Note: The contents in this post are on topics that are not fully released or implemented.  Content is subject to change at any time.

 

As we began discussing in PowerShell Module for Intel vPro Technology: PowerShell Drives Beta - Part 1 blog, included as part of the PowerShell Module for Intel vPro Technology version 2 we introduced a beta capability of accessing AMT through PowerShell Drives.  The previous blog focused mainly on getting data from AMT through the PowerShell Drive (predominately access the Hardware Inventory, Access Monitor / Audit Log, and Event Log); this blog will looks at a couple examples of getting and setting  AMT configuration from within PowerShell Drive.

 

Before we get too deep into the AMT Configuration within the PowerShell Drive, let take a closer look at the how the data within the AMT PowerShell drive is laid out.  Off the root of the AMT PowerShell Drive, you see four folders:

  • Config
  • HardwareAssets
  • 3PDSStorage
  • Logs

 

 

HardwareAssets and Logs were discussed in the previous blog which stores the information on the AMT Hardware Inventory, the AMT Audit / Access Log, and AMT Event Log.  The content within these folders store read only data directly from the AMT firmware.  3PDSStorage is a mounting location for the accessing the AMT non-volatile memory; however, in a future post, we will cover this in a little more detail.  For now, let’s talk about the Config folder.

 

 

The Config folder is designed for getting and setting items that are directly related to the AMT configuration.  Within the beta implementation, you will see several key folders:

  • AccessMonitor: Configuration setting for AMT Audit log / Access Monitor and identify which AMT events to track
  • ACL: Managing digest and Kerberos users and their associated AMT permissions
  • Etc: General AMT configuration items such as network settings, AMT hostname, protocol to use, and so forth
  • KVM: How KVM Remote Control should behave
  • Redirection: Enabling and disabling of Serial of LAN and IDE-Redirection
  • Setup: Performing the initial AMT setup up
  • 3PDSStorage: Configuration of the AMT non-volatile memory

driveconfigfolder.jpg

 

Manipulating the AMT configuration is easy with use of just a couple core PowerShell commands: New-Item, Set-Item, Get-Item, Remove-Item, Set-ItemProperity, and Get-ItemProperity.

 

Examples on how to set a couple of configuration attributes:

Updating or setting the AMT HostName

Set-Item AMT:\Config\Etc\Hosts\HostName -value:"vproclient"

 

 

Disabling AMT IDE-Redirection:

Set-Item AMT:\Config\Redirection\IderEnabled "False"

 

 

Examples of working with AMT Users:

Creating a New Digest User

New-Item AMT:\Config\ACL\Digest\MyNewUser -Password P@ssw0rd

 

 

Updating the permissions on an AMT user with platform admin rights

Set-ItemProperty AMT:\Config\ACL\Digest\MyNewUser -Name Privileges -Value ADMIN,RESERVED

 

 

Updating the permissions on an AMT user with Remote Control, Redirection, and Event Log rights

Set-ItemProperty AMT:\Config\ACL\Digest\MyNewUser -Name Privileges -Value RC,REDIR,EVTLOG

 

 

Listing the Permission associate to an AMT User

Get-ItemProperty AMT:\Config\ACL\Digest\MyNewUser -Name Privileges

 

 

Removing AMT User:

Remove-Item AMT:\Config\ACL\Digest\MyNewUser

 

 

Related Content:

 

 

--Matt Royer