CollapseAll image

Add a Kerberos User

The following steps describe how to add a new Kerberos user to the system, given the SID of an Active Directory User or Group.

1.  Retrieve the instance of AMT_ AuthorizationService, where the “Name” key equals “Intel(r) AMT Authorization Service”.

2.  Invoke AMT_AuthorizationService.AddUserAclEntryEx with the following parameters:




User/Group SID in Base64 format


Access Permissions identifying if the user will have local or network access or both


A list of Realms to which the user will have access


3.  The method returns an Output Parameter Handle on successful completion that identifies the new user for subsequent references.

Click here for a snippet demonstrating this step

You can execute this snippet by inserting it into the execution template found here.


$authorizationServiceRef =$wsmanConnectionObject.NewReference("SELECT * FROM AMT_AuthorizationService WHERE Name='Intel(r) AMT Authorization Service'")

$inputObject =$authorizationServiceRef.CreateMethodInput("AddUserAclEntryEx")


$inputObject.SetProperty("AccessPermission","2") # 2 = any access permission.

$inputObject.AddProperty("Realms","2") # 2 = Redirection realm.

$outputObject =$authorizationServiceRef.InvokeMethod($inputObject)

$returnValue =$outputObject.GetProperty("ReturnValue")

if($returnValue -like "0")


    $handle =$outputObject.GetProperty("Handle")




Instance Diagram

Not applicable

Classes Used in This Flow

SDK Sample

If there is a sample demonstrating this flow, it is included in the SDK installation file. See SDK Installation Layout for details.  

See Also:

   Intel AMT Users and Permissions/Realms

   Realm Names and Realm Shortcuts

Copyright © 2006-2022, Intel Corporation. All rights reserved.