Skip navigation

I've been sitting on this one for a while now, hoping that I'd have time to write a full Use Case Reference Design, but figured I'd better just put it out there. I recently ran across something called "Portable apps". Yes, I know they are not new, but they were certainly new to me. Portable apps are designed to run from USB thumb drives as stand alone applications. That way you can bring your thumb drive with you and no matter what computer you use, you have your favorite apps, settings, docs, etc.


While perusing, I noticed quite a few remediation tools. For example, ClamWin virus scanner has a portable version. So I began to wonder...these apps run stand alone. They don't mess with the registry, they don't need run time libraries, they just run. Maybe they'd work in Windows PE. So, I built a 32 bit WinPE following these instructions. Between sections 3.3.2 & 3.3.3 I copied in ClamWin and Firefox portable. I continued on and ended up with a WinPE ISO file. I then IDEr booted one of my AMT 6 systems, and what do you know, ClamWin and Firefox worked! I can scan for viruses. I can surf the Internet. All from WinPE. All remotely. This could be the beginning of a great recovery OS for help desk use.


Since then I've tried a few other portable apps. Not everything works, but so far most of them do. Eventually, I hope to post more detailed instructions and lists of the most useful portable apps for remote remediation. In the mean time, here's a few links to some portable apps. Give it a try and let me know what works, and which apps are your favorites.


PStart makes a simple, easy GUI for WinPE so you don't have to start your apps from a command line:

Look at the TTL of the ping response.   TTL=255 is Intel AMT whereas TTL=128 is the Windows Operating system.


More insights shared at

If you are an Operating System Vendor and planning to support 2010 Intel vPro Technology enabled platform and  ensure comptability with Intel AMT KVM feature, this is a MUST read white paper! Even if you are not an Operating System Vendor, this white paper gives a good background about Intel AMT KVM feature.


Please blog with your comments and questions.


Thank you,

Naren Kumar

The “Billion Dollar Lost-Laptop Study,"conducted by Intel and the Ponemon Institute, found that the 329 organizations polled had collectively lost more than 86,000 laptops -- worth a staggering $2.1 billion. Surprisingly though, two-thirds did not take advantage of even basic security practices, such as encryption, back-up and anti-theft technologies.  Intel Anti-Theft Services General Manager Anand Pashupathy explains:



Providence Health and Services Oregon Region is a big believer in technology. In fact, it was an early adopter of online medical records, which have helped it manage its growth without adding personnel. To take productivity to the next level, Providence is now using PCs with Intel® Core™ i5 vPro™ processors.  Focusing first on patch compliance, Providence was able to increase six-hour compliance by 17 percent—making the client environment more robust, improving IT’s efficiency, and helping users avoid morning-after delays caused by patch failures.

“The story here is about increasing patch efficiencies and productivity and decreasing downtime,” explained Lee Kriebaum, manager of IT and engineering for Providence Health and Services Oregon Region. “We need technology that gives us the capability to do things programmatically and automatically, without being physically present at each location.”

For the whole story, read our new Providence business success story. As always, you can find this one, and many more, in the IT Center and Reference Room.

The migration and upgrade process is fairly simple and straightforward.   However, do to a number of inquiries on the topic, I posted a summary on Symantec Connect.   See


If you need further assistance and insight - contact Symantec support teams or post back on the article to share with the community

I attended a press briefing a couple of days ago on a new study that analyzes the impact of lost and stolen laptop computers on businesses. The astounding financial costs and liability from potentially exposed data left me wondering if panic attacks might be becoming another autonomic nervous response, alongside heartbeat and breathing, among businesspeople, IT professionals and CFOs.


Shockingly, not so. In fact, the vast majority appeared so completely indifferent or unaware of the inevitable consequences that they weren’t taking even basic precautions – no encryption, no back-up, no anti-theft technologies.


“The Billion Dollar Lost-Laptop Study,” conducted by Intel Corporation and the Ponemon Institute, surveyed 329 businesses and other organizations. It found that in the course of a year participants’ had parted with more than 86,000 laptops either through carelessness or theft. The resulting cost was a staggering $2.1 billion.


Costs came from wagon-circling in anticipation that data on the systems might fall into competitors’ hands or show up on Wikileaks, lawyers who had to comply with legal and regulatory procedures, and lost productivity of employees who cooled their heels while waiting for replacement laptops and the chance to begin their jobs anew, since none of their work was backed up.


