When computers are provisioned for AMT in Configuration Manager 2007 SP1, they are configured with AMT settings such as whether IDE redirection and serial over LAN are enabled, whether bypassing the BIOS password is allowed, and whether to respond to ping commands. Additionally, they are configured with AMT User Accounts that are used to connect to the AMT-based computer by using the out of band management console.

Note
The information in this topic applies only to Configuration Manager 2007 SP1 and later.

To use the out of band management console, you must configure at least one AMT User Account by specifying a Windows domain global security group or domain user account and then enable the specific AMT rights for that AMT User Account.

Important
If you configure AMT settings and AMT User Accounts after computers are provisioned for AMT, you must update the AMT memory for these computers so that they are reconfigured with the new settings. Computers that are already provisioned for AMT do not dynamically reconfigure with new AMT settings and AMT User Accounts. For more information, see How to Update AMT Settings in Provisioned Computers Using Out of Band Management.

Use the following procedure to configure AMT settings and AMT User Accounts for out of band management.

To configure AMT settings and AMT User Accounts

  1. In the Configuration Manager console, navigate to System Center Configuration Manager / Site Database / Site Management / <site code> – <site name> / Site Settings / Component Configuration.

  2. Right-click Out of Band Management, click Properties, and then click the AMT Settings tab.

  3. To configure AMT User Accounts, perform one of the following actions:

    • To create a new AMT account: Click the New icon, and in the AMT User Account Setting dialog box, specify the Windows user account or security group, select the AMT features to enable for the account, and then click OK. A maximum of 32 accounts that use up to 4 different domains is supported.

    • To edit an existing AMT user account: Select the account, click the Properties icon, and in the AMT User Account Setting dialog box, select or cancel the AMT features to enable for the account, and then click OK.

    • To delete an AMT user account: Select the account, and then click the Delete icon.

  4. In the field Default IDE redirect image, either browse to or type in the default network path and name of the image file (with an .iso or .img file name extension) or type in a drive that is attached to the computer running the out of band management console. This value will be displayed in the out of band management console for when an AMT-based computer is configured to restart using a boot image file.

  5. Applies only to Configuration Manager 2007 SP2. Specify the power state that defines when you want to manage the AMT-based computer out of band.

  6. Select or cancel the configuration options for the following:

    1. Enable Web interface

    2. Enable serial over LAN and IDE redirection

    3. Allow ping responses

    4. Enable BIOS password bypass for power on and restart commands

  7. If you have installed and configured the Intel translator with all default settings on the out of band service point site system server, select Enable support for Intel WS-MAN translator.

  8. Change the value for Kerberos clock tolerance, if required. This is the allowed difference between the clock of the management controller and the timestamp of a received message. (It is used to help eliminate replay attacks.)

  9. Click OK.

See Also