Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2875 Discussions

Enabling Wired 802.1X Connectivity for Intel® AMT in Microsoft® SCCM SP1 Environment


Intel AMT (the management technology included with Intel vPro platforms) has the capability to authenticate with and connect to 802.1X networks

Microsoft SCCM SP1 natively supports Intel vPro functionality, but does not configure Intel AMT 802.1X connection capability during the provisioning process. This means Intel AMT is unable to connect 'Out of Band' (i.e. without the assistance of the client Operating System) to 802.1X networks when provisioned using Microsoft SCCM SP1

In order to support 'Out of Band' management of Intel vPro platforms using Microsoft SCCM in 802.1X network environments, additional configuration of Intel vPro platforms is required after normal SCCM provisioning has completed. The additional configuration can be performed in an automated manner using scripts (referred to as post provisioning scripts)

The ZIP file attachment contains documentation, sample scripts and a copy of Intel Scripting Framework to create and setup a post provisioning script to configure Intel AMT 802.1X connection capability after normal provisioning by Microsoft SCCM. This example uses EAP-TLS type authentication but could be extended to accommodate other 802.1X protocols supported by Intel AMT

From the ZIP file, start with the document "Enabling Wired 802.1X Connectivity with Microsoft SCCM SP1.pdf"

0 Kudos
1 Reply

The ZIP attachment for the original posting was amended to include an updated PDF file containing instructions for generating the post-provisioning script using Intel Scripting Framework. Specific changes to the PDF were

Added missing '/' at the end of the Intel WS-MAN Translator URL used when creating client-side scripts

Replaced settings for validating the RADIUS server certificate subject CN with to configure Intel AMT with an 802.1X settings that work with multiple RADIUS servers in environments where more than one RADIUS server is deployed for resilience. Intel AMT will still validate RADIUS server certificate was signed by a trusted PKI chain

0 Kudos