Appendix B: Alternative Methods of Configuring Intel AMT

Version 2

                                                                              

    Creating a Custom ACUconfig Product Deployment Task

                                                                              

    Document Series Background

    This is Appendix B of a document series to explain alternative configuration methods for Intel AMT.  

     

    The focus of this appendix is to create a custom Client Execution Task of the Intel ACUconfig package using McAfee EEDK.

     

    To return to the document series introduction of alternative Intel AMT configuration methods, click here.

     

    Appendix B Introduction

    When configuring Intel AMT outside of the ePO Deep Command version 1.5 policies and client utilities, a custom software package is recommended for enterprise-wide configuration events.   The package will include the Intel® SCS client configurator components in addition to a custom batch file.    When needed, the package will also include the Intel AMT configuration profile via an XML file.

     

    Before creating the package, ensure the desired ACUconfig command completes successfully on the client running under the local system context.   Refer to the document series introduction for explanation and links to alternative configuration methods for Intel AMT.

     

    Package Components and Utilities

    The package will be built via ePO Enterprise Deployment Kit (EEDK), which is available on the McAfee ePO Tools Exchange site.   Download and extract the ZIP file to a temporary working directory.

     

    The Intel SCS components are obtained via http://www.intel.com/go/scs.   Extract the Intel SCS components, specifically the three files in the Configurator directory: ACUconfig.exe, ACU.dll, and xerces-c_2_8.dll.

     

    The XML file is generated via the profile export process of the Intel SCS console.  Please refer to related Intel SCS documentation and McAfee ePO Deep Command configuration requirements detailing the creation of the Intel AMT configuration profile. 

     

    A sample batch file is shown below.   The exact contents are included in the attached text file, ACUconfig.txt.   The batch file is used by the EEDK to execute a command under the context of the local system account when delivered via McAfee Agent Policy.

     

    altconfig_pic66.png

     

    Creating ACUconfig Package via EEDK

    Under the EEDK temporary directory, create a subdirectory called “ACUconfig”.    Similar to the screenshot of example files shown below, place the Intel AMT Configurator, XML (if a profile was exported from Intel SCS console), and batch files in this subdirectory.

    altconfig_pic67.png

     

    Start EEDK.exe and define the package settings similar to the example below.

    altconfig_pic68.png

     

    On the lower right of the EEDK application, select “Build Package”.    Save the resulting ZIP file (i.e. ACUCFG818100.zip).   

     

    Import the ZIP into your software master repository.

    altconfig_pic69.png

     

    The ACUconfig package can now be used to execute custom Intel AMT configuration commands within your McAfee ePO environment.

     

    Create ACUconfig Client Execution Task

    Using the ACUconfig package, create a Client Task Execution job for Deployment similar to the example.

     

    altconfig_pic70.png

     

    The command line string must include the commands and options that would normally be used after "ACUconfig.exe".

     

    For the above example, the command line string is:

     

    /output file c:\aculog.txt configamt HBP_TLS_Profile.xml /decryptionpassword P@ssw0rd

     

    The ACUlog.txt file will be generated as the command completes, providing an output of events. 

     

    Note: Provide the desired ACUconfig command string based on the action to be performed.   In this document series, Part 3 for Host Based Configuration and Part 4 for Delta Configuration provide example custom ACUconfig command strings.  Additional examples are available in the Intel SCS User Guide.

     

    Assign the newly created custom Client Execution Task to a few test clients and validate accordingly.

     

     

     

    Click here to return to the start of this document series

     

    Click here for an Index of related McAfee ePO Deep Command resources within the McAfee Community site.

     

    The opinions expressed on this site are mine alone and do not necessarily reflect the opinions or strategies of Intel Corporation or its worldwide subsidiaries