Home > Intel Communities > Open Port IT Community > Intel® vPro™ Expert Center > Microsoft Manageability > Blog > 2009 > June
Up to Blog Posts in Microsoft Manageability
Previous Next

Microsoft Manageability

June 2009
Dan Brunton
1

SCCM Log Parser Script

Posted by Dan Brunton Jun 25, 2009

Reading through the wealth of information in SCCM logs can be a challenge, especially if you are provisioning a lot of systems at one time.  I've put together a VBScript example to help make the job of debugging provisioning problems easier.  This script will parse through the log file you specify and create a new log file containing entries relevant to the string you are searching for.  The most common usage for this would be to look through the amtopmgr.log for all entries related to a specific computer name.  This script will first go through the log and find all the thread values associated with the computer name, then, it will take any log entry with any of those thread values and place it in a new file and launch it in the SMS Trace (Trace32) application.  The idea is that having all these entries, not just the lines with the computer name, will paint a more complete picture of what has gone on during the provisioning process and cut back on the time spent looking for relevant log entries by hand.  Here's some information on how to run the script.

Required parameters:

/l: - The SCCM log file you want to parse, typically amtopmgr.log

/s: - The search string, often a computer name, you want to parse the logs for

Optional parameters:

/o: - The name of the parsed log file this script will produce.

      If no name is specified, the file will be named:

      <specified computer name>.log

Example: cscript sccmlogparse.vbs /l:amtopmgr.log /s:vProPC /o:parsedlog.log

You can download the script here:

http://communities.intel.com/docs/DOC-3400

1 Comments Permalink Tags: amt, dan_brunton, script, sccm
Dan Brunton
0

Whenever you make a change to your Out-of-Band configuration settings in SCCM you need to push that change out to your Intel® AMT clients.  Normally you have to go through each of your collections that has AMT systems in it and tell SCCM to manually update the management controller configuration.  It is possible to automate this process using a script that makes WMI calls to the SCCM server, requesting it update the management controllers in your clients.  This can be scheduled as an advertisement to be run automatically.  This package contains documentation that outlines the required security, creation of the update task and an example VBscript.  You can download the package here:

 

http://communities.intel.com/docs/DOC-3399

0 Comments Permalink Tags: dan_brunton, amt, script, sccm
Dan Brunton
3

The SCCM Out-of-Band (OOB) Management Console is a stand-alone executable that is typically launched from within the SCCM console application itself. There may be cases where different groups in an IT department will want to make use of the OOB access to clients, but should not have access to the other features of SCCM in order to maintain proper separation of duties and best known security practices. It is possible to use existing technologies to launch the OOB Management Console outside of the SCCM console application itself. This package contains documentation that explains the required SCCM security configuration and includes and example VBScript.  You can download the package here:

 

http://communities.intel.com/docs/DOC-3398

3 Comments Permalink Tags: dan_brunton, script, sccm, amt
Dan Brunton
1

In order for Microsoft Systems Center Configuration Manager to provision a vPro system, via bare-metal provisioning, it needs to know its UUID (Also referred to as a GUID), MAC address, short name and FQDN.  This information can be collected into a CSV file and imported into SCCM manually, or automatically by leveraging a script and WMI.  This package will outline the security configuration and point you to resources you can use to create a script to automate this process.  You can get a copy here:

 

Update 6/25/2009:  An updated version of the script is available at the link below.

 

http://communities.intel.com/docs/DOC-3067

1 Comments Permalink Tags: amt, sccm, configmgr
Matt Royer
2

This information is based on Microsoft’s beta release of System Center Configuration Manager Service Pack 2 and is subject to change.

Within the SCCM SP2 beta, Microsoft has included support for AMT Audit Log.  Audit Log was introduced in AMT version 4 and provides a mechanism to captures the occurrence of significant AMT events and who performed those actions.

Before you begin, you must configure SCCM SP2 on which AMT Audit Log events it turns on.  This can be done by selecting Out of Band Management properties under "Site Database" -> "Site Management" -> <Site Code> -> "Site Settings" -> "Component Configuration" -> “Audit Setting” Tab.

AuditLog-Settings.jpg

Unlike other AMT feature enablement with SCCM, Audit log is not enabled during Provisioning or through the Update Management Controller process; it must be performed as a post provisioning step.  To enable the AMT Audit log, you must right click on the AMT client and select “Out of Band Management” -> “Enable Auditing and Apply Audit Log Settings”.  You can also disable and clear the audit log from this menu as well.

