The following tables list the functions that are blocked or modified in Client Control mode.
WS-Management Limitations
The following WS-Management functions are blocked when an Intel AMT platform is in Client Control Mode:
Class Name |
Method/Field Name |
Details |
IPS_KVMRedirectionSettingData |
OptInPolicy |
Read Only in Client Control mode |
IPS_OptInService |
OptInPolicy |
Read Only in Client Control mode |
AMT_SetupAndConfigurationService |
SetTLSPSK |
API is blocked in Client Control mode. |
SetMEBxPassword |
API is blocked in Client Control mode | |
Put |
API is blocked in Client Control mode | |
GetProvisioning |
Deprecated, Callers should use the new IPS_ProvisioningAuditRecord. Returns an error value when not configured using TLS-PSK or remote configuration. | |
GetProvisioning |
Deprecated, Callers should use the new IPS_ProvisioningAuditRecord. Returns an error value when not configured using TLS-PSK or remote configuration. | |
Unprovision |
In Client Control Mode, call will succeed even if auditor is blocking the operation. | |
PartialUnprovision |
In Client Control Mode, call will succeed even if auditor is blocking the operation. | |
AMT_ProvisioningCertificateHash |
Put, Create, Delete |
Methods blocked in Client Control mode. |
AMT_SystemDefensePolicy |
Create |
Blocked in Client Control mode. |
AMT_Hdr8021FIlter |
Create |
Blocked in Client Control mode. |
AMT_IpHeadersFilter |
Create |
Blocked in Client Control mode. |
AMT_NetworkPortSystemDefensePolicy |
Create |
Blocked in Client Control mode. |
AMT_NetworkPortDefaultSystemDefensePolicy |
Create |
Blocked in Client Control mode. |
AMT_HeuristicPacketFilterInterfacePolicy |
Create |
Blocked in Client Control mode. |
AMT_HeuristicPacketFilterSettings |
|
Instance is not created in Client Control mode, and therefore disables the Heuristics System Defense feature. |
AMT_GeneralSystemDefenseCapabilities |
|
Instance is not created in Client Control mode, which disables the System Defense feature. |
SOAP API Limitations
The following SOAP commands are also blocked or modified when Intel AMT is in Client Control Mode:
Command |
Details |
SetTLSPSK |
Returns PT_STATUS_NOT_PERMITTED |
SetMEBxPassword |
Returns PT_STATUS_NOT_PERMITTED |
AddCertificateHashEntry |
Returns PT_STATUS_NOT_PERMITTED |
DeleteCertificateHashEntry |
Returns PT_STATUS_NOT_PERMITTED |
EnableCertificateHashEntry |
Returns PT_STATUS_NOT_PERMITTED |
SetConfigurationServerFQDN |
Returns PT_STATUS_NOT_PERMITTED |
SetProvisioningServerOTP |
Returns PT_STATUS_NOT_PERMITTED |
GetProvisioningAuditRecord |
Returns PT_STATUS_NOT_PERMITTED |
CbPolicyCreate |
Returns PT_STATUS_NOT_PERMITTED |
CbPolicyGetActiveStatistics |
Returns PT_STATUS_NOT_PERMITTED |
CbFilterCreate |
Returns PT_STATUS_NOT_PERMITTED |
CbQueryCapabilities |
Returns supported policies and filters as 0 |
SetHcbOptions |
Returns PT_STATUS_NOT_PERMITTED |
ClearHcbState |
Returns PT_STATUS_NOT_PERMITTED |
ConsoleWatchdogSetCbPolicy |
Will not succeed as there will be no active policies. |
ConsoleWatchdogSetActions with CbActionType input parameter |
Will not succeed as there will be no active policies. |
ExtendProvisioningPeriod |
Will not succeed in Client control Mode |
Copyright © 2006-2022, Intel Corporation. All rights reserved. |