When you install the Intel WS-MAN Translator, by default it will provide a PSK PID/PPS of 4444-4444 0000-0000-0000-0000-0000-0000-0000-00000. Although easy to remember, it not necessarily the most secure. If you do not have a unique PID/PPS generated for your environment, you can leverage the USBFILE utility availible in the AMT Software Development Kit (SDK) to generate a secure and unique PID/PPS. USBFile.exe is located in the .\Windows\Intel AMT SDK\Bin\Configuration\ConfigScripts directory of the AMT Software Development Kit download file.
Consideration: The Intel WS-MAN 1.0 only supports the use of 1 PID/PPS pair. So that you can provision AMT clients using PSK after a partial un-provision, it is recommended that you use the same PID/PPS pair throughout your Environment.
Generating an unique PID/PPS with USBFile for the Intel WS-MAN Translator
Execute usbfile -create setup.bin admin <new MEBx Password> -gen 1 -xml pidpps.txt
Note: <new MEBx Password> is what you want the MEBx password to be. If you using the Intel WS-MAN Translator with SCCM, this should be the same password you configured within SCCM Out of Band Management Properties > Provisioning setting Section > MEBx Account.
Note: Running the USBFILE command will generate a setup.bin file; however, this setup.bin is set to consumable and can only be used once. Please reference the instructions below on how to create a non-consumable setup.bin with your unique PID/PPS
After the command has been executed, you can view the generated PSK PID/PPS pair in the pidpps.txt file.
This PID/PPS pair can then be configured in the Intel WS-MAN Translator by running Start > All Programs > Intel WS-Management Translator > wtranscfg.exe. Navigate to the Set Common Pre-Shared Key screen and enter in the PID/PPS that you generated. Click Finished and then OK to Restart the Translator Service.
Generating a non-consuming setup.bin for One Touch Provisioning
Execute usbfile -create setup.bin admin <new MEBx Password> -pid <PID> -pps <PPS> where PID and PPS are the unique ones you generated for your environment.
This will create a file called setup.bin in the working directly that you ran usbfile.exe
Note: <new MEBx Password> is what you want the MEBx password to be. If you using the Intel WS-MAN Translator with SCCM, this should be the same password you configured within SCCM Out of Band Management Properties -> Provisioning setting Section -> MEBx Account.
Using the USB Key Provisioning Utility, you can create a properly formatted USB Key loaded with the setup.bin file that can be used for One Touch Provisioning.