I recently created a script in hopes of enabling and configuring Intel AMT on all of our machines spanning several remote branches. They already have the Intel Management and Security Client installed, and it's not enabled by default - it's how they came from Dell. My plan was to copy the script to the branch server and it would use psexec to run the script on each specified workstation. In testing the script, I can open the Management and Security Client and verify that the settings appear to be correct, but if I restart and enter the MEBx interface from the bios, it hasn't applied anything - it's still disabled, and hasn't applied the new password or anything from the xml profile that was generated and specified in the script - the client doesn't seem to pass the info to the BIOS level. Do I need to use the Intel® vPro Technology Activator Utility, or is there something else I'm missing?
REM This script is intended to deploy a default profile for Intel AMT settings to all AMT-enabled devices on the network
REM This script is intended to be run from the server in the store and target the workstations in the same store
REM Place PsExec.exe (SysInternals), ACU.dll (Intel SCS), ACUConfig.exe (Intel SCS), IntelAMTDefaultProfile.xml, and this script on the store server in C:\Scripts\AMT_Temp prior to running the script
REM The target machine must be configured for a static ip in order for this script to work
echo --------------------Intel AMT Settings Deployment Script v1.0--------------------
echo --------------------------------Last updated: 01/06/2014--------------------------------
echo Let's deploy the Intel AMT settings to a remote computer..
echo Enter the IP address or hostname of the store SERVER (this computer) and press ENTER:
SET /P SERVER_ID=
echo Enter the name of a local administrator account on the WORKSTATION that you know the password for.
SET /P ADMIN_USER=
echo Enter the password of the user you chose and press Enter:
SET /P ACCT_PASSWD=
echo Enter the IP address or hostname of the WORKSTATION and press ENTER:
SET /P REMOTE_ID=
IF exist "\\%REMOTE_ID%\C$\Program Files (x86)\Intel\Intel(R) Management Engine Components" goto AMTPresent
xcopy /f /i \\%SERVER_ID%\C$\Scripts\AMT_Temp \\%REMOTE_ID%\C$\Scripts\AMT_Temp
PsExec.exe \\%REMOTE_ID% /u %ADMIN_USER% /p "%ACCT_PASSWD%" "C:\Scripts\AMT_Temp\ACUConfig.exe" /Output File C:\intelamtinstalllog.txt ConfigAMT C:\Scripts\AMT_Temp\IntelAMTDefaultProfile.xml /DecryptionPassword "insertdecryptionpasswordhere" /AbortOnFailure /AdminPassword "admin"
PsExec.exe \\%REMOTE_ID% /u %ADMIN_USER% /p "%ACCT_PASSWD%" rmdir \\%REMOTE_ID%\C$\Scripts\AMT_Temp
echo Done with this machine..
echo Rebooting the machine before moving on..
runas /netonly /user:%REMOTE_ID%\%ADMIN_USER% "shutdown /r /m \\%REMOTE_ID% /t 60 /c \"A computer reboot has been initiated by the IT Department (%USERNAME%) and will take place in 60 seconds. Please save any changes before the reboot.\""
IF not exist "\\%REMOTE_ID%\C$\Program Files (x86)\Intel\Intel(R) Management Engine Components" goto AMTNotPresent
echo This system isn't AMT-enabled. Move on to the next machine on the list..