NOTE: This article is outdated and makes reference to a utility called AMTSCAN which was created by HP. AMTSCAN served a great purpose at that time. A newer and much better utility has been created to detect and inventory the capabilities of Intel AMT locally on a system. More information will be posted soon in connection with the Environment Assessment article series
If planning to enable the Intel® Active Management Technology (AMT) within your environment, you may be asking yourself "How do I know what systems have Intel® AMT? What state are those systems in? Is there a way to inventory the systems remotely?" If these questions sound familiar - keep reading.
What if you had a report such as the example shown below? Would this help raise your chances of successful activation and enabling of Intel® AMT in your environment?
First, a brief review to provide context and understanding. Intel® AMT allows for reliable out-of-band management on the desktop and laptop platforms. Intel® vPro™ systems include Intel® AMT by default. However, a new offering for mainstream computers is the Intel Standard Management option, which includes Intel AMT. Much has been written about the usage, configuration, and deployment of Intel® AMT computers with a summary available at http://communities.intel.com/docs/DOC-2032.
Now to the crux of the problem before us. If there are several hundreds or thousands of Intel® AMT systems already deployed yet not "enabled" within the environment, how are you to know where they are, what prerequisites for enabling the technology are required, and so forth? A standard Altiris Inventory Solution for Windows data collection will not provide the intricate details needed. Since Intel® AMT is embedded within the chipset, involves an extension to the BIOS, and is basically hidden from a normal inventory scan - a custom inventory scan with a utility able to find Intel® AMT on a target platform is required.
The following sections highlight how to obtain and test the AMTSCAN utility, creating a custom inventory XML file, and using a modified Altiris Web Inventory Package to obtain the data without an installed Altiris agent and leaving minimal residual data on each client.
Task 1: Become Familiar with the AMTSCAN Utility
At the time of this article (November 2008), version 0.3.1.1 of the AMTSCAN utility was available for download. Documentation and utility download are available at http://communities.intel.com/openport/docs/DOC-2062. A combination of a VBscript and small package called meinfowin.exe, the AMTSCAN utility performs a local scan of Intel® AMT features, basic hardware platform information, and test of network infrastructure configuration. The information is added to the Windows Registry.
To obtain the full information of an Intel® AMT system, the target client system must have the HECI\MEI driver loaded (obtained from the OEM). If not available, or if the target client does not have Intel® AMT, basic system information will still be captured by the AMTSCAN utility.
Once the utility has been downloaded, test it out on a system known to have Intel® AMT. After running the utility, open the Windows Registry Editor (regedit.exe). Navigate to \HKEY_LOCAL_MACHINE\SYSTEM\INTEL\iAMT SCAN DATA. The following screen shot provides an example of the information collected
Task 2: Generate the Altiris Custom Inventory XML File
To capture the output of AMTSCAN into the Altiris Inventory database, an XML file must be generated for use with the Altiris Custom Inventory Utility. The following steps utilize the Inventory Builder package, providing a simple interface to define what registry values should be captured.
Step 1: Obtain the Inventory Builder
- Download the Altiris Custom Inventory Builder utility from
http://www.symantec.com/connect/node/2384
- Run the Altiris Custom Inventory Builder utility on the same test client
Step 2: Using the Inventory Builder, Define Target Values of XML File
- Specify a path and file name for the resulting XML file, along with a dataclass for the AMTSCAN data. The data class value will be used to identify the custom inventory.
- Navigate to the desired registry key \HKEY_LOCAL_MACHINE\SYSTEM\INTEL\iAMT SCAN DATA
- Select the discovered registry fields
- The following image provides a reference of what should be seen in the within the custom inventory builder utility.
- Once satisfied with the entries, click Create to capture the desired settings into the define XML file.
Task 3: Modify the Altiris Web Inventory Package
This task focuses on situations where the Altiris agent has not been deployed, and a "zero footprint" complete inventory of systems including AMTSCAN data is desired. If familiar with Altiris Inventory Solution or an environment already exists with computer objects in the Altiris database, information from the following steps will help to supplement the custom inventory job to obtain only AMTSCAN custom data.
Step 1: Changing Files in the Altiris NScap FileShare
This task will modify the existing AexWebInvPkg.exe and AexISHTTP.ini files. For the purposes of this article, the existing versions of these files will be saved. In addition, the previously created amtscan_inv.xml file will be added to the directory.
