Intel Active Management Technology (AMT) Usage & Configuration. For out-of-band (OOB) remote support

Keywords: Intel Active Management Technology, AMT, Intel AMT, OOB, out-of-band management, out-of-band remote support, out-of-band management

What is Intel AMT: Intel Active Management Technology (AMT) [1] is hardware and firmware for remote out-of-band management of select business computers. AMT is built into PCs with Intel vPro technology and is based on the Intel Management Engine (ME). Intel AMT uses a hardware-based out-of-band (OOB) communication channel that operates regardless of the presence of a working operating system (OS). [2]

[1] Intel: Intel vPro® Platform: Intel® Active Management Technology

[2] Wikipedia: Intel Active Management Technology

Before starting:

  • Make sure your client PC supports Intel AMT, usually i5 vPro, i7 vPro and Xeon supports Intel AMT (Or explore BIOS for Intel AMT option Or Check your PC’s specification from official website Or Install Intel AMT software see if it detects Intel AMT)
  • Make sure you understand what is BIOS
    • More Important: How to access and configure BIOS
  • Make sure you have two PCs if you want to control a PC via Intel AMT from another
  • Warning: Keep in mind that by enabling Intel AMT, it can increase attack surface from security perspective. Make sure you understand the risk before starting. (Strong password and encrypted connection is always preferred)

BIOS configuration:

BIOS configuration - Enable Intel AMT Control
BIOS configuration – Enable Intel AMT Control

1 Make sure you know how to access BIOS.

  • For Windows 10 PC, you can hold Shift button and click on Restart button from Windows 10 start menu -> Select “Troubleshoot” -> “UEFI Firmware”
  • Another option is to press some key during cold boot, you need to check your PC brand/model or motherboard manual

2 Once into BIOS configuration screen, find “Intel AMT” and Enable it

Warning: Do not change anything else, otherwise it can render your PC unbootable or even damage it.

ME configuration:

1 After you have pressed Power button to start the PC, keep press Ctrl + P key combination repetitively until ME configuration come up. (You may see a different screen from below image if it’s first time to configure ME on the PC, in that case you might need to enter the default password which is “admin” to enter configuration) If you see similar screen as below, Press 1 to continue (In this case the password might be changed to something else rather than “admin”)

Ctrl + P -> Screen before entering ME configuration screen

2 You will see following screen, Select MEBx Login, enter correct password

ME - First screen
ME – First screen

3 You will see “Main Menu”

ME - First screen after login (Main Menu)
ME – First screen after login (Main Menu)

4 Enter ME Generation Settings, we can change password Enable/Disable Firmware update.

ME - Intel ME General Settings
ME – Intel ME General Settings

5 Most of the other configuration are under Intel AMT Configuration

ME - Main Menu
ME – Main Menu

6 To be able to use Intel AMT (That is, to utilise Intel AMT to remote control the PC without worrying about OS) we need to make following changes

7 Enable “Manageability Feature Selection”

ME - Intel AMT Configuration
ME – Intel AMT Configuration

8 Enter “SOL/Storage Redirection/KVM” menu

9 Enable “SOL”, Enable “Storage Redirection”, Enable “KVM Feature Selection”

ME -  Intel AMT Configuration -> SOL/Storage Redirection/KVM
ME – Intel AMT Configuration -> SOL/Storage Redirection/KVM

10 Enter “User Consent” menu

 ME -  Intel AMT Configuration
ME – Intel AMT Configuration

11 Change “User Opt-in” to NONE, Enable “Opt-in Configurable from Remote IT”

ME -  Intel AMT Configuration -> User Consent
ME – Intel AMT Configuration -> User Consent

12 Enter “Network Setup” menu

ME – Intel AMT Configuration

13 Enter “Intel ME Network Name Settings”

ME -  Intel AMT Configuration -> Intel ME Network Setup
ME – Intel AMT Configuration -> Intel ME Network Setup

14 Change “Host Name” to your preferred host name

ME -  Intel AMT Configuration -> Intel ME Network Name Settings
ME – Intel AMT Configuration -> Intel ME Network Name Settings

15 Enter “TCP/IP Settings” menu

ME -  Intel AMT Configuration -> Intel Me Network Setup
ME – Intel AMT Configuration -> Intel Me Network Setup

16 Enter “Wired LAN IPV4 Configuration” menu

 ME -  Intel AMT Configuration -> TCP/IP Settings
ME – Intel AMT Configuration -> TCP/IP Settings

17 Enable DHCP Mode (Unless if you have static IP address assigned)

ME - Intel AMT Configuration -> Wired LAN IPv4 Configuration
ME – Intel AMT Configuration -> Wired LAN IPv4 Configuration

18 Save and exit the menu

After the PC is restarted, find the IP address of the configured PC. Try to connect via another device through URL:

For Non-TLS – http://<IP_or_FQDN>:16992
For TLS – https://<IP_or_FQDN>:16993

If you are able to access the “Intel® Active Management Technology” it means Intel AMT is configured correctly for remote support.

You can confirm with “Intel Management and Security Status” form within OS

Intel Management and Security Status
Intel Management and Security Status

Intel Management and Security Status
Intel Management and Security Status

Now you can remote control this PC even without having an OS installed on this Intel AMT enabled PC. (Whereas many other remote control software only works with OS installed and can’t control the PC unless the system already booted into OS) Thus, you can even change BIOS settings remotely with Intel AMT (And that’s why it is dangerous too if not correctly configured and secured)

For more on real-world use cases/how to utilise Intel AMT click here

Out-of-band (OOB) Management, Remote support/control with Intel Active Management Technology (AMT) using open source MeshCommander

Keywords: Intel Active Management Technology, AMT, Intel AMT, Remote control, Remote support, OOB, out-of-band management, out-of-band remote support, MeshCommander, Open Source, free, software, free Intel AMT software

Click here if not sure What is Intel Active Management Technology (AMT)

MeshCommander is an open source software which enables you to provide remote management/support/control via Intel AMT. Compare to traditional remote control protocol, Intel AMT provides out-of-band management ability, which means you do not even need to install operating system (OS) on the computer while you are still able to remote control the device (Which means you can even modify BIOS settings remotely, whereas traditional remote control software only works within OS), this is useful when you need to reinstall OS remotely or modify BIOS settings remotely.

Tips: You can still use Intel AMT to control the OS, there is nothing wrong with that. Though you might find other remote control software are easier to use when controlling the OS e.g. copy/paste/transfer files, send key combination etc.


MeshCommander is the ultimate open source Intel® AMT management console. In an effort to make Intel® AMT easier, support many platforms and over the Internet usages, MeshCommander is entirely built in JavaScript. You can now manage your Intel® AMT computers from within a browser or as a standalone tool.

You can use MeshCommander as-is or download the source code and samples to build your own web based Intel® AMT tool. If you have Intel AMT 11.6+ or Intel AMT 12.0.20+ you can load MeshCommander inside the flash storage of Intel® AMT. To do this, take a look at the firmware installer. Your privacy matters: MeshCommander does not collect or send back any usage data or telemetry.

Downloads


MeshCommander - Computer Management
MeshCommander – Computer Management
MeshCommander - Certificate Manager
MeshCommander – Certificate Manager
MeshCommander - Intel AMT USB Setup.bin Manager
MeshCommander – Intel AMT USB Setup.bin Manager
MeshCommander - Recorded Session Player
MeshCommander – Recorded Session Player