According to the study, the odds of employees leaving their laptops under tables at Starbuck’s or having them yanked through shattered passengerside windows of their cars vary slightly from 5 to 10 percent, the latter about the same odds that “Frosty The Snowman” is the ladies’ in your lives favorite animated Christmas special. Employees in different industries fared slightly better or worse. Of the 11 industries surveyed, educational and research institutions scored the highest in missing laptops at a bit under 11 percent, while the financial institutions lost just over 5 percent.


I was somewhat surprised that thieves made off with only 25 percent of those systems for sure, though they study suggests foul play in another 15 percent. The remaining 60 percent were simply “missing.” When only theft is considered, the places to keep a death grip on your laptop are the ones we all know – airports, train stations (particularly Paris from my experience) and other transportation venues. Among those companies with the highest theft rates, transit locations accounted for nearly 50 percent of the crime scenes.


Scary Part

Here’s the really scary part. It is our comfortably safe homes, hotel rooms or customers’ conference rooms that the study cited as the most dangerous places. More than 40 percent of all lost and stolen laptops wander out of these venues while we’re feeling complacent. Though No. 1 for theft, transportation venues rank No. 2 for combined lost and stolen laptops with roughly one-third going astray there.


Your office is the safest place. Only 12 percent go missing from the home cube. [As a side note, that’s where I lost mine to obviously highly trained thieves. They somehow lifted my unsecured laptop off my desk in my open cube in the middle of the night without leaving a trace or anyone seeing them. The authorities are still baffled, which might suggest why only 5 percent of missing laptops are found. (There will be a test later to see what you’ve learned from this anecdote. So, you may want to reread this section if the lesson is unclear.)] Another 12 percent vanished without explanation, though I suspect the same gang.


According to the study, 48 percent of the missing laptops contained confidential data (the biggest factor in both the cost of missing laptops and severity of crippling after-the-fact panic attacks among their overseers). However, I asked my friend Kevin Beaver, an information security consultant, author and blogger, what he thought of that figure. “Clearly, there are 52 percent of workers and IT pros out there who don’t know what’s on their computers,” he quipped. The source for his skepticism is the data assessments he performs with his clients. When he assesses their hard-drive contents, virtually all have confidential data of some sort, all the way from customers’ – and family members’ – names and numbers to corporate documents they hadn’t considered.


No Bullets in Most Laptops

Finally, here’s the part that will blow you away. We’ve just seen that lost and stolen laptops are astronomically expensive, that thieves are pretty talented, and workers somewhat inattentive and forgetful at times, and that nearly all laptops likely have files their owners wouldn’t want posted on the Internet. So, how many of these companies do you think used encryption, back-up or anti-theft technologies, the basic stuff?


Take a wild guess. Sorry, you’re way too high. The study determined that only 30 percent took advantage of encryption, 29 percent back-up and 10 percent anti-theft technologies. If you guessed right, you were probably either reading ahead or among the CISOs of these companies. While it may seem reckless to send mobile workers out the door without the bullets in their laptops to protect them, I have to think the cause is lack of understanding of the consequences, not cavalier attitudes. Unfortunately, most people, including many IT pros, believe that the cost ends with the missing hardware, that few systems pack confidential material and that the odds of theft are largely in their favor. Well, now it should all be clear.


For solutions, let’s consider Malcolm Harkins. Malcolm is Intel’s CISO. He and his group stand guard on the company’s 87,000-strong mobile workforce. Their strategy looks at both technology – encryption, back-up and anti-theft solutions among them – and employee education to drive down the number of lost and stolen laptops. Here’s my last astounding factoid: using this approach, Malcolm and his team have driven down Intel’s number of wayward laptops to less that 1 percent, about 700 computers a year. Now, that’s staggering.

There are a variety of insights shared on this site (vpro expert center) and Symantec Connect's site on deployment and implementing vPro in a Symantec environment.   But if you need direct technical support and assistance - contact Symantec.  


As an example of Symantec's capability to support most requests, see


Symantec support technicians are ready to take the call, setup a WebEx session as needed, and help you get vPro configured and usable in the environment.


And just in case you have a particularly complex issue that a Symantec support associate cannot address... if it gets escalated to their senior support represenatives, there will be some behind-the-scenes collaboration with appropriate Intel contacts.


Symantec support teams have been answering vPro deployment related calls for a few years now.   As issues are addressed and shared out via their knowledgebase (, more information is accessible to the community.


Remote ISO Launcher

Posted by rkfoote Dec 2, 2010

Ever want to remotely boot an ISO image on your vPro machine but find it’s cumbersome to load up a management console? Do you day dream of launching a simple application entering your machine’s name and clicking boot? Wish that it would support Fast Call for Help, TLS and have a vt100 terminal built in? Do you wish you could embed commands into your ISO image that would communicate back to the application and generate menus or get user input?


