You are here: Introduction > Admin Permissions in the Intel AMT Device > User-Defined Admin User (Kerberos)

User-Defined Admin User (Kerberos)

If your network has Active Directory (AD), you can also define your own administrative user in the device that will be authenticated using Kerberos. You can then use this user instead of the default admin user.

To use a dedicated Active Directory Admin User (Kerberos):

  1. Define an AD user in the Intel AMT device with the PT Administration realm (see Defining the Access Control List (ACL)).
  2. Define a password for the default admin user (see Default Admin User (Digest)). The application communicating with the Intel AMT device using the AD user will not use or require this password.
  3. Run the Configurator using the credentials of the user defined in step 1.
Note:
  • When using a Kerberos user, always make sure that this Kerberos user exists in the ACL of the profile you use to do reconfiguration.
  • When using a Kerberos user and the host-based configuration method:
    • The Configurator must NOT be “Run as administrator”.
    • Some reconfiguration and maintenance tasks reset the password of the AD object. If this happens, you must clear the ticket of the Kerberos user before this user can do more configuration operations. You can do this by restarting the Intel AMT system or logging off and on again.
    • You must NOT add the credentials of a domain user to the profile (see Saving the Configuration Profile).