hit counter script
Dell Precision M4500 Administrator's Manual
  1. Manuals
  2. Brands
  3. Dell Manuals
  4. Laptop
  5. Precision M4500
  6. Administrator's manual

Dell Precision M4500 Administrator's Manual

Intel active management technology v7.0
Hide thumbs Also See for Precision M4500:
Table of Contents

Advertisement

Quick Links

See also: Service Manual , Manual
Intel Active Management Technology v7.0
Administrator's Guide
Overview
Product Overview
Out of Box Experience
Operational Modes
Setup and Configuration Overview
Menus and Defaults
MEBx Settings Overview
ME General Settings
AMT Configuration
Intel Fast Call for Help
MEBx Defaults
ME General Settings
AMT Configuration

Setup and Configuration

Methods Overview
Configuration Service - Using a USB Device
Configuration Service - USB Device Procedure
System Deployment
Operating System Drivers
If you purchased a DELL™ n Series computer, any references in this document to Microsoft
are not applicable.
Information in this document is subject to change without notice.
© 2011 Dell Inc. All rights reserved.
Reproduction of these materials in any manner whatsoever without the written permission of Dell Inc. is strictly forbidden.
Trademarks used in this text: Dell
and Wi-Fi Catcher
are trademarks of Dell Inc. Intel
trademarks of Intel Corporation in the U.S. and other countries. AMD
Sempron
, AMD Athlon
, ATI Radeon
®
Windows Vista
, the Windows Vista start button, and Office Outlook
United States and/or other countries. Blu-ray Disc
®
players. The Bluetooth
word mark is a registered trademark and owned by the Bluetooth
®
under license. Wi-Fi
is a registered trademark of Wireless Ethernet Compatibility Alliance, Inc.
Other trademarks and trade names may be used in this publication to refer to either the entities claiming the marks and names or their products,
Dell Inc. disclaims any proprietary interest in trademarks and trade names other than its own.
March 2011
Rev. A00
, the DELL logo, Dell Precision
®
, Pentium
, and ATI FirePro
are trademarks of Advanced Micro Devices, Inc. Microsoft
; is a trademark owned by the Blu-ray Disc Association (BDA) and licensed for use on discs and
Management
Intel AMT Web GUI
AMT Redirection (SOL/IDE-R)
AMT Redirection Overview
Intel Management and
Security Status Application
Intel Management and Security Status
Application

Troubleshooting

Troubleshooting
, Precision ON
, ExpressCharge
®
®
, Xeon
, Core
, Atom
, Centrino
®
is a registered trademark and AMD Opteron
®
are either trademarks or registered trademarks of Microsoft Corporation in the
®
®
®
Windows
, Latitude
, Latitude ON
®
®
, and Celeron
are registered trademarks or
, AMD Phenom
®
, Windows
SIG, Inc. and any use of such mark by Dell Inc. is
operating systems
, OptiPlex
, Vostro
,
, AMD
®
®
, MS-DOS
,

Advertisement

Table of Contents
loading

Related Manuals for Dell Precision M4500

Summary of Contents for Dell Precision M4500

  • Page 1: Troubleshooting

    Information in this document is subject to change without notice. © 2011 Dell Inc. All rights reserved. Reproduction of these materials in any manner whatsoever without the written permission of Dell Inc. is strictly forbidden. ™ ™...

  • Page 2: Product Overview

    Product Overview Intel Active Management Technology (Intel AMT) allows companies to manage their networked computers easily. Discover computing assets on a network, regardless of whether the computer is turned On or Off – Intel AMT uses information stored in the non-volatile system memory to access the computer. The computer can be accessed even while it is powered Off (also called out-of-band or OOB access).

  • Page 3: Client System Requirements

    Information on this page provided by Intel. ™ NOTE: The Intel Management Engine BIOS Extension (MEBx) is an optional ROM module provided to Dell from Intel that is included in the Dell BIOS. The MEBx has been customized for Dell computers.

  • Page 4: Out Of Box Experience

    Intel AMT 7.0 is shipped in the factory-default state from Dell factories. Setup and Quick Reference Guide Intel AMT overview Backup media Firmware and critical drivers are available on the Resource CD. See the Administrator Guide for detailed information about Intel AMT available on support.dell.com\manuals.

  • Page 5: Operational Modes

    Operational Modes In Intel AMT 5.0 and earlier versions, there were two operational modes – SMB and Enterprise. In Intel AMT 6.0 and AMT 7.0, their functionality has been integrated to provide the same functionality previously available in Enterprise mode. The new configuration options are: Manual Setup and Configuration (available for SMB customers) Automatic Setup...

  • Page 6: Setup And Configuration Overview

    The SCS can create a custom certificate, which can be deployed on the AMT computer by means of a desk-side visit with a specially formatted USB thumb drive as detailed in the Configuration Service section of this document. The SCS could use a custom certificate which was pre-programmed at the Dell factory through the Custom Factory Integration (CFI) process.
  • Page 7 computer with a desk-side visit in one of two ways: The key can be manually typed into the MEBx. The SCS can create a list of custom keys, and put them onto a specially formatted USB thumb drive. Then each AMT computer retrieves a custom key from the specially formatted USB thumb drive during BIOS boot as detailed in the Configuration Service section of this document.
  • Page 8 The MEBx configuration user interface can be accessed on a computer through the following steps: 1. Turn on (or restart) your computer. 2. When the DELL™ logo appears, press <F12> immediately and select MEBx. NOTE: If you wait too long and the operating system logo appears, continue to wait until you see the Microsoft Windows desktop.
  • Page 9 When an IT administrator first enters the Intel MEBx configuration menu with the default password, he or she must change the default password before any feature can be used. The new password must include the following elements: Eight characters, no more than 32 One uppercase letter One lowercase letter A number...

  • Page 10: Change Intel Me Password

    ME General Settings To reach the Intel Management Engine (ME) Platform Configuration page, follow these steps: 1. Under the Management Engine BIOS Extension (MEBx) main menu, select Intel ME General Settings. Press <Enter>. 2. The following message appears: "Acquiring General Settings configuration". The Intel MEBX main menu changes to the Intel ME Platform Configuration page.
  • Page 11 Set PRTC Under the Intel ME Platform Configuration menu select Set PRC and press <Enter>. Valid date range: 1/1/2004 to 1/4/2021. Setting the PRTC value is used for virtually maintaining PRTC during the power-off (G3) state. Type PRTC in GMT (UTC) format (YYYY:MM:DD:HH:MM:SS) and press <Enter>.

  • Page 12: Power Control

    Power Control Under the Intel ME Platform Configuration menu select Power Control and press <Enter>. The Intel Power Control page appears. To comply with ENERGY STAR* and EUP LOT6 requirements, the Intel ME can be turned off in various sleep states. The Intel ME Power Control menu configures the Intel ME platform power related policies.

  • Page 13: Idle Timeout

    The end user administrator can select the desired power package to use depending on the system usage. With Intel ME WoL, after the time-out timer expires, the Intel ME remains in the M-off state until a command is sent to the ME.

  • Page 14: Previous Menu

    This setting is used to set time out value as to define the Intel ME idle timeout in M3 state. The value should be entered in minutes. The value indicates the amount of time that the Intel ME is allowed remain idle in M3 before transitioning to the M- off state.

  • Page 15: Amt Configuration

    AMT Configuration After you configure the Intel Management Engine (ME) feature, you must reboot before configuring the Intel AMT for a clean system boot. The following image shows the Intel AMT configuration menu after a user selects the Intel AMT Configuration option from the Management Engine BIOS Extension (MEBx) main menu.
  • Page 16 RCFG Start Configuration Previous Menu Provisioning Server IPv4/IPv6 Provisioning Server FQDN TLS PSK Set PID and PPS Delete PID and PPS Previous Menu TLS PKI Remote Configuration PKI DNS Suffix Manage Hashes Adding Customized Hash Deleting a Hash Changing the Active State Viewing a Certificate Hash Previous Menu Previous Menu...

