1 Reply Latest reply on Mar 13, 2009 12:22 PM by sdavies

    Enabling Wired 802.1X Connectivity for Intel® AMT in Microsoft® SCCM SP1 Environment

    sdavies

       

      Intel AMT (the management technology included with Intel vPro platforms) has the capability to authenticate with and connect to 802.1X networks

       

      Microsoft SCCM SP1 natively supports Intel vPro functionality, but does not configure Intel AMT 802.1X connection capability during the provisioning process. This means Intel AMT is unable to connect 'Out of Band' (i.e. without the assistance of the client Operating System) to 802.1X networks when provisioned using Microsoft SCCM SP1

       

      In order to support 'Out of Band' management of Intel vPro platforms using Microsoft SCCM in 802.1X network environments, additional configuration of Intel vPro platforms is required after normal SCCM provisioning has completed. The additional configuration can be performed in an automated manner using scripts (referred to as post provisioning scripts)

       

      The ZIP file attachment contains documentation, sample scripts and a copy of Intel Scripting Framework to create and setup a post provisioning script to configure Intel AMT 802.1X connection capability after normal provisioning by Microsoft SCCM. This example uses EAP-TLS type authentication but could be extended to accommodate other 802.1X protocols supported by Intel AMT

       

      From the ZIP file, start with the document "Enabling Wired 802.1X Connectivity with Microsoft SCCM SP1.pdf"

       

        • 1. Re: Enabling Wired 802.1X Connectivity for Intel® AMT in Microsoft® SCCM SP1 Environment
          sdavies

          The ZIP attachment for the original posting was amended to include an updated PDF file containing instructions for generating the post-provisioning script using Intel Scripting Framework. Specific changes to the PDF were

           

          Added missing '/' at the end of the Intel WS-MAN Translator URL used when creating client-side scripts

           

          Replaced settings for validating the RADIUS server certificate subject CN with <Blank> to configure Intel AMT with an 802.1X settings that work with multiple RADIUS servers in environments where more than one RADIUS server is deployed for resilience. Intel AMT will still validate RADIUS server certificate was signed by a trusted PKI chain