CollapseAll image

Get the Posture and Posture Hash

The following steps describe how to get the posture and posture hash if the EAC service is enabled. If the service is not enabled, these requests will fail. The posture hash can be used to check if the posture was changed, by comparing to the last computed hash value.

 Note:

Beginning in Intel AMT Release 9.0 NAC is no longer supported.

The user performing this use case should have LocalAdmin privileges. Performing the GetPostureHash method requires access to the LOCAL_ADMIN_REALM.

 

1.  Retrieve the instance of AMT_EndpointAccessControlService., where the “Name” key equals “Intel(r) AMT Endpoint Access Control Service”.

2.  Examine the EndpointAccessControlService.EnabledState property. If the service is enabled (value 2), perform the following:

a.  Retrieve the posture by invoking AMT_EndpointAccessControlService.GetPosture with the following parameter:

Parameter

Value

PostureType

0

b.  Retrieve the posture hash by invoking AMT_EndpointAccessControlService.GetPostureHash with the following parameter:

Parameter

Value

PostureType

0

 

Click here for a snippet demonstrating this step

You can execute this snippet by inserting it into the execution template found here.

  

$endpointAccessControlServiceRef =$wsmanConnectionObject.NewReference("SELECT * FROM AMT_EndpointAccessControlService WHERE Name='Intel(r) AMT Endpoint Access Control Service'")

$endpointAccessControlServiceInstance =$endpointAccessControlServiceRef.Get()

$enabledState =$endpointAccessControlServiceInstance.GetProperty("EnabledState")

if($enabledState -like "2")

{

    $inputObject =$endpointAccessControlServiceRef.CreateMethodInput("GetPosture")

    $inputObject.SetProperty("PostureType","0")

    $outputObject =$endpointAccessControlServiceRef.InvokeMethod($inputObject)

    $returnValue =$outputObject.GetProperty("ReturnValue")

    if($returnValue -like "0")

    {

          $signedPosture =$outputObject.GetProperty("SignedPosture")

          $postureChangeHash =$outputObject.GetProperty("PostureChangeHash")

    }

    $inputObject =$endpointAccessControlServiceRef.CreateMethodInput("GetPostureHash")

    $inputObject.SetProperty("PostureType","0")

    $outputObject =$endpointAccessControlServiceRef.InvokeMethod($inputObject)

    $returnValue =$outputObject.GetProperty("ReturnValue")

    if($returnValue -like "0")

    {

          $postureChangeHash =$outputObject.GetProperty("PostureChangeHash")

    }

}

 

 

Instance Diagram

Classes Used in This Flow

SDK Sample

Not applicable

 

Copyright © 2006-2022, Intel Corporation. All rights reserved.