  • Page 17: Username And Password

    Username and Password Under the SOL/IDER page select Username and Password and press <Enter>. This option provides the user authentication for SOL/IDER session. If Kerberos* is used, this option should be set to DISABLED. The user authentication is handled through Kerberos. If Kerberos is not used, the IT administrator has the choice to enable or disable user authentication on SOL/IDER session.
  • Page 18 SOL allows the console input/output of an Intel AMT managed client to be redirected to a management server console (if the client system supports SOL). If the system does not support SOL, this value cannot enable it. Option Description Enabled SOL is enabled Disabled SOL is disabled.
  • Page 19 IDER allows an Intel AMT managed client to be booted by a management console from a remote disk image. If the client system does not support IDER, this value cannot enable it. Option Description Enabled IDER is enabled Disabled IDER is disabled. NOTE: Disabling IDER does not remove this feature but prevents it from being used.
  • Page 20 Legacy Redirection Mode controls how the redirection works. If set to disabled, the console needs to open the redirection ports before each session. This is meant for Enterprise consoles and new SMB consoles that support opening the redirection ports. The old SMB consoles (before Intel AMT 6.0) which do not support opening the redirection ports function need to manually turn on the redirection port through this Intel MEBx option.

  • Page 21: User Consent

    The port is left open at all times when redirection is enabled in the Intel MEBx. SMB Enabled consoles before Intel AMT 6.0 require this mode enabled for redirection sessions. Under the SOL/IDER page select KVM and press <Enter>. Option Description Disabled KVM feature is disabled...
  • Page 22 The following options can be selected: Option Description Local User Consent is not required for a remote computer to establish KVM Remote None Control session. Local User Consent is required for a remote computer to establish KVM Remote Control session. Local User Consent is required for SOL, IDER and KVM NOTE: When using Host Based Provisioning, Client mode will override this setting and behave as if the "ALL"...

  • Page 23: Password Policy

    Option Description Disable Remote Control of Disables the remote user's ability to select User OPT-IN Policy. In this case only KVM Opt-in Policy the local user can control the opt-in policy. Enable Remote Control of Enables remote user's ability to select User OPT-IN Policy. KVM Opt-in Policy Previous Menu Under the User Consent Configuration page select Previous Menu and press <Enter>.

  • Page 24: Network Setup

    The options are: Option Description Default The Intel MEBx password can be changed through the network interface if the default password has Password not been changed. Only During Setup The Intel MEBx password can be changed through the network interface during the setup and configuration process but at no other time.

  • Page 25: Domain Name

    1. Host Name Under the Intel ME Network Name Settings select Host Name and press <Enter>. A host name can be assigned to the Intel AMT machine. This will be the hostname of the Intel AMT enabled system. 2. Domain Name...
  • Page 26 Under the Intel ME Network Name Settings select Domain Name and press <Enter>. A domain name can be assigned to the Intel AMT machine. 3. Shared/Dedicated FQDN Under the Intel ME Network Name Settings select Shared/Dedicated FQDN and press <Enter>. This setting determines whether the Intel ME Fully Qualified Domain Name (FQDN) (HostName.DomainName) is shared with the host and identical to the operating system machine name or dedicated to the Intel ME.

  • Page 27: Dynamic Dns Update

    Option Description Dedicated The FQDN domain name is dedicated to ME Shared The FQDN domain name is shared with the Host 4. Dynamic DNS Update Under the Intel ME Network Name Settings select Dynamic DNS Update and press <Enter>. If Dynamic DNS Update is enabled then the firmware will actively try to register its IP addresses and FQDN in DNS using the Dynamic DNS Update protocol.
  • Page 28 NOTE: Periodic Update Interval option is only available when Dynamic DNS Update is enabled. Defines the interval at which the firmware DDNS Update client will send periodic updates. It should be set according to corporate DNS scavenging policy. Units are minutes. A value of 0 disables periodic update. The value set should be equal or greater than 20 minutes.

