2 Replies Latest reply on Jan 19, 2018 7:13 AM by Phil_from_Ottawa

    Disabling AMT


      Most of our HP workstations have AMT. Our management has decreed that we disable AMT based on the recent security advisory. We've never provisioned our systems. We struggled through running the tools in May to pull inventory on affected systems and deployed updated firmware from HP. The whole experience was exhausting.


      I've read some posts that suggest to disable AMT we need to remove the LMS service as well as delete LMS.exe. In our inventory, only some of our newer systems are running LMS. Is there an alternative way to disable AMT (short of accessing the BIOS of each system) on all our workstations?


      Will ACUConfig.exe offer protection? Should I setup SCS to disable AMT?


      Thanks for any help and advice.

        • 1. Re: Disabling AMT
          Intel Corporation
          This message was posted on behalf of Intel Corporation

          Hi Sandy,

          There is a method to disable AMT in HP BIOS using one of their tools.  You can pull down the tool here:


          On the page, there is also an HP BCU User Guide link, you can use this for reference.

          1.  You'll need to verify the settings on each of the computers because the verbiage in the BIOS differs from model to model.  You can run the tool and do a "get" command on each of the models to find out the correct verbiage.
          2.  Once you find the correct verbiage, you would remotely call WMI to disable AMT on the system.  You can use powershell to do this.

          An example (this was for an unconfiguration):
          $HP_Bios = Get-WmiObject -Namespace root\hp\instrumentedBIOS -Class HP_BiosSettingInterface
          $HP_Bios.SetBiosSetting('Unconfigure AMT on next boot', 'Apply')       
          $HP_Bios.SetBiosSetting('Show Unconfigure ME Confirmation Prompt', 'Disable')

          An example for AMT for this specific model (800G2)

          $HP_Bios = Get-WmiObject -Namespace root\hp\instrumentedBIOS -Class HP_BiosSettingInterface
          $HP_Bios.SetBiosSetting('Active Management (AMT)', 'Disable')

          • 2. Re: Disabling AMT

            Question on this solution. If we do this, what is to stop someone from re-enabling it using the default admin password?

            If that is a risk, then how can we change the default admin password in a script as well?