CollapseAll image

Set EAC Options

The following steps describe how to set the vendor and posture hash algorithm.

 Note:

   Setting EAC options can only be performed from the network (this limitation was removed  starting in Release 6.1), and requires administrator permissions.

   NAC – NAP hybrid is a mode in which NAP authentication is performed using a Microsoft* RADIUS Server (NPS Server), but the NAP Enforcement Server is a Cicso* ACS Server. To enable NAC-NAP Hybrid mode, set EacVendors to 3 – EAC NAC and NAP.

   Beginning in Intel AMT Release 9.0 NAC is no longer supported.

1.  Retrieve the instance of AMT_EndpointAccessControlService., where the “Name” key equals “Intel(r) AMT Endpoint Access Control Service”.

2.  Examine the EndpointAccessControlService.EnabledState property. If the service is enabled (value 2), disable it by invoking AMT_EndpointAccessControlService.RequestStateChange with the following parameter:

Parameter

Value

RequestedState

3

3.  Invoke AMT_EndpointAccessControlService.SetEacOptions with the following parameters:

Parameter

Value

EacVendors

1 – EAC NAC (supported from Release 4.0)

2 – EAC NAP (supported from Release 4.0)

3 – EAC NAC and NAP (supported from Release 4.0)

PostureHashAlgorithm

1 – SHA-1-60 (supported from Release 4.0)

2 – SHA-2-256 (supported from Release 6.0)

3 – SHA-2-384 (supported from Release 6.0)
(The PVS sample only supports the SHA-1 algorithm.)

4.  Enable the EAC service by invoking AMT_EndpointAccessControlService.RequestStateChange with the following parameter:

Parameter

Value

RequestedState

2

5.  Update the posture state by invoking AMT_EndpointAccessControlService.UpdatePostureState with the following parameter:

Parameter

Value

UpdateType

0

 

Click here for a snippet demonstrating this step

See the Enable/Disable the EAC Service use case for the EnableEACService function.

See the Set a New Posture Signer use case for the UpdatePostureState function.

You can execute this snippet by inserting it into the execution template found here.

  

$endpointAccessControlServiceRef =$wsmanConnectionObject.NewReference("SELECT * FROM AMT_EndpointAccessControlService WHERE Name='Intel(r) AMT Endpoint Access Control Service'")

$endpointAccessControlServiceInstance =$endpointAccessControlServiceRef.Get()

$enabledState =$endpointAccessControlServiceInstance.GetProperty("EnabledState")

if($enabledState -like "2")

{

    EnableEACService("3")

}

$inputObject =$endpointAccessControlServiceRef.CreateMethodInput("SetEacOptions")

$inputObject.SetProperty("EacVendors","1")

$inputObject.SetProperty("PostureHashAlgorithm","1")

$outputObject =$endpointAccessControlServiceRef.InvokeMethod($inputObject)

$returnValue =$outputObject.GetProperty("ReturnValue")

EnableEACService("2")

UpdatePostureState

 

 

Instance Diagram

Classes Used in This Flow

SDK Sample

Not applicable

 

Copyright © 2006-2022, Intel Corporation. All rights reserved.