Intel EMA - Please update documentation of correct Active Directory OU ACL access rights

Intel vPro® Platform

Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander

Intel EMA - Please update documentation of correct Active Directory OU ACL access rights

625 Views

Hi!

In these days, security is very important when managing Intel AMT and Active Directory.
The current "Intel EMA Server Installation and Maintenance Guide v1.3.3.1" is lacking correct Active Directory ACL permissions.

The guide is only referring to using "Full Control" within your AMT OU. From a security perspective this is not recommended and it is important that Intel specifies only the required ACL permissions for OU needed by Intel EMA.

I have tried to use the permissions as documented here, but it apparently that is not sufficient for Intel EMA

https://itpeernetwork.intel.com/tightening-up-intel-scs-service-account-permissions-for-managing-intel-amt-computer-objects-in-microsoft-active-directory/

Please update your guide with correct and the only needed ACL.

Best Regards
Horgster

Link Copied

0 Replies

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.