This section describes the main maintenance tasks and when they are necessary.
![]() |
---|
The maintenance tasks described in this section are not applicable to systems configured using the Manual configuration method. |
The Intel AMT device contains a clock that operates independently from the clock in the host operating system. For devices configured to use Kerberos authentication, it is important to synchronize the device clock with the clock of a computer in the network. (The clock of that computer must also be synchronized with the Key Distribution Center. This is not done by Intel SCS.) When the clock is not synchronized, Kerberos authentication with the device might fail.
For Kerberos enabled devices, Intel recommends to synchronize the clock at two week intervals.
After configuration, the Intel AMT device contains IP and FQDN settings that management consoles use to connect to the device. Changes in the network environment or the host operating system might make it necessary to change the settings in the device.
Intel AMT devices can be configured to use certificates for authentication (when using TLS, EAC, Remote Access, or 802.1x). When certificates are issued by a Certification Authority they are valid for a specified time. These certificates must be reissued before they expire. Intel recommends that you schedule this maintenance task to run a minimum of 30 days before the certificate expiration date.
If an Intel AMT device is configured to use Active Directory (AD) Integration, an object is created in the AD Organizational Unit specified in the profile. The object contains a password that is set automatically (not user-defined). If the ADOU has a “maximum password age” password policy defined in AD, the password must be replaced before it expires. Intel recommends that you schedule this maintenance task to start a minimum of 10 days before the password is set to expire.
For increased security, it is recommended to change the password of the default Digest admin user at regular intervals.
![]() |
---|
During maintenance, Intel SCS changes the password according to the password method defined in the profile. For more information about these methods, see Default Admin User (Digest). |
If you change the location of the ADOU containing the objects representing the Intel AMT devices, you must reconfigure the systems. This makes sure that all settings that use the object are reconfigured to use the new object.
To change the ADOU location:
![]() |
---|
Make sure that you include the /ADOU parameter with the path to the old ADOU so that Intel SCS can delete the old objects. |