Skip navigation

Microsoft has released a rollup hotfix for SCCM* 2012 that addresses a couple of issues for AMT clients that are externally provisioned with a tool like the Intel® Setup and Configuration Software.  If you are using SCCM* 2012 with the Intel® SCS, or plan  to, this patch is a must-have.


Here’s what has been addressed in Microsoft’s own words:

 

Out of Band Management

  • Power Control and Clear Audit Log collection-based actions fail for externally provisioned AMT clients. The amptopmgr.log file contains entries that resemble the following entry:

Error: CSMSAMTDiscoveryTask::Execute, discovery to client_computer failed. General Worker Thread Pool: Error, Can not execute the task successfully. Remove it from task list.

 


You can get the hotfix at the following URL:

 

http://support.microsoft.com/kb/2717295

We cannot go back to a world without computing any more than we can go back to a world without electricity.  Making computing secure is essential to live up to all that computing has to offer.  Intel and McAfee delivers a new level of hardware-enhanced security that provides unprecedented protection for a safer, more worry-free computing experience from the device to the cloud.

 

Our combined co-engineering efforts are helping to transform the security industry by focusing on implementing a new security approach to help address an escalating threat landscape more effectively.  It is critical that we go deep at providing security within the entire computing stack; we go wide to secure all the devices across the compute continuum. 

 

Check out these videos to see why and how McAfee and Intel is providing hardware-enhanced security.

 

Two of the biggest threats to your data are malware attacks and lost or stolen PCs.  Sometimes despite your best software only securityy measures your PCs and data can be put at risk, which is why Intel and McAfee have developed a multi-layered approach to protect against threats and data thefts.  This comprehensive strategy combines innovative tamper-resistent hardware with leading edge software protection to deliver advanced threat prevention, automated detection, advanced data protection and rapid remediation. In this video, you will learn how innovativeIntel® vPro™ based hardware features combined with McAfee software can provide hardware enhanced protection.

 

McAfee and Intel are working to transform the security industry by combining the power of hardware and software to create more sophisticated ways to help prevent attacks and better protect every segment across the compute continuum. The combination of McAfee and Intel brings fresh innovation to secure the future of computing and the Internet.

 

Today's threat landscape requires a deeper level of security to protect and stop the advanced threats that are being created on a daily basis.  From industrial based attacks to hackavism to embedded based threats, you must be vigilant in deploying a security strategy that is broad and comprehensive.  Check out these updated whitepapers describing the need for a deeper level of security to protect against these advanced threats.

 

Information Technology, with the influence of BYOD, consumer app stores and social media, has changed dramatically in just a few years, and the
security threat has changed along with it. The opportunities for infiltration have grown, and their nature has changed.

 

Intel VP and CISO, Malcolm Harkins, discusses this ever-changing security landscape and Intel’s approach to new and changing threats. For more on this topic, check out the Intel IT audio podcast, “Stopping Security Threats in an Ever-Changing Landscape.”

You might have heard of McAfee ePO Deep Command and how it enables McAfee customers using Intel vPro based PCs to manage security remotely at the hardware level.  Utilizing Intel vPro Active Management (AMT) to take control or access vPro based PCs will enable customers to more efficiently and cost effectively manage security on PCs in their environment. 

 

This in-depth video examineshow McAfee ePO Deep Command uses the Intel vPro technology to provide security management beyond the OS.  This video will drill into the popular use cases of McAfee ePO Deep Command, such as deploying security ahead of an attack, remote remediation and wake and patch.

 

http://www.intel.com/content/www/us/en/enterprise-security/mcafee-epo-deep-command-use-case-video.html

DC Video.jpg

Intel® IT Center invites you to join an upcoming webinar: Are you equipped to prevent stealthy threats?

The threat landscape grows more complex each day. The motivation has changed from fame to gain, and hackers are becoming increasingly sophisticated. Protect valuable data—and defend your organization’s entire computing environment—with hardware-enhanced security.

Intel IT Center Talk to an Expert webinar series
Preventing Stealthy Threats: A Proactive Approach from Intel and McAfee
Thursday, August 23, 2012
9 a.m. Pacific Daylight Time
Register now >


Learn how Intel and McAfee solutions can help you keep up on the evolving cybercrime landscape. Join John Skinner, director of secure enterprise and cloud at Intel, and Ed Metcalf, director of product marketing for Intel solutions at McAfee, for an informative webinar. They’ll discuss how these next generation security solutions are designed to help you:

  • Provide zero-day protection that detects, blocks, quarantines, and removes stealthy threats before damage is done.
  • Proactively block rootkits and other new threats that can’t be detected by traditional security measures.
  • Deploy a preventive security approach that goes beyond the operating system to guard against viruses and malware at the hardware level using McAfee DeepSAFE* technology.

