Integrating Configuration Manager 2012 R2 with Intel SCS 9.0 – Part 2 : Active Directory

Posted: December 21, 2013 in Configuration Manager, System Center Configuration Manager 2012
Tags: , , ,

This is Part 2 in a series of blog posts about Integrating Configuration Manager 2012 R2 with Intel SCS 9.0, this part will focus on the Active Directory configuration.

Intel AMT supports the Kerberos authentication method. This means that Intel SCS and Configuration Manager 2012 R2 can authenticate with the Intel AMT device using “Kerberos” users. These users are defined in the Intel AMT device using the Access Control List.

Integration of Intel AMT with your AD is mandatory when using the Add-on to configure Intel AMT. When integration is enabled, during configuration Intel SCS creates an AD object for the Intel AMT device. Some of the entries in this object define parameters used in Kerberos tickets.

Before you can integrate Intel AMT with your AD, you must:

  1. Create an Organizational Unit (OU) in AD to store objects containing information about the Intel AMT devices. In a multiple domain environment, Intel recommends that you create an OU for each domain.
    I’ve created an OU named : AMT Provisioned Computers

    1

  2. Create an universal security group that will contain accounts for the provisioned AMT-based computers. (This is needed when configuring the Out of Band Management Components)
    I’ve named the group :  SCCM 2012 R2 AMT Provisioned Computers

    2

  3. Create an user account for AMT Provisioning,
    I’ve named my user account CM_AMT

    3

  4. Create an User Group in your AD that will contain user accounts that need access to Intel AMT.
    I’ve named the group SCCM 2012 R2 AMT Administrators
    Add the following accounts to this Group:

    1. The user account created for AMT Provisioning in previous step (CM_AMT)
    2. User accounts running the Configurator Manager Console (so that they can use the OOB Management Console).
    3. The computer account of the computer running the Configuration Manager. This will enable SCCM to run OOB Management Controller Discovery with these credentials.

      4

  5. Give Create/Delete permissions in the OU you created in Step 1 to the user account running the Intel SCS component doing the configuration. (User account is created in Step 3)

    5

Previous Postings in this series:

Integrating Configuration Manager 2012 R2 with Intel SCS 9.0 – Part 1 Introduction

Advertisements
Comments
  1. […] account running Intel SCS component doing the configuration; (This is the CM_AMT account created in Part 2 of this […]

  2. […] The object is added to the OU you defined in this field. I’ve selected the OU we created in Part 2 of this series; AMT Provisioned […]

  3. […] the OU and then the universal group that you configured in Part 2 of this series. (AMT Provisioned […]

  4. […] to run using this account. Here select the CM_AMT account we created for AMT Provisioning in Part 2 of this series. (Also note that this account must be member of the local administrator group on […]

  5. […] Configuration Manager 2012 R2 with Intel SCS 9.0 – Part 1 : Introduction Integrating Configuration Manager 2012 R2 with Intel SCS 9.0 – Part 2 : Active Directory Integrating Configuration Manager 2012 R2 with Intel SCS 9.0 – Part 3 : Certification Authority […]

  6. […] can log in with one of the users present in the SCCM 2012 R2 AMT Administrators group created in Part 2 of this […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s