You are here: Using the Configurator > Unconfiguring Intel AMT Systems

Unconfiguring Intel AMT Systems

Command Unconfigure
Description

Unconfigures Intel AMT. There are two types of unconfiguration:

  • Partial – Removes the configuration settings from the system and disables the Intel AMT features on the system. (The PID, PPS, admin ACL settings, host name, and domain name are not deleted.) Note that if the manufacturer defined the SOL and IDE interfaces to be closed by default, then a partial configuration operation will close them and they cannot be reopened without physical access to the Intel MEBX. This is a known Firmware limitation.
  • Full – Deletes all the Intel AMT settings from the system and disables the Intel AMT features on the system.

Note:

  • Systems in Client Control mode are always unconfigured with a “Full” unconfiguration.
  • The default unconfiguration type for systems in Admin Control mode is “Partial”.
Syntax

ACUConfig.exe [global options] UnConfigure

[/AdminPassword <password>] [/Full] [/ADOU <ADOU path>]

{[/DomainUser <username>]

[/DomainUserPassword <password>]}

[/SourceForAMTName <source>] [/NetworkSettingsFile <file>]

Parameters
[global options] See CLI Global Options
/AdminPassword <password>

The current password of the default Digest admin user defined in the Intel AMT device. This parameter is NOT necessary if any of these are true:

  • The XML profile contains the Digest admin password
  • The user account running the Configurator is a Kerberos account that is configured in the Intel AMT device with administrator permissions
/Full

For systems in Admin Control mode, does a full unconfiguration (the default is partial unconfiguration). Full unconfiguration also deletes customized data. For example:

  • Any root certificate hashes that were entered manually into the Intel MEBX
  • Any customized data that was pre-defined by the manufacturer (for example, the PKI DNS Suffix)

Note: Do not use this parameter if your configuration flow relies on customized data. (For example, remote configuration of LAN-less systems into Admin Control mode requires a pre-defined customized value in the PKI DNS Suffix.)

/ADOU <ADOU path>

During unconfiguration, the Configurator deletes the Active Directory (AD) object that was created to represent the Intel AMT system. (The object was created by Intel SCS only if AD integration was enabled.) By default, the Configurator uses the settings configured in the Intel AMT device to find the location of the AD Organizational Unit (ADOU) containing the object. In large enterprise networks the search for the ADOU can take some time.

If you supply this parameter, the Configurator will only look for the object in the Organizational Unit that you define in <ADOU path>.

/DomainUser <username>

The name (in the format domain\username) of a domain user with permissions to delete the AD object representing the Intel AMT system. By default, the credentials of the user running the Configurator are used to delete the AD object. If you supply this parameter, the AD object is deleted using the credentials of this user.

/DomainUserPassword <password> The password of the domain user
/SourceForAMTName <source>

Defines how the FQDN (hostname.suffix) for the Intel AMT device is constructed. Valid values:

  • DNS — The hostname part of the FQDN is the hostname from the host operating system. The suffix is the “Primary DNS Suffix” from the host operating system. This is the default setting, and is correct for most network environments.
  • SpecificDNS — The hostname part of the FQDN is the hostname from the host operating system. The suffix is the “Connection-specific DNS Suffix” of the on-board wired LAN interface.
  • AD — The hostname part of the FQDN is the hostname from the host operating system. The suffix is the AD domain of which the host operating system is a member.
  • DNSLOOKUP — Takes the FQDN returned by an “nslookup” on the IP address of the on-board wired LAN interface. To use this option, the DNS must be configured correctly with Reverse Lookup Zones.
  • HOST — Takes the hostname from the host operating system. The suffix is blank.

Note: When this parameter is not supplied, the default source for the FQDN is “DNS”. However, if the /NetworkSettingsFile parameter is supplied (and FQDN data is included in the file), the FQDN is taken from the file.

/NetworkSettingsFile <file> This parameter tells the Configurator to get the IP and/or the FQDN from a dedicated network settings file. For information about the required XML format, see the NetworkSettings.xml example file located in the sample_files folder.