Hi michael_a_intel,

Of course, I am not typing as seen... I'm replacing the with the hostname or FQN of a machine

I tried the get-help and my syntax seems okay...

I'm trying to duplicate this in my lab...just wanted to let you know I'm working on it.

Great! Thank you!

AlexQc

Okay, I was able to duplicate your issue in my lab. Couple questions:

Did you do a set-executionpolicy remotesigned ?

1. Are you running the command locally or remotely?

I found that if I run the command locally, LMS must be installed and running and you can use either the FQDN or "localhost" .

If you are running this command remotely, I was getting an "unauthorized" Value until I put in my credentials:

Get-AMTFirmwareVersion -computername computername -username username -password password

Once I did that, I got the appropriate results.

I'm hoping this helps.

Regards,

Michael

I've used a Set-ExecutionPolicy Bypass.

I've tried both remotely and locally with the same result.

I've tried it using domain administrator credentials... With no success...

Alex,

is Intel AMT configured at all? Is AD Integration configured? Is it configured with TLS on without TLS?

In order to use Intel AMT it has to be configured - Manually via MEBx BIOS module, with USB Local configuration, with Host Based Configuration into Client Control Mode or with Remote Configuration into Admin Control Mode.

Can you open AMT WebUI by openning web browser (remotely or locally (requires Intel LMS) to http://computername:16992 for non TLS (default for Manual and USB configuration) or https://computername:16993 for TLS setup.

 

If none of those works - Intel AMT may not be configured or your network does not allow TCP traffic on Intel AMT ports 16992-16995 or ... your target system has more than one Wired LAN interface and you are connecting to non Intel AMT one or ... you are connecting to WiFi interface while WiFi card does not support Intel AMT or AMT over WiFi is not yet configured - Manual and USB configuration methods can't do it.

• To use TLS - it has to be configured, Manual and USB configuration methods can't do it. If configured -non-TLS Intel AMT ports will be closed/not used (until you re-enable them)
• to use TLS with IntelvPro Powershell modules you have to mark TLS checkbox in IntelvPro Powershell module GUI or

   

  use -TLS switch in PS command line ex. Get-AMTFirmwareVersion -computername computername -username username -password password -TLS

• to use domain accounts you have to configure Intel AMT with AD Integration AND your domain account(s) have to be added to AMT ACL list (for getting FW version General Info real will be enough) - Manual and USB configuration methods can't do it. you may use built in AMT Digest Administrator account - username: admin instead with its strong password you configured while configuring Intel AMT (for Manual and USB configuration it will = your new MEBx Password).\

Please provide more details on how Intel AMT was configured and how "console" and "managed" systems are connected.

rgds

Dariusz Wittek

 

Intel EMEA Biz Client Technical Sales Specialist

Thank you Dariusz,

Intel AMT is NOT configured in our environment. I hoped I could simply use the module to get the firmware version for an update we are pushing.

I'll look into something else, have a good day

Hi Alex,

If you are looking for a simple way to pull the firmware version off of your systems, you can utilize the discovery tool for this. I don't know how many systems you need to pull this information from as the drawback to this is that it'll display on the client side and so your end user would see the prompt and I don't see any way to programmatically pull the firmware info from the registry. If you have a few systems to run this on, it could be an option:

The download is located here:

https://downloadcenter.intel.com/download/26755 Download INTEL-SA-00075 Detection and Mitigation Tool

Regards,

Michael

michael_a_intel

Hello again,

This tool is good enough, keeps my tech from having to boot in BIOS. Can it be run remotely?

Thank you,

AlexQc

Hi Alex,

I haven't tried performing a remote execution of it through powershell but, I do run it in my lab, where I have an RCS server, an AMT client and a network share. I can remote into the client using windows remote desktop and run the install from a network share, this drops the files locally and can run the discovery tool from there. Is that what you were asking?

Michael

michael_a_intel

Hey Michael,

I tried what you proposed, that's pretty much the best I've got so far. So That's how I'll ask them to do it. They have to RDP to the machine to install the firmware anyway.

Thanks for the idea :)

Good day,