AMT_SetupAndConfigurationService

WS-Management > WS-Management Class Reference > AMT Classes > AMT_SetupAndConfigurationService

SUMMARY: NESTED | FIELD | | METHOD

Class AMT_SetupAndConfigurationService

Used in features: Provisioning , Security Administration , General Info
Compatible with the following Intel AMT Releases: 3.0, 3.2, 4.0, 5.0, 5.1, 6.0, 6.1, 6.2, 7.0, 8.0, 8.1, 9.0, 9.5, 10.0, 11.0

CIM_ManagedElement
   CIM_ManagedSystemElement
      CIM_LogicalElement
         CIM_EnabledLogicalElement
            CIM_Service
               CIM_SecurityService
                  CIM_AuthenticationService
                     CIM_CredentialManagementService
                        AMT_SetupAndConfigurationService


extends CIM_CredentialManagementService

General Information:
Describes the Setup and Configuration Service, which is the logic in Intel(R) AMT that responds to Setup and Configuration requests.

Qualifiers:
-------------
Version=11.0.0

Supported Fields Summary
`uint16`	`RequestedState` RequestedState is an integer enumeration that indicates the last requested or desired state for the element, irrespective of the mechanism through which it was requested . . .
`uint16`	`EnabledState` EnabledState is an integer enumeration that indicates the enabled and disabled states of an element . . .
`string`	`ElementName` A user-friendly name for the object . . .
`string`	`SystemCreationClassName` The CreationClassName of the scoping System.
`string`	`SystemName` The Name of the scoping System.
`string`	`CreationClassName` CreationClassName indicates the name of the class or the subclass that is used in the creation of an instance . . .
`string`	`Name` The Name property uniquely identifies the Service and provides an indication of the functionality that is managed . . .
`uint8`	`ProvisioningMode` A Read-Only enumeration value that determines the behavior of Intel(R) AMT when it is deployed . . .
`uint8`	`ProvisioningState` An enumeration value that indicates the state of the Intel(R) AMT subsystem in the provisioning process"Pre" - the setup operation has not started."In" - the setup operation is in progress."Post" - Intel(R) AMT is configured.
`boolean`	`ZeroTouchConfigurationEnabled` Indicates if Zero Touch Configuration (Remote Configuration) is enabled or disabled . . .
`uint8[32]`	`ProvisioningServerOTP` A optional binary data value containing 8-32 characters,that represents a one-time password (OTP), used to authenticate the Intel(R) AMT to the configuration server . . .
`string`	`ConfigurationServerFQDN` The FQDN of the configuration server.
`uint8`	`PasswordModel` An enumeration value that determines the password model of Intel(R) AMT.
`string`	`DhcpDNSSuffix` Domain name received from DHCP.
`string`	`TrustedDNSSuffix` The FQDN of the configuration server.

Methods Summary
`uint32`	`CommitChanges()` Commits pending configuration commands made to the Intel(R) AMT device . . .
`uint32`	`Unprovision(ProvisioningMode)` Resets the Intel(R) AMT device to default factory settings . . .
`uint32`	`PartialUnprovision()` Transfers Intel(R) AMT into a partially-unprovisioned state: Except for configuration settings required for the next provisioning: Admin ACL settings, TLS-PSK keys, Host & Domain name, and provisioning server IP and port number, settings will be restored to factory defaults . . .
`uint32`	`ExtendProvisioningPeriod(Duration)` This method allows a configuration server to extend the configuration time, in which Intel(R) AMT is expected to be provisioned . . .
`uint32`	`SetMEBxPassword(Password)` This method sets the ME Bios extension password . . .
`uint32`	`GetUuid(UUID)` This method returns the Universal Unique ID of the platform (UUID).
`uint32`	`GetUnprovisionBlockingComponents(Component)` This command returns the components that caused the last unprovisioning (full or partial) request to fail with the PT_STATUS_BLOCKING_COMPONENT error.
	`Put(Instance)` Changes properties of the selected instance
	`Get(Instance)` Gets the representation of the instance
	`Pull(EnumerationContext, MaxElements)` Pulls instances of this class, following an Enumerate operation
	`Enumerate()` Enumerates the instances of this class
	`Release(EnumerationContext)` Releases an enumeration context

Field Detail

RequestedState

public uint16 RequestedState

General Information:
RequestedState is an integer enumeration that indicates the last requested or desired state for the element, irrespective of the mechanism through which it was requested. The actual state of the element is represented by EnabledState. This property is provided to compare the last requested and current enabled or disabled states. Note that when EnabledState is set to 5 ("Not Applicable"), then this property has no meaning. Refer to the EnabledState property description for explanations of the values in the RequestedState enumeration.
"Unknown" (0) indicates the last requested state for the element is unknown.
Note that the value "No Change" (5) has been deprecated in lieu of indicating the last requested state is "Unknown" (0). If the last requested or desired state is unknown, RequestedState should have the value "Unknown" (0), but may have the value "No Change" (5).Offline (6) indicates that the element has been requested to transition to the Enabled but Offline EnabledState.
It should be noted that there are two new values in RequestedState that build on the statuses of EnabledState. These are "Reboot" (10) and "Reset" (11). Reboot refers to doing a "Shut Down" and then moving to an "Enabled" state. Reset indicates that the element is first "Disabled" and then "Enabled". The distinction between requesting "Shut Down" and "Disabled" should also be noted. Shut Down requests an orderly transition to the Disabled state, and might involve removing power, to completely erase any existing state. The Disabled state requests an immediate disabling of the element, such that it will not execute or accept any commands or processing requests.

This property is set as the result of a method invocation (such as Start or StopService on CIM_Service), or can be overridden and defined as WRITEable in a subclass. The method approach is considered superior to a WRITEable property, because it allows an explicit invocation of the operation and the return of a result code.

If knowledge of the last RequestedState is not supported for the EnabledLogicalElement, the property shall be NULL or have the value 12 "Not Applicable".

Qualifiers:
-------------
ValueMap={0, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, .., 32768..65535}
Values={Unknown, Enabled, Disabled, Shut Down, No Change, Offline, Test, Deferred, Quiesce, Reboot, Reset, Not Applicable, DMTF Reserved, Vendor Reserved}
ModelCorrespondence={CIM_EnabledLogicalElement.EnabledState}

EnabledState

public uint16 EnabledState

General Information:
EnabledState is an integer enumeration that indicates the enabled and disabled states of an element. It can also indicate the transitions between these requested states. For example, shutting down (value=4) and starting (value=10) are transient states between enabled and disabled. The following text briefly summarizes the various enabled and disabled states:
Enabled (2) indicates that the element is or could be executing commands, will process any queued commands, and queues new requests.
Disabled (3) indicates that the element will not execute commands and will drop any new requests.
Shutting Down (4) indicates that the element is in the process of going to a Disabled state.
Not Applicable (5) indicates the element does not support being enabled or disabled.
Enabled but Offline (6) indicates that the element might be completing commands, and will drop any new requests.
Test (7) indicates that the element is in a test state.
Deferred (8) indicates that the element might be completing commands, but will queue any new requests.
Quiesce (9) indicates that the element is enabled but in a restricted mode.
Starting (10) indicates that the element is in the process of going to an Enabled state. New requests are queued.

Qualifiers:
-------------
ValueMap={0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11..32767, 32768..65535}
Values={Unknown, Other, Enabled, Disabled, Shutting Down, Not Applicable, Enabled but Offline, In Test, Deferred, Quiesce, Starting, DMTF Reserved, Vendor Reserved}
ModelCorrespondence={CIM_EnabledLogicalElement.OtherEnabledState}

ElementName

public string ElementName

General Information:
A user-friendly name for the object. This property allows each instance to define a user-friendly name in addition to its key properties, identity data, and description information.
Note that the Name property of ManagedSystemElement is also defined as a user-friendly name. But, it is often subclassed to be a Key. It is not reasonable that the same property can convey both identity and a user-friendly name, without inconsistencies. Where Name exists and is not a Key (such as for instances of LogicalDevice), the same information can be present in both the Name and ElementName properties. Note that if there is an associated instance of CIM_EnabledLogicalElementCapabilities, restrictions on this properties may exist as defined in ElementNameMask and MaxElementNameLen properties defined in that class.

Product Specific Usage:
This is a read-only property.
In Intel AMT Release 6.0 and later releases value is 'Intel(r) AMT Setup and Configuration Service'

Qualifiers:
-------------
MaxLen=45

SystemCreationClassName

public string SystemCreationClassName

General Information:
The CreationClassName of the scoping System.

Product Specific Usage:
In Intel AMT Release 6.0 and later releases value is 'CIM_ComputerSystem'

Qualifiers:
-------------
Key
MaxLen=20
Propagated=CIM_System.CreationClassName

SystemName

public string SystemName

General Information:
The Name of the scoping System.

