CollapseAll image

Disable or Enable a User

An ACL entry that is disabled prevents the user from being able to authenticate to Intel AMT and to issue commands. Disabling ACL entries is useful when a predefined account (a “$$” account), which cannot be removed, must be disabled (the predefined local admin user $$OsAdmin cannot be disabled).

The following steps describe how to disable or enable a user ACL entry.

1.  Retrieve the instance of AMT_ AuthorizationService, where the “Name” key equals “Intel(r) AMT Authorization Service”.

2.  Invoke AMT_AuthorizationService.SetAclEnabledState with the following parameters:




Specifies the ACL entry to update, returned when the entry was created or when retrieving a list of users.


Specifies the state of the ACL entry

True: Enabled
False: Disabled


Click here for a snippet demonstrating this step

This snippet depends on the handle of an ACL entry created in a diferent use case. See Add a Digest User and Add a Kerberos User.

You can execute this snippet by inserting it into the execution template found here.


$handle ="4" # The handle of the user, returned when the entry was created.

$authorizationServiceRef =$wsmanConnectionObject.NewReference("SELECT * FROM AMT_AuthorizationService WHERE Name='Intel(r) AMT Authorization Service'")

$inputObject =$authorizationServiceRef.CreateMethodInput("SetAclEnabledState")



$outputObject =$authorizationServiceRef.InvokeMethod($inputObject)

$returnValue =$outputObject.GetProperty("ReturnValue")



Instance Diagram

Not applicable

Classes Used in This Flow

SDK Sample

Not applicable


Copyright © 2006-2022, Intel Corporation. All rights reserved.