The AD Schema extension and user creation is cryptic to say the least in the installation documentation. The installation instructions do not state what user should be installing the package nor what permissions it needs. Also the instructions state on page 12 that an .LDF AD schema extension script is included and it is not in the release.
As the installer am I to create the user to install SCS
The SCS user that the instructions mention to requests a cert before the install (prep) and the one that is the Main Service User for the install. Is this just an AD user with no privileges other that adding the ones stated (the SCS user must have permissions to issue certificates (Issue and Manage Certificates and Request Certificates permission) on page 37.
If the install extends the AD Schema what user should do the install and what privileges does it need.
The schema extension scripts are installed with the AMTConfServer in "Program filesIntelAMTConfServerAdminScriptsActiveDirectory Schema"
You will need to manually run these scripts under a user account that has sufficient privileges to modify the AD schema. These scripts are only neededif your ISV software is configured to use Kerberos authentication for Intel AMT communication. If you are planning on just using TLS with Digest Authentication then the schema modifications are not required.