The User/Group Details window lets you add a new user or user group to the profile’s Access Control List.
To add a user:
( , ), ( : ), ( “ ), ( & ), ( < ), or ( > ). Usernames starting with $$ are not permitted.
![]() |
---|
You cannot select the default user groups from the Active Directory Builtin folder. Instead, either add the required users individually or create and add a new group containing the users. |
Realm | Capabilities |
---|---|
Redirection | Enables and disables the redirection capability and retrieves the redirection log |
PT Administration | Manages security control data such as Access Control Lists, Kerberos parameters, Transport Layer Security, Configuration parameters, power saving options, and power packages. A user with PT Administration Realm privileges has access to all realms. Note: If this user will be used to run the Configurator to do host-based configuration, the Access Type must be Local (or Both). |
Hardware Asset | Used to retrieve information about the hardware inventory of the Intel AMT system |
Remote Control | Enables powering a system up or down remotely. Used in conjunction with the Redirection capability to boot remotely. |
Storage | Used to configure, write to, and read from non-volatile user storage |
Event Manager | Allows configuring hardware and software events to generate alerts |
Storage Administration | Used to configure the global parameters that govern the allocation and use of non-volatile storage |
Agent Presence Local | Used by an application designed to run on the local platform to report that it is running and to send heartbeats periodically |
Agent Presence Remote | Used to register Local Agent applications and to specify the behavior of Intel AMT when an application is running or stops running unexpectedly |
Circuit Breaker | Used to define filters, counters, and policies to monitor incoming and outgoing network traffic and to block traffic when a suspicious condition is detected (the System Defense feature) |
Network Time | Used to set the clock in the Intel AMT device and synchronize it to network time |
General Info | Returns general setting and status information. With this interface, it is possible to give a user permission to read parameters related to other interfaces without giving permission to change the parameters |
Firmware Update | Used only by manufacturers via Intel-supplied tools to update the Intel AMT firmware |
EIT | Implements the Embedded IT service |
Local User Notification | Provides alerts to a user on the local interface |
Endpoint Access Control | Returns settings associated with NAC/NAP posture |
Endpoint Access Control Administrator | Configures and enables the NAC/NAP posture |
Event Log Reader | Allows definition of a user with privileges only to read the Intel AMT system log |
Access Monitor | Allows a system auditor to monitor all events. Before assigning this realm, see Using Access Monitor. |
User Access Control | Groups several ACL management commands into a separate realm to enable users to manage their own passwords without requiring administrator privileges |