ARP)
  2. Pass Rx filter on Ethernet header for 0x806 (ARP)
  3. Make sure these filters are part of the policy.
This will ensure that the host will answer ARP requests.
I just provisioned my Intel AMT system; why doesn't SOL/IDER work?
There may be a couple of reasons why your system is not allowing SOL/IDER sessions. First, you must make sure that both SOL and IDER are enabled in the BIOS (check the configuration settings in the ME/AMT menus). Secondly, if you have just moved from provisioning your systems in SMB mode to Enterprise mode, then you will need to programmatically enable the Redirection Port (SMB mode provisioning does this automatically for you.) Even though you selected that you wanted SOL and IDER to be enabled interfaces in your profile (another requirement), the Setup and Configuration Service will not enable the port for you (this is considered a security issue so it is left closed.)
There are a couple of ways you can enable this port:
  1. Connect to your Intel AMT system using the Manageability DTK, go into the "Remote Control" menu and enable the Redirection Port (you will probably see that it is disabled.) Remember when doing this, you should disable the port when finished with your SOL/IDER session. It is not a good idea to leave this port open.
  2. Add the appropriate API calls to your own Management Console Software: GetRedirectionListenerState or SetRedirectionListenerState. When you are ready to perform a SOL/IDER session, have your software open the port and then when finished, close the port. This makes for a more secure implementation.
What happens if the flash images update crashes in mid-update?
There isn't an issue re-flashing the device if there is a flash write error. There is no dependency between corrupt data and the ability to re-flash the device with a good image.
How can I make sense out of the Intel AMT Event Log messages?
There is a conversion in the IPMI (Intelligent Platform Management Interface) Specification that takes the event data number and turns it into text. You can get the IPMI Specifications at the following link:
How do you reset the password for the Intel Management Engine BIOS if you have forgotten the password?
To reset the password of ME BIOS, disconnect the power cord and LAN cable. Remove the CMOS battery for 15 seconds and re-insert it. This time when you power on, the ME settings will revert to the factory defaults. The default user name and password is admin/admin. Please remember to change it to a strong password before configuring the ME further.
Where is the SCS getting it’s time from? Windows time is set correctly, but the SCS’s time is different.
The SCS gets the time from the OS (displays as UTC.) The Intel AMT Clock can be synchronized from within the SCS.


This section contains answers to questions that are not common or frequently asked, but still may be of interest to developers using Intel® Active Management Technology (Intel® AMT).

Is Intel AMT aware of Virtual Machine Hosts installed on a machine?
Intel AMT is neither aware of nor does it control any of the software installed on the system including virtual machines. Intel AMT allows remote management consoles to connect to it and manage the system as a whole not the individual software components. Host-based software components need to be managed the same way with or without Intel AMT.
What market segment does Intel AMT address?
Intel AMT has initially been targeted at the corporate environment. Large IT shops that manage lots of computers that want to reduce the number of desk side visits. But there are a lot of other markets that love Intel AMT. The embedded market has actually been really big (e.g., cash registers and ATM machines). They have computers at remote sites and it is a big cost to remotely fix those systems. Intel AMT is also helping a lot with smaller businesses, the internet cafes, schools, and elsewhere where management of computers remotely is important.
Can Intel AMT be standalone or integrated with other applications? Please give a specific example?
Intel AMT is much like an agent that is located in the hardware. Any management application can integrate with Intel AMT to provide additional and enhanced features. ISVs that address manageability are encouraged to supplement their solution with Intel vPro technology. A specific example would be software asset inventory, where an application running on the host would store inventory information in Intel AMTs 3rd party data store where it could be retrieved by a remote management console via Intel AMT calls, even when that system is off or disabled.
Is Intel vPro technology available in laptops and handheld devices?
It is available on laptops and on any platform that is branded Intel® vPro™ technology (refer to this link for available systems). Handheld devices are not currently supported.
Is Intel AMT disabled by default on Intel vPro devices? If not, can it be disabled or have any default passwords changed by end users not part of the IT-supported network?
All Intel vPro computers come with Intel AMT turned off by default. Some OEMs configure their Intel vPro computers to attempt to find a configuration server when first attached to a network. If they don't find this configuration server, they will remain off. This is a very important security precaution. The default password in the Manageability Engine is changed the first time it is accessed, before it is provisioned and operational. If a configuration server is found and authenticated correctly, Intel AMT can be setup and configured, but that requires certificates and so on.
Whenever an SOL session is opened using the IMRGUI, 100% of the CPU resources are taken.
Check if the Windows firewall is blocking communication. IMRGUI should start working once HyperTerminal is working properly.
When I use Intel AMT IDE-R and SOL to boot a remote Intel AMT client with a Linux rescue boot image, I cannot receive any messages through SOL after the image begins to boot. Is there any Linux rescue boot image that can keep sending messages to SOL while booting?
The reason why the Linux boot image stops sending messages to the SOL terminal could be that the image isn't configured to send messages to the serial console. To enable the boot image to do so, pass some parameters to the boot image when it begins to boot. You can find more details in the Linux Configuration section in this doc:
Can you transfer the private key to the system wrapped by the ISV in their public key?
Is there a way to determine if the user has correctly selected a valid floppy and CD boot drive and/or image file?
There isn't any way from Intel AMT to determine this.
Why are there events in the event log when running in an unprovisioned state?
There are default filters defined even in the unprovisioned state.

Remote Encryption Management

This section contains answers to some common questions encountered when developing solutions that utilize the Remote Encryption Management capability available with Intel AMT systems.

How do I get started with the code and documentation on Remote Encryption Management?
It depends on whether your solution already manages encrypted hard drives (or is being developed to do so), or you simply want to request unlocked drives provisioned by another solution. In the Remote Encryption Management documentation, a company with a solution that manages encrypted hard drives (including the initial provisioning) is referred to as an Encryption (or Security) ISV, and one that interacts with that solution to request an unlock is a Manageability ISV. There is documentation targeted at both use models in the “SDK Resources” section of the Intel AMT SDK documentation.
Do I need to use the included ISO file and IDE Redirection to use Remote Encryption Management?
No, a developer can incorporate the functionality into an already existing pre-boot authentication (PBA) implementation that handles a local user unlocking the hard drive. This of course assumes that the developer’s solution has a PBA that unlocks the drive before the system boots into the OS.
What is the difference between developing a solution with Remote Encryption Management using the provided ISO file, compared to including the functionality into a pre-boot authentication (PBA) implementation?
There are two primary differences. First, incorporation into a PBA will likely require more development work. But more importantly, incorporation into a PBA will result in a solution that can unlock systems substantially faster. Using the ISO image, the system will need to go through a reboot to load the ISO over the network, which takes time and bandwidth.
Is the source code for the ISO image available?
Yes, it is provided in the folder .\Windows\Remote_Encryption_Management\src\linux-sources in the Intel AMT SDK.
What is the Manageability Interface that is documented in the SDK?
The Manageability interface is an example of a programmatic interface that allows an Intel vPro system to be powered on and unlocked by a separate management solution (or possibly scripting). Since many IT shops often have a different solution that manages the computers in their environment than the one that manages the encrypted hard drives (or potentially even multiple solutions that manage the computers in their environment), this gives a mechanism to the management solution to allow an unlock and manage blocks of systems (which is a common use case of Intel vPro technology). The provided example shows a way to implement this functionality that is structured very close to how a management ISV implements Intel vPro technology calls. Note that it is important to implement authentication on this interface, typically with either Digest or Kerberos authentication.
If I want to develop a solution that will request an unlock from another ISV’s encryption solution, what do I need to do?
That partially depends on the ISV, but as a first step you should refer to the Manageability Interface document in the SDK. Intel is recommending that encryption ISVs implement a solution (and use the provided Manageability Interface example as a template), but it is up to the individual solution vendors for how (and whether) they implement.

[1] Requires activation and a system with a corporate network connection, an Intel® AMT-enabled chipset, network hardware and software. For notebooks, Intel AMT may be unavailable or limited over a host OS-based VPN, when connecting wirelessly, on battery power, sleeping, hibernating or powered off. Results dependent upon hardware, setup and configuration. For more information, visit Intel® Active Management Technology.

[2] Intel® vPro™ Technology is sophisticated and requires setup and activation. Availability of features and results will depend upon the setup and configuration of your hardware, software and IT environment. To learn more visit:

For more complete information about compiler optimizations, see our Optimization Notice.