Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2917 Discussions

Automatically Create a Digest User and Password in AMT

idata
Employee
1,488 Views

Hi, I'm trying to create a PowerShell script to automatically create a digest user account and password in AMT and be able to add the account even if the workstation is powered down.

I've been testing the New-Item AMT:\Config\ACL\Digest\"Username" option as described in the following URL: /community/openportit/vproexpert/microsoft-vpro/blog/2011/03/30/powershell-module-for-intel-vpro-technology-version-30-amtsystem-powershell-drive-provider http://communities.intel.com/community/openportit/vproexpert/microsoft-vpro/blog/2011/03/30/powershell-module-for-intel-vpro-technology-version-30-amtsystem-powershell-drive-provider - however, I get prompted to manually enter a password which I'm need to avoid.

The objective of what I'm trying to achieve is the following:

1. The workstation is vPro enabled using SCS and the default digest admin account and the password is set using the Digest Master Password feature in the SCS. (I cannot use TLS/Kerberos and cannot set a digest account in the profile either).

2. PROBLEM: As you cannot establish a SOL session using the default admin account and DMP (as the DMP is 44 characters in lengths and currently SOL only accepts a maximum password length of 32 character), I want to write a script in PowerShell to connect to the vPro enabled workstation and create a digest account and password automatically. – For additional information on this please refer to: /message/152489 http://communities.intel.com/message/152489

3. I'll then Invoke-AMTForceBoot to establish a SOL session, and once complete, automatically delete the account again.

Below is a copy of the script I'm working on and it works fine when I manually enter the password for the created digest user when prompted (Currently in the script I'm prompting for the hostname and default admin account and DMP, however I'll be passing these through from the extended script automatically)

# Begin flow template

Import-Module 'IntelvPro'

$hostname = read-Host ("Workstation Name")

$Cred_DMP = Get-Credential # DMP Credentials

# Add Digest User Account for SOL connection

New-PSDrive -Name AMT -PSProvider amtsystem -Root "/" -ComputerName $hostname -Credential $Cred_DMP

New-Item AMT:\Config\ACL\Digest\TestUser # Digest Username is hard coded

At this section part I get prompted to enter a password for the digest user account 'TestUser'

Set-ItemProperty AMT:\Config\ACL\Digest\TestUser -Name Privileges -Value RC,REDIR,EVTLOG

# Connect to workstation with SOL

Invoke-AMTForceBoot -ComputerName $hostname -Port 16992 -Operation reset -Device BIOSSetup -Console SOL -SOLTerminalPath "telnet" -SOLTerminalArgList "-t ANSI 127.0.0.1 %Port" -Username TestUser -Password P@ssw0rd

Currently the username and password is both hard coded, but aiming to be able to pass this through as –Credential $SOL_CRED

# Remove Digest User Account for SOL

Start-Sleep -Seconds 40

Remove-Item AMT:\Config\ACL\Digest\TestUser

Remove-Module 'IntelvPro'

# End flow template

As mentioned before, when I run the script and manually enter the password for the created digest user 'TestUser' the script works as it should.

It would be create if I could get a script to create the necessary digest account and password automatically.

Regards,

Pierre

0 Kudos
1 Reply
Christophe_P_Intel1
678 Views

Good catch. I found the issue in the code and we are working on fixing it. The next build of the module is due in a late june/early july, I will post when it goes live.

0 Kudos
Reply