  Also, be sure to ask a question or two during the live question-and-answer session. It’s a great chance to get answers directly from industry experts on IT security.

Register now >

If you don't know them, check out in this slideshare:

Six Irrefutable Laws of Information Security

 

Malcolm Harkins, Intel's VP & Chief Information Security Officer shared these laws in a recent security conference. They provide a great framework for security professionals trying to balance business needs and growth while mitigating enterprise security risks.

 

Thanks,

Elaine

IntelITsme

SCCM.png

Setting Up Manageability Features on the Intel® vPro™ Platform

Intel® vPro™ technology is sophisticated and requires setup and configuration. This is traditionally done with an IT management console.  Because many IT management consoles do not natively support Intel® vPro™ provisioning, Intel® Setup and Configuration Software (SCS) is the preferred method for setting up and enabling the manageability features on the Intel® vPro™ Platform. 

 

Guidance for vPro Implementations Using Microsoft System Center Configuration Manager 2007 

If you are using Microsoft System Center Configuration Manager (SCCM) as your IT management console should follow additional steps (below) to add Intel® Setup and Configuration Software (SCS) to your business processes for configuring manageability capabilities on the Intel® vPro Platform.  This guidance does not instruct how a customer would implement MS SCCM 2007 as their IT management console. 


  • Intel® SCS (version 8.x)
    • Enables IT to automate configuration of manageability features and policies for the Intel® vPro™ Platform, allowing IT management consoles access to these capabilities.
  • Automated Console Integration scripts for MS SCCM 2007 & Intel® SCS 8
    • These set of scripts essentially automate the integration between the IT management console: Microsoft System Center Configuration Manager (SCCM) 2007 and Intel® Setup and Configuration Software (SCS).  This allows Microsoft SCCM 2007 to perform discovery, maintenance, and configuration (using SCS) and invoke IT manageability use cases supported within its native console.

 

  • SCS 8 Use Case Reference Design
    • The UCRD for SCS 8 is for the post-configuration process, which allows MS SCCM 2007 to manage clients that have been provisioned with SCS including how to enable collection based power control operations.  

 

Planning to Upgrade to Microsoft System Center Configuration Manager 2012?

If you plan to upgrade to Microsoft System Center Configuration Manager 2012, this guidance is not applicable. Per Microsoft guidance, upgrades to SCCM 2012 will require unconfiguration of devices in SCCM 2007 first.  A separate process and guidance will be provided to vPro customers who are planning to use MS SCCM 2012.  

 

Have questions? 

If you have any questions or issues, please use the Intel® Setup and Configuration Software Community

Delta Lloyd.jpgSecurity and manageability are two of the most important IT challenges any enterprise faces. In these two new business success stories, you’ll learn how companies are solving them:

 

Find more business success stories like these on Intel.com and iTunes. And to keep up to date on the latest business success stories, be sure to follow ReferenceRoom on Twitter.

omerl

Intel SCS works for me!

Posted by omerl Aug 8, 2012

Let me introduce myself. My name is Omer Livne and I’ve worked for Intel since 2003, in various organizations (from Purchasing to Finance and now IT). During the last 2.5 years I’ve been responsible for vPro activation for Intel IT.

 

Intel® vPro™ technology is a set of security and manageability capabilities built into the Intel Core vPro processor family, Intel chipsets, and network adapters. Intel® AMT is one of vPro core capabilities that provides remote management capabilities of the PC fleet, regardless of the Operating System state or PC power state. In order to use AMT, the IT organization must configure the Management Engine (Intel® ME) and to create a trust between the computer and its IT organization.

 

Intel has a very complex IT environment. Most of our fleet is mobile, many are primary wireless and their IP's keep changing by the minute. We're working around the globe, with over 100K vPro clients.

We've been using different tools while waiting for a comprehensive management solution to help us with configuring and managing our complex environment.

 

When Intel Setup and Configuration Software 7 (SCS 7) was released about a year ago, those of us in IT were really excited.  It provided us with a stable and reliable solution to configure and manage our clients and it could be integrated into our existing IT procedures (i.e - client build, scripts for PC technicians, etc.).

We designed a stable environment which was based on SCS for all AMT activities, and other client management consoles for all OS related client activities. Since it worked so well for us, we even decided to share our experience in a white paper.

