12 Replies Latest reply on Jul 5, 2017 11:25 AM by AlexQc

    Powershell module


      Hey guys! New here so I'm not sure it's the right place to post this but...


      I've started using the IntelvPro Powershell module, but I can't do a simple line:


      Get-AMTFirmwareVersion -ComputerName:<ComputerName>


      I get the following:


      ComputerName                  Property                            Value

      ------------                            --------                                -----

      <ComputerName>              Error                                 Cannot connect


      Any ideas as to why?

        • 1. Re: Powershell module



          Hi Alex


          Welcome to the community!


          For any of the AMT scripts, you can always get the help info by typing:


          get-help modulename -full



          get-help get-amtfirmwareversion -full


          If you typed the command as you are showing it:

          Get-AMTFirmwareVersion -ComputerName:<ComputerName>


          the result is correct, unless the computer name of the system you are running it on IS ComputerName, then replace with the name of the system and remove the <>, so example:


          Get-AMTFirmwareVersion -Computername: michaelspc




          • 2. Re: Powershell module

            Hi michael_a_intel,


            Of course, I am not typing as seen... I'm replacing the <computername> with the hostname or FQN of a machine


            I tried the get-help and my syntax seems okay...

            • 3. Re: Powershell module

              I'm trying to duplicate this in my lab...just wanted to let you know I'm working on it.

              • 4. Re: Powershell module

                Great! Thank you!

                • 5. Re: Powershell module



                  Okay, I was able to duplicate your issue in my lab.  Couple questions:


                  Did you do a set-executionpolicy remotesigned  ?


                  1.  Are you running the command locally or remotely?


                  I found that if I run the command locally, LMS must be installed and running and you can use either the FQDN or "localhost" .


                  If you are running this command remotely, I was getting an "unauthorized" Value until I put in my credentials:


                  Get-AMTFirmwareVersion -computername computername -username username -password password


                  Once I did that, I got the appropriate results.


                  I'm hoping this helps.




                  • 6. Re: Powershell module

                    I've used a Set-ExecutionPolicy Bypass.


                    I've tried both remotely and locally with the same result.


                    I've tried it using domain administrator credentials... With no success...

                    • 7. Re: Powershell module



                      is Intel AMT configured at all?  Is AD Integration configured? Is it configured with TLS on without TLS?


                      In order to use Intel AMT it has to be configured - Manually via MEBx BIOS module, with USB Local configuration, with Host Based Configuration into Client Control Mode or with Remote Configuration into Admin Control Mode.


                      Can you open AMT WebUI by openning web browser (remotely or locally (requires Intel LMS) to http://computername:16992 for non TLS (default for Manual and USB configuration) or https://computername:16993 for TLS setup.
                      If none of those works - Intel AMT may not be configured or your network does not allow TCP traffic on Intel AMT ports 16992-16995 or ... your target system has more than one Wired LAN interface and you are connecting to non Intel AMT one or ... you are connecting to WiFi interface while WiFi card does not support Intel AMT or AMT over WiFi is not yet configured - Manual and USB configuration methods can't do it.


                      • To use TLS - it has to be configured, Manual and USB configuration methods can't do it. If configured  -non-TLS Intel AMT ports will be closed/not used (until you re-enable them)
                      • to use TLS with  IntelvPro Powershell modules you have to mark TLS checkbox in IntelvPro Powershell module GUI or
                        use  -TLS switch in PS command line ex. Get-AMTFirmwareVersion -computername computername -username username -password password -TLS


                      • to use domain accounts you have to configure Intel AMT with AD Integration AND your domain account(s) have to be added to AMT ACL list (for getting FW version General Info real will be enough) - Manual and USB configuration methods can't do it. you may use built in AMT Digest Administrator account - username: admin instead with its strong password you configured while configuring Intel AMT (for Manual and USB configuration it will = your new MEBx Password).\


                      Please provide more details on how Intel AMT was configured and how "console" and "managed" systems are connected.


                      Dariusz Wittek
                      Intel  EMEA Biz Client Technical Sales Specialist

                      • 8. Re: Powershell module

                        Thank you Dariusz,


                        Intel AMT is NOT configured in our environment. I hoped I could simply use the module to get the firmware version for an update we are pushing.


                        I'll look into something else, have a good day

                        • 9. Re: Powershell module

                          AlexQc dariusz.wittek@intel.com


                          Hi Alex,


                          If you are looking for a simple way to pull the firmware version off of your systems, you can utilize the discovery tool for this.  I don't know how many systems you need to pull this information from as the drawback to this is that it'll display on the client side and so your end user would see the prompt and I don't see any way to programmatically pull the firmware info from the registry.  If you have a few systems to run this on, it could be an option:


                          The download is located here:

                          Download INTEL-SA-00075 Detection and Mitigation Tool




                          • 10. Re: Powershell module



                            Hello again,


                            This tool is good enough, keeps my tech from having to boot in BIOS. Can it be run remotely?


                            Thank you,

                            • 11. Re: Powershell module



                              Hi Alex,


                              I haven't tried performing a remote execution of it through powershell but, I do run it in my lab, where I have an RCS server, an AMT client and a network share.  I can remote into the client using windows remote desktop and run the install from a network share, this drops the files locally and can run the discovery tool from there.  Is that what you were asking?



                              1 of 1 people found this helpful
                              • 12. Re: Powershell module



                                Hey Michael,


                                I tried what you proposed, that's pretty much the best I've got so far. So That's how I'll ask them to do it. They have to RDP to the machine to install the firmware anyway.


                                Thanks for the idea :)


                                Good day,