  • Page 29: Tcp/Ip Settings

    NOTE: The TTL option is only available when Dynamic DNS Update is enabled. This setting allows configuring the TTL time in seconds. This number should be greater than zero. If set to zero firmware uses its internal default value which is 15 min or 1/3 of lease time for DHCP. 7.
  • Page 30 1. DHCP Mode Under Wired LAN IPv4 Configuration select DHCP Mode and press <Enter>. The Wired LAN IPv4 Configuration page appears. Option Description If DHCP mode is disabled, the following static TCP/IP settings are required for Intel AMT. If a system is in static mode the system may require a second IP address. This Disabled IP address, often called the Intel ME IP address may be different from the host IP address.
  • Page 31 DHCP mode disabled. 2. IPv4 Address Select IPv4 Address and press <Enter>. Type the IPv4 Address in the address column and press <Enter>.
  • Page 32 3. Subnet Mask Address Select Subnet Mask Address and press <Enter>. Type the Subnet Mask Address in the address column and press <Enter>. 4. Default Gateway Address...
  • Page 33 Select Default Gateway Address and press <Enter>. Type the Default Gateway Address in the address column and press <Enter>. 5. Preferred DNS Address Select Preferred DNS Address and press <Enter>. Type the Preferred DNS Address in the address column and press <Enter>.
  • Page 34 6. Alternate DNS Address Select Alternate DNS Address and press <Enter>. Type the Alternate DNS Address in the address column and press <Enter>. 7. Previous Menu Under the Wired LAN IPv4 Configuration select Previous Menu and press <Enter>. The TCP/IP Settings menu appears. Wired LAN IPv6 Configuration Under the TCP/IP Settings select Wired LAN IPv6 Configuration and press <Enter>.
  • Page 35 NOTE: The Intel ME network stack supports a multi-homed IPv6 interface. Each network interface can be configured with the following IPv6 addresses: 1. One link local auto-configured address 2. Three auto-configured global addresses 3. One DHCPv6 configured address 4. One statically configured IPv6 address 1.
  • Page 36 ENABLED, select 'Enabled' and press <Enter>. IPv6 Feature Selection enabled as more configuration allowed. 2. IPv6 Interface ID Type Under the Wired LAN IPv6 Configuration select IPv6 Interface ID Type and press <Enter>. The auto-configured IPv6 address consists of two parts, the IPv6 Prefix set by the IPv6 router is the first and the interface ID is following part (64 bits each).
  • Page 37 The IPv6 Interface ID is automatically generated using a random number as described in RFC Random ID 3041. This is the default option. Intel ID The IPv6 Interface ID is automatically generated using the MAC address. The IPv6 Interface ID is configured manually. Selecting this type requires that the Manual Manual ID Interface ID is set with a valid value.
  • Page 38 3. IPv6 Address Under the Wired LAN IPv6 Configuration select IPv6 Address and press <Enter>. Type the IPv6 Address and press <Enter>. 4. IPv6 Default Router Under the Wired LAN IPv6 Configuration select IPv6 Default Router and press <Enter>.
  • Page 39 Type the IPv6 Default Router and press <Enter>. 5. Preferred DNS IPv6 Address Under the Wired LAN IPv6 Configuration select Preferred DNS IPv6 Address and press <Enter>. Type the Preferred DNS IPv6 Address and press <Enter>. 6. Alternate DNS IPv6 Address Under the Wired LAN IPv6 Configuration select Alternate DNS IPv6 Address and press <Enter>.
  • Page 40 7. Previous Menu Under the Wired LAN IPv6 Configuration select Previous Menu and press <Enter>. The TCP/IP Settings menu appears. Wireless LAN IPv6 Configuration Under the TCP/IP Settings select Wireless LAN IPv6 Configuration and press <Enter>. The Wireless LAN IPv6 Configuration page appears.
  • Page 41 1. IPv6 Feature Selection Under the Wireless LAN IPv6 Configuration select IPv6 Feature Selection and press <Enter>. 2. IPv6 Interface ID Type Under the Wired LAN IPv6 Configuration select IPv6 Interface ID Type and press <Enter>. The auto-configured IPv6 address consists of two parts: IPv6 Prefix (set by the IPv6 router) Interface ID (64 bits each) Option...
  • Page 42 To select Manual ID: 1. Select Manual ID. 2. Press <Enter>. A new option of IPV6 Interface ID will be displayed below IPV6 Interface ID Type. 3. Select IPV6 Interface ID. 4. Press <Enter>. 5. Type the preferred Manual ID. 3.
  • Page 43 Under the Wireless LAN IPv6 Configuration select Previous Menu and press <Enter>. The TCP/IP Settings menu appears. Previous Menu Under the TCP/IP Setting menu select Previous Menu and press <Enter>. The Intel ME Network Setup menu appears. Previous Menu Under the Intel ME Network Setup menu select Previous Menu and press <Enter>. The AMT Configuration menu appears.
  • Page 44 Select Y to unconfigure. Select Full Unprovisioning and press <Enter>. Option Description The IPv6 Interface ID is automatically generated using a random number as described in RFC 3041. This is the default. Full Unprovision Full unprovision will unprovision AMT and remove all the PID/PPS...
  • Page 45 information or any new certificate information populated. The IPv6 Interface ID is automatically generated using the MAC address. Partial Unprovision Partial Unprovisoin will unprovision AMT but will retain PID/PPD information entered or any new certification information entered. Unprovisioning in progress. Remote Setup and Configuration Under the Intel AMT Configuration select Remote Setup and Configuration and press <Enter>.
  • Page 46 Current Provisioning Mode Under the Automated Setup and Configuration select Current Provisioning Mode and press <Enter>. Current Provisioning Mode – Displays the current provisioning TLS Mode: None, PKI, or PSK. Provisioning Record...
  • Page 47 Under the Automated Setup and Configuration select Provisioning Record and press <Enter>. Provisioning Record – Displays the system's provision PSK/PKI record data. If the data has not been entered, the Intel MEBx displays a message stating "Provision Record not present". If the data is entered, the Provision record will display as below: Option Description...

