CollapseAll image

Perform Local Setup

The following steps describe how to perform a host-based setup to Client Control mode.

1.  Retrieve the $$OsAdmin credentials by invoking the MEI command CFG_GetLocalSystemAccount, which returns the user ID (always $$OsAdmin) and a randomly generated password. Alternatively, invoke the WMI method OOB_Service.GetLocalAdminCredentials via the ME WMI provider. (See Intel ME WMI Provider). The PC user who performs this step must have OS Admin privileges on the host platform. Use the returned credentials for the following WS-Management requests.

Click here for a snippet demonstrating this step

You can execute this snippet by inserting it into the execution template found here.

  

$connectionWMI = Invoke-WmiMethod-Class OOB_Service -Namespace "ROOT\Intel_ME:OOB_Service" -ComputerName "localhost" -Name "GetLocalAdminCredentials"

$user =$connectionWMI.Username

$password =$connectionWMI.Password

 

 

2.  Retrieve the value of the AMT_GeneralSettings.DigestRealm property by retrieving the instance of AMT_GeneralSettings, where the “InstanceID” key equals “Intel(r) AMT: General Settings”.

Click here for a snippet demonstrating this step

You can execute this snippet by inserting it into the execution template found here.

  

$generalSettingsRef =$wsmanConnectionObject.NewReference("SELECT * FROM AMT_GeneralSettings WHERE InstanceID='Intel(r) AMT: General Settings'")

$generalSettingsInstance =$generalSettingsRef.Get()

$digestRealm =$generalSettingsInstance.GetProperty("DigestRealm")

 

 

3.  Compute NetworkAdminPassword by using the MD5 Hashing function:

NetworkAdminPassword = MD5 (username + “:” + AMT_GeneralSettings.DigestRealm + “:” + plaintextPassword)

The password used in this calculation will be the password for the Intel AMT network admin user.

Click here for a snippet demonstrating this step

You can execute this snippet by inserting it into the execution template found here.

  

$user ="myUser" # The new Administrator user name to config.

$password ="P@ssw0rd" # The new Administrator password to config.

$hash =$user +":" +$digestRealm +":" +$password

$cryptoServiceProvider =[System.Security.Cryptography.MD5CryptoServiceProvider]

$md5Algorithm = New-Object$cryptoServiceProvider

$networkAdminPassword = New-Object System.Text.StringBuilder

# Convert to hex format.

$md5Algorithm.ComputeHash([Char[]]$hash) | % { [void]$networkAdminPassword.Append($_.ToString("x2")) }

 

 

4.  Retrieve the instance of IPS_HostBasedSetupService, where the “Name” key equals “Intel(r) AMT Host Based Setup Service”.

5.  Invoke IPS_HostBasedSetupService.Setup, with the following parameters:

Property

Value

NetAdminPassEncryptionType

2 (HTTP Digest MD5)

NetworkAdminPassword

The password hash

Click here for a snippet demonstrating this step

You can execute this snippet by inserting it into the execution template found here.

  

$hostBasedSetupServiceRef =$wsmanConnectionObject.NewReference("SELECT * FROM IPS_HostBasedSetupService WHERE Name='Intel(r) AMT Host Based Setup Service'")

$inputObject =$hostBasedSetupServiceRef.CreateMethodInput("Setup")

$inputObject.SetProperty("NetAdminPassEncryptionType","2")

$inputObject.SetProperty("NetworkAdminPassword",$networkAdminPassword.ToString())

$outputObject =$hostBasedSetupServiceRef.InvokeMethod($inputObject)

$returnValue =$outputObject.GetProperty("ReturnValue")

 

 

 

 Note:

When IPS_HostBasedSetupService.Setup succeeds, Intel AMT creates an instance of IPS_ClientProvisioningAuditRecord.

 

Instance Diagram

Classes Used in This Flow

SDK Sample

Located at: <SDK_Root>\Windows\ Intel_AMT\Samples\Configuration\HostBasedSetup.

 

Copyright © 2006-2022, Intel Corporation. All rights reserved.