Recently I started working with AMT and WS-Eventing and wanted to share a few things I learned along the way. I found the quickest and easiest way to get started was to download the AMT SDK / High Level API (HLAPI) (link) and start digging into the samples there.  It was pretty straight forward to get the samples working and I was actually able to create a subscription to an event and trap the alerts on my SCS server! Great! After that bit of success I wanted to see if I could replicate the functionality in PowerShell.


First off, I needed to load the High Level API assemblies in PowerShell:




As you can see all you need to do is load the HLAPI.DLL and the IWSManClient.DLL. Once loaded we can create a connection to our AMT client and create a subscription to some events.

Next we just need to create a connection to the AMT client. For my test I just used my local machine, digest user and non-TLS:

$auth = [Intel.Manageability.ConnectionInfoEX+AuthMethod]::Digest

$cs = New-Object Intel.Manageability.ConnectionInfoEX(“localhost”,”admin”,”P@ssw0rd”,$False,"",$auth,$null,$null, $null)

$amt = [Intel.Manageability.AMTInstanceFactory]::CreateEX($cs)


We also need to indicate where the “Listener” will be located:

$lstn = ""


We also need to choose what Event filter we want to subscribe to. You can find a list of them and what events they cover at this Link

For my simple demo, I just used the “All Events” filter, basically telling AMT to send me an alert for any event.

$wsfilter = [Intel.Manageability.Events.FilterName]::All


Next we need to indicate the SenderIDType and where you want to place that SenderID. You can read more about this in the HLAPI/SDK documentation here, but your choices here are: CurrentAddress, FQDN, NONE or UUID.

$sidtype = [Intel.Manageability.Events.SenderIDType]::FQDN

$sip = [Intel.Manageability.Events.SenderIDPlacing]::ReferenceParameter


Now we can pull it all together into a “subscription”:

$sub = New-Object Intel.Manageability.Events.Subscription($lstn,$wsfilter,$sidtype)



Now that we have the subscription defined, we can use the connection to our AMT device to apply it:





Now we have a subscription created on our local host that will generate a WSEvent when our filter criteria are met!

I went ahead and modified this a bit and wrapped a GUI around it:



It works great on the command line, but sometimes it’s nice to have that GUI experience as well.


So now we are generating alerts off of AMT events, but how can we “Trap” them?

Let’s create a simple PowerShell / HLAPI based WSevent Trap / Decoder:


It starts out similar to that of the subscriber script, you have to load the HLAPI assemblies:






Next we just need to create a WSEventListener on our “Listening Server” indicating which IPAddress and Port I want to listen on:


$listener = New-Object HLAPI.Services.WSEventListener([IPAddress]::Any,'999')



Now we need to register an Object Event that will fire when we receive an alert:


Register-ObjectEvent $listener OnNewEventArrived -SourceIdentifier $listener.OnNewEventArrived  -Action {write-host ""; write-host "Address: "$Event.SourceEventArgs.Sender ;    write-host "Alert Type: "$Event.SourceEventArgs.EventData.AlertType ;    write-host "Filter Name: "$Event.SourceEventArgs.EventData.IndicationFilterName ;    write-host "Indication Time: "$Event.SourceEventArgs.EventData.IndicationTime ;    write-host "Message: "$Event.SourceEventArgs.EventData.MessageDescription ;  }



Here you can see that when the listener receives data, it fires off an Action. In our case it’s going to write out to the screen some information about the event such as the Alert Type, Filter Name, Indication Time and the Message of the event.


Once we have our listener created, we can start the listener on our server:




Now I have my AMT client ready to send out alerts based on events and we have our listener ready to trap them.

In my demo I used the Get Technical Help icon in the Intel Management and Security Status Icon:




Now when I hit the “Get Technical Help” button or hit the appropriate key sequence during the boot process, I can trap that event on my server:




Since we subscribed to All Events, it will also trap other event alerts. For example I pulled the battery out of my local machine:




There are plenty of options when it comes to creating subscriptions / subscribing to events, be sure to check out the SDK/HLAPI documentation online for more information: Link