When you install the Intel WS-MAN Translator, by default it will provide a PSK PID/PPS of 4444-4444 0000-0000-0000-0000-0000-0000-0000-00000. Although easy to remember, it not necessarily the most secure. If you do not have a unique PID/PPS generated for your environment, you can leverage the USBFILE utility availible in the AMT Software Development Kit (SDK) to generate a secure and unique PID/PPS. USBFile.exe is located in the .\Windows\Intel AMT SDK\Bin\Configuration\ConfigScripts directory of the AMT Software Development Kit download file.

 

 

 

 

 

Consideration: The Intel WS-MAN 1.0 only supports the use of 1 PID/PPS pair. So that you can provision AMT clients using PSK after a partial un-provision, it is recommended that you use the same PID/PPS pair throughout your Environment.

 

 

 

 

 

Generating an unique PID/PPS with USBFile for the Intel WS-MAN Translator

 

  1. Execute usbfile -create setup.bin admin <new MEBx Password> -gen 1 -xml pidpps.txt
    *!http://communities.intel.com/openport/servlet/JiveServlet/downloadImage/1743/1.JPG!*
         Note: <new MEBx Password> is what you want the MEBx password to be. If you using the Intel WS-MAN Translator with SCCM, this should be the same password you configured within SCCM Out of Band Management Properties > Provisioning setting Section > MEBx Account.
         Note: Running the USBFILE command will generate a setup.bin file; however, this setup.bin is set to consumable and can only be used once. Please reference the instructions below on how to create a non-consumable setup.bin with your unique PID/PPS

  2. After the command has been executed, you can view the generated PSK PID/PPS pair in the pidpps.txt file.
    !http://communities.intel.com/openport/servlet/JiveServlet/downloadImage/1744/2.JPG!

  3. This PID/PPS pair can then be configured in the Intel WS-MAN Translator by running Start > All Programs > Intel WS-Management Translator > wtranscfg.exe. Navigate to the Set Common Pre-Shared Key screen and enter in the PID/PPS that you generated. Click Finished and then OK to Restart the Translator Service.
    !http://communities.intel.com/openport/servlet/JiveServlet/downloadImage/1745/3.JPG!

 

 

 

 

 

 

 

Generating a non-consuming setup.bin for One Touch Provisioning

 

  1. Execute usbfile -create setup.bin admin <new MEBx Password> -pid <PID> -pps <PPS> where PID and PPS are the unique ones you generated for your environment.
    *!http://communities.intel.com/openport/servlet/JiveServlet/downloadImage/1746/4.JPG!*
         This will create a file called setup.bin in the working directly that you ran usbfile.exe
         Note: <new MEBx Password> is what you want the MEBx password to be. If you using the Intel WS-MAN Translator with SCCM, this should be the same password you configured within SCCM Out of Band Management Properties -> Provisioning setting Section -> MEBx Account.

  2. Using the USB Key Provisioning Utility, you can create a properly formatted USB Key loaded with the setup.bin file that can be used for One Touch Provisioning.
    !http://communities.intel.com/openport/servlet/JiveServlet/downloadImage/1742/5.JPG!

 

 

 

 

--Matt Royer