Use the AMT User Account Setting dialog box to specify the specific AMT features that are allowed for the specified AMT user account. For example, you can create a security group for tier one support to allow Hardware Information, General Information, and Remote Control, and you can create a different security group for tier three support to allow PT Administration. These management activities are specific to AMT. For more information, see the manufacturer's documentation.

The AMT user accounts or security groups are created and maintained by the Configuration Manager 2007 administrator. You can configure up to eight different entries.

Because Kerberos authentication is used, the user accounts and security groups must exist in an Active Directory domain.

If you change the account in the Configuration Manager 2007 console, computers will not receive the change unless they are re-provisioned.

Use security groups instead of individual user accounts, and then manage access through the security groups.

Create role-based groups to permit access. For example, looking at hardware information is usually a lower risk behavior with a threat of information disclosure, while allowing media redirection could allow a user to boot from the network and then reformat the computer. Therefore, you might want to create a separate group for lower risk behaviors.

Configure the AMT user accounts before provisioning the AMT-based computers. If you configure AMT user accounts after computers are provisioned for AMT, you must manually update the AMT memory for these computers so that they are reconfigured with the new settings.

Tasks