How Local Setup to Client Control Mode Works

   A local application can interact with Intel AMT before configuration starts using the $$OSAdmin user, as long as the application user has local admin privileges on the host platform.

   The local application requests the $$OsAdmin password, then invokes one WS-Management method and provides a password for the Intel AMT admin user. This step completes Intel AMT setup. You can now configure Intel AMT out of band, using the admin account. All configuration commands can be executed locally, eliminating the need for a remote setup and configuration application.

   This simplified approach provides as many vPro features as possible, using host software to do setup and configuration, while disabling the more security sensitive features.

   By providing additional information (including a public key certificate matching one of the stored root certificates built into Intel AMT and a digital signature), you can perform a host-based setup that has no Intel AMT feature limitations by going directly to Admin Control mode.

   Since setup completes before configuring most Intel AMT parameters, configuring TLS must be done in the clear. Use the certificate enrollment flow to create a private/public key pair without exposing the private key to an unsecure network.

See Also:

   Client Control Mode and Admin Control Mode

   Functional Limitations of Client Control Mode

   Additional Functionality

   User Consent

   SDK Software Support for Host-Based Setup and Configuration

 

Copyright © 2006-2022, Intel Corporation. All rights reserved.