Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
Announcements
FPGA community forums and blogs on community.intel.com are migrating to the new Altera Community and are read-only. For urgent support needs during this transition, please visit the FPGA Design Resources page or contact an Altera Authorized Distributor.
3049 Discussions

Intel EMA - Please update documentation of correct Active Directory OU ACL access rights

Horgster
New Contributor I
‎12-18-2020 03:35 AM
916 Views

Hi!

In these days, security is very important when managing Intel AMT and Active Directory.
The current "Intel EMA Server Installation and Maintenance Guide v1.3.3.1" is lacking correct Active Directory ACL permissions.  

The guide is only referring to using "Full Control" within your AMT OU.  From a security perspective this is not recommended and it is important that Intel specifies only the required ACL permissions for OU needed by Intel EMA.

I have tried to use the permissions as documented here, but it apparently that is not sufficient for Intel EMA

https://itpeernetwork.intel.com/tightening-up-intel-scs-service-account-permissions-for-managing-intel-amt-computer-objects-in-microsoft-active-directory/

Please update your guide with correct and the only needed ACL.

Best Regards
Horgster



0 Kudos

Link Copied

0 Replies
Reply

Community support is provided Monday to Friday. Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.