Meet the Remote ISO Launcher! I’ve written an application that does just that! You can download the binaries from here:


But wait! There’s more! The source code is also included at no extra cost!


Try it out and leave feedback.







(Legal disclaimer: By downloading the source code you agree not to mock my code. Bugs or feature enhancements welcome. Just no mocking )


New Job!

Posted by rkfoote Dec 2, 2010

I’ve been working at Intel for around 13 years now and one of the things I love is all of the opportunities that present themselves and the fantastic people I get to work with. I recently moved to the Use Case Reference Design team. If you’re not familiar (and love vPro!) you should check out the projects that this team has done! A list of the projects can be found here:


With my new role I’ll have the opportunity to develop vPro solutions (and release the related source code in most cases!!!) and post odd-ball off-the-wall stuff (think: that’s interested but why would you ever do that). In some cases I hope to drive ideas and solutions back into the development teams (which I won’t be able to comment on... thanks lawyers ). Feel free to post thoughts/ideas/frustrations and I’ll see if I can help.


Stay tuned!

Instructions for setting a static IP Address on a XenClient system.


Bob Ludwig


Chaitanya Upadhyay


NOTE!! Click on Pictures to enlarge them for easier viewing.


This blog is to demonstrate how easy it is to set a static ip address on the Xenclient receiver. This information is not in the current Xenclient User Guide documentation on the Citrix website, so we thought we would post here. But it will be added to the User Guide in later releases of XenClient. So duplicate the screen captures that follow, and you should have no trouble setting a static ip address on your XenClient system.



In this example we set an IP Address of on our XenClient Receiver . Then, to test connectivity, we will ping another device on the network at

































That’s all there is to it. Hope this helps you in your work with XenClient!




Copying VM’s directly between XenClient Systems

Bob Ludwig


Chaitanya Upadhyay


NOTE!! Click on Pictures to enlarge them for easier viewing.


If you are working with XenClient GA version 1.0 you have probably run into a situation where you would like to copy your XenClient VM’s to some other computer or storage device. This blog will describe the steps necessary to copy VM’s directly from one XenClient machine to another XenClient machine.



We will assume that we have two XenClient laptops on the same subnet and are both connected to a Gb. switch or are directly cabled together. The XenClient software in use is the GA 1.0 version released on September 29, 2010.



For purposes of this document Laptop #1 has two VM’s already installed on it, a Windows 7 VM and a XP VM. Laptop #1’s ip address is



Laptop #2 has no VM’s installed on it and its ip address is



We will show how to identify and transfer the XP VM from Laptop #1 to Laptop #2.









Step 1.


Open a terminal session on Laptop #1

You will see two files in /storage/disks subdirectory. These correspond to the two VM’s on Laptop #1. The question is which .vhd file is the XP VM?





Step 2.


To determine which .vhd file is the XP VM we need to look inside the .db files that are located in the /config/vms subdirectory.








Step 3.


We will take a look inside the first .db file listed. We could use the vi editor, but in this example we will use the cat command and pipe the output to “more”







Step 4.


After typing the cat command we will scroll through the .db file until we see a statement starting with “path”. Here we can see the .vhd file that is the XP VM. We need to write down this .vhd name as we will need it in future steps. This is the .vhd file that we will transfer to Laptop #2 using the scp command.



From this Point on all work is now performed on Laptop #2




Step 5.


On laptop #2 we need to go through the process of adding a VM. However in the last step of the process we will state that we wish to create the VM, but we will install the OS later. (We will copy the OS from Laptop #1)















Step 6.


Still on Laptop #2 we need to look at the .db file and  find out which .vhd file will be associated to it. We need to change  directory to the /config/vms subdirectory Then we will use the same  “cat” command as we did in step 3.








Make note of the above .vhd file.


Step 7.


Still on Laptop #2 we will change directories to/storage/disks, and then run the scp command to copy the .vhd file from Laptop #1 to a file name of our choosing on laptop #2. After we type in the scp command as shown below, we will be asked for our XenClient password on Laptop #1. Type in the password and continue. You may also be asked a question regarding authenticity. Say yes to this and continue.




It should only take a few minutes to scp the file from Laptop #1 to Laptop #2. This can obviously vary depending upon how large the VM is that we are transferring.


Once scp is finished copying the file you will now have a file named XP-OS.vhd. The final step is to move this file into the .vhd file on Laptop#2 (the .vhd file in step 6).




Now close the terminal window and start the VM.






That’s all there is to it. Hope this helps you.



Filter Blog

By date: By tag: