Note: The contents in this post are on topics that are not fully released or implemented. Content is subject to change at any time.
As we began discussing in PowerShell Module for Intel vPro Technology: PowerShell Drives Beta - Part 1 blog, included as part of the PowerShell Module for Intel vPro Technology version 2 we introduced a beta capability of accessing AMT through PowerShell Drives. The previous blog focused mainly on getting data from AMT through the PowerShell Drive (predominately access the Hardware Inventory, Access Monitor / Audit Log, and Event Log); this blog will looks at a couple examples of getting and setting AMT configuration from within PowerShell Drive.
Before we get too deep into the AMT Configuration within the PowerShell Drive, let take a closer look at the how the data within the AMT PowerShell drive is laid out. Off the root of the AMT PowerShell Drive, you see four folders:
HardwareAssets and Logs were discussed in the previous blog which stores the information on the AMT Hardware Inventory, the AMT Audit / Access Log, and AMT Event Log. The content within these folders store read only data directly from the AMT firmware. 3PDSStorage is a mounting location for the accessing the AMT non-volatile memory; however, in a future post, we will cover this in a little more detail. For now, let’s talk about the Config folder.
The Config folder is designed for getting and setting items that are directly related to the AMT configuration. Within the beta implementation, you will see several key folders:
- AccessMonitor: Configuration setting for AMT Audit log / Access Monitor and identify which AMT events to track
- ACL: Managing digest and Kerberos users and their associated AMT permissions
- Etc: General AMT configuration items such as network settings, AMT hostname, protocol to use, and so forth
- KVM: How KVM Remote Control should behave
- Redirection: Enabling and disabling of Serial of LAN and IDE-Redirection
- Setup: Performing the initial AMT setup up
- 3PDSStorage: Configuration of the AMT non-volatile memory
Manipulating the AMT configuration is easy with use of just a couple core PowerShell commands: New-Item, Set-Item, Get-Item, Remove-Item, Set-ItemProperity, and Get-ItemProperity.
Examples on how to set a couple of configuration attributes:
Updating or setting the AMT HostName
Set-Item AMT:\Config\Etc\Hosts\HostName -value:"vproclient"
Disabling AMT IDE-Redirection:
Set-Item AMT:\Config\Redirection\IderEnabled "False"
Examples of working with AMT Users:
Creating a New Digest User
New-Item AMT:\Config\ACL\Digest\MyNewUser -Password P@ssw0rd
Updating the permissions on an AMT user with platform admin rights
Set-ItemProperty AMT:\Config\ACL\Digest\MyNewUser -Name Privileges -Value ADMIN,RESERVED
Updating the permissions on an AMT user with Remote Control, Redirection, and Event Log rights
Set-ItemProperty AMT:\Config\ACL\Digest\MyNewUser -Name Privileges -Value RC,REDIR,EVTLOG
Listing the Permission associate to an AMT User
Get-ItemProperty AMT:\Config\ACL\Digest\MyNewUser -Name Privileges
Removing AMT User:
- Version 2 of the PowerShell Module for Intel vPro Technology released
- PowerShell Module for Intel vPro Technology: PowerShell Drives Beta - Part 1
- Download the PowerShell Module for Intel vPro Technology