CollapseAll image

Update a User ACL Entry

The following steps describe how to update information about a selected user.

1.  Retrieve the value of the AMT_GeneralSettings.DigestRealm property:

a.   Retrieve the instance of AMT_GeneralSettings, where the “InstanceID” key equals “Intel(r) General Settings”.

b.   Retrieve the DigestRealm property.

2.  If the account password will be changed, compute DigestPassword by using MD5 Hashing function:

DigestPassword = MD5 (username + “:” +  AMT_GeneralSettings.DigestRealm + “:” + plaintextPassword);

3.  Retrieve the instance of AMT_ AuthorizationService, where the “Name” key equals “Intel(r) AMT Authorization Service”.

4.  Invoke AMT_AuthorizationService.UpdateUserAclEntryEx with the following parameters:

Parameter

Value

Handle

Handle of the user ACL entry to be updated, returned when the entry was created or when retrieving a list of users.

DigestUsername

Username (include this whether or not the Username is to be changed)

DigestPassword

Digest Password computed in step 2

(include if the Password is to be changed)

KerberosUserSid

User/Group SID in Base64 format

(include if the SID is to be changed)

AccessPermission

Access Permissions

(include if the Permissions are to be changed)

Realms

User Realms

(include if the list of Realms is to be changed)

 

Click here for a snippet demonstrating this step

This snippet depends on the handle of an ACL entry created in a diferent use case. See Add a Digest User and Add a Kerberos User.

See Snippet Functions for the ConvertToBase64 and ComputeMD5 functions.

See the first snippet in the Add a Digest User use case for the GetDigestRealm function.

You can execute this snippet by inserting it into the execution template found here.

  

$handle ="4" # The handle of the user, returned when the entry was created.

$authorizationServiceRef =$wsmanConnectionObject.NewReference("SELECT * FROM AMT_AuthorizationService WHERE Name='Intel(r) AMT Authorization Service'")

$digestRealm = GetDigestRealm

$digestPassword = ComputeMD5 "myUser" "P@ssw0rd" $digestRealm

$digestPasswordInBase64 = ConvertToBase64 $digestPassword

$inputObject =$authorizationServiceRef.CreateMethodInput("UpdateUserAclEntryEx")

$inputObject.SetProperty("Handle",$handle)

$inputObject.SetProperty("DigestUsername","myUser")

$inputObject.SetProperty("DigestPassword",$digestPasswordInBase64)

$inputObject.SetProperty("AccessPermission","2") # 2 = any access permission.

$inputObject.AddProperty("Realms","2") # 2 = Redirection realm.

$inputObject.AddProperty("Realms","4") # 4 = HardwareAsset realm.

$outputObject =$authorizationServiceRef.InvokeMethod($inputObject)

$returnValue =$outputObject.GetProperty("ReturnValue")

 

 

Instance Diagram

Not applicable

Classes Used in This Flow

SDK Sample

If there is a sample demonstrating this flow, it is included in the SDK installation file. See SDK Installation Layout for details.

 

See Also:

   Intel AMT Users and Permissions/Realms

   Valid Usernames and Passwords

   Realm Names and Realm Shortcuts

Copyright © 2006-2022, Intel Corporation. All rights reserved.