Hey guys! New here so I'm not sure it's the right place to post this but...
I've started using the IntelvPro Powershell module, but I can't do a simple line:
I get the following:
ComputerName Property Value
------------ -------- -----
Error Cannot connect
Any ideas as to why?
Welcome to the community!
For any of the AMT scripts, you can always get the help info by typing:
get-help modulename -full
get-help get-amtfirmwareversion -full
If you typed the command as you are showing it:
the result is correct, unless the computer name of the system you are running it on IS ComputerName, then replace with the name of the system and remove the <>, so example:
Get-AMTFirmwareVersion -Computername: michaelspc
Of course, I am not typing as seen... I'm replacing the with the hostname or FQN of a machine
I tried the get-help and my syntax seems okay...
Okay, I was able to duplicate your issue in my lab. Couple questions:
Did you do a set-executionpolicy remotesigned ?
1. Are you running the command locally or remotely?
I found that if I run the command locally, LMS must be installed and running and you can use either the FQDN or "localhost" .
If you are running this command remotely, I was getting an "unauthorized" Value until I put in my credentials:
Get-AMTFirmwareVersion -computername computername -username username -password password
Once I did that, I got the appropriate results.
I'm hoping this helps.
I've used a Set-ExecutionPolicy Bypass.
I've tried both remotely and locally with the same result.
I've tried it using domain administrator credentials... With no success...
is Intel AMT configured at all? Is AD Integration configured? Is it configured with TLS on without TLS?
In order to use Intel AMT it has to be configured - Manually via MEBx BIOS module, with USB Local configuration, with Host Based Configuration into Client Control Mode or with Remote Configuration into Admin Control Mode.
Can you open AMT WebUI by openning web browser (remotely or locally (requires Intel LMS) to http://computername:16992 for non TLS (default for Manual and USB configuration) or https://computername:16993 for TLS setup.
If none of those works - Intel AMT may not be configured or your network does not allow TCP traffic on Intel AMT ports 16992-16995 or ... your target system has more than one Wired LAN interface and you are connecting to non Intel AMT one or ... you are connecting to WiFi interface while WiFi card does not support Intel AMT or AMT over WiFi is not yet configured - Manual and USB configuration methods can't do it.
use -TLS switch in PS command line ex. Get-AMTFirmwareVersion -computername computername -username username -password password -TLS
Please provide more details on how Intel AMT was configured and how "console" and "managed" systems are connected.
Intel EMEA Biz Client Technical Sales Specialist
Thank you Dariusz,
Intel AMT is NOT configured in our environment. I hoped I could simply use the module to get the firmware version for an update we are pushing.
I'll look into something else, have a good day
If you are looking for a simple way to pull the firmware version off of your systems, you can utilize the discovery tool for this. I don't know how many systems you need to pull this information from as the drawback to this is that it'll display on the client side and so your end user would see the prompt and I don't see any way to programmatically pull the firmware info from the registry. If you have a few systems to run this on, it could be an option:
The download is located here:
https://downloadcenter.intel.com/download/26755 Download INTEL-SA-00075 Detection and Mitigation Tool
I haven't tried performing a remote execution of it through powershell but, I do run it in my lab, where I have an RCS server, an AMT client and a network share. I can remote into the client using windows remote desktop and run the install from a network share, this drops the files locally and can run the discovery tool from there. Is that what you were asking?
I tried what you proposed, that's pretty much the best I've got so far. So That's how I'll ask them to do it. They have to RDP to the machine to install the firmware anyway.
Thanks for the idea :)