One of the new additions to Config Manager SP2 is native support of wireless access for managing clients with AMT.  Microsoft has built in support for configuring enterprise level wireless profiles such as WPA2-Enterprise.  These are wireless profiles that support RADIUS authentication using an authentication server to decide whether or not a given client is allowed to access the network.  Config Manager SP2 does not support wireless profiles that use pre-shared keys (PSK).  If you use security standards like WPA2-PSK/WPA2-Personal in your environment you will need to use the scripting framework tool to generate a script that can configure this option outside of Config Manager.

Mohan Veeramachaneni has put together several guides that explain how to configure the back-end RADIUS authentication components and access point configuration.

Cisco ACS

Configure Cisco ACS Server for Navigating Secure Networks with AMT/vPro

Microsoft NPS

Simple Configuration of Microsoft NPS as Radius for 802.1X - Part 1

Simple Configuration of Microsoft NPS as Radius for 802.1X - Part 2

Microsoft IAS

Step-by-step Guide for Navigating Secure Networks (802.1x) with Intel® AMT™ using Microsoft® SCCM SP1 & Microsoft® Radius (IAS)

Matt Royer has a blog entry that covers wireless profile management in Config Manager SP2.  The process he outlines is still the same in the release version of SP2.

http://communities.intel.com/community/openportit/vproexpert/microsoft-vpro/blog/2009/06/05/a-closer-look-at-sccm-sp2-beta-oob-wireless-management-wireless-profile-management

Key things to remember about wireless management with Config Manager

• Config Manager will not update a wireless profile that is currently in use.
• Config Manager now uses DNS entries to resolve client names.  You may run into a case where a client has switched between a wired or wireless connection and AMT is temporarily inaccessible due to delays in DNS update propagation.  DNS caching on your Config Manager server can also cause this to occur.  You can try running the “ipconfig /flushdns” command from a command prompt to clear the local DNS cache on your Config Manager server.
• Launching a Serial-over-LAN session over a wireless connection while the client’s OS is using that same connection will cause the wireless network to be cut off to the OS.

Whenever you make a change to your Out-of-Band configuration settings in SCCM you need to push that change out to your Intel® AMT clients.  Normally you have to go through each of your collections that has AMT systems in it and tell SCCM to manually update the management controller configuration.  It is possible to automate this process using a script that makes WMI calls to the SCCM server, requesting it update the management controllers in your clients.  This can be scheduled as an advertisement to be run automatically.  This package contains documentation that outlines the required security, creation of the update task and an example VBscript.  You can download the package here:

http://communities.intel.com/docs/DOC-3399

In order for Microsoft Systems Center Configuration Manager to provision a vPro system, via bare-metal provisioning, it needs to know its UUID (Also referred to as a GUID), MAC address, short name and FQDN.  This information can be collected into a CSV file and imported into SCCM manually, or automatically by leveraging a script and WMI.  This package will outline the security configuration and point you to resources you can use to create a script to automate this process.  You can get a copy here:

Update 6/25/2009:  An updated version of the script is available at the link below.

http://communities.intel.com/docs/DOC-3067