This message was posted on behalf of Intel Corporation
I'm copying your post here so I can respond inline:
I'm afraid. I can not use SCS. We have remote access over VPN/RDP to the single systems. I do not have direct access to the customer corporate network.
Just throwing out this option here. Is there any way you can have the customer set up a server (you'll probably need to have SQL installed on it and configure based on remote configuration in the SCS User Guide or Deployment Guide) you can vpn/rdp into, Install SCS and then manage the clients that way? Once you are tunneled in and on a server that has rights for the client systems, this should be do-able.
This means I do not have access to the the dedicated AMT Ethernet port. Please correct me if I am wrong.
I need clarification on what you mean here...because if you are doing a direct VPN/RDP to single target host system, then yes, you would have access to the AMT Ethernet port as you are on the system though, correct, you still would not be able to manage it from any other system within your network. If you have the server setup as mentioned above, then, yes.
From my point of view I would rather use EHBC with disabled "User Consent". This should be preset in BIOS by our BIOS vendor.
Definitely, this is an option.
Since we need a solution for mass deployment in production and upgrade in field. All produced devices should be ready for AMT in field.
Is that possible? Can we enable ACM in BIOS by default?Hope this helps and don't hesitate if you have more questions.
My assumption when imagining what you are trying to do, taking in solution for mass deployment in production and upgrade in field, I'm thinking that you are about to do a major refresh, will be receiving the systems in a central location, configuring, possibly imaging, preparing to be sent out to the field. In this case, yes, you can enable ACM through MEBx, so long as you are local to the system. Most systems allow access to the MEBx, through CTRL-P on bootup, though some OEM's integrate it into BIOS. You will need to understand how to access based on your system.
I understand that AMT and its funcionality is a security sensitive technology. On the other hand we need a may to enable AMT if we need it.
If we enable AMT than it should be enabled with our predefined settings.
As mentioned in one of my earlier posts. The systems are headless. No way for MEBx with keyboard and display. Nobody can pres CTRL-P.
My question if we could enable ACM by BIOS is a bit misleadinng. I rather think on a BIOS update because this is possible over remote and Windows.
I would update BIOS that has ACM enabled and User Consens disabled by default.
What do you think? Would that work?