After AMT-computers are provisioned by Configuration Manager 2012, you must update their AMT management controller if you change any of the AMT settings or configurations. For example, you might want to add support for wireless networks after a successful trial period on the Ethernet. Computers that are already provisioned for AMT are not automatically reconfigured.

Note
If you manage AMT-based computers on 802.1X authenticated wired or wireless networks you can update the AMT management controllers when the computers are connected to these networks, with the exception of settings in a wireless profile that is currently in use.

To update computers for new AMT settings

You might need to remove the AMT provisioning information because you no longer want the computer managed out of band by Configuration Manager 2012. Or, you no longer trust the computer and decide that its associated certificates and Active Directory account should no longer be available. Another scenario is if you rename a computer that is already provisioned for AMT by Configuration Manager 2012 or move the computer to another domain.

Warning
For more information about renaming or moving AMT-based computers, see the following section in this topic: Renaming AMT-Based Computers and Domain Changes

You have the following options when you remove provisioning information from an AMT-based computer:

• You can remove the configuration data for the management controller (including whether IDE redirection and serial over LAN are enabled, network pings are supported, and the Web interface is enabled) but keep identification information about the computer (including its host name, IP address, and DNS suffix).
  
  
• You can remove both the configuration data and the identification information from the computer.
  
  

Additionally, the following actions are performed when you remove provisioning information:

• The primary site server revokes the certificate that was issued to the AMT-based computer when it was provisioned. The revocation reason is Cease of Operation.
  
  
• The primary site server removes the Active Directory objects that were created during AMT provisioning: The object published to the OU and the computer account added to the universal security group.
  
  
• The primary site server deletes the SPN for the AMT-based computer.
  
  

By default, AMT-based computers automatically reprovision with Configuration Manager if they are in a collection that is configured for the option Enable AMT provisioning. To prevent automatic provisioning, select the option Disable automatic provisioning when you remove provisioning information for the computer.

Note

If you disable automatic reprovisioning and later want to automatically provision these AMT-based computers, right-click the resource, click Manage Out of Band, and then click Enable Automatic AMT Provisioning. If you reassign the client to another Configuration Manager 2012 hierarchy that is configured for AMT provisioning, the automatic AMT provisioning status of disabled is not carried forward to the new hierarchy.

Use the following procedure to remove provisioning information for an AMT-based computer if you no longer want to manage it out of band with Configuration Manager 2012. After you complete the procedure, to confirm that this action is successful, check that the AMT status for the computer changes from Provisioned to Not Provisioned. This check is particularly important if you are removing the provisioning information because the AMT-based computer is no longer trusted. If the status remains as Provisioned, you must manually delete the associated AMT account in Active Directory Domain Services and manually revoke any out of band management certificates that have been issued to the computer.

To remove AMT provisioning information

Renaming AMT-Based Computers and Domain Changes

Concepts