Product Specific Usage:
In Intel AMT Release 6.0 and later releases value is 'Intel(r) AMT'

Qualifiers:
-------------
Key
MaxLen=256
Propagated=CIM_System.Name

CreationClassName

public string CreationClassName

General Information:
CreationClassName indicates the name of the class or the subclass that is used in the creation of an instance. When used with the other key properties of this class, this property allows all instances of this class and its subclasses to be uniquely identified.

Product Specific Usage:
In Intel AMT Release 6.0 and later releases value is 'AMT_SetupAndConfigurationService'

Qualifiers:
-------------
Key
MaxLen=35

Name

public string Name

General Information:
The Name property uniquely identifies the Service and provides an indication of the functionality that is managed. This functionality is described in more detail in the Description property of the object.

Product Specific Usage:
In Intel AMT Release 6.0 and later releases value is 'Intel(r) AMT Setup and Configuration Service'

Qualifiers:
-------------
Key
Override=Name
MaxLen=45

ProvisioningMode

public uint8 ProvisioningMode

General Information:
A Read-Only enumeration value that determines the behavior of Intel(R) AMT when it is deployed. Starting from Release 7.0, this enumeration indicates whether AMT is deployed in "Admin control mode" or "Client control mode". In "Admin" mode, AMT functionality is on the same level of previous releases. In "Client" mode fucntionality is limited or requires user consent.

Product Specific Usage:
In AMT Release 6.0 and later releases, value is 'Enterprise' (1) and is read-only.
In AMT Release 7.0, the value map has changed to "Admin Control Mode" (1 - matches the previous "enterprise" mode)
and "Client Control Mode" (4).

Qualifiers:
-------------
ValueMap={1, .., 4, ..}
Values={Admin Control Mode, Reserved1, Client Control Mode, Reserved2}

ProvisioningState

public uint8 ProvisioningState

General Information:
An enumeration value that indicates the state of the Intel(R) AMT subsystem in the provisioning process"Pre" - the setup operation has not started."In" - the setup operation is in progress."Post" - Intel(R) AMT is configured.

Product Specific Usage:
This is a read-only property.

Qualifiers:
-------------
ValueMap={0, 1, 2}
Values={Pre, In, Post}

ZeroTouchConfigurationEnabled

public boolean ZeroTouchConfigurationEnabled

General Information:
Indicates if Zero Touch Configuration (Remote Configuration) is enabled or disabled. This property affects only enterprise mode. It can be modified while in SMB mode

Product Specific Usage:
can be modified while in Post-provisioning state (ProvisioningState = 'Post')

ProvisioningServerOTP

public uint8[32] ProvisioningServerOTP

General Information:
A optional binary data value containing 8-32 characters,that represents a one-time password (OTP), used to authenticate the Intel(R) AMT to the configuration server. This property can be retrieved only in IN Provisioning state, nevertheless, it is settable also in POST provisioning state.

Product Specific Usage:
This property is only visible / usable for users of ADMIN_SECURITY_ADMINISTRATION realm.
CommitChanges method deletes its value, it should be set in post-provisioning state before reprovisioning

Qualifiers:
-------------
OctetString

ConfigurationServerFQDN

public string ConfigurationServerFQDN

General Information:
The FQDN of the configuration server.

Product Specific Usage:
Can be modified while in Post-provisioning state

Qualifiers:
-------------
MaxLen=255

PasswordModel

public uint8 PasswordModel

General Information:
An enumeration value that determines the password model of Intel(R) AMT.

Product Specific Usage:
This is a read-only property.
While in post-provisioning state, value is 'Separate password model' (1), otherwise value is 'Coupled password model' (0)

Qualifiers:
-------------
ValueMap={0, 1, 2}
Values={Coupled password model (the password of the network and the local interfaces are identical), Separate password model (the password of the network and the local interfaces are separate), Separate-Hash password model}

DhcpDNSSuffix

public string DhcpDNSSuffix

General Information:
Domain name received from DHCP

TrustedDNSSuffix

public string TrustedDNSSuffix

General Information:
Trusted domain name configured in MEBX

Method Detail

CommitChanges

public uint32 CommitChanges()

Permission Information:
Permitted realms: ADMIN_SECURITY_ADMINISTRATION_REALM

General Information:
Commits pending configuration commands made to the Intel(R) AMT device. Completes configuration when in "IN-provisioning" state