- Open the Altiris Notification Server NScap file share (ex: \\altiris\nscap, where "altiris" is the hostname of the server)
- Navigate to \\Altiris\nscap\bin\win32\x86
- Place a copy of the iamtscan.exe and amtscan_inv.xml files into this directory
- Create a copy of AexWebInvPkg.exe and AexISHTTP.ini files in the same directory. Rename if needed to identify these files as the unmodified versions.
Step 2: Modify the AexISHTTP.ini file
This file defines the applications and steps to be completed by the Web Inventory package. The base configuration will inventory much more than is needed. However, for simplicity reasons only the additions to the configuration file are shown.
- Open the file AeXishttp.ini
- Insert the iamtscan executable name (at the time of the document, the latest available is shown)
- Before the final link (i.e. aexnsinvcollector.exe), insert the following
- Aexcustinv.exe /in .\amtscan_inv.xml /out amtscan_inv.nsi
- Save and close the AeXishttp.ini file
Step 3: Modify the Altiris Web Inventory Package
A package editor is available via the Altiris Inventory Solution for Windows interface. The package contains the necessary files and commands to run the defined inventory job on the target system and to return the inventory information to the target server. Since each server will have a unique name, the package is associated only with on Altiris Notification Server.
- From the Altiris 6.5 console, select View > Solutions > Inventory Solution
- Within the Inventory Solution Menu on the left, navigate to Config > Windows > Standalone Windows Inventory
- From the page on the right, click on the AexPackageEditor button
- Step through the prompts to run the AexPackageEditor application
- When prompted for a filename, enter \\altiris\nscap\bin\win32\x86\AexWebInvPkg.exe
- Once the package is open, select the Files tab
- Select Aexishttp.ini and click Extract. This will remove the "old" configuration file
- Select Add to include the files amtscan_inv.xml, amtscan utility application, Aexishttp.ini from the fileshare location of \\altiris\nscap\bin\win32\x86
- Once the files have been added, click Save to close the package
- Repeat the previous steps to open the AexWebInvPkg.exe file within the package editor. The following image should reflect the changes made. Specifically - the amtscan.exe and custinv lines must be included.
The Web Inventory package is now ready to be distributed and executed on Microsoft Windows clients in the environment. As noted previously, this approach will obtain the inventory of systems regardless of whether the Altiris agent is installed. If the Altiris agent is not installed or associated to the target Altiris Notification Server defined in the Aexishttp.ini file, the inventoried systems will be noted as "not managed" within the Altiris database. The target Altiris Notification server is noted in the final line of the configuration file. Those familiar with Altiris inventory will know how to further customize the package, integrate into an agent based inventory task, and so forth.
Task 4: Distribute Inventory Package to Target Systems
With the package defined, it must be executed on all systems in the environment. Each environment will differ on preference or method to accomplish this: via login script, software distribution job, running the job manually on each system, or other.
Once completed, the following residual items will be noted on the computer
- Registry information will be stored at \HKEY_LOCAL_MACHINE\SYSTEM\INTEL\iAMT SCAN DATA
- A collection of files will be created at c:\Program Files\Altiris\express\Inventory. This will typically consume 300kb of disc space. The amtscan_inv.nsi file should be noted among the collection of files.
Task 5: Review the Collected Information
Once the inventory job has completed, the resulting computer object will be created or updated in the Altiris database with the amtscan data
- From the Altiris 6.5 Console, with the Inventory solution selected, navigate to Collections > All Computers
- Double-click on one of the computers upon which the utility was executed. This will open the Resource Manager
- Select the Inventory tab
- Navigate to Default Folder > amtscan. The resulting page will shown the data collected
Conclusion
With the data now stored in a Microsoft SQL Database, custom reports, custom collections, and other options are now available. The exact database table in the Altiris database in this example is dbo.amtscan. The amtscan data can be combined with other inventory data (i.e. operating system version) to determine appropriate next steps regarding the status, configuration of Intel® AMT, and so forth. A summary of actions is mentioned in the amtscan documentation.
The opinions expressed on this site are mine alone and do not necessarily reflect the opinions or strategies of Intel Corporation or its worldwide subsidiaries