the AMT WEB interface offers the page "User Accounts".
At the bottom of the page "User Accounts" there is the following area:
Configure access for the managed device on this computer.
We have two questions:
1. What happens when the check-box
1.a. is checked?
1.b. is unchecked?
2. Where is a good description (online or as pdf-file), which describes
the settings, that can be made in the AMT WEB interface?
Thanks in advance for your helpfull answers.
I believe this setting controls if AMT will check for use of credentials before attempting to connect to a sever used for posture validation when using the Endpoint Access Control feature.
Let me get more info on this.
To learn more about Endpoint Access Control, please view the SDK documentation under the topic "Intel AMT Features > Endpoint Access Control > Detailed Description"
When you enable end point access control feature in AMT, in the case when OS is up, local AMT SW uses anonymous access to obtain the AMT posture and provide it to the local client that sends the consolidated posture. If you disable this, all of ME access requests need to use configured credentials to obtain ME posture. Along with AMT SW, any of the application that accesses ME device locally can also request the posture and they need to be using the configured credentials.
Based on the below documentation, I would say it is best to leave this unchecked, unless you know exactly what you are doing:
The Endpoint Access Control (EAC) feature enables a network administrator to enforce endpoint access policies. The Intel AMT device (Releases 2.5 through 8.1) has the ability to integrate into Cisco* Network Admission Control (NAC) and Microsoft* Network Access Protection (NAP) systems.
Note: Beginning in Intel AMT Release 9.0 NAC is no longer supported.