Intel® Business Client Software Development
Support for Intel® vPro™ software development and technologies associated with Intel vPro platforms.

WEB interface: Allow anonymous access

theperfectwave
Beginner
2,266 Views

Hi,

the AMT WEB interface offers the page "User Accounts".
At the bottom of the page "User Accounts" there is the following area:

=============================================================
Anonymous access

Configure access for the managed device on this computer.

Allow anonymous access for endpoint access control
------------------------------------------------------------
Submit
=============================================================


We have two questions:

1. What happens when the check-box
Allow anonymous access for endpoint access control
1.a. is checked?

1.b. is unchecked?

2. Where is a good description (online or as pdf-file), which describes
the settings, that can be made in the AMT WEB interface?


Thanks in advance for your helpfull answers.

0 Kudos
3 Replies
Lance_A_Intel
Employee
2,266 Views

Hello,
I believe this setting controls if AMT will check for use of credentials before attempting to connect to a sever used for posture validation when using the Endpoint Access Control feature.
Let me get more info on this.

To learn more about Endpoint Access Control, please view the SDK documentation under the topic "Intel AMT Features > Endpoint Access Control > Detailed Description"

0 Kudos
Ajith_I_Intel
Employee
2,266 Views
Hi,
When you enable end point access control feature in AMT, in the case when OS is up, local AMT SW uses anonymous access to obtain the AMT posture and provide it to the local client that sends the consolidated posture. If you disable this, all of ME access requests need to use configured credentials to obtain ME posture. Along with AMT SW, any of the application that accesses ME device locally can also request the posture and they need to be using the configured credentials.

Thanks,
AI
0 Kudos
Abramson__Jerold
Beginner
2,266 Views

Based on the below documentation, I would say it is best to leave this unchecked, unless you know exactly what you are doing:

Detailed Description

The Endpoint Access Control (EAC) feature enables a network administrator to enforce endpoint access policies. The Intel AMT device (Releases 2.5 through 8.1) has the ability to integrate into Cisco* Network Admission Control (NAC) and Microsoft* Network Access Protection (NAP) systems.

Note:  Beginning in Intel AMT Release 9.0 NAC is no longer supported.

0 Kudos
Reply