Gael Holmes, Software Development team blogged about the T400 & the beep beep beep error.  Check out her post and the additional tips from Frank on reseting back to factory..      

http://software.intel.com/en-us/blogs/2009/02/23/and-the-lenovo-t400-said-beepbeep-beep-beepbeep-beep-beepbeep/

Comment from Gael's blog -

------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Hi Gael,
I had the same "Morse Code" problem on a T400 and thought it was a one-of-a-kind..

But, I have some good news for you... there is a Lenovo BIOS update that addresses this and it worked me...
http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-70350

As to the question of how to get the ME back to factory default, here isn the process I use:

In BIOS, select Config-> Intel (R) AMT-> Intel (R) AMT Control- Disable ... exit BIOS and reboot

Then repeat the above enabling the AMT control, and you will be back at factory default- PWD is "admin" again

Frank

Hi all.  It's been a bit since my last blog and I did commit to sharing out the HW inventory list that we used for Park N Patch.  here's the list:

• CF-19  - Panasonic Tough Book (note:  this a Montevina based platform, which is a Centrino2 w/ vPro Technology)

• LiIon Polymer Universal Battery 90 Watt (this is the ticket for making the machine believe it's powered on for a few hours after the key is pulled from the service truck).

• Access Point - Netgear WNR834B v2  (802.11g using WPA)

• Console Laptop – HP 6910p  (we used this as a light weight console, vs. a true server or desktop)

• Console – Altiris

•   12 battery (i.e. simulates the truck battery)

• Universal Auto 12v adapter to provide 16V to external battery

Prior & relevant blog posts

Park N Patch Use case

Panasonic Toughbook vPro Systems Updated

Here's the HD Video

http://communities.intel.com/openport/community/openportit/vproexpert/blog/2009/01/27/park-n-patch-use-case--the-video-is-ready

Matt & I were able to spend a few moments in Las Vegas during a sales event to talk about certificates & vPro.  If you are having console issues listen in on this one.  it will be worth the time.

Josh H

Curious about how Intel vPro and Symantec’s Altiris software work together?  Using Symantec’s Altiris CMS to manage your vPro machines? Or, are you somewhere in between? In either case, the Symantec SP Zone was designed for you. The new vPro Expert community houses info that offers a better understanding of the products, describes how others are benefiting from the combined solution and, can help you get up and running. 

So check it out, post a blog or start a discussion.

Symantec SP Zone

Julie Nusom

Symantec SP Zone

Community Manager

The new generation of notebook PCs with Intel vPro technology includes Intel Anti-Theft Technology PC Protection (Intel AT-p). Intel AT-p offers you the option of activating hardware-based client-side intelligence to secure the PC and data if a notebook is lost or stolen. Because the technology is built into PC hardware, it provides local, tamper-resistant defense that works even if the OS is re-imaged, a new hard-drive is installed, or the notebook is not connected to the network.

For a good introduction of the Intel® AT-p Technology please visit - http://communities.intel.com/community/openportit/vproexpert/blog/2008/12/04/anti-theft-technology-has-arrived

In the following we describe an example of how this technology is deployed and used in the life of a typical employee working for a security conscious company. Consider a user Jane who is a new employee of a company called SecureBank. SecureBank wants all its employees laptops to be protected against theft and is therefore utilizing the Intel® vPro Anti-Theft Technology for Asset Protection (AT-p) with Absolute ISV.

In particular Jane has two (rather adventurous) days –

-         Day 1: IT admin receives a new laptop and sets it up for Jane. Jane uses the new laptop for the day when she receives her new laptop and manages to loose it to a thief!

-         Day 2: the thief is unable to use the laptop due to the poison pill sent as a feature of the AT-p technology. The thief therefore gives up on it and leaves it in a coffee shop. The laptop is subsequently recovered by SecureBank, made functional again and is ready to be handed over to Jane.

Below are the details –

(Check out the video uploaded at youtube –

http://www.youtube.com/watch?v=bnTggBxhOVk&feature=email)

Day 1:

(1) Initial Setup by IT Admin:

The IT admin receives a new laptop and creates the SecureBank IT image on the laptop. This includes the Absolute agent which would be used for AT-p. The Absolute Client Windows Installer is a part of the IT image. The two key steps are undertaken -

-         Enrollment: The IT admin runs the Absolute Client Windows Installer which installs the Absolute agent on the client. As part of the installation this client is enrolled with the Absolute server. Enrollment consists of the following steps –

1.      The Absolute Agent checks the local platform to ensure that the platform is eligible for Intel® AT-p.

2.      The Agent requests permission of activate AT-p with the ISV Server i.e. the Absolute Server.

3.      The ISV Server takes this unique client request and sends it (along with a license key) to the Intel permit signing server.

4.      Once the Intel signing server has validated this request, an AT-p permit is generated for that unique client. The client system is now ready to validate signed messages from the ISV server.

Once the machine is enrolled it shows up on the administrator console. The machine is identified using a unique identifier generated by the Absolute server, Detected Full Computer Name and Detected Serial Number. At this point a default policy for the client machine is also applied.

-         Policy Setup: The IT admin can also fine tune the policy for Jane. Examples of Attributes he can set include:

Once the IT admin has set the above policy he is ready to hand over the laptop to Jane.

(2) Normal Usage:

On receiving her new Laptop, Jane logs in with her domain credentials and uses it seamlessly (as if there were no AT-p). The rendezvous may occur without any active participation of Jane. As such the rendezvous happens in the background and is transparent to Jane.

- Rendezvous (Machine Not Stolen)
The Absolute solution has a rendezvous timer of 24.5 hours. After this time the following steps would occur –

1.      As the Rendezvous Timer (24.5 hours) expires the ISV Client Agent initializes a rendezvous.

2.      The ISV Server’s response is relayed to the Intel Management Engine (in the firmware) through the ISV Client Agent. Any new settings are relayed.

3.      Acknowledgments are generated for any message received.

4.      Once finished, the Disablement Timer (or AT-p Timer) reset message is sent to the Intel Management Engine.

(3) Theft:

After a good first day of work, Jane’s colleagues take her out for a dinner. She leaves her laptop in the car and heads to the restaurant. To Jane’s bad luck her car is broken into and the notorious thief steals her laptop.

- Malicious Usage: The thief has a hacking tool that allows bypassing the windows login/password challenge and can use the laptop. He feels he can make a good fortune by selling this laptop in the black-market.

- Theft Reporting: When Jane returns to the car, she is shocked to see her car broken into and her laptop stolen. She immediately calls the IT admin helpdesk and reports the theft. The IT admin sets the Theft Status to Stolen. Next time the laptop checks in with the Absolute server, the Theft Action, which is Immediate Lock, will take place.

Day 2:

(4) Poison Pill:

The attacker logs in again using his hacking tool. Since it is past 24.5 hours (i.e. the rendezvous timer has expired) the agent initiates a rendezvous. At this time the following steps happen -

- Rendezvous (Machine Stolen)

1. As the rendezvous timer expires the ISV Client Agent initializes a rendezvous.
2. The server has marked the system as stolen, and sends an AssertStolen message (“Poison Pill”) to the system.
3. The local system takes action based on the current policy.

As the action is to immediately lock, the thief to his surprise observes that the machine just shuts down. When he tries to power on the machine he sees a pre-boot authentication screen which requests him to insert admin credentials. The thief’s hacker tools are not able to bypass this screen as the same OS (which is potentially more vulnerable) as the pre-boot environment serves as an extension of the boot firmware and guarantees a secure, tamper-proof environment external to the operating system as a trusted authentication layer. Brute force attacks in this environment are also much harder as the tamperproof firmware reboots the machine after a threshold time or number of attempts to login has expired.

To the thief’s dismay, he cannot really use the laptop and leaves it in the coffee shop where he logged in from.

(5) Asset Recovery:

The IT admin of SecureBank was able to get the IP of the location where the thief last logged in from and contacts the coffee shop. SecureBank officials pick up the laptop and bring it back to the IT admin desk for recovery. To recover the platform the IT admin carries out the following steps –

1. The IT admin (re)sets the Theft Status to be Secure (from Stolen).
2. Upon boot, the admin is presented with a “system locked” message in the pre-boot environment.
3. The admin recovery passphrase must be entered before a given time (say 2 minutes). The admin immediately inputs his admin passphrase for the given machine.
4. When the admin credentials and theft status have been verified, the AT-p timer is reset and the client platform is unlocked. The platform then boots to the OS. 

Once this is done, the IT admin is ready to return this machine back to Jane without loosing any time. Thus we can see that AT-p solution not only provides a way to secure machines against theft and continued malicious use, but also ensures efficient recovery and continued use of the recovered machine!

Prior to vacation I was asked to show how to manage a vPro via an iPhone.  Here it is.. 

I was talking with the marketing team this last week about what they have for hot video's that are showing vPro in use with End User's. They shared this list with me and I thought I would share with you all as well. I wish these were in a better format to play on demand, however for the time being here they are for you.

21st Century Learning: Watch how Viglen and Intel® vPro™ technology help the Green School drive innovation in learning.

Management Lesson: Watch how the Clayton County, Georgia, public schools manage their IT assets and reduce desk-side visits with Intel® vPro™ technology.

Managing Assets: Watch Verizon's Chris Maylor explain how Intel® Core™2 processor with vPro™ technology helps the company manage its IT assets.

Transforming Troubleshooting: Watch how one of the largest telecommunications companies in the world makes IT troubleshooting easier with Intel® vPro™ technology.

Saving Taxpayers' Money: Watch how Indiana's Office of Technology saved the state millions by improving IT efficiency, standardizing on Intel® multi-core server technologies. Now it's saving millions more with Intel® vPro™ technology.

Healthy Manageability: Watch how Sisters of Mercy Health System keeps its IT manageability healthy with Intel® vPro™ technology.

Healthy Upgrade: Watch how Marshfield Clinic improved efficiency and manageability and maximized its IT budget using Intel® vPro™ technology.

The Real CSI: Watch to see Las Vegas Metro's unsurpassed use of technology for information management-including Intel® vPro™ technology.