Creating a Custom ACUconfig Product Deployment Task
Document Series Background
This is Appendix B of a document series to explain alternative configuration methods for Intel AMT.
The focus of this appendix is to create a custom Client Execution Task of the Intel ACUconfig package using McAfee EEDK.
To return to the document series introduction of alternative Intel AMT configuration methods, click here.
Appendix B Introduction
When configuring Intel AMT outside of the ePO Deep Command version 1.5 policies and client utilities, a custom software package is recommended for enterprise-wide configuration events. The package will include the Intel® SCS client configurator components in addition to a custom batch file. When needed, the package will also include the Intel AMT configuration profile via an XML file.
Before creating the package, ensure the desired ACUconfig command completes successfully on the client running under the local system context. Refer to the document series introduction for explanation and links to alternative configuration methods for Intel AMT.
Package Components and Utilities
The package will be built via ePO Enterprise Deployment Kit (EEDK), which is available on the McAfee ePO Tools Exchange site. Download and extract the ZIP file to a temporary working directory.
The Intel SCS components are obtained via http://www.intel.com/go/scs. Extract the Intel SCS components, specifically the three files in the Configurator directory: ACUconfig.exe, ACU.dll, and xerces-c_2_8.dll.
The XML file is generated via the profile export process of the Intel SCS console. Please refer to related Intel SCS documentation and McAfee ePO Deep Command configuration requirements detailing the creation of the Intel AMT configuration profile.
A sample batch file is shown below. The exact contents are included in the attached text file, ACUconfig.txt. The batch file is used by the EEDK to execute a command under the context of the local system account when delivered via McAfee Agent Policy.
Creating ACUconfig Package via EEDK
Under the EEDK temporary directory, create a subdirectory called “ACUconfig”. Similar to the screenshot of example files shown below, place the Intel AMT Configurator, XML (if a profile was exported from Intel SCS console), and batch files in this subdirectory.
Start EEDK.exe and define the package settings similar to the example below.
On the lower right of the EEDK application, select “Build Package”. Save the resulting ZIP file (i.e. ACUCFG818100.zip).
Import the ZIP into your software master repository.
The ACUconfig package can now be used to execute custom Intel AMT configuration commands within your McAfee ePO environment.
Create ACUconfig Client Execution Task
Using the ACUconfig package, create a Client Task Execution job for Deployment similar to the example.
The command line string must include the commands and options that would normally be used after "ACUconfig.exe".
For the above example, the command line string is:
/output file c:\aculog.txt configamt HBP_TLS_Profile.xml /decryptionpassword P@ssw0rd
The ACUlog.txt file will be generated as the command completes, providing an output of events.
Note: Provide the desired ACUconfig command string based on the action to be performed. In this document series, Part 3 for Host Based Configuration and Part 4 for Delta Configuration provide example custom ACUconfig command strings. Additional examples are available in the Intel SCS User Guide.
Assign the newly created custom Client Execution Task to a few test clients and validate accordingly.
The opinions expressed on this site are mine alone and do not necessarily reflect the opinions or strategies of Intel Corporation or its worldwide subsidiaries