12 Replies Latest reply on Jul 5, 2017 11:25 AM by AlexQc

    Powershell module

    AlexQc

      Hey guys! New here so I'm not sure it's the right place to post this but...

       

      I've started using the IntelvPro Powershell module, but I can't do a simple line:

       

      Get-AMTFirmwareVersion -ComputerName:<ComputerName>

       

      I get the following:

       

      ComputerName                  Property                            Value

      ------------                            --------                                -----

      <ComputerName>              Error                                 Cannot connect

       

      Any ideas as to why?

        • 1. Re: Powershell module
          michael_a_intel

          AlexQc

           

          Hi Alex

           

          Welcome to the community!

           

          For any of the AMT scripts, you can always get the help info by typing:

           

          get-help modulename -full

           

          Example:

          get-help get-amtfirmwareversion -full

           

          If you typed the command as you are showing it:

          Get-AMTFirmwareVersion -ComputerName:<ComputerName>

           

          the result is correct, unless the computer name of the system you are running it on IS ComputerName, then replace with the name of the system and remove the <>, so example:

           

          Get-AMTFirmwareVersion -Computername: michaelspc

           

          Regards,

          Michael

          • 2. Re: Powershell module
            AlexQc

            Hi michael_a_intel,

             

            Of course, I am not typing as seen... I'm replacing the <computername> with the hostname or FQN of a machine

             

            I tried the get-help and my syntax seems okay...

            • 3. Re: Powershell module
              michael_a_intel

              I'm trying to duplicate this in my lab...just wanted to let you know I'm working on it.

              • 4. Re: Powershell module
                AlexQc

                Great! Thank you!

                • 5. Re: Powershell module
                  michael_a_intel

                  AlexQc

                   

                  Okay, I was able to duplicate your issue in my lab.  Couple questions:

                   

                  Did you do a set-executionpolicy remotesigned  ?

                   

                  1.  Are you running the command locally or remotely?

                   

                  I found that if I run the command locally, LMS must be installed and running and you can use either the FQDN or "localhost" .

                   

                  If you are running this command remotely, I was getting an "unauthorized" Value until I put in my credentials:

                   

                  Get-AMTFirmwareVersion -computername computername -username username -password password

                   

                  Once I did that, I got the appropriate results.

                   

                  I'm hoping this helps.

                   

                  Regards,

                  Michael

                  • 6. Re: Powershell module
                    AlexQc

                    I've used a Set-ExecutionPolicy Bypass.

                     

                    I've tried both remotely and locally with the same result.

                     

                    I've tried it using domain administrator credentials... With no success...

                    • 7. Re: Powershell module
                      dariusz.wittek@intel.com

                      Alex,

                       

                      is Intel AMT configured at all?  Is AD Integration configured? Is it configured with TLS on without TLS?

                       

                      In order to use Intel AMT it has to be configured - Manually via MEBx BIOS module, with USB Local configuration, with Host Based Configuration into Client Control Mode or with Remote Configuration into Admin Control Mode.

                       

                      Can you open AMT WebUI by openning web browser (remotely or locally (requires Intel LMS) to http://computername:16992 for non TLS (default for Manual and USB configuration) or https://computername:16993 for TLS setup.
                      If none of those works - Intel AMT may not be configured or your network does not allow TCP traffic on Intel AMT ports 16992-16995 or ... your target system has more than one Wired LAN interface and you are connecting to non Intel AMT one or ... you are connecting to WiFi interface while WiFi card does not support Intel AMT or AMT over WiFi is not yet configured - Manual and USB configuration methods can't do it.

                       

                      • To use TLS - it has to be configured, Manual and USB configuration methods can't do it. If configured  -non-TLS Intel AMT ports will be closed/not used (until you re-enable them)
                      • to use TLS with  IntelvPro Powershell modules you have to mark TLS checkbox in IntelvPro Powershell module GUI or
                        use  -TLS switch in PS command line ex. Get-AMTFirmwareVersion -computername computername -username username -password password -TLS

                       

                      • to use domain accounts you have to configure Intel AMT with AD Integration AND your domain account(s) have to be added to AMT ACL list (for getting FW version General Info real will be enough) - Manual and USB configuration methods can't do it. you may use built in AMT Digest Administrator account - username: admin instead with its strong password you configured while configuring Intel AMT (for Manual and USB configuration it will = your new MEBx Password).\

                       

                      Please provide more details on how Intel AMT was configured and how "console" and "managed" systems are connected.

                      rgds

                      Dariusz Wittek
                      Intel  EMEA Biz Client Technical Sales Specialist

                      • 8. Re: Powershell module
                        AlexQc

                        Thank you Dariusz,

                         

                        Intel AMT is NOT configured in our environment. I hoped I could simply use the module to get the firmware version for an update we are pushing.

                         

                        I'll look into something else, have a good day

                        • 9. Re: Powershell module
                          michael_a_intel

                          AlexQc dariusz.wittek@intel.com

                           

                          Hi Alex,

                           

                          If you are looking for a simple way to pull the firmware version off of your systems, you can utilize the discovery tool for this.  I don't know how many systems you need to pull this information from as the drawback to this is that it'll display on the client side and so your end user would see the prompt and I don't see any way to programmatically pull the firmware info from the registry.  If you have a few systems to run this on, it could be an option:

                           

                          The download is located here:

                          Download INTEL-SA-00075 Detection and Mitigation Tool

                           

                          Regards,

                          Michael

                          • 10. Re: Powershell module
                            AlexQc

                            michael_a_intel

                             

                            Hello again,

                             

                            This tool is good enough, keeps my tech from having to boot in BIOS. Can it be run remotely?

                             

                            Thank you,

                            • 11. Re: Powershell module
                              michael_a_intel

                              AlexQc

                               

                              Hi Alex,

                               

                              I haven't tried performing a remote execution of it through powershell but, I do run it in my lab, where I have an RCS server, an AMT client and a network share.  I can remote into the client using windows remote desktop and run the install from a network share, this drops the files locally and can run the discovery tool from there.  Is that what you were asking?

                               

                              Michael

                              1 of 1 people found this helpful
                              • 12. Re: Powershell module
                                AlexQc

                                michael_a_intel

                                 

                                Hey Michael,

                                 

                                I tried what you proposed, that's pretty much the best I've got so far. So That's how I'll ask them to do it. They have to RDP to the machine to install the firmware anyway.

                                 

                                Thanks for the idea :)

                                 

                                Good day,