You are here: Introduction > Maintenance Policies for Intel AMT > Manual/Automatic Maintenance using the CLI

Manual/Automatic Maintenance using the CLI

Maintenance tasks are done using the MaintainAMT command of the Configurator CLI (see Maintaining Configured Systems).

For more information about the Configurator, see Using the Configurator.

The MaintainAMT command includes a parameter named AutoMaintain. You can use this parameter to automate maintenance of Intel AMT systems in your network. This is possible because Intel SCS saves some configuration related data in the registry of each Intel AMT system. The data is updated each time that CLI commands are used to make configuration changes on the system (configuration, reconfiguration, maintenance, and unconfiguration).

The data is saved in this registry key:

When you use the AutoMaintain parameter:

  1. Intel SCS uses the data in the registry to make the decision which maintenance tasks are necessary for each Intel AMT system.
  2. Intel SCS automatically does only the necessary tasks that were identified in step 1. If no tasks are necessary, nothing is done.

This table describes the registry keys and values, and how they are used by the AutoMaintain parameter.

Key/Value Description
Certificates Contains data of up to three different certificates that were configured in the Intel AMT device. The CertificateExpirationDate key contains the date when the certificate will expire. If there are less than 30 days before one of these expiration dates, reissue all the certificates. (ReissueCertificates task.)
AMTNetworkSettings Contains data about the network settings configured in the Intel AMT device. The values in the registry are compared with the settings defined in the profile. If they are not the same, the new settings from the profile are configured in the device. (SyncNetworkSettings task.)
String values, located in the root of the ConfigurationInfo key:
LastRenewAdminPassword The last time that the password of the default Digest admin user was configured in the Intel AMT device. If this date is more than 6 months old, change the password according to the password setting defined in the profile. (RenewAdminPassword task.)
LastRenewADPassword The last time that the password was configured in the Active Directory object representing the Intel AMT system. If this date is more than 6 months old, change the password of the Active Directory object. (RenewADPassword task.)
LastSyncClock

The last time that the clock of the Intel AMT device was synchronized. If this date is more than 3 months old, synchronize the clock. (SyncAMTTime task.)

Note: The SyncAMTTime task is also done every time that one of the other tasks is done.

Note:
  • Always run the Configurator under a user that has permissions to create and update these registry keys on the Intel AMT system. The AutoMaintain parameter will fail and return an error if it cannot access the registry. Configuration, reconfiguration, maintenance, and unconfiguration tasks will complete but with warnings.
  • If the registry keys do not exist, the first time the AutoMaintain parameter is used all the maintenance tasks will be done (according to the profile).