Control Modes
After configuration, all Intel AMT devices are put in one of these control modes:
- Client Control Mode – This mode was added to Intel AMT 6.2 and higher devices. Intel AMT devices in this mode have these security related limitations:
- The System Defense feature is not available.
- User consent is required for all redirection operations and changes to the boot process.
- Permission from the Auditor user (if defined) is not required to unconfigure Intel AMT.
- To make sure that untrusted users cannot get control of the Intel AMT system, some Intel AMT configuration functions are blocked.
- During configuration, the Intel MEBX password will not be changed if it is the default password (see Access to the Intel MEBX).
- Admin Control Mode – In this mode all Intel AMT features supported by the Intel AMT version are available.
Note: |
By default, the host-based configuration method puts the device in the Client Control mode. All other configuration methods automatically put the device in the Admin Control mode. |