 

Now, even though SCS 7 was a huge step forward, it was not quite the optimal solution for all our needs. We still needed to find a way to collect the data from our clients, analyze it and act upon it. Some of the maintenance activities were challenging, and required some creative thinking in using of external utilities. That's where SCS 8.1 came in and solved a lot of these challenges.  By the way, you can get your own free version of Intel SCS 8.1 here

 

We immediately took advantage of its database and diagnostics capabilities, and started to get valuable information from our clients. It provides quick snapshots of the health status of our environment with just a few mouse clicks.

 

One of the great benefits of SCS 8.1 is that it's flexible and can be easily adjusted to any environment. You can define variety of configuration profiles, with or without WLAN support, with or without 802.1x support, with or without CIRA (or FCFH - Fast Call For Help) support, or even just one profile that fits all.

It can be used in a global environment like ours as a single instance or with multiple servers across the globe.  It even has built-in capabilities for configuration and maintenance, as well as hostname mismatch resolution.

 

But the coolest thing about it is the fact that it really simplifies management of our vPro fleet.

 

I can't wait until we complete our full deployment of SCS 8.1 in Intel IT within the coming weeks.  We are looking forward to using the even better management and analysis tools on our vPro fleet. If you ever used vPro, thinking of using it or simply wondering about it, I’ll be happy to hear and assist. Let me know what’s on your mind.

Congratulations on those of you who are now deploying 3rd generation Intel® Core vPro Platforms in your IT environment!

 

For those of you who have purchased systems with the latest Intel Manageability Engine (ME) firmware 8.1, you will need to update your Intel WiFi drivers to 15.2 if you are running Microsoft® Windows® 7.  New and improved wireless Advanced Manageability Technology (AMT) was introduced with ME 8.1 and the updated drivers are required in order for wireless AMT to function.  If you have plans to use Microsoft Windows 8, you must use Intel 15.5 WiFi drivers with ME 8.1 when those drivers become available about a month before Microsoft Windows 8 general availability.

*****************************************

All Intel-provided code snippets in or attached to this blog are provided under the Intel Software Community License unless otherwise specified.

 

Any user submitted code or materials posted on this blog is supplied under license from the submitter, and should be used or downloaded in accordance with any license terms specified. Intel is not responsible for user submitted code nor warrants that it will work correctly.  If no license is provided, you should contact the submitter.

*****************************************


I was showing off setting an Intel vPro Alarmclock to a colleague. He thought it was easy…because it is!

 

PS C:\Users\cdpiper> Set-AMTAlarmClock 192.168.1.101 -Credential $itprocredential -AlarmTime 2012-08-21T11:22:33

 

This tells the platform to power itself on at 11:22:33 on August 21, 2012.

“BUT…” he starts to say. Great – there is always more!

“But what?” I reply.

 

“But what happens if I want to power on the machine at a slightly different time?”

 

Easy! So I quickly wrote a small cmdlet to input the Set-AMTAlarmClock string and a random minute range.

 

Feel free to use this:

[CmdletBinding()]

Param (

                [Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,ValueFromPipeline=$false, position=1, HelpMessage="Alarm Time in YYYY-MM-DDTHH:MM:SS format")][ValidatePattern("[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]T[0-9][0-9]:[0-9][0-9]:[0-9][0-9]")] [string] $AlarmTime,

                [Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,ValueFromPipeline=$false, position=2, HelpMessage="Random minute range to add")][Int] $RandomMinuteRange

)

PROCESS {

                $RandObj = New-Object System.Random

                $TimeObj = [System.DateTime]::Parse($AlarmTime)

                $TimeObj = $TimeObj.AddMinutes($RandObj.next(-$RandomMinuteRange,($RandomMinuteRange+1)))

                write-Output $TimeObj.ToString("yyyy-MM-ddThh:mm:ss")

}

Here is an example of using this with a random 180 minute (three hour) range before or after the specified alarm time:

 

setting single system.PNG

 

“Awesome” I think to myself as I show him.

 

“Looks good for running on a single client. BUT…” he starts to say. Great – what else!?!

 

“…but what about if I want to set a randomized time to lots and lots of systems at once?”

 

Again, this is where the power of Microsoft’s PowerShell really shines. We discuss the different options. You could write another script that randomizes the $date and calls set-AMTAlarmClock for each $item in a list. You could query each system to get the time and then add or subtract x minutes. You could modify the Set-AMTAlarmClock cmdlet to take a random minute range as an input parameter.

