1 Reply Latest reply on Apr 8, 2008 7:37 PM by mveerama

    Intel Director: New AMT Administrator Password

    paolosparvieri

       

      Using Intel Director, I noticed a very strange thing.

       

       

      PC Configuration:

       

      • not branded (local manufacturer);

      • MotherboardDQ965GF (AMT 2.1.3);

      • latest BIOS update (25, Nov, 2007);

      • Windows XP Pro SP2;

      • latest ME drivers;

      • Intel vPro Test Utility (ctpenu03.exe) passed;

       

       

      Environment Configuration:

       

      • Microsoft Windows Server 2003 R2 Domain;

      • Microsoft Windows Server 2003 R2 DNS;

      • Microsoft Windows Server 2003 R2 DHCP;

       

       

      Management Software:

       

      • Landesk Management Suite 8.8 (not used here)

       

      I created a new AMT Profile using Intel Director (v 0.51x).

       

       

       

       

      In the Profile, I changed the administrator's password, and succesfully applied the profile to a couple of Pcs (SMB Provisioning Mode).

       

       

      But I get a strange behaviour:

       

      • I have to use the new password to connect to the PC via Web Interface/Commander/Director;

      • I have to use the original password (the one used when I provisioned the PC) when I go to the BIOS Section of the PC.

       

      It seems like the original password is stored somewhere and can't be changed.

       

       

      Is this a feature or a BUG?

       

       

      This can be a security problem: if someone stoles the Admin Password, there's no way to change the AMT Password for all Pcs.

       

       

      Thanks.

       

       

      Paolo Sparvieri

       

       

       

       

       

        • 1. Re: Intel Director: New AMT Administrator Password
          mveerama

           

          I am not sure about the Director but I think your issue may be related to this.

           

           

          There are two passwords for AMT one is local password you use through bios and the other remote password over network for webUI or ISV console.  The issue is once the local password is changed from default "admin" to any other password then you will not be able to change this password remotely.  The only way I know is to be able to change again locally.  However, you can change the remote password remotely using any tool like webui or any ISV console.  This is by design and we are requesting a change to be able to change the local password throgh SCS server once it has been changed from default "admin" .  I could not tell you if our request will be accepted.  Hope this helps!

           

           

          Mohan.