Before computers can be managed out of band in Configuration Manager 2007 SP1 or later, they must be provisioned by Configuration Manager. You can provision a computer for AMT either in-band (using the Configuration Manager 2007 SP1 or later client) or out of band (without the Configuration Manager 2007 SP1 or later client). In-band provisioning is recommended because it is more secure. Configuration Manager supports provisioning computers by using either method, but only one method can be used for a single computer. Consider the following information to help you decide on which method to use for an AMT-based computer:
- Automatic in-band provisioning with the
Configuration Manager client: This method is suitable for
computers with a management controller and that are running the
Configuration Manager 2007 SP1 or later client. This
provisioning method is recommended because the client uses the
trust relationship already established between the client and the
Configuration Manager infrastructure.
- Automatic out of band provisioning:
This method can be used for new computers that do not have an
operating system installed and when a new computer has an operating
system installed but does not have the Configuration Manager
2007 SP1 or later client installed. You must use out of band
provisioning if you use the Intel translator to provision AMT-based
computers because they have a version of AMT that is not natively
supported by Configuration Manager. Out of band provisioning is
less secure than in-band provisioning because there is no trust
previously established between the computer and the Configuration
Manager infrastructure. In Configuration Manager 2007 SP2, out
of band provisioning is disabled by default. For more information
about the security implications of using out of band provisioning,
see Out of Band
Management Security Best Practices and Privacy Information. As
an alternative to using out of band provisioning for new computers,
consider using operating system deployment to deploy the operating
system and the Configuration Manager 2007 SP1 or later client,
and then provision in-band to benefit from a more secure
provisioning procedure. For more information about using operating
systems deployment, see Operating System
Deployment in Configuration Manager.
Important Out of band provisioning requires that you specify the correct SMBIOS GUID for each computer. The SMBIOS GUID is also known as the UUID, and your computer manufacturer or supplier should be able to provide this value if you cannot locate it.
This provisioning method works within the first 24 hours of the computer booting up from the manufacturer. After this time period, AMT must be activated for another 24-hour time period, or you must use in-band provisioning. Entering a new certificate thumbprint (also known as a certificate hash) will reactivate AMT, as will removing the provisioning information from AMT by configuring the BIOS extensions. For more information, refer to your computer's manufacturer instructions for configuring the BIOS extensions.
|The information in this topic applies only to Configuration Manager 2007 SP1 and later.|
If you have AMT-based computers that are currently managed by another AMT solution and want them to be managed by Configuration Manager, you must decide on a migration strategy. For more information, see Decide How to Migrate from an AMT-Based Management Solution to Out of Band Management in Configuration Manager.
When the Configuration Manager 2007 SP1 or later client is installed on a new computer, Configuration Manager gives preference to in-band provisioning and does not process out of band provisioning requests by the computer. The exception to this preference occurs when you are migrating AMT-based computers by using an export utility.
TasksHow to Provision Computers for AMT
ConceptsConfiguration Manager 2007 SP1 Supported Configurations
Decide How to Migrate from an AMT-Based Management Solution to Out of Band Management in Configuration Manager
Out of Band Management Security Best Practices and Privacy Information