Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2834 Discussions

vPro Technology Security

idata
Employee
‎05-06-2011 11:08 PM
1,338 Views

Hi there,

I see that vPro is very useful and might consider to purchase this technology along when purchasing my new workstation,but i have lack of understanding in the case where vPro allows remote dianogsis and repair on the computer, how does this work to ensure that all my sensitive/personal data such as files, drawings etc on the pc/hard drive is protected from being stole, view, copy etc from the person who helps repairs/diagnose the workstation remotely.

Thank you : D

0 Kudos

Link Copied

3 Replies
idata
Employee
‎05-13-2011 04:57 PM
332 Views

Intel(R) AMT includes several features that provide security for your data. For example, you can define a specific user account that has full rights to all "realms" and can to do remote repair. Other users can be restricted to specific realms such as General Info, Event Log Reader, etc. You also have the capability to define a special Audit user that can log into the Access Monitor (this can be used to trace the activity of the administrators using the redirection feature, for example). Some OEMs also restrict prevent some BIOS settings from being changed remotely.

The user with rights to do the redirection can, for example, boot to an Linux ISO image, mount the drives, and then map the drives to the remote technician's machine for running the dianostics and performing repairs. This is the same access that a typical system administrator has when he logs into your local machine to fix it. File by file encyrption can be used to protect sensitive data--for example, classified documents in encrypted PDF format will still be secure.

With Intel AMT 7, you can configure it in the "client control mode." This mode requires user consent to all redirection operations. You can withhold your consent if you don't trust the technician.

Copy link
idata
Employee
‎05-17-2011 09:24 AM
332 Views
In response to idata

One of our engineers here added this:

I'd add that no one can access the system until it is setup and configured. In other words, you have to turn Intel AMT on. By default, it's off, so no risk. Also, User Consent works in Admin Control mode as well and can be forced on in MEBx.

In response to idata
0 Kudos
Copy link
idata
Employee
‎05-18-2011 01:49 AM
332 Views
In response to idata

Hey Steve,

Thanks for providing the answers.

Now i have a better understanding of the technology.

Have a nice day!

In response to idata
0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.