Product Specific Usage:
This routine commits pending configuration commands which are dependent on an internal restart sequence or a cumulative validity check.
Failure to execute this command prevents the pending configurations (which are not stored in flash memory) to take effect. Operations (or situations such as a power loss) that immediately change flash memory depend on a call to CommitChanges()to refresh the internal Firmware state.
Note:
1. If TLS is enabled, RSA Key and Certificate must be configured in order to work properly with the changes being committed.
2. If DHCP is enabled, host-name must be set.
3. If mutual authentication is configured, then at least one trusted root certificate must exist.
4. When using TLS mutual authentication, the user must first configure the Intel AMT system time.
5. If in EnterpriseMode Provisioning, then caller must update the internal clock and change the PRNG.
Since committing changes may cause an internal restart sequence, remote applications should allow sufficient time for Intel AMT to reload before issuing the next command.

Qualifiers:
-------------
ValueMap={0, 1, 38, 2057}
Values={PT_STATUS_SUCCESS, PT_STATUS_INTERNAL_ERROR, PT_STATUS_FLASH_WRITE_LIMIT_EXCEEDED, PT_STATUS_DATA_MISSING}

Unprovision

public uint32 Unprovision([IN]uint32 ProvisioningMode)

Permission Information:
Permitted realms: ADMIN_SECURITY_ADMINISTRATION_REALM

General Information:
Resets the Intel(R) AMT device to default factory settings. The device will need to be re-provisioned after this command.

Product Specific Usage:
In Client Control Mode, call will succeed even if auditor is blocking the operation.

Qualifiers:
-------------
ValueMap={0, 1, 16, 36, 2076}
Values={PT_STATUS_SUCCESS, PT_STATUS_INTERNAL_ERROR, PT_STATUS_NOT_PERMITTED, PT_STATUS_INVALID_PARAMETER, PT_STATUS_BLOCKING_COMPONENT}

Parameters:
--------------

ProvisioningMode: General Information:
Indicates the provisioning mode (Enterprise , Small Business or Remote Connectivity) the device will enter following successful completion of the command. Starting from Release 6.0 only effective value is ProvisioningModeEnterprise

Qualifiers:
-------------
IN
ValueMap={0, 1, 2, 3}
Values={ProvisioningModeCurrent, ProvisioningModeEnterprise, ProvisioningModeSmallBusiness, ProvisioningRemoteConnectivity}

PartialUnprovision

public uint32 PartialUnprovision()

Permission Information:
Permitted realms: ADMIN_SECURITY_ADMINISTRATION_REALM

General Information:
Transfers Intel(R) AMT into a partially-unprovisioned state: Except for configuration settings required for the next provisioning: Admin ACL settings, TLS-PSK keys, Host & Domain name, and provisioning server IP and port number, settings will be restored to factory defaults. The device will need to be re-provisioned after this command.

Product Specific Usage:
This command puts Intel AMT into a Partial Unprovision state.
The effect of this command is similar to calling the Unprovision() command (with ProvisioningMode set to "Enterprise").
The only difference is that the following settings remain unchanged:
- Admin ACL settings (name and password)
- TLS-PSK keys
- Host name
- Provisioning server IP and port number
- Domain name

In Client Control Mode, call will succeed even if auditor is blocking the operation

Qualifiers:
-------------
ValueMap={0, 1, 16, 2076}
Values={PT_STATUS_SUCCESS, PT_STATUS_INTERNAL_ERROR, PT_STATUS_NOT_PERMITTED, PT_STATUS_BLOCKING_COMPONENT}

ExtendProvisioningPeriod

public uint32 ExtendProvisioningPeriod([IN]uint32 Duration)

Permission Information:
Permitted realms: ADMIN_SECURITY_ADMINISTRATION_REALM

General Information:
This method allows a configuration server to extend the configuration time, in which Intel(R) AMT is expected to be provisioned. If a configuration server does not call this command before the provisioning period expires, Intel(R) AMT will close the network interface.

Product Specific Usage:
Actually sets (not necessarily extends) the period, can be used to close the provisioning time window (with Duration = 0)

Qualifiers:
-------------
ValueMap={0, 1, 16}
Values={PT_STATUS_SUCCESS, PT_STATUS_INTERNAL_ERROR, PT_STATUS_NOT_PERMITTED}

Parameters:
--------------

Duration: General Information:
The extension duration in hours (limited to maximum value of 24 in each call).

Qualifiers:
-------------
IN

SetMEBxPassword

public uint32 SetMEBxPassword([IN]string Password)

Permission Information:
Permitted realms: ADMIN_SECURITY_ADMINISTRATION_REALM

General Information:
This method sets the ME Bios extension password. It allows a remote caller to change the ME access password for the BIOS extension screen. This call succeeds depending on the password policy rule defined in MEBx (BIOS extension):"Default Password Only" - Method succeeds only when the current password is still the default value and only in PKI provisioning. "During Setup and Configuration" - Method succeeds only during provisioning, regardless of provisioning method or previous password value."ANYTIME" - Method will always succeed. (i.e. even when configured)

Product Specific Usage:
API is blocked in client control mode

Qualifiers:
-------------
ValueMap={0, 1, 16, 2054}
Values={PT_STATUS_SUCCESS, PT_STATUS_INTERNAL_ERROR, PT_STATUS_NOT_PERMITTED, PT_STATUS_INVALID_PASSWORD}

Parameters:
--------------

Password: General Information:
Password needs to be strong: Contain at least one of: upper-case, lower-case, digit and special character

Qualifiers:
-------------
IN
MinLen=8
MaxLen=32

GetUuid

public uint32 GetUuid([OUT]uint8 UUID[16])

Permission Information:
Permitted realms: ADMIN_SECURITY_ADMINISTRATION_REALM, ADMIN_SECURITY_GENERAL_INFO_REALM

General Information:
This method returns the Universal Unique ID of the platform (UUID).

Product Specific Usage:
Additional Notes:
1) 'GetUuid' is only supported in Intel AMT Release 4.0 and later releases.
2) 'GetUuid' in Intel AMT Release 4.0 is permitted only to 'ADMIN_SECURITY_ADMINISTRATION_REALM'.

Qualifiers:
-------------
ValueMap={0, 1}
Values={PT_STATUS_SUCCESS, PT_STATUS_INTERNAL_ERROR}

Parameters:
--------------

UUID: General Information:
UUID of the system. If the value is all FFh, the ID is not currently present in the system, but is settable. If the value is all 00h, the ID is not present in the system. Corresponds to the UUID field of the SMBIOS Type 1 structure

Qualifiers:
-------------
OUT
OctetString

GetUnprovisionBlockingComponents

public uint32 GetUnprovisionBlockingComponents([OUT]uint32 Component[])

Permission Information:
Permitted realms: ADMIN_SECURITY_ADMINISTRATION_REALM, ADMIN_SECURITY_GENERAL_INFO_REALM

General Information:
This command returns the components that caused the last unprovisioning (full or partial) request to fail with the PT_STATUS_BLOCKING_COMPONENT error.

Product Specific Usage:
Additional Notes:
1) 'GetUnprovisionBlockingComponents' method is supported in Intel AMT Release 4.0 and later releases.

Qualifiers:
-------------
ValueMap={0, 1, 2..65535}
Values={PT_STATUS_SUCCESS, PT_STATUS_INTERNAL_ERROR, Reserved}

Parameters:
--------------

Component: General Information:
components that caused the last unprovisioning (full or partial) request to fail

Qualifiers:
-------------
Required
OUT
ValueMap={1, 2..65535}
Values={COMPONENT_AUDIT_LOG, Reserved}

Put

public  Put([IN]AMT_SetupAndConfigurationService Instance)

Permission Information:
Permitted realms: ADMIN_SECURITY_ADMINISTRATION_REALM

General Information:
Changes properties of the selected instance

Product Specific Usage:
Can be used to update Provisioning Mode, ZTC Enabled, Provisioning Server OTP and Configuration Server FQDN.

The following properties must be included in any representation of AMT_BootSettingData:
SystemCreationClassName (cannot be modified)
SystemName (cannot be modified)
CreationClassName (cannot be modified)
Name (cannot be modified)

API is blocked in client control mode

Get

public  Get([OUT]AMT_SetupAndConfigurationService Instance)

Permission Information:
Permitted realms: ADMIN_SECURITY_ADMINISTRATION_REALM, ADMIN_SECURITY_GENERAL_INFO_REALM

General Information:
Gets the representation of the instance

Pull

public  Pull([IN]String EnumerationContext, [IN]String MaxElements)

Permission Information:
All users permitted to use method, only instances to whom the user has permissions will be returned

General Information:
Pulls instances of this class, following an Enumerate operation

Enumerate

public  Enumerate()

Permission Information:
All users permitted to use method

General Information:
Enumerates the instances of this class

Release

public  Release([IN]String EnumerationContext)

Permission Information:
All users permitted to use method

General Information:
Releases an enumeration context

SUMMARY: NESTED | FIELD | METHOD

DETAIL: FIELD | METHOD