Intel AMT Features > User Consent > Detailed Description

Detailed Description

The user consent feature requires the IT-administrator to supply a code, generated by the Intel AMT platform and displayed to the user. This enhances security when sensitive operations are performed. It also allows the local user to grant permission before certain remote actions take place. The following features require user consent:

   Storage Redirection (USB-R or IDE-R)

   KVM

   Remotely setting BIOS boot options

   Changing boot sources for remote boot (e.g. causing a boot from PXE).

   Using Serial Over LAN specifically to redirect BIOS screens and OS Boot text screens

For more information on flows that require user consent, see the relevant feature.

User consent is required when Intel AMT is in Client Control mode after performing host-based setup. When the platform is in Admin Control mode, the user consent requirement can be turned off, if the PrivacyLevel property permits it. See Intel AMT Features > General Info > Detailed Description for a description of the PrivacyLevel property.

User consent has a CIM class supporting it:

   IPS_OptInService

This service indicates whether opt-in is required, and for which features. It returns the state of a current opt-in action. It indicates whether opt-in can be disabled on this platform. It returns the timeout setting for the amount of time a Sprite or MEBx consent code is displayed to the user.

The service supports the following methods, besides Put and Get: Start Opt-in, which requests Intel AMT to display a consent code to the user; Cancel Opt-in, which cancels the opt-in sequence; and Send Opt-in code, which sends the consent code entered by the console operator to Intel AMT.

See Also:

   User Consent General Flow

   Denial-of-Service Attack Prevention

Copyright © 2006-2020, Intel Corporation. All rights reserved.