AuditLog-Enable.jpg

Once enabled on the AMT Client, you can access the AMT Audit Log through the Out of Band Management Console available through right clicking on the AMT client and select “Out of Band Management” -> “Out of Band Management Console”.

AuditLog-OOBC.jpg

--Matt Royer

2 Comments Permalink Tags: sccm, sccm_sp2, vpro, amt, matt_royer
Matt Royer
0

This information is based on Microsoft’s beta release of System Center Configuration Manager Service Pack 2 and is subject to change.

As noted in one of the previous posts, SCCM SP2 has extended support for AMT / vPro Wireless Out Of Band use cases.  If we open Out of Band Management Component Configuration under "Site Database" -> "Site Management" -> <Site Code> -> "Site Settings" you will notice that there is a new tab for “802.1X & Wireless”.

OOBM-WirelessTab.jpg

When you click the new icon, you will be given the opportunity to create your AMT wireless profile.

OOBM-WirelessTab-New.jpg

There are a couple of interesting things to point out.  First, SCCM SP2 supports AMT wireless security types of WPA-Enterprise and WPA2-Enterprise; WPA-Personal and WPA2-Personal are not supported

OOBM-WirelessTab-SecurityType.jpg

Second, the encryption method can be either TKIP or AES.

OOBM-WirelessTab-EncryptionMethod.jpg

Third, you will notice that 802.1x authentication is required for the wireless connection supporting the Client Authentication methods of EAP-TLS, EAP-TTLS/MSCHAPv2, or PEAPV0/EAP-MSCHAPv2.

OOBM-WirelessTab-ClientAuthentication.jpg

The 802.1x trusted root certificate can be loaded from either a file or pulled directly from your CA infrastructure.

OOBM-WirelessTab-ServerAuthentication.jpg

OOBM-WirelessTab-TrustedRootCertificate.jpg

The Radius Client Certificate (depending on the Authentication method chosen) will allow to you choose a desired certificate template from one of your Microsoft Enterprise Certificate Authorities. 

OOBM-WirelessTab-ClientCertificateTemplate.jpg

OOBM-WirelessTab-RadiusClientCertificate.jpg

Once the wireless settings have been configured in the Out of Band Management Component Configuration, the certificate request will be generated for the AMT client and the wireless settings will be pushed to the AMT client during the initial provisioning or when a “Update Management Controller” is performed on the client.

--Matt Royer

0 Comments Permalink Tags: matt_royer, sccm, amt, vpro, sccm_sp2
Matt Royer
1

Note: This information is based on Microsoft’s beta release of System Center Configuration Manager Service Pack 2 and is subject to change.

Besides extending ConfigMgr support for new Operating Systems (Windows 7, Windows Server 2008 R2, Windows Server 2008 SP2, Windows Vista Sp2) and Branch Cache (peer to peer content distribution), ConfigMgr SP2 significantly evolves their native support for AMT / vPro use cases and features.  As noted in the SCCM SP2 release notes, extension of the Intel vPro Technology support expands into:

OOB Wireless Management / Wireless Profile Management

·         Provide configuration of up to eight (8) wireless profiles per site that are available to AMT clients assigned to that site

·         Set the wireless information during AMT provisioning and configure all required profile settings (SSID, key management, encryption, etc.)

·         Send wireless profile operations to the Intel translator on AMT systems with revisions earlier than 3.2.1

End Point Access Control / 802.1x support

·         Provision 802.1x settings on AMT wireless clients during AMT provisioning

·         Send 802.1x settings operations to the Intel translator on AMT systems with revisions earlier than 3.2.1

Persistent Data Storage

·         Non Volatile Memory or Third Party Data Store (3PDS)

·         Write string data into 3PDS on AMT through OOB management console

Access Monitor: Audit Log

·         Enable or Disable Audit Log (no critical event settings)

·         View Audit Log through OOB Console

Remote Power Management: Power State Configuration

·         Enable configuration of the power policy settings and include in provisioning settings when provisioning an AMT system

If you are interested in taking a closer look at the SCCM SP2 beta build, you can get access to the download by going to https://connect.microsoft.com and signing up for access.

--Matt Royer

1 Comments Permalink Tags: sccm, sccm_sp2, matt_royer, amt

Popular Blog Posts

Incoming Links