Intel AMT Features > Remote Access > Use Cases > Add a Remote Access Policy
CollapseAll image

Add a Remote Access Policy

The following steps describe how to set a Remote Access policy, used to establish a secure tunnel between a management console and the Intel AMT platform.

1.  Retrieve the instance of AMT_RemoteAccessService, where the “Name” key equals “Intel(r) AMT Remote Access Service”.

2.  Invoke AMT_RemoteAccessService.AddRemoteAccessPolicyRule with the following parameters:




The event that will trigger the establishment of the remote connection to the MPS. Valid values:

0 – User Initiated

1 – Alert

2 – Periodic


Defines the tunnel’s lifetime in seconds. A value of 0 means that the tunnel should stay open until it is closed by the CloseRemoteAccessConnection method or when a different policy with a higher priority needs to be processed.


Set only for periodic policy. Defines the idle periods of the connection.

The extended data can be in one of two formats: periodic interval or daily interval. The input values must be converted to base64 format.

Periodic interval:

UINT32                        0

UINT32                        interval in seconds


Daily interval:

UINT32                        1

UINT32                        Hour in the day (0-23)

UINT32                        Minutes in the hour (0-59)



EPRs of one or two MPSs used to open the connection using this policy. Use the EPR that was returned when creating each MPS (see Add a Management Presence Server). The first MPS reference is the primary MPS, while the second is used as a backup if it is not possible to establish a connection with the first MPS.



If successful, the method returns a handle to the new Remote Access policy.


Click here for a snippet demonstrating this step

You can execute this snippet by inserting it into the execution template found here.


$extendedData = "AAAAAAAAABk=" # = 25 seconds in base 64 with network order.

$remoteAccessServiceRef = $wsmanConnectionObject.NewReference("SELECT * FROM AMT_RemoteAccessService WHERE Name='Intel(r) AMT Remote Access Service'")

$inputObject = $remoteAccessServiceRef.CreateMethodInput("AddRemoteAccessPolicyRule")

$inputObject.SetProperty("Trigger", "2")

$inputObject.SetProperty("TunnelLifeTime", "0")

$inputObject.SetProperty("ExtendedData", $extendedData)

# $mpServerRef is an EPR to the AMT_ManagementPresenceRemoteSAP object created by the 'Add a Management Presence Server' use case.

$inputObject.SetProperty("MpServer", $mpServerRef)

$outputObject = $remoteAccessServiceRef.InvokeMethod($inputObject)

$returnValue = $outputObject.GetProperty("ReturnValue")

if($returnValue -like "0")


    $policyRule = $outputObject.GetProperty("PolicyRule")




Instance Diagram

Classes Used in This Flow

SDK Sample

Located at:<SDK_root>\Windows\Intel_AMT\Samples\WS-Management\RemoteAccessAdmin


See Also:

   Remote Access Policies

   Enabling Remote Access

Copyright © 2006-2013, Intel Corporation. All rights reserved.