  • Page 48: Start Configuration

    Under the Intel Automated Remote Setup and Configuration menu select RCFG and press <Enter>. The Intel Remote Configuration page appears. Start Configuration Under the Intel Remote Configuration menu select Start Configuration and press <Enter>. If Remote Configuration is not activated, Remote configuration cannot occur. To activate (enable) remote configuration, select Y.
  • Page 49 Previous Menu Under the Intel Remote Configuration menu select Previous Menu and press <Enter>. The Intel Automated Setup and Configuration page appears. Provisioning Server IPv4/IPv6 Under the Intel Automated Setup and Configuration menu select Provisioning Server IPv4/IPv6 and press <Enter>. 1.
  • Page 50 Provisioning Server FQDN Under the Intel Automated Remote Setup and Configuration menu select Provisioning Server FQDN and press <Enter>. Type the FQDN of the provisioning server and press <Enter>. FQDN of the provisioning server mentioned in the certificate (PKI only). This is also the FQDN of the server that AMT sends hello packets to for both PSK and PKI.
  • Page 51 TLS PSK Under the Intel Automated Setup and Configuration menu select TLS PSK and press <Enter>. The Intel TLS PSK Configuration page appears. This submenu contains the settings for TLS PSK configuration settings Set PID and PPS Under the Intel TLS PSK Configuration menu select Set PID and PPS and press <Enter>. Type the PID and press <Enter>.
  • Page 52 Setting the PID/PPS will cause a partial unprovision if the setup and configuration is "In-process". The PID and PPS should be entered in the dash format. (for example: PID: 1234-ABCD ; PPS: 1234-ABCD-1234-ABCD-1234-ABCD-1234-ABCD). NOTE: A PPS value of '0000-0000-0000-0000-0000-0000-0000-0000' will not change the setup configuration state. If this value is used, the setup and configuration state will remain 'Not-started'.

