Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2827 Discussions

Powershell module

ANero1
Beginner
2,986 Views

Hey guys! New here so I'm not sure it's the right place to post this but...

I've started using the IntelvPro Powershell module, but I can't do a simple line:

Get-AMTFirmwareVersion -ComputerName:

I get the following:

ComputerName Property Value

------------ -------- -----

Error Cannot connect

Any ideas as to why?

0 Kudos
12 Replies
MichaelA_Intel
Moderator
1,489 Views

AlexQc

Hi Alex

Welcome to the community!

For any of the AMT scripts, you can always get the help info by typing:

get-help modulename -full

Example:

get-help get-amtfirmwareversion -full

If you typed the command as you are showing it:

Get-AMTFirmwareVersion -ComputerName:

the result is correct, unless the computer name of the system you are running it on IS ComputerName, then replace with the name of the system and remove the <>, so example:

Get-AMTFirmwareVersion -Computername: michaelspc

Regards,

Michael

0 Kudos
ANero1
Beginner
1,489 Views

Hi michael_a_intel,

Of course, I am not typing as seen... I'm replacing the with the hostname or FQN of a machine

I tried the get-help and my syntax seems okay...

0 Kudos
MichaelA_Intel
Moderator
1,489 Views

I'm trying to duplicate this in my lab...just wanted to let you know I'm working on it.

0 Kudos
ANero1
Beginner
1,489 Views
0 Kudos
MichaelA_Intel
Moderator
1,502 Views

AlexQc

Okay, I was able to duplicate your issue in my lab. Couple questions:

Did you do a set-executionpolicy remotesigned ?

1. Are you running the command locally or remotely?

I found that if I run the command locally, LMS must be installed and running and you can use either the FQDN or "localhost" .

If you are running this command remotely, I was getting an "unauthorized" Value until I put in my credentials:

Get-AMTFirmwareVersion -computername computername -username username -password password

Once I did that, I got the appropriate results.

I'm hoping this helps.

Regards,

Michael

0 Kudos
ANero1
Beginner
1,502 Views

I've used a Set-ExecutionPolicy Bypass.

I've tried both remotely and locally with the same result.

I've tried it using domain administrator credentials... With no success...

0 Kudos
Dariusz_W_Intel
Employee
1,502 Views

Alex,

is Intel AMT configured at all? Is AD Integration configured? Is it configured with TLS on without TLS?

In order to use Intel AMT it has to be configured - Manually via MEBx BIOS module, with USB Local configuration, with Host Based Configuration into Client Control Mode or with Remote Configuration into Admin Control Mode.

Can you open AMT WebUI by openning web browser (remotely or locally (requires Intel LMS) to http://computername:16992 for non TLS (default for Manual and USB configuration) or https://computername:16993 for TLS setup.

 

If none of those works - Intel AMT may not be configured or your network does not allow TCP traffic on Intel AMT ports 16992-16995 or ... your target system has more than one Wired LAN interface and you are connecting to non Intel AMT one or ... you are connecting to WiFi interface while WiFi card does not support Intel AMT or AMT over WiFi is not yet configured - Manual and USB configuration methods can't do it.

  • To use TLS - it has to be configured, Manual and USB configuration methods can't do it. If configured -non-TLS Intel AMT ports will be closed/not used (until you re-enable them)
  • to use TLS with IntelvPro Powershell modules you have to mark TLS checkbox in IntelvPro Powershell module GUI or

     

    use -TLS switch in PS command line ex. Get-AMTFirmwareVersion -computername computername -username username -password password -TLS

  • to use domain accounts you have to configure Intel AMT with AD Integration AND your domain account(s) have to be added to AMT ACL list (for getting FW version General Info real will be enough) - Manual and USB configuration methods can't do it. you may use built in AMT Digest Administrator account - username: admin instead with its strong password you configured while configuring Intel AMT (for Manual and USB configuration it will = your new MEBx Password).\

Please provide more details on how Intel AMT was configured and how "console" and "managed" systems are connected.

rgds

Dariusz Wittek

 

Intel EMEA Biz Client Technical Sales Specialist
0 Kudos
ANero1
Beginner
1,502 Views

Thank you Dariusz,

Intel AMT is NOT configured in our environment. I hoped I could simply use the module to get the firmware version for an update we are pushing.

I'll look into something else, have a good day

0 Kudos
MichaelA_Intel
Moderator
1,502 Views

Hi Alex,

If you are looking for a simple way to pull the firmware version off of your systems, you can utilize the discovery tool for this. I don't know how many systems you need to pull this information from as the drawback to this is that it'll display on the client side and so your end user would see the prompt and I don't see any way to programmatically pull the firmware info from the registry. If you have a few systems to run this on, it could be an option:

The download is located here:

https://downloadcenter.intel.com/download/26755 Download INTEL-SA-00075 Detection and Mitigation Tool

Regards,

Michael

0 Kudos
ANero1
Beginner
1,502 Views

michael_a_intel

Hello again,

This tool is good enough, keeps my tech from having to boot in BIOS. Can it be run remotely?

Thank you,

0 Kudos
MichaelA_Intel
Moderator
1,502 Views

AlexQc

Hi Alex,

I haven't tried performing a remote execution of it through powershell but, I do run it in my lab, where I have an RCS server, an AMT client and a network share. I can remote into the client using windows remote desktop and run the install from a network share, this drops the files locally and can run the discovery tool from there. Is that what you were asking?

Michael

0 Kudos
ANero1
Beginner
1,502 Views

michael_a_intel

Hey Michael,

I tried what you proposed, that's pretty much the best I've got so far. So That's how I'll ask them to do it. They have to RDP to the machine to install the firmware anyway.

Thanks for the idea :)

Good day,

0 Kudos
Reply