 

He opted for the last option since the AMT cmdlets already can take in a list of clients. I agreed to blog about it – so here we go!

I modified the original Set-AMTAlarmClock cmdlet located in the C:\Program Files\Intel Corporation\PowerShell\Modules\IntelvPro directory to include the logic from above. Of course to run this cmdlet after modification your execution policy must not be set to All-Signed.  

using modified Set-AMTAlarmClockRandom.PNG

 

Here is the modified cmdlet:

[CmdletBinding()]

Param (

                [Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,ValueFromPipeline=$true, position=0, HelpMessage="Hostname, FQDN, or IP Address")] [String[]] $ComputerName,

                [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,ValueFromPipeline=$false, HelpMessage="Valid Ports are 16992 (non-TLS) or 16993 (TLS)")][ValidateSet("16992", "16993")] [String] $Port,

                [Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,ValueFromPipeline=$false, position=1, HelpMessage="Alarm Time in YYYY-MM-DDTHH:MM:SS format")][ValidatePattern("[0-9][0-9][0-9][0-9]-[0

-9][0-9]-[0-9][0-9]T[0-9][0-9]:[0-9][0-9]:[0-9][0-9]")] [string] $AlarmTime,

                [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,ValueFromPipeline=$false, HelpMessage="Periodic Interval in DD-HH:MM:SS format")][ValidatePattern("[0-9][0-9]-[0-9][0-9]:[0-9][0-9]:[0

-9][0-9]")] [string] $Interval, 

[Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,ValueFromPipeline=$false, HelpMessage="Use TLS (Port 16993)")] [switch] $TLS,

                [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,ValueFromPipeline=$false, HelpMessage="Digest of Kerberos User")] [string] $Username,

                [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,ValueFromPipeline=$false, HelpMessage="Digest of Kerberos Password")] [string] $Password,

                [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,ValueFromPipeline=$false, position=2, HelpMessage="PS Credential")] [System.Management.Automation.PSCredential] $Credential,

                [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,ValueFromPipeline=$false, HelpMessage="Random minute range to add")][Int] $RandomMinuteRange

 

)

 

PROCESS {

 

$Results = @()

$RandObj = New-Object System.Random

 

#create a connection object

$Connection = New-Object Intel.Management.Wsman.WsmanConnection

 

if ($credential.username.Length -gt 0)

{

$Connection.SetCredentials($credential.Username, $credential.Password) 

}

elseif ($username.length -gt 0)

{

if ($password.length -gt 0)

{

$Connection.SetCredentials($username, $password) 

}

else

{

$cred = Get-Credential $username

$Connection.SetCredentials($cred.Username, $cred.Password)

}

}

 

if ($Port.Length -lt 1) {

if ($TLS.IsPresent) {

$Port = 16993;

}

else {

$Port = 16992;

}

}

 

Foreach ($comp in $ComputerName)

{

$Connection.SetHost($comp, $port)

if($Port -ne "16992")

{

        $GMTError = $false

}

else

{

        $http = [System.Net.WebRequest]::Create("http://"+$Comp+":"+$port+"/logon.htm")

        $httpResponse = $http.GetResponse()

if($httpResponse.StatusCode -eq [System.Net.HttpStatusCode]::OK)

        {

            $amtTime = [System.DateTime]::Parse($httpResponse.GetResponseHeader("Date"))

            $systemTime = [System.DateTime]::Now

            if($amtTime.Hour -ne $systemTime.Hour)

            {

                # AMT Time was not set to UTC

                $GMTError = $true

            }

        }

        $httpResponse.Close()

}

 

$Obj = new-object psobject

$Obj | Add-Member -MemberType noteproperty -Name ComputerName -value $Comp

$Obj | Add-Member -MemberType noteproperty -Name Port -value $port

 

$AlarmClockService_EPR = $Connection.NewReference("http://intel.com/wbem/wscim/1/amt-schema/1/AMT_AlarmClockService")

$AlarmClockService_EPR.AddSelector("SystemName","ManagedSystem")

try

{

        $AlarmClockService = $AlarmClockService_EPR.Get()    

}

catch

{

        $Obj | Add-Member -MemberType noteproperty -Name "Status" -value "Failed"

            $Obj | Add-Member -MemberType noteproperty -Name "NextAlarmTime" -value "[Error]"

            $Obj | Add-Member -MemberType noteproperty -Name "PeriodicInterval" -value "[Error]"

        $Results += $Obj

        continue    

}

if($AlarmTime -ne "")