  • Page 53: Remote Configuration

    Under the Intel TLS PSK Configuration menu select Delete PID and PPS and press <Enter>. This option deletes the current PID and PPS stored in Intel ME. If the PID and PPS were not entered previously, the Intel MEBx will return an error message. To delete the PID and PPS entries, select Y, else N.
  • Page 54 PKI DNS Suffix Under the Intel Remote Configuration menu select PKI DNS Suffix and press <Enter>. Type the PKI DNS Suffix and press <Enter>. Key Value will be maintained in the EPS. Manage Hashes...
  • Page 55 Under the Intel Remote Configuration menu select Manage Hashes and press <Enter>. Selecting this option will enumerate the hashes in the system and display the Hash Name and the active and default state. If the system does not contain any hashes yet, Intel MEBx will display the following screen. Answering 'Yes' will begin the process of adding customized hash.
  • Page 56 When the Insert key is pressed in the Manage Certificate Hash screen, the following screen is displayed. To add a customized certificate hash: Type the hash name (up to 32 characters). When you press <Enter>, you are prompted to select the algorithm of hash being used for PKI provisioning. Type Y if SHA1 is being used, otherwise enter N. The supported hash algorithms are: 1.
  • Page 57 3. SHA2-384 If SHA1 is not chosen, in the next screen you are prompted to select the option of supported SHA2 algorithm. Type Y if SHA256 is being used, otherwise enter N. When SHA256 is not chosen, in the next screen, type Y to select SHA2-384. If N is entered, an error message will be shown to prompt the user to select one supported algorithm.
  • Page 58 After selecting desired Hash Algorithm, you are prompted to type the certificate hash value. The Certificate hash value is a hexadecimal number (for SHA-1 it is 20 bytes for SHA-2 it is 32 bytes). If the value is not entered in the correct format, the message "Invalid Hash Certificate Entered - Try Again" is displayed. When you press <Enter>, you are prompted to set the active state of the hash.
  • Page 59 Your response sets the active state of the customized hash as follows: Yes – The customized hash will be marked as active. No (Default) – The customized hash will add to the EPS but will not be active. Deleting a Hash When the Delete is pressed in the Manage Certificate Hash screen, the following screen is displayed.
  • Page 60 This option allows deleting of the selected certificate hash. Yes – Intel MEBx sends the firmware a message to delete the selected hash. No – Intel MEBx does not delete the selected hash, and returns to Remote Configuration. Changing the Active State When the + is pressed in the Manage Certificate Hashes screen, the following screen is displayed as seen in the following screen.
  • Page 61 The details of the selected certificate hash are displayed to the user and include the following: Hash Name Certificate Hash Data Active and Default States Previous Menu Under the Intel Remote Configuration menu select Previous Menu and press <Enter>. The Intel Automated Setup and Configuration page appears. Previous Menu Under the Intel Automated Setup and Configuration menu select Previous Menu and press <Enter>.

  • Page 62: Putting It All Together

    Once the feature has been fully configured, there are three methods for initiating an Intel Fast Call for help session. These include: At the Dell splash screen press <Ctrl><h>. At the Dell splash screen press <F12> for the One Time Boot Menu. Select the last option titled Intel Fast Call for Help. From Windows: 1.
  • Page 63 ME General Settings The table below lists the default settings for the Intel Management Engine BIOS Extension (MEBx) on general settings page. Password Password admin Change Intel ME Password Change Intel ME Password blank SET PRTC Set PRTC blank Power Control Power Control Mobile: ON is S0 Intel ME ON in Host Sleep...
  • Page 64 AMT Configuration The table below lists the default settings for the Intel Management Engine BIOS Extension (MEBx) on AMT configuration page. Manageability/Feature Selection SOL/IDER Disabled Username and Password Enabled * Disabled Enabled * Disabled IDER Enabled * Disabled Legacy Redirection Mode Enabled * Disabled Enabled *...
  • Page 65 IPv4 Address 0.0.0.0 Subnet Mask Address 0.0.0.0 Default Gateway Address 0.0.0.0 Preferred DNS Address 0.0.0.0 Alternate DNS Address 0.0.0.0 Wired LAN IPv6 Configuration Disabled * IPv6 Feature Selection Enabled Below configuration page will only available if enabled selected Random ID * IPv6 Interface ID Type Intel ID Manual ID...

  • Page 66: Methods Overview

    Methods Overview As discussed in the Setup and Configuration Overview section, the computer has to be configured before the Intel AMT capabilities are ready to interact with management application. There are three methods to complete the provisioning process (from least complex to most complex): Configuration service —...

  • Page 67: Using A Usb Device

    USB provisioning only works if the MEBx password is set to the factory default of admin. If the password has been changed, reset it to the factory default by clearing the CMOS. The following is a typical USB drive key setup and configuration procedure. For a detailed walk-through using Altiris Dell Client Manager (DCM), refer to the USB device procedure page.
  • Page 68 USB Device Procedure Dell Client Management (DCM) application is the default console package provided. This section provides the procedure to set up and configure Intel AMT with the DCM package. As mentioned earlier in the document, several other packages are available through third-party vendors.
  • Page 69 4. Click the <+> to expand the Intel AMT Getting Started section.
  • Page 70 5. Click the <+> to expand the Section 1. Provisioning section.
  • Page 71 6. Click the <+> to expand the Basic Provisioning (without TLS) section.
  • Page 72 7. Select Step 1. Configure DNS. 8. The notification server with an out-of-band management solution installed must be registered in DNS as "ProvisionServer."...
  • Page 73 9. Click Test on the DNS Configuration screen to verify that DNS has the ProvisionServer entry and that it resolves to the correct Intel Setup and Configuration Server (SCS).
  • Page 74 10. The IP address for the ProvisionServer and Intel SCS are now visible.
  • Page 75 11. Select Step 2. Discovery Capabilities.
  • Page 76 12. Verify that the setting is Enabled. If Disabled, select the check box next to Disabled and click Apply.
  • Page 77 13. Select Step 3. View Intel AMT Capable Computers.
  • Page 78 14. Any Intel AMT capable computers on the network are visible in this list.
  • Page 79 15. Select Step 4. Create Profile.
  • Page 80 16. Click the plus symbol to add a new profile.
  • Page 81 17. On the General tab the administrator can modify the profile name and description along with the password. The administrator sets a standard password for easy maintenance in the future. Select the manual radio button and type a new password.
  • Page 82 18. The Network tab provides the option to enable ping responses, VLAN, WebUI, Serial over LAN, and IDE Redirection. If you are configuring Intel AMT manually, all these settings are also available in the MEBx. 19. The TLS (Transport Layer Security) tab provides the ability to enable TLS. If enabled, several other pieces of information are required including the certificate authority (CA) server name, CA common name, CA type, and certificate template.
  • Page 83 20. The ACL (access control list) tab is used to review users already associated with this profile and to add new users and define their access privileges. 21. The Power Policy tab has configuration options to select the sleep states for Intel AMT as well as an Idle Timeout setting.
  • Page 84 22. Select Step 5. Generate Security Keys.
  • Page 85 23. Select the icon with the arrow pointing out to Export Security Keys to USB Key.
  • Page 86 24. Select the Generate keys before export radio button.
  • Page 87 25. Type the number of keys to generate (depends on the number of computers that need to be provisioned). The default is 50. 26. The Intel ME default password is admin. Configure the new Intel ME password for the environment.
  • Page 88 27. Click Generate. Once the keys have been created, a link appears to the left of the Generate button. 28. Insert the previously formatted USB device into a USB connector on the ProvisioningServer.
  • Page 89 29. Click the Download USB key file link to download setup.bin file to the USB device. The USB device is recognized by default; save the file to the USB device. NOTE: If additional keys are needed in the future, the USB device must be reformatted before saving the setup.bin file to it.
  • Page 90 c. Click Close in the Download complete dialog box. 30. The setup.bin file is now visible in the drive explorer window.
  • Page 91 31. Close the Export Security Keys to USB Key and drive explorer windows to return to the Altiris Console. 32. Insert the USB device and turn on the computer. The USB device is recognized immediately and you are prompted to Continue with Auto Provisioning (Y/N) 33.
  • Page 92 34. Once complete, turn off the computer and move back to the management server. 35. Select Step 6. Configure Automatic Profile Assignments.
  • Page 93 36. Verify that the setting is enabled. In the Intel AMT 2.0+ dropdown, select the profile created previously. Configure the other settings for the environment.
  • Page 94 37. Select Step 7. Monitor Provisioning Process.
  • Page 95 38. The computers for which the keys were applied are updated in the system list. At first the status is Unprovisioned, then the system status changes to In provisioning, and finally it changes to Provisioned at the end of the process.
  • Page 96 39. Select Step 8. Monitor Profile Assignments.
  • Page 97 40. The computers for which profiles were assigned appear in the list. Each computer is identified by the FQDN, UUID, and Profile Name columns.
  • Page 98 41. Once the computers are provisioned, they are visible under the Collections folder in All configured Intel AMT computers.

  • Page 100: System Deployment

    System Deployment Once you are ready to deploy a computer to a user, plug the computer into a power source and connect it to the network. Use the integrated Intel 82566DM Network Interface Card (NIC). Intel Active Management Technology (Intel AMT) does not work with any other NIC solution.

  • Page 101: Operating System Drivers

    Once you install the SOL/LMS driver, the PCI Serial Port entry becomes the Intel Active Management Technology - SOL (COM3) entry. The Intel AMT Host Embedded Controller Interface (HECI) driver is available on support.dell.com and on the ResourceCD under Chipset Drivers. The driver is labeled Intel AMT HECI. Install the driver by double-clicking on the installer.

  • Page 102: Intel Amt Web Gui

    Intel AMT Web GUI The Intel AMT WebUI is a Web browser-based interface for limited remote computer management. The WebUI is often used as a test to determine if Intel AMT setup and configuration was performed properly on a computer. A successful remote connection between a remote computer and the host computer running the WebUI indicates proper Intel AMT setup and configuration on the remote computer.
  • Page 103 AMT Redirection Overview Intel AMT makes it possible to redirect serial and IDE communications from a managed client to a management console regardless of the boot and power state of the managed client. The client need only have the Intel AMT capability, a connection to a power source, and a network connection.
  • Page 104 Intel Management and Security Status Application Intel Management and Security Status (IMSS) is an application that displays information about a platform‘s Intel Active Management Technology (Intel AMT) and Intel Standard Manageability services. The IMSS icon indicates whether Intel AMT and Intel Standard Manageability are running on the platform. The icon is located in the notification area.
  • Page 106 NOTE: When the user logs on to Windows the Intel Management and Security Status application may start automatically. The icon will be loaded to the notification area only if Intel AMT or Intel Standard Manageability is enabled on the platform. If the Intel Management and Security Status application is started manually (via the Start menu), the icon is loaded even if none of these technologies are enabled, as long as all the drivers have been installed.

  • Page 107: Troubleshooting

    Troubleshooting This page describes a few basic troubleshooting steps to follow if problems are experienced with the Intel AMT configuration. Check DSN for more troubleshooting options. Return to Default Return to Default is also known as un-provisioning. An Intel AMT setup and configured computer can be un-provisioned using the Unconfigure Network Access option on the ME General Settings screen.

Table of Contents