Hi Phil,
If someone has:
1. Physical access to the system
2. Is knowledgeable enough to access MEBx
3. MEBx password is set to default and has not been changed.
then they would be able to re-enable AMT using the default admin password.
There are three ways to change the digest admin default password (in order of simple to complex):
1. Physically on the system, accessing MEBx and changing password.
2. Configuration via USB Key, which begins in section 1.4.2 of the SCS User Guide - Physical access to the system is required for this method.
3. Remote Configuration (best solution if you have many systems or if they are remote but are on your domain). More details begin at section 1.4.4 of the SCS User Guide.
There is no other method for changing the default admin password.
The SCS User Guide can be accessed at this link:
https://www.intel.com/content/dam/support/us/en/documents/software/Intel_SCS_User_Guide.pdf
Information on certificates needed for remote configuration can be accessed at this link:
https://www.intel.com/content/www/us/en/remote-support/intel-vpro-certificates.html
Intel recommends following best security practices. Please find document at this link:
ttps://www.intel.com/content/dam/support/us/en/documents/technologies/Intel_AMT_Security_Best_Practices_QA.pdf
Question 6 is most appropriate for your question.
Regards,
Michael A
↧
Re: Disabling AMT
↧