I am developing a process to Pre-Provisioning a fleet of nearly 17,000 HP Compaq DC7900 desktops for AMT. We are in a Windows Systems Center Configuration Manager 2007 environment and utilize an internal Certificate Authority PKI infrastructure with 802.1x enabled. I have successfully pre-provisioned a small set of lab desktops using the UKPU utility which embedded our root CA thumbprint and defined a new MEBx password in our test environment.
Has anyone ever scripted or automated the UKPU utility to run remotely through SMS distributions or SCCM advertisements? Is this a possibility? I am looking for any options I have aside from walking to each individual pc and pre-provisioning manually with USB drive or through WINPE.
As far as I can tell, your only option is to get a "real" certificate for your OOB Management Point. Compared to walking to thousands of Computers, this will be really cheap.
Based on my experience you need to walk to some machines anyway when they get stuck in the provisioning process.
I agree that buying a remote config cert will make your life loads easier. However, if that is absolulty not possible check out the sample app in the AMT SDK called usbfile.exe. It will create setup.bin files, and the source code is included. You could probably do something with a batch file like:
prompt user to insert blank thumb
format thumb FAT16
copy to thumb with usbfile
ME prompts user to press Y
Of course your challenge will be that users will need to insert a thumb drive that works (<=2G, single partition) for USB one touch.
So again, I strongly recomend the remote config cert option.
Thumb Drive Info:
/docs/DOC-1247 http://communities.intel.com/docs/DOC-1247# USB_Provisioning
Remote Config Cert info: