Intel(R) AMT includes several features that provide security for your data. For example, you can define a specific user account that has full rights to all "realms" and can to do remote repair. Other users can be restricted to specific realms such as General Info, Event Log Reader, etc. You also have the capability to define a special Audit user that can log into the Access Monitor (this can be used to trace the activity of the administrators using the redirection feature, for example). Some OEMs also restrict prevent some BIOS settings from being changed remotely.
The user with rights to do the redirection can, for example, boot to an Linux ISO image, mount the drives, and then map the drives to the remote technician's machine for running the dianostics and performing repairs. This is the same access that a typical system administrator has when he logs into your local machine to fix it. File by file encyrption can be used to protect sensitive data--for example, classified documents in encrypted PDF format will still be secure.
With Intel AMT 7, you can configure it in the "client control mode." This mode requires user consent to all redirection operations. You can withhold your consent if you don't trust the technician.
One of our engineers here added this:
I’d add that no one can access the system until it is setup and configured. In other words, you have to turn Intel AMT on. By default, it’s off, so no risk. Also, User Consent works in Admin Control mode as well and can be forced on in MEBx.
Thanks for providing the answers.
Now i have a better understanding of the technology.
Have a nice day!