{

        if ($AlarmTime.EndsWith(":00") -eq $false)

        {

            $replace = $AlarmTime.SubString($AlarmTime.Length-3, 3)

            $NewAlarmTime = $AlarmTime.TrimEnd($replace);

            $NewAlarmTime+= ":00"

            $AlarmTime = $NewAlarmTime

        }

        $SetAlarmTime = $Connection.NewInstance("Datetime")

        try

        {

            $TimeObj = [System.DateTime]::Parse($AlarmTime)

                    $TimeObj = $TimeObj.AddMinutes($RandObj.next(-$RandomMinuteRange,($RandomMinuteRange+1)))

               

        }

        catch

        {

            $Obj | Add-Member -MemberType noteproperty -Name "NextAlarmTime" -value "[Parse Error]"

            $Results += $Obj

            continue

        }

       

        if($GMTError)

        {

            # Local Time

            $SetAlarmTime.Text = $TimeObj.ToString("s")+"Z"

        }

        else

        {

            # Universal Time

            $SetAlarmTime.Text = $TimeObj.ToUniversalTime().ToString("s")+"Z"

        }

        $Obj | Add-Member -MemberType noteproperty -Name "NextAlarmTime" -value $TimeObj.ToString("F")

$AlarmClockService.SetProperty("NextAMTAlarmTime",$SetAlarmTime)

       

}

 

if($Interval -ne "")

{

        if($Interval.Contains("-"))

        {

            $temp = $Interval.Split("-")

            $Day = $temp[0]

            $TimeInterval = $temp[1]

        }

        else

        {

            $Day = "0"

            $TimeInterval = $Interval

        }

        $temp = $TimeInterval.Split(":")

        $hours = $temp[0]

        $minutes = $temp[1]

        $seconds = $temp[2]

       

        $intervalstring = "P0Y0M" + $Day + "DT" + $hours + "H" + $minutes + "M"

        $SetIntervalTime = $Connection.NewInstance("Interval")

        try

        {

            $TimeObj = [System.DateTime]::Parse($AlarmTime)

        }

        catch

        {

            $Obj | Add-Member -MemberType noteproperty -Name "PeriodicInterval" -value "[Error]"

            $Results += $Obj

            continue

        }

 

 

        $SetIntervalTime.Text = $intervalstring

        $Obj | Add-Member -MemberType noteproperty -Name "PeriodicInterval" -value $intervalstring

$AlarmClockService.SetProperty("AMTAlarmClockInterval",$SetIntervalTime)

       

       

}

 

try

{

        $RetVal = $AlarmClockService_EPR.Put($AlarmClockService)

        $Obj | Add-Member -MemberType noteproperty -Name "Status" -value "Successful"

}

catch

{

        $Obj | Add-Member -MemberType noteproperty -Name "Status" -value "Failed"

}

$Results += $Obj

}

 

Write-Output $Results

 

}

 

 

The differences?

Added Line 11:        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,ValueFromPipeline=$false, HelpMessage="Random minute range to add")][Int] $RandomMinuteRange

Added Line 104:      $TimeObj = $TimeObj.AddMinutes($RandObj.next(-$RandomMinuteRange,i($RandomMinuteRange+1)))

 

 

That’s all!

 

Hope he doesn’t ask for more!

Click here to see this image enlarged: Infographic


 

BriForum is a desktop virtualization engineer's dream. This is definitely not a marketing conference.  In fact, independent speakers are not allowed to discuss their companys’ products.  They are to present only on the concepts and issues they came to talk about.  Some of the best minds on the subject are present.  The sessions range from broad philosophy about how virtualization fits into enterprise organizations, to technical deep dives into how page tables are modified by vendors, such as MokaFive, to provide layering of OS, App and User layers, and the problems that can result from doing it wrong. 

 

Intel had a strong presence at BriForum. We had our own booth, where we showed demos of MokaFive Suite,Citrix XenClient Enterprise, and Wanova Mirage all running on Ultrabooks™ from Asus, Acer, and Toshiba.  The idea was to show how these solutions each address a different aspect of the Consumerization of IT.  But it didn’t stop there!  Several desktop management ISVs,such as MokaFive, RES Software, Citrix, Wanova,AppSense, and Scense, also ran their demos on Ultrabooks.   Speaking of Ultrabooks, for many attendees (and even exhibitors), it was the first time they had ever seen or held an Ultrabook in person, which elicited many comments about its weight, size and performance. Some compared it to an iPad, saying that it was lighter than their iPad with the cover on it. Another commented that his employees were leaving their iPads and MacBooks at home and bringing their Ultrabooks to work. One attendee who owned an Ultrabook said that his favorite thing about the Ultrabook is its 6 – 8 hour battery life and that MacBook Air only gives him 2 – 3. Watch the videos of ISVs talking about their favorite features of the Ultrabook here, here, here and here.

 

As for Intel’s session, it was very well received.  In fact, other presenters referenced things from our presentation when they were making a point—in a good way, not as an example of how to do it wrong. Of particular interest were the workspace composition architecture and the idea of Trust Levels.  Some others had hinted at both of these, but I don't think anyone presented it with the clarity we did, and with the work in progress to make it a reality.

 

There was a lot of conversation around FUIT (if you don't know what that is, just spell out the letters and it will become clear).  The clear message is that if IT doesn't deliver what the users want and/or need,  users will go around IT controls, sometimes in creative ways, to get things done.  One such example was a company where there were very solid firewalls between development, pre-prod and prod environments.  No connections
allowed.  So the guys in the lab took EoP (Ethernet over Power) adapters that give you a wireless connection from the power in your house, and created a bridge between the production and development environments. Pretty ingenious, and very cheap.

 

Another subject that came up often is how virtualization in general, and VDI specifically, may have a negative ROI, but has definite "value." You can't try to justify these solutions based on hard ROI.  They are justified based on the value to the user, and ultimately to the company.  Things like employee retention, work flexibility and industry leadership become more important than the dollars being spent to implement the solution.  It is also clear that, like we see, VDI and virtualization are for niche use cases, and not a broad solution for every user.  It is important to understand your use cases then build solutions that fit those use cases.  I think Intel IT does this very well.

 

Of course, BYO was a big topic, and the general consensus—fromlarge organizations to SMBs—is that we all need to do it, but any way we do it is going to suck.  The controls IT has to put in place make the user experience frustrating, but without that, we create too much risk.  Things like remote-wiping the entire device when we should just be able to wipe the work-related apps and data, making users switch back and forth
between work/home environments, and requiring complex passwords on SFF devices are killing us!

 

Security was also a big concern.  It was postulated in one session that security on VDI is not only as bad as a native environment; in some cases it is even worse.  For example, we separate the environments by putting the corporate workspace in the data center.  "Smart thinking," they say – put your clients, where users can install apps, including viruses, in the data center where you have the ability to infect production servers, and where you have them all concentrated to make a DoS attack easier.

 

What was really interesting was hearing from the audience about how they were doing, how implementations were going, what capabilities they had enabled, etc.  I would say that Intel IT is very much ahead of most of the companies represented.

 

Overall, BriForum is a great conference for those who want to hear the latest, cutting edge, independent thinking on desktop management.

 

 


briforum 012.JPG

The Intel booth

 

BriForum 2012.jpg

Our friends running their products on Ultrabooks.

 

General 043.JPG

Ryan Ettl, Intel (left);   Roy Ubry, Intel, (right) giving the Intel session presentation

 

BriForum 024.JPG

Bob Ludwig (right) showing off our Ultrabooks to a captivated BriForum attendee

 

General 062.JPG

Good attendance at the Intel session!

One of the great tools that comes with the Intel® Setup and Configuration Software is the Configurator tool.  It’s a command line tool that you use to configure AMT on your Intel® vPro™ systems. It’s designed with the idea of easy packaging and deployment using standard off-the-shelf tools for software deployment.  The Configurator is capable of doing quite a few different tasks that help you discover, configure and maintain AMT on your Intel® vPro™ clients.  Each of these capabilities has a number of different options you can use to meet specific needs you may have.

 

In order to give you a starting point, I’ve put together a list of some common example command lines that use the configurator to perform a number of common tasks along with brief explanations of what each example will do.  You can find detailed information about the command line options in the Intel® SCS documentation.

 

You can find the command line examples here: http://communities.intel.com/docs/DOC-19537

 

Let me know if there’s a command line you’d like to see added to the list.s

What if you needed to isolate a client due to a security threat event reported within McAfee ePO console?

 

One approach is to utilize the System Defense capabilities of the Intel vPro technology.   A cmdlet within the Intel vPro PowerShell Module can enable the base System Defense filter, view the current System Defense statement, or clear all System Defense filters.

 

Combining that capability with an Auto Response within McAfee ePO is demonstrated and explained in more detail here - https://community.mcafee.com/docs/DOC-4063

Filter Blog

By date: By tag: