Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2834 Discussions

Enabling Wired 802.1X Connectivity for Intel® AMT in Microsoft® SCCM SP1 Environment

Steven_D_Intel1
Employee
‎02-26-2009 10:45 AM
1,834 Views

Intel AMT (the management technology included with Intel vPro platforms) has the capability to authenticate with and connect to 802.1X networks

Microsoft SCCM SP1 natively supports Intel vPro functionality, but does not configure Intel AMT 802.1X connection capability during the provisioning process. This means Intel AMT is unable to connect 'Out of Band' (i.e. without the assistance of the client Operating System) to 802.1X networks when provisioned using Microsoft SCCM SP1

In order to support 'Out of Band' management of Intel vPro platforms using Microsoft SCCM in 802.1X network environments, additional configuration of Intel vPro platforms is required after normal SCCM provisioning has completed. The additional configuration can be performed in an automated manner using scripts (referred to as post provisioning scripts)

The ZIP file attachment contains documentation, sample scripts and a copy of Intel Scripting Framework to create and setup a post provisioning script to configure Intel AMT 802.1X connection capability after normal provisioning by Microsoft SCCM. This example uses EAP-TLS type authentication but could be extended to accommodate other 802.1X protocols supported by Intel AMT

From the ZIP file, start with the document "Enabling Wired 802.1X Connectivity with Microsoft SCCM SP1.pdf"

AMTSCCM8021X.zip
0 Kudos

Link Copied

1 Reply
Steven_D_Intel1
Employee
‎03-13-2009 11:22 AM
595 Views

The ZIP attachment for the original posting was amended to include an updated PDF file containing instructions for generating the post-provisioning script using Intel Scripting Framework. Specific changes to the PDF were

Added missing '/' at the end of the Intel WS-MAN Translator URL used when creating client-side scripts

Replaced settings for validating the RADIUS server certificate subject CN with to configure Intel AMT with an 802.1X settings that work with multiple RADIUS servers in environments where more than one RADIUS server is deployed for resilience. Intel AMT will still validate RADIUS server certificate was signed by